| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PC hängt sich ständig auf bzw. startet neuWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
17.05.2012, 07:26
| #1 |
| |  PC hängt sich ständig auf bzw. startet neu Hallo, ich hoffe sehr das sich hier jmd findet der mir helfen kann. Falls ich ins falsche Subforum poste, tut mir das leid! Wie schon im Titel geschrieben, ist mein Problem, dass sich mein PC seit etwa 1,5 Wochen ständig aufhängt. Ich kann dann nichts anderes mehr tun, als den An/Aus Knopf zu drücken und neu zu starten. Bzw. wenn ich den Computer einfach in dem Zustand lasse, startet er irgendwann von alleine neu. Ich habe bei einem PC Reperaturdienst angerufen, der mir geraten hat Combofix durchlaufen zu lassen. Danach wollte er sich von seinem PC aus bei mir einloggen und das Problem beheben, damit hab ich mich aber nicht so wohl gefühlt. Combofix habe ich aber trotzdem mal laufen lassen, hier ist das logfile: Combofix Logfile: Code:
ATTFilter ComboFix 12-05-16.02 - Kim 16.05.2012 21:44:07.4.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2047.1065 [GMT 2:00]
ausgeführt von:: h:\users\Kim\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
h:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-04-16 bis 2012-05-16 ))))))))))))))))))))))))))))))
.
.
2012-05-16 19:53 . 2012-05-16 19:55 -------- d-----w- h:\users\Kim\AppData\Local\temp
2012-05-16 19:53 . 2012-05-16 19:53 -------- d-----w- h:\users\Default\AppData\Local\temp
2012-05-16 18:46 . 2012-05-16 19:40 -------- d-----w- h:\programdata\Spybot - Search & Destroy
2012-05-16 18:46 . 2012-05-16 18:46 -------- d-----w- h:\program files\Spybot - Search & Destroy
2012-05-15 17:48 . 2012-05-15 17:48 97961 ----a-w- h:\windows\system32\drivers\klick.dat
2012-05-15 17:48 . 2012-05-15 17:48 115369 ----a-w- h:\windows\system32\drivers\klin.dat
2012-05-15 17:46 . 2012-05-16 19:54 -------- d-----w- h:\programdata\Kaspersky Lab
2012-05-15 17:46 . 2012-05-15 17:46 -------- d-----w- h:\program files\Kaspersky Lab
2012-05-15 14:39 . 2012-05-16 05:28 56200 ----a-w- h:\programdata\Microsoft\Windows Defender\Definition Updates\{659F96C5-6DCE-4C3B-8F6B-FAD60676C421}\offreg.dll
2012-05-15 14:24 . 2012-05-15 14:24 226 ----a-w- H:\user.js
2012-05-15 14:15 . 2012-05-15 14:15 49528 ----a-w- h:\windows\system32\drivers\PktIcpt.sys
2012-05-15 14:06 . 2012-05-15 14:06 50040 ----a-w- h:\windows\system32\drivers\HookCentre.sys
2012-05-15 14:06 . 2012-05-15 14:06 90744 ----a-w- h:\windows\system32\drivers\MiniIcpt.sys
2012-05-15 14:06 . 2012-05-15 14:06 41848 ----a-w- h:\windows\system32\drivers\GDBehave.sys
2012-05-15 14:06 . 2012-05-15 14:06 54648 ----a-w- h:\windows\system32\drivers\gdwfpcd32.sys
2012-05-15 14:05 . 2012-05-15 17:46 -------- d-----w- h:\programdata\G DATA
2012-05-15 14:05 . 2012-05-15 17:46 -------- d-----w- h:\program files\Common Files\G Data
2012-05-15 14:05 . 2012-05-15 14:05 -------- d-----w- h:\program files\G Data
2012-05-15 14:04 . 2012-05-15 14:04 -------- d-----w- h:\users\Kim\AppData\Local\Downloaded Installations
2012-05-15 10:56 . 2012-04-13 07:36 6734704 ----a-w- h:\programdata\Microsoft\Windows Defender\Definition Updates\{659F96C5-6DCE-4C3B-8F6B-FAD60676C421}\mpengine.dll
2012-05-09 19:21 . 2012-03-31 04:29 936960 ----a-w- h:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 19:21 . 2012-03-31 04:30 1221632 ----a-w- h:\program files\Windows Journal\NBDoc.DLL
2012-05-09 19:20 . 2012-03-31 04:29 989184 ----a-w- h:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 19:20 . 2012-03-31 04:29 969216 ----a-w- h:\program files\Windows Journal\JNWDRV.dll
2012-05-09 19:20 . 2012-03-30 10:23 1291632 ----a-w- h:\windows\system32\drivers\tcpip.sys
2012-05-09 19:20 . 2012-03-31 04:39 3968368 ----a-w- h:\windows\system32\ntkrnlpa.exe
2012-05-09 19:20 . 2012-03-31 04:39 3913072 ----a-w- h:\windows\system32\ntoskrnl.exe
2012-05-09 19:20 . 2012-03-31 02:36 2343424 ----a-w- h:\windows\system32\win32k.sys
2012-05-09 19:20 . 2012-03-17 07:27 56176 ----a-w- h:\windows\system32\drivers\partmgr.sys
2012-05-09 19:20 . 2012-03-03 05:31 1077248 ----a-w- h:\windows\system32\DWrite.dll
2012-05-05 22:21 . 2012-05-05 22:21 -------- d-----w- h:\program files\ProtectDisc Driver Installer
2012-05-05 22:21 . 2012-05-05 22:21 -------- d-----w- h:\users\Kim\AppData\Roaming\ProtectDisc
2012-05-05 22:12 . 2012-05-05 22:16 -------- d-----w- h:\program files\15 Days
2012-04-24 12:20 . 2012-05-15 13:30 -------- d-----w- h:\programdata\AVAST Software
2012-04-24 12:20 . 2012-05-02 12:40 -------- d-----w- h:\program files\AVAST Software
2012-04-18 19:11 . 2012-05-09 21:20 -------- d-----w- h:\users\Kim\AppData\Local\Spotify
2012-04-18 19:08 . 2012-05-16 18:19 -------- d-----w- h:\users\Kim\AppData\Roaming\Spotify
2012-04-18 17:43 . 2012-04-18 17:43 -------- d-----w- h:\program files\Microsoft
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-10 20:21 . 2012-03-31 07:03 419488 ----a-w- h:\windows\system32\FlashPlayerApp.exe
2012-05-10 20:21 . 2011-09-06 11:57 70304 ----a-w- h:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-12 14:13 . 2009-10-29 04:48 499712 ----a-w- h:\windows\system32\msvcp71.dll
2012-04-12 14:13 . 2009-10-29 04:48 348160 ----a-w- h:\windows\system32\msvcr71.dll
2012-03-01 05:46 . 2012-04-11 17:57 19824 ----a-w- h:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37 . 2012-04-11 17:57 172544 ----a-w- h:\windows\system32\wintrust.dll
2012-03-01 05:33 . 2012-04-11 17:57 159232 ----a-w- h:\windows\system32\imagehlp.dll
2012-03-01 05:29 . 2012-04-11 17:57 5120 ----a-w- h:\windows\system32\wmi.dll
2012-02-28 05:38 . 2012-04-11 01:00 981504 ----a-w- h:\windows\system32\wininet.dll
2012-02-28 03:52 . 2012-04-11 01:00 1638912 ----a-w- h:\windows\system32\mshtml.tlb
2012-02-23 08:18 . 2009-11-20 19:43 237072 ------w- h:\windows\system32\MpSigStub.exe
2012-02-17 05:34 . 2012-03-14 00:33 826880 ----a-w- h:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-14 00:33 183808 ----a-w- h:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-14 00:33 24576 ----a-w- h:\windows\system32\drivers\tdtcp.sys
2012-04-21 01:18 . 2012-05-15 13:08 97208 ----a-w- h:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- h:\users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- h:\users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- h:\users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="h:\users\Kim\AppData\Roaming\Spotify\Spotify.exe" [2012-04-18 4011184]
"Sidebar"="h:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"SpybotSD TeaTimer"="h:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="h:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"B2C_AGENT"="h:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2011-09-28 404568]
"Adobe ARM"="h:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"CanonSolutionMenu"="h:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="h:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-07 1848648]
"SunJavaUpdateSched"="h:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"DivXUpdate"="h:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"TkBellExe"="h:\program files\Real\RealPlayer\Update\realsched.exe" [2012-04-12 296056]
"AVP"="h:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
.
h:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - h:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-1-25 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\H:^Users^Kim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=h:\users\Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=h:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\H:^Users^Kim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ZooskMessenger.lnk]
path=h:\users\Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
backup=h:\windows\pss\ZooskMessenger.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- h:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 12:36 2793304 ----a-w- h:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2011-04-28 07:59 220552 ----a-w- h:\program files\PDF24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- h:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;h:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca6a2ec3046730;Google Update Service (gupdate1ca6a2ec3046730);h:\program files\Google\Update\GoogleUpdate.exe [2009-11-20 133104]
R2 SkypeUpdate;Skype Updater;h:\program files\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;h:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 257696]
R3 androidusb;ADB Interface Driver;h:\windows\system32\Drivers\androidusb.sys [2010-04-29 26112]
R3 ewusbnet;HUAWEI USB-NDIS miniport;h:\windows\system32\DRIVERS\ewusbnet.sys [2009-12-07 201168]
R3 GDPkIcpt;GDPkIcpt;h:\windows\system32\drivers\PktIcpt.sys [2012-05-15 49528]
R3 gupdatem;Google Update-Dienst (gupdatem);h:\program files\Google\Update\GoogleUpdate.exe [2009-11-20 133104]
R3 hwusbdev;Huawei DataCard USB PNP Device;h:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 101120]
R3 MozillaMaintenance;Mozilla Maintenance Service;h:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 TsUsbFlt;TsUsbFlt;h:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;h:\windows\system32\Wat\WatAdminSvc.exe [2010-09-13 1343400]
S0 GDBehave;GDBehave;h:\windows\system32\drivers\GDBehave.sys [2012-05-15 41848]
S0 sptd;sptd;h:\windows\System32\Drivers\sptd.sys [2010-11-22 691696]
S1 GDMnIcpt;GDMnIcpt;h:\windows\system32\drivers\MiniIcpt.sys [2012-05-15 90744]
S1 gdwfpcd;G Data WFP CD;h:\windows\system32\drivers\gdwfpcd32.sys [2012-05-15 54648]
S1 HookCentre;HookCentre;h:\windows\system32\drivers\HookCentre.sys [2012-05-15 50040]
S1 kl2;kl2;h:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;h:\windows\system32\DRIVERS\klim6.sys [2011-03-10 23856]
S2 acedrv11;acedrv11;h:\windows\system32\drivers\acedrv11.sys [2009-01-19 277544]
S2 AdobeARMservice;Adobe Acrobat Update Service;h:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 SBSDWSCService;SBSD Security Center Service;h:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;h:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S3 klmouflt;Kaspersky Lab KLMOUFLT;h:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-16 h:\windows\Tasks\Adobe Flash Player Updater.job
- h:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 20:21]
.
2012-05-16 h:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- h:\program files\Google\Update\GoogleUpdate.exe [2009-11-20 22:13]
.
2012-05-16 h:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- h:\program files\Google\Update\GoogleUpdate.exe [2009-11-20 22:13]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
IE: Hinzufügen zu Anti-Banner - h:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: Nach Microsoft E&xel exportieren - h:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{14ED8FDB-1A29-4EF7-98F7-579FCD1ADA4D}: NameServer = 212.23.115.148 212.23.97.3
TCP: Interfaces\{697A8CBB-599D-4462-A392-754B18E307B5}: NameServer = 212.23.115.148 212.23.97.3
TCP: Interfaces\{EF44B8B0-61D3-4614-B5CF-95B8CFA6D121}: NameServer = 212.23.115.148 212.23.97.3
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5764)
h:\users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
h:\windows\system32\nvvsvc.exe
h:\program files\NVIDIA Corporation\Display\NvXDSync.exe
h:\windows\system32\nvvsvc.exe
h:\program files\Canon\IJPLM\IJPLMSVC.EXE
h:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
h:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
h:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
h:\windows\system32\WUDFHost.exe
h:\windows\system32\taskhost.exe
h:\windows\system32\conhost.exe
h:\windows\system32\sppsvc.exe
h:\program files\Windows Media Player\wmpnetwk.exe
h:\\?\h:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-05-16 21:59:48 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-05-16 19:59
ComboFix2.txt 2012-05-16 05:42
ComboFix3.txt 2012-05-15 16:52
.
Vor Suchlauf: 20 Verzeichnis(se), 86.683.181.056 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 86.627.614.720 Bytes frei
.
- - End Of File - - DFC066B4A6FBA304EAD2651326BA563A
Es wäre wirklich toll wenn mir jmd helfen könnte!  Habe gerade in der Anleitung gelesen dass ihr noch mehr Infos braucht. Also: DDS .DDS Logfile: DDS Logfile: Code:
ATTFilter DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.2.1
Run by Kim at 9:01:02 on 2012-05-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2047.1108 [GMT 2:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ===============
.
H:\Windows\system32\wininit.exe
H:\Windows\system32\lsm.exe
H:\Windows\system32\svchost.exe -k DcomLaunch
H:\Windows\system32\nvvsvc.exe
H:\Windows\system32\svchost.exe -k RPCSS
H:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
H:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
H:\Windows\system32\svchost.exe -k netsvcs
H:\Windows\system32\svchost.exe -k LocalService
H:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
H:\Windows\system32\nvvsvc.exe
H:\Windows\system32\svchost.exe -k NetworkService
H:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
H:\Windows\System32\spoolsv.exe
H:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
H:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
H:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
H:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
H:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
H:\Windows\system32\svchost.exe -k imgsvc
H:\Windows\System32\svchost.exe -k secsvcs
H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
H:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
H:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
H:\Windows\system32\taskhost.exe
H:\Windows\system32\taskeng.exe
H:\Windows\system32\WUDFHost.exe
H:\Windows\system32\Dwm.exe
H:\Windows\Explorer.EXE
H:\Windows\system32\taskeng.exe
H:\Program Files\Microsoft IntelliPoint\ipoint.exe
H:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
H:\Program Files\Common Files\Java\Java Update\jusched.exe
H:\Program Files\DivX\DivX Update\DivXUpdate.exe
H:\Program Files\Real\RealPlayer\Update\realsched.exe
H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
H:\Windows\system32\SearchIndexer.exe
H:\Windows\system32\SearchProtocolHost.exe
H:\Windows\system32\SearchFilterHost.exe
H:\Program Files\Windows Media Player\wmpnetwk.exe
H:\Windows\System32\svchost.exe -k LocalServicePeerNet
H:\Windows\system32\taskhost.exe
H:\Windows\system32\sppsvc.exe
H:\Windows\system32\conhost.exe
H:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - h:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - h:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - h:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - h:\program files\spybot - search & destroy\SDHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - h:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - h:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - h:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - h:\program files\oracle\javafx 2.0 runtime\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - h:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
uRun: [Spotify] "h:\users\kim\appdata\roaming\spotify\Spotify.exe" /uri spotify:autostart
uRun: [SpybotSD TeaTimer] h:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Sidebar] h:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [IntelliPoint] "h:\program files\microsoft intellipoint\ipoint.exe"
mRun: [B2C_AGENT] h:\programdata\lgmobileax\b2c_client\B2CNotiAgent.exe
mRun: [Adobe ARM] "h:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [CanonSolutionMenu] h:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] h:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SunJavaUpdateSched] "h:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "h:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [TkBellExe] "h:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [AVP] "h:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe"
StartupFolder: h:\progra~3\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - h:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Hinzufügen zu Anti-Banner - h:\program files\kaspersky lab\kaspersky internet security 2012\ie_banner_deny.htm
IE: Nach Microsoft E&xel exportieren - h:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - h:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - h:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - h:\progra~2\micros~2\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - h:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - h:\program files\spybot - search & destroy\SDHelper.dll
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{14ED8FDB-1A29-4EF7-98F7-579FCD1ADA4D} : NameServer = 212.23.115.148 212.23.97.3
TCP: Interfaces\{34B85B4A-5399-4815-8722-3E180644F2E5} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{697A8CBB-599D-4462-A392-754B18E307B5} : NameServer = 212.23.115.148 212.23.97.3
TCP: Interfaces\{BA1392CB-05F0-44A0-9DC1-F7B817291529} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E898F43E-F623-410F-90D3-5D6EBCBE3DF7} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{EF44B8B0-61D3-4614-B5CF-95B8CFA6D121} : NameServer = 212.23.115.148 212.23.97.3
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - h:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - h:\progra~2\common~1\skype\SKYPE4~1.DLL
Notify: klogon - h:\windows\system32\klogon.dll
.
============= SERVICES / DRIVERS ===============
.
R0 GDBehave;GDBehave;h:\windows\system32\drivers\GDBehave.sys [2012-5-15 41848]
R1 GDMnIcpt;GDMnIcpt;h:\windows\system32\drivers\MiniIcpt.sys [2012-5-15 90744]
R1 gdwfpcd;G Data WFP CD;h:\windows\system32\drivers\gdwfpcd32.sys [2012-5-15 54648]
R1 HookCentre;HookCentre;h:\windows\system32\drivers\HookCentre.sys [2012-5-15 50040]
R1 kl2;kl2;h:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;h:\windows\system32\drivers\klim6.sys [2011-3-10 23856]
R2 acedrv11;acedrv11;h:\windows\system32\drivers\acedrv11.sys [2009-1-19 277544]
R2 AdobeARMservice;Adobe Acrobat Update Service;h:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AVP;Kaspersky Anti-Virus Service;h:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe [2011-4-24 202296]
R2 SBSDWSCService;SBSD Security Center Service;h:\program files\spybot - search & destroy\SDWinSec.exe [2012-5-16 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;h:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-10-16 369256]
R3 klmouflt;Kaspersky Lab KLMOUFLT;h:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;h:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca6a2ec3046730;Google Update Service (gupdate1ca6a2ec3046730);h:\program files\google\update\GoogleUpdate.exe [2009-11-21 133104]
S2 SkypeUpdate;Skype Updater;h:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;h:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 257696]
S3 androidusb;ADB Interface Driver;h:\windows\system32\drivers\androidusb.sys [2010-4-29 26112]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;h:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 ewusbnet;HUAWEI USB-NDIS miniport;h:\windows\system32\drivers\ewusbnet.sys [2012-3-29 201168]
S3 GDPkIcpt;GDPkIcpt;h:\windows\system32\drivers\PktIcpt.sys [2012-5-15 49528]
S3 gupdatem;Google Update-Dienst (gupdatem);h:\program files\google\update\GoogleUpdate.exe [2009-11-21 133104]
S3 hwusbdev;Huawei DataCard USB PNP Device;h:\windows\system32\drivers\ewusbdev.sys [2012-3-29 101120]
S3 MozillaMaintenance;Mozilla Maintenance Service;h:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-15 129976]
S3 TsUsbFlt;TsUsbFlt;h:\windows\system32\drivers\TsUsbFlt.sys [2011-4-14 52224]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;h:\windows\system32\wat\WatAdminSvc.exe [2010-9-13 1343400]
.
=============== Created Last 30 ================
.
2012-05-16 19:59:16 -------- d-sh--w- H:\$RECYCLE.BIN
2012-05-16 19:53:45 -------- d-----w- h:\users\kim\appdata\local\temp
2012-05-16 19:42:36 -------- d-----w- H:\ComboFix
2012-05-16 18:46:31 -------- d-----w- h:\programdata\Spybot - Search & Destroy
2012-05-16 18:46:31 -------- d-----w- h:\program files\Spybot - Search & Destroy
2012-05-15 17:48:05 97961 ----a-w- h:\windows\system32\drivers\klick.dat
2012-05-15 17:48:05 115369 ----a-w- h:\windows\system32\drivers\klin.dat
2012-05-15 17:46:45 -------- d-----w- h:\programdata\Kaspersky Lab
2012-05-15 17:46:45 -------- d-----w- h:\program files\Kaspersky Lab
2012-05-15 14:39:58 56200 ----a-w- h:\programdata\microsoft\windows defender\definition updates\{659f96c5-6dce-4c3b-8f6b-fad60676c421}\offreg.dll
2012-05-15 14:35:35 98816 ----a-w- h:\windows\sed.exe
2012-05-15 14:35:35 518144 ----a-w- h:\windows\SWREG.exe
2012-05-15 14:35:35 256000 ----a-w- h:\windows\PEV.exe
2012-05-15 14:35:35 208896 ----a-w- h:\windows\MBR.exe
2012-05-15 14:15:56 49528 ----a-w- h:\windows\system32\drivers\PktIcpt.sys
2012-05-15 14:06:04 50040 ----a-w- h:\windows\system32\drivers\HookCentre.sys
2012-05-15 14:06:03 90744 ----a-w- h:\windows\system32\drivers\MiniIcpt.sys
2012-05-15 14:06:02 41848 ----a-w- h:\windows\system32\drivers\GDBehave.sys
2012-05-15 14:06:00 54648 ----a-w- h:\windows\system32\drivers\gdwfpcd32.sys
2012-05-15 14:05:23 -------- d-----w- h:\programdata\G DATA
2012-05-15 14:05:23 -------- d-----w- h:\program files\G Data
2012-05-15 14:05:23 -------- d-----w- h:\program files\common files\G Data
2012-05-15 14:04:33 -------- d-----w- h:\users\kim\appdata\local\Downloaded Installations
2012-05-15 10:56:13 6734704 ----a-w- h:\programdata\microsoft\windows defender\definition updates\{659f96c5-6dce-4c3b-8f6b-fad60676c421}\mpengine.dll
2012-05-09 19:21:03 936960 ----a-w- h:\program files\common files\microsoft shared\ink\journal.dll
2012-05-09 19:21:00 1221632 ----a-w- h:\program files\windows journal\NBDoc.DLL
2012-05-09 19:20:58 989184 ----a-w- h:\program files\windows journal\JNTFiltr.dll
2012-05-09 19:20:58 969216 ----a-w- h:\program files\windows journal\JNWDRV.dll
2012-05-09 19:20:53 1291632 ----a-w- h:\windows\system32\drivers\tcpip.sys
2012-05-09 19:20:23 3968368 ----a-w- h:\windows\system32\ntkrnlpa.exe
2012-05-09 19:20:21 3913072 ----a-w- h:\windows\system32\ntoskrnl.exe
2012-05-09 19:20:21 2343424 ----a-w- h:\windows\system32\win32k.sys
2012-05-09 19:20:19 56176 ----a-w- h:\windows\system32\drivers\partmgr.sys
2012-05-09 19:20:10 1077248 ----a-w- h:\windows\system32\DWrite.dll
2012-05-05 22:21:49 -------- d-----w- h:\program files\ProtectDisc Driver Installer
2012-05-05 22:21:45 -------- d-----w- h:\users\kim\appdata\roaming\ProtectDisc
2012-05-05 22:12:29 -------- d-----w- h:\program files\15 Days
2012-04-24 12:20:41 -------- d-----w- h:\programdata\AVAST Software
2012-04-24 12:20:41 -------- d-----w- h:\program files\AVAST Software
2012-04-18 19:11:27 -------- d-----w- h:\users\kim\appdata\local\Spotify
2012-04-18 19:08:24 -------- d-----w- h:\users\kim\appdata\roaming\Spotify
2012-04-18 17:43:32 -------- d-----w- h:\program files\Microsoft
.
==================== Find3M ====================
.
2012-05-10 20:21:06 70304 ----a-w- h:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-10 20:21:06 419488 ----a-w- h:\windows\system32\FlashPlayerApp.exe
2012-04-12 14:13:09 499712 ----a-w- h:\windows\system32\msvcp71.dll
2012-04-12 14:13:09 348160 ----a-w- h:\windows\system32\msvcr71.dll
2012-03-01 05:46:57 19824 ----a-w- h:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37:41 172544 ----a-w- h:\windows\system32\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- h:\windows\system32\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- h:\windows\system32\wmi.dll
2012-02-28 05:38:52 981504 ----a-w- h:\windows\system32\wininet.dll
2012-02-28 03:52:27 1638912 ----a-w- h:\windows\system32\mshtml.tlb
2012-02-23 08:18:36 237072 ------w- h:\windows\system32\MpSigStub.exe
.
============= FINISH: 9:03:08,98 ===============
--- --- --- --- --- --- ATTACH: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 20.11.2009 20:29:14 System Uptime: 17.05.2012 08:58:08 (1 hours ago) . Motherboard: BIOSTAR Group | | GF7025-M2 TE Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | Socket AM2 | 2600/200mhz . ==== Disk Partitions ========================= . D: is CDROM () F: is Removable G: is Removable H: is FIXED (NTFS) - 149 GiB total, 80,819 GiB free. I: is Removable J: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e978-e325-11ce-bfc1-08002be10318} Description: ECP-Druckeranschluss Device ID: ACPI\PNP0401\1 Manufacturer: (Standardanschlusstypen) Name: ECP-Druckeranschluss (LPT1) PNP Device ID: ACPI\PNP0401\1 Service: Parport . Class GUID: {4d36e978-e325-11ce-bfc1-08002be10318} Description: Kommunikationsanschluss Device ID: ACPI\PNP0501\1 Manufacturer: (Standardanschlusstypen) Name: Kommunikationsanschluss (COM5) PNP Device ID: ACPI\PNP0501\1 Service: Serial . Class GUID: {4d36e969-e325-11ce-bfc1-08002be10318} Description: Standard-Diskettenlaufwerkcontroller Device ID: ACPI\PNP0700\4&36BE2ADB&0 Manufacturer: (Standard-Diskettenlaufwerkcontroller) Name: Standard-Diskettenlaufwerkcontroller PNP Device ID: ACPI\PNP0700\4&36BE2ADB&0 Service: fdc . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Parvdm Device ID: ROOT\LEGACY_PARVDM\0000 Manufacturer: Name: Parvdm PNP Device ID: ROOT\LEGACY_PARVDM\0000 Service: Parvdm . ==== System Restore Points =================== . RP379: 06.05.2012 00:17:28 - DirectX wurde installiert RP380: 09.05.2012 02:12:02 - Windows Update RP381: 09.05.2012 23:24:05 - Windows Update RP382: 15.05.2012 12:55:37 - Windows Update RP383: 15.05.2012 14:56:06 - Wiederherstellungsvorgang RP384: 15.05.2012 15:28:03 - avast! Free Antivirus Setup . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 15 Days AC3Filter (remove only) AC3Filter 1.63b Ace DivX Player Adobe AIR Adobe Digital Editions Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.3) - Deutsch Adobe Shockwave Player 11.6 Amazon MP3-Downloader 1.0.9 Android SDK Tools Apple Application Support Apple Software Update Canon iP3600 series Benutzerregistrierung Canon iP3600 series Printer Driver Canon Utilities Easy-PhotoPrint EX Canon Utilities My Printer Canon Utilities Solution Menu CanoScan Toolbox Ver4.5 CCleaner ContentSAFER for Wizmax D3DX10 DivX-Setup DivX Plus DirectShow Filters Dropbox Facebook Plug-In Google Chrome Google Update Helper Inkjet Printer/Scanner Extended Survey Program IsoBuster 2.8 Java Auto Updater Java(TM) 6 Update 29 Java(TM) 7 Update 2 Java(TM) SE Development Kit 7 Update 2 JavaFX 2.0.2 JavaFX 2.0.2 SDK JDownloader Kaspersky Internet Security 2012 Lame ACM MP3 Codec LG SP USB Driver LG USB Modem Driver Logitech Vid HD Logitech Webcam Software Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft IntelliPoint 8.0 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (German) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Live Add-in 1.5 Microsoft Office OneNote MUI (German) 2007 Microsoft Office PowerPoint MUI (German) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Italian) 2007 Microsoft Office Proofing (German) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (German) 2007 Microsoft Office Word MUI (German) 2007 Microsoft Silverlight Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mobile Partner MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NVIDIA 3D Vision Treiber 260.99 NVIDIA Grafiktreiber 260.99 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX-Systemsoftware 9.10.0514 NVIDIA Stereoscopic 3D Driver NVIDIA Systemsteuerung 260.99 OpenEtna WinFlasher PDF24 Creator 3.0.0 Power MP3 WMA Converter 2006, (ver 3.42) ProtectDisc Driver, Version 11 QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer RealUpgrade 1.1 SamsungMediaStudio Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Skype Click to Call Skype™ 5.8 Spotify Spybot - Search & Destroy Sweet Home 3D version 3.4 swMSM TubeBox! Update für Microsoft Office Excel 2007 Help (KB963678) Update für Microsoft Office Powerpoint 2007 Help (KB963669) Update für Microsoft Office Word 2007 Help (KB963665) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VC80CRTRedist - 8.0.50727.6195 Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Messenger Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Media Player Firefox Plugin WinRAR XviD MPEG-4 Video Codec Yahoo! Detect Yontoo Layers Runtime 1.10.01 . ==== End Of File =========================== GMER: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-05-17 08:53:56
Windows 6.1.7601 Service Pack 1
Running: ruptkvow.exe; Driver: H:\Users\Kim\AppData\Local\Temp\uwldqpow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x8F03F28A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x8F059342]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x8F059678]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x8F0599EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x8F03FD04]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x8F05902A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x8F040276]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x8F040164]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x8F0594E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x8F03F046]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x8F04038E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x8F03F8BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x8F03FA2A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateUserProcess [0x8F0404A6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x8F0595B0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x8F04074E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0x8F03FD46]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x8F041750]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x8F040840]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x8F040DAC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwNotifyChangeKey [0x8F057840]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x8F040308]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x8F0401F0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x8F03F4C4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x8F040B90]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x8F040420]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x8F03F3B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x8F04055C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryObject [0x8F057A38]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x8F0410D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x8F0409E0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x8F0597DC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x8F05972A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x8F059848]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x8F0415F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x8F0591B2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x8F03FBA4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x8F0405FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x8F041222]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x8F041316]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x8F041450]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x8F040670]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x8F03F664]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x8F03F5BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x8F040F8A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x8F03F750]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C473C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C80D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 82C87D8C 4 Bytes [8A, F2, 03, 8F]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 82C87DB4 8 Bytes [42, 93, 05, 8F, 78, 96, 05, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1143 82C87DF8 4 Bytes [EE, 99, 05, 8F]
.text ntkrnlpa.exe!KeRemoveQueueEx + 116F 82C87E24 4 Bytes [04, FD, 03, 8F]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 82C87E48 4 Bytes [2A, 90, 05, 8F]
.text ...
? System32\Drivers\spms.sys Das System kann den angegebenen Pfad nicht finden. !
.text USBPORT.SYS!DllUnload 8F739DB9 5 Bytes JMP 866F61D8
.text aosr2g5w.SYS 91301000 12 Bytes [44, 08, 02, 83, EE, 06, 02, ...] {INC ESP; OR [EDX], AL; SUB ESI, 0x6; ADD AL, [EBX-0x7cfe1860]}
.text aosr2g5w.SYS 9130100D 9 Bytes [E7, 01, 83, 48, 0B, 02, 83, ...] {OUT 0x1, EAX; OR DWORD [EAX+0xb], 0x2; ADD DWORD [EAX], 0x0}
.text aosr2g5w.SYS 91301017 170 Bytes [00, DE, 27, F3, 83, E6, 25, ...]
.text aosr2g5w.SYS 913010C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text aosr2g5w.SYS 913010CE 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text ...
.reloc H:\Windows\system32\drivers\acedrv11.sys section is executable [0x9C094300, 0x25D4C, 0xE0000060]
.text H:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x9C0BB300, 0x3B6D8, 0xE8000020]
.text H:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x9C0FE300, 0x1BEE, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
? H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1808] H:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
.text H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1808] ntdll.dll!NtProtectVirtualMemory 77BF5F18 5 Bytes JMP 6AC91765 H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)
? H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1808] H:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1808] USER32.dll!NotifyWinEvent + 6AE 779BD66C 4 Bytes [E0, 13, 54, 67]
? H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1952] H:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
.text H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1952] ntdll.dll!NtProtectVirtualMemory 77BF5F18 5 Bytes JMP 6AC91765 H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)
? H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1952] H:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1952] USER32.dll!NotifyWinEvent + 6AE 779BD66C 4 Bytes [E0, 13, 54, 67]
.text H:\Program Files\Mozilla Firefox\firefox.exe[3736] ntdll.dll!LdrLoadDll 77C1223E 5 Bytes JMP 66A2C930 H:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text H:\Program Files\Mozilla Firefox\firefox.exe[3736] kernel32.dll!MapViewOfFile 765993DB 5 Bytes JMP 66C5E083 H:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text H:\Program Files\Mozilla Firefox\firefox.exe[3736] kernel32.dll!VirtualAlloc 7659C43A 5 Bytes JMP 66C5E0AA H:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text H:\Program Files\Mozilla Firefox\firefox.exe[3736] USER32.dll!SetWindowLongA 779A8BA3 5 Bytes JMP 66DB5C85 H:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text H:\Program Files\Mozilla Firefox\firefox.exe[3736] USER32.dll!SetWindowLongW 779B4449 5 Bytes JMP 66DB5C25 H:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text H:\Program Files\Mozilla Firefox\firefox.exe[3736] GDI32.dll!CreateDIBSection 767E8850 5 Bytes JMP 66C5E00D H:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text H:\Program Files\Real\RealPlayer\Update\realsched.exe[4040] kernel32.dll!SetUnhandledExceptionFilter 7659F4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 861281F8
Device \Driver\usbohci \Device\USBPDO-0 8670B500
Device \Driver\usbehci \Device\USBPDO-1 866431F8
Device \Driver\usbohci \Device\USBPDO-2 8670B500
Device \Driver\usbehci \Device\USBPDO-3 866431F8
AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
Device \Driver\USBSTOR \Device\00000070 8655D1F8
Device \Driver\volmgr \Device\HarddiskVolume1 861241F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\USBSTOR \Device\00000071 8655D1F8
Device \Driver\PCI_PNP1264 \Device\00000058 spms.sys
Device \Driver\USBSTOR \Device\00000072 8655D1F8
Device \Driver\volmgr \Device\HarddiskVolume2 861241F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom0 865553E0
Device \Driver\sptd \Device\1148035264 spms.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3 861261F8
Device \Driver\atapi \Device\Ide\IdePort0 861261F8
Device \Driver\atapi \Device\Ide\IdePort1 861261F8
Device \Driver\atapi \Device\Ide\IdePort2 861261F8
Device \Driver\atapi \Device\Ide\IdePort3 861261F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-7 861261F8
Device \Driver\USBSTOR \Device\00000073 8655D1F8
Device \Driver\volmgr \Device\HarddiskVolume3 861241F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume4 861241F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume5 861241F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBt_Wins_Export 8670C1F8
Device \Driver\ACPI_HAL \Device\0000004e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
Device \Driver\usbohci \Device\USBFDO-0 8670B500
Device \Driver\usbehci \Device\USBFDO-1 866431F8
Device \Driver\usbohci \Device\USBFDO-2 8670B500
Device \Driver\USBSTOR \Device\0000006f 8655D1F8
Device \Driver\usbehci \Device\USBFDO-3 866431F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{BA1392CB-05F0-44A0-9DC1-F7B817291529} 8670C1F8
Device \Driver\aosr2g5w \Device\Scsi\aosr2g5w1 86889500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 H:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x56 0x1D 0x62 0x76 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x41 0xDA 0x93 0xFD ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB8 0x8F 0x90 0x82 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xC3 0x0E 0x7B 0x22 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x8E 0x01 0xA9 0xB1 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0xE4 0x92 0x50 0xD4 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 H:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x56 0x1D 0x62 0x76 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x41 0xDA 0x93 0xFD ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB8 0x8F 0x90 0x82 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xC3 0x0E 0x7B 0x22 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x8E 0x01 0xA9 0xB1 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0xE4 0x92 0x50 0xD4 ...
---- EOF - GMER 1.0.15 ----
Keiner da der helfen kann?? Geändert von Mia2501 (17.05.2012 um 08:10 Uhr) |
| Themen zu PC hängt sich ständig auf bzw. startet neu |
| acrobat update, adobe, antivirus se, avast, avp, avp.exe, combofix, computer, defender, desktop, explorer, firefox, flash player, google, home, hängt, internet, kaspersky, locker, logfile, mozilla, ntdll.dll, nvidia, office 2007, plug-in, problem, prozesse, security, system, temp, updates, usbport.sys, windows, windows 7 home |
Baum-Darstellung