Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Festplattenproblem nach Avira Free Antivirus-Meldung

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 25.02.2012, 01:18   #16
Xave
 
Festplattenproblem nach Avira Free Antivirus-Meldung - Standard

Festplattenproblem nach Avira Free Antivirus-Meldung



Ach ja
Ich habe jetzt die Berichte gespeichert und den Inhalt der Textdatei hier rein kopiert.
Das erste ist der "Schutz-Center", das zweite sind "Erkannte Bedrohungen", hoffentlich waren das die richtigen.
Tut mir leid, dass ich mich ein bisschen blöd anstelle...

mfG

Code:
ATTFilter
Datum: Gestern (155)	
Kaspersky Anti-Virus	dvhhccfblujqw.exe	Sicherungskopie erstellt: Trojan.Win32.FakeAV.kxpe	24.02.2012 21:13:43	
Kaspersky Anti-Virus	dvhhccfblujqw.exe	Gefunden: Trojan.Win32.FakeAV.kxpe	24.02.2012 21:12:46	
Host Process for Windows Services	$ObjId:$O:$INDEX_ALLOCATION	Bearbeitungsfehler	24.02.2012 21:10:46	
Kaspersky Anti-Virus		Es gibt unverarbeitete Objekte	24.02.2012 21:09:57	
Kaspersky Anti-Virus	nc.exe	Gelöscht: not-a-virus:RemoteAdmin.Win32.NetCat.a	24.02.2012 21:01:58	
Kaspersky Anti-Virus	cryptload_1.1.8.rar	Sicherungskopie erstellt: not-a-virus:RemoteAdmin.Win32.NetCat.a	24.02.2012 21:01:58	
Kaspersky Anti-Virus	nc.exe	Gefunden: not-a-virus:RemoteAdmin.Win32.NetCat.a	24.02.2012 21:01:47	
Kaspersky Anti-Virus	Vollständige Untersuchung	Aufgabe wurde gestartet	24.02.2012 20:59:44	
Kaspersky Anti-Virus	nc.exe	Nicht desinfizierte Objekte: not-a-virus:RemoteAdmin.Win32.NetCat.a	24.02.2012 20:59:27	
Kaspersky Anti-Virus	nc.exe	Gefunden: not-a-virus:RemoteAdmin.Win32.NetCat.a	24.02.2012 20:59:25	
Kaspersky Anti-Virus	nc.exe	Nicht desinfizierte Objekte: not-a-virus:RemoteAdmin.Win32.NetCat.a	24.02.2012 20:48:22	
Kaspersky Anti-Virus	nc.exe	Gefunden: not-a-virus:RemoteAdmin.Win32.NetCat.a	24.02.2012 20:48:17	
Kaspersky Anti-Virus	Update	Aufgabe wurde abgeschlossen	24.02.2012 20:46:14	
Kaspersky Anti-Virus	Vollständige Untersuchung	Aufgabe wurde abgeschlossen	24.02.2012 20:44:57	
Kaspersky Anti-Virus	Update	Aufgabe wurde gestartet	24.02.2012 20:42:03	
Kaspersky Anti-Virus	nc.exe	Nicht desinfizierte Objekte: not-a-virus:RemoteAdmin.Win32.NetCat.a	24.02.2012 20:13:41	
Kaspersky Anti-Virus	nc.exe	Gefunden: not-a-virus:RemoteAdmin.Win32.NetCat.a	24.02.2012 20:13:34	
Kaspersky Anti-Virus	nc.exe	Nicht desinfizierte Objekte: not-a-virus:RemoteAdmin.Win32.NetCat.a	24.02.2012 20:00:44	
Kaspersky Anti-Virus	nc.exe	Gefunden: not-a-virus:RemoteAdmin.Win32.NetCat.a	24.02.2012 20:00:12	
Kaspersky Anti-Virus		Es gibt unverarbeitete Objekte	24.02.2012 19:59:21	
Kaspersky Anti-Virus	Photo.class	Gelöscht: Exploit.Java.CVE-2011-3544.id	24.02.2012 19:48:39	
Kaspersky Anti-Virus	b194f87-4bf3fab4	Sicherungskopie erstellt: Exploit.Java.CVE-2011-3544.id	24.02.2012 19:48:39	
Kaspersky Anti-Virus	Photo.class	Gefunden: Exploit.Java.CVE-2011-3544.id	24.02.2012 19:48:33	
Kaspersky Anti-Virus		Es gibt unverarbeitete Objekte	24.02.2012 19:28:19	
Kaspersky Anti-Virus	Vollständige Untersuchung	Aufgabe wurde gestartet	24.02.2012 18:46:28	
Kaspersky Anti-Virus	Update	Aufgabe wurde beendet	24.02.2012 18:41:43	
Kaspersky Anti-Virus	Update	Aufgabe wurde gestartet	24.02.2012 18:41:30	
Kaspersky Anti-Virus	Rootkit-Suche	Aufgabe wurde abgeschlossen	24.02.2012 18:37:45	
Kaspersky Anti-Virus	Rootkit-Suche	Aufgabe wurde gestartet	24.02.2012 18:29:14	
Kaspersky Anti-Virus	Vollständige Untersuchung	Aufgabe wurde abgeschlossen	24.02.2012 18:27:03	
Host Process for Windows Services	PE_Patch	Gepackt: ASProtect	24.02.2012 18:07:59	
Host Process for Windows Services	FileSync.exe	Gepackt: PE_Patch	24.02.2012 18:07:58	
Kaspersky Anti-Virus		Es gibt unverarbeitete Objekte	24.02.2012 17:49:05	
Host Process for Windows Services	$ObjId:$O:$INDEX_ALLOCATION	Bearbeitungsfehler	24.02.2012 17:43:52	
Host Process for Windows Services	PecBundle	Gepackt: PECompact	24.02.2012 17:41:33	
Host Process for Windows Services	PE_Patch.PECompact	Gepackt: PecBundle	24.02.2012 17:41:32	
Host Process for Windows Services	SUPER.exe	Gepackt: PE_Patch.PECompact	24.02.2012 17:41:32	
Host Process for Windows Services	PecBundle	Gepackt: PECompact	24.02.2012 17:40:25	
Host Process for Windows Services	PE_Patch.PECompact	Gepackt: PecBundle	24.02.2012 17:40:24	
Host Process for Windows Services	GOOGLEDESKTOPSETUP.EXE	Gepackt: PE_Patch.PECompact	24.02.2012 17:40:24	
Kaspersky Anti-Virus		Der Schutz wurde aktiviert	24.02.2012 17:29:39	
Kaspersky Anti-Virus	Vollständige Untersuchung	Aufgabe wurde gestartet	24.02.2012 17:29:00	
Kaspersky Anti-Virus	IM-Anti-Virus	Aufgabe wurde gestartet	24.02.2012 17:29:00	
Kaspersky Anti-Virus	Web-Anti-Virus	Aufgabe wurde gestartet	24.02.2012 17:29:00	
Kaspersky Anti-Virus			24.02.2012 17:29:00	
Kaspersky Anti-Virus			24.02.2012 17:29:00	
Kaspersky Anti-Virus	Mail-Anti-Virus	Aufgabe wurde gestartet	24.02.2012 17:29:00	
Kaspersky Anti-Virus	Aktivitätsmonitor	Aufgabe wurde gestartet	24.02.2012 17:29:00	
Kaspersky Anti-Virus	Proaktiver Schutz	Aufgabe wurde gestartet	24.02.2012 17:29:00	
Kaspersky Anti-Virus	Datei-Anti-Virus	Aufgabe wurde gestartet	24.02.2012 17:29:00	
Kaspersky Anti-Virus		Es liegt eine wichtige Meldung zur Lizenz vor	24.02.2012 17:28:59	
Kaspersky Anti-Virus		Es gibt unverarbeitete Objekte	24.02.2012 17:28:59	
Unbekanntes Programm	amlogs	Verboten	24.02.2012 17:28:52	
Client Server Runtime Process	avp.exe	Verboten	24.02.2012 17:27:14	
Kaspersky Anti-Virus		Es gibt unverarbeitete Objekte	24.02.2012 17:25:30	
Host Process for Windows Services	4FM90S4PX3HOPW.EXE	Gefunden: HEUR:Trojan.Win32.Generic	24.02.2012 17:25:30	
Host Process for Windows Services	BrSerId.sys	Gepackt: PE_Patch	24.02.2012 17:24:11	
Host Process for Windows Services	BrUsbMdm.sys	Gepackt: PE_Patch	24.02.2012 17:23:48	
Client Server Runtime Process	avp.exe	Verboten	24.02.2012 17:23:31	
Kaspersky Anti-Virus	Aktive Bedrohungen neutralisieren	Aufgabe wurde abgeschlossen	24.02.2012 17:23:14	
Kaspersky Anti-Virus		Es gibt unverarbeitete Objekte	24.02.2012 17:22:14	
Host Process for Windows Services	PecBundle	Gepackt: PECompact	24.02.2012 17:22:05	
Host Process for Windows Services	PE_Patch.PECompact	Gepackt: PecBundle	24.02.2012 17:22:05	
Host Process for Windows Services	flvdec.spk	Gepackt: PE_Patch.PECompact	24.02.2012 17:22:05	
Kaspersky Anti-Virus		Es gibt unverarbeitete Objekte	24.02.2012 17:21:55	
Host Process for Windows Services	4FM90S4PX3HOPW.EXE	Gefunden: HEUR:Trojan.Win32.Generic	24.02.2012 17:21:55	
Kaspersky Anti-Virus		Es gibt unverarbeitete Objekte	24.02.2012 17:20:25	
Host Process for Windows Services	PE_Patch	Gepackt: ASProtect	24.02.2012 17:15:38	
Host Process for Windows Services	FILESEARCH.EXE	Gepackt: PE_Patch	24.02.2012 17:15:37	
Host Process for Windows Services	PecBundle	Gepackt: PECompact	24.02.2012 17:15:00	
Host Process for Windows Services	PE_Patch.PECompact	Gepackt: PecBundle	24.02.2012 17:14:59	
Host Process for Windows Services	OTL.exe	Gepackt: PE_Patch.PECompact	24.02.2012 17:14:59	
Kaspersky Anti-Virus		Es gibt unverarbeitete Objekte	24.02.2012 17:10:30	
Host Process for Windows Services	4FM90S4PX3HOPW.EXE	Gefunden: HEUR:Trojan.Win32.Generic	24.02.2012 17:10:30	
Kaspersky Anti-Virus		Es gibt unverarbeitete Objekte	24.02.2012 17:10:22	
Host Process for Windows Services	DVHHCCFBLUJQW.EXE	Gefunden: Trojan.Win32.FakeAV.kxpe	24.02.2012 17:10:22	
Kaspersky Anti-Virus		Es gibt unverarbeitete Objekte	24.02.2012 17:06:57	
Windows Explorer	DVHHCCFBLUJQW.EXE	Wird beim Neustart gelöscht: Trojan.Win32.FakeAV.kxpe	24.02.2012 17:05:23	
Windows Explorer	DVHHCCFBLUJQW.EXE	Sicherungskopie erstellt: Trojan.Win32.FakeAV.kxpe	24.02.2012 17:05:23	
Kaspersky Anti-Virus	DvhhCCFbLujqW.exe	Gelöscht	24.02.2012 17:04:57	
Kaspersky Anti-Virus		Es gibt unverarbeitete Objekte	24.02.2012 17:04:53	
Windows Explorer	DVHHCCFBLUJQW.EXE	Gefunden: Trojan.Win32.FakeAV.kxpe	24.02.2012 17:04:53	
Google Desktop	4FM90S4PX3HOPW.EXE	Wird beim Neustart in die Quarantäne verschoben: HEUR:Trojan.Win32.Generic	24.02.2012 17:04:46	
Kaspersky Anti-Virus	4fm90s4px3hopw.exe	Wird beim Neustart gelöscht: HEUR:Trojan.Win32.Generic	24.02.2012 17:04:26	
Kaspersky Anti-Virus	4fm90s4px3hopw.exe	Verschieben in die Quarantäne unmöglich: HEUR:Trojan.Win32.Generic	24.02.2012 17:04:26	
Kaspersky Anti-Virus	4fm90s4px3hopw.exe	Wird beim Neustart in die Quarantäne verschoben: HEUR:Trojan.Win32.Generic	24.02.2012 17:04:24	
Google Desktop	4FM90S4PX3HOPW.EXE	Gefunden: HEUR:Trojan.Win32.Generic	24.02.2012 17:03:38	
Google Desktop	4FM90S4PX3HOPW.EXE	Nicht verarbeitet: HEUR:Trojan.Win32.Generic	24.02.2012 17:01:35	
Kaspersky Anti-Virus	Aktive Bedrohungen neutralisieren	Aufgabe wurde gestartet	24.02.2012 17:01:16	
Kaspersky Anti-Virus	4fm90s4px3hopw.exe	Gefunden: HEUR:Trojan.Win32.Generic	24.02.2012 17:01:16	
Kaspersky Anti-Virus	4fm90s4px3hopw.exe	Nicht verarbeitet: HEUR:Trojan.Win32.Generic	24.02.2012 17:01:16	
Kaspersky Anti-Virus	4fm90s4px3hopw.exe	Gefunden: HEUR:Trojan.Win32.Generic	24.02.2012 16:57:44	
SpeedCommander	TEAMVIEWER_SETUP_DE.EXE	Gepackt: UPX	24.02.2012 16:57:24	
Kaspersky Anti-Virus		Es gibt unverarbeitete Objekte	24.02.2012 16:57:02	
Google Desktop	4FM90S4PX3HOPW.EXE	Gefunden: HEUR:Trojan.Win32.Generic	24.02.2012 16:57:02	
SpeedCommander	MxCmn50.dll	Gepackt: ASProtect	24.02.2012 16:56:48	
Windows Explorer	PE_Patch	Gepackt: ASProtect	24.02.2012 16:56:34	
Windows Explorer	PE_Patch	Gepackt: ASProtect	24.02.2012 16:56:34	
Windows Explorer	SPEEDCOMMANDER.EXE	Gepackt: PE_Patch	24.02.2012 16:56:33	
Windows Explorer	SpeedEdit.exe	Gepackt: PE_Patch	24.02.2012 16:56:33	
Windows Explorer	PE_Patch	Gepackt: ASProtect	24.02.2012 16:56:33	
Windows Explorer	SpeedView.exe	Gepackt: PE_Patch	24.02.2012 16:56:32	
Windows Explorer	CmdLineExt03.dll	Gepackt: Petite	24.02.2012 16:56:03	
Kaspersky Anti-Virus		Der Schutz wurde aktiviert	24.02.2012 16:55:01	
Kaspersky Anti-Virus		Der Schutz funktioniert nicht	24.02.2012 16:54:27	
Kaspersky Anti-Virus	Web-Anti-Virus	Aufgabe wurde gestartet	24.02.2012 16:54:27	
Kaspersky Anti-Virus			24.02.2012 16:54:27	
Kaspersky Anti-Virus			24.02.2012 16:54:27	
Kaspersky Anti-Virus	Aktivitätsmonitor	Aufgabe wurde gestartet	24.02.2012 16:54:27	
Kaspersky Anti-Virus	Proaktiver Schutz	Aufgabe wurde gestartet	24.02.2012 16:54:27	
Kaspersky Anti-Virus	Mail-Anti-Virus	Aufgabe wurde gestartet	24.02.2012 16:54:27	
Kaspersky Anti-Virus		Der Schutz funktioniert nicht	24.02.2012 16:54:27	
Kaspersky Anti-Virus	IM-Anti-Virus	Aufgabe wurde gestartet	24.02.2012 16:54:27	
Kaspersky Anti-Virus	Datei-Anti-Virus	Aufgabe wurde gestartet	24.02.2012 16:54:27	
Task Scheduler Engine	avp.exe	Verboten	24.02.2012 16:53:53	
Unbekanntes Programm	Kaspersky Anti-Virus 2012	Verboten	24.02.2012 16:52:04	
Kaspersky Anti-Virus		Der Schutz wurde deaktiviert	24.02.2012 16:52:05	
Kaspersky Anti-Virus		Es liegt eine wichtige Meldung zur Lizenz vor	24.02.2012 16:52:05	
Kaspersky Anti-Virus	Update	Aufgabe wurde beendet	24.02.2012 16:49:48	
Client Server Runtime Process	avp.exe	Verboten	24.02.2012 16:49:43	
Client Server Runtime Process	avp.exe	Verboten	24.02.2012 16:49:28	
Kaspersky Anti-Virus	Update	Aufgabe wurde gestartet	24.02.2012 16:49:07	
Task Scheduler Engine	avp.exe	Verboten	24.02.2012 16:36:29	
Kaspersky Anti-Virus		Der Schutz wurde deaktiviert	24.02.2012 09:42:07	
Kaspersky Anti-Virus		Es liegt eine wichtige Meldung zur Lizenz vor	24.02.2012 09:42:07	
Unbekanntes Programm	Kaspersky Anti-Virus 2012	Verboten	24.02.2012 09:42:00	
Client Server Runtime Process	avp.exe	Verboten	24.02.2012 09:40:15	
Client Server Runtime Process	avp.exe	Verboten	24.02.2012 09:39:36	
Kaspersky Anti-Virus	Proaktiver Schutz	Aufgabe wurde beendet	24.02.2012 09:01:31	
Kaspersky Anti-Virus	Web-Anti-Virus	Aufgabe wurde beendet	24.02.2012 09:01:31	
Kaspersky Anti-Virus			24.02.2012 09:01:31	
Kaspersky Anti-Virus	IM-Anti-Virus	Aufgabe wurde beendet	24.02.2012 09:01:31	
Kaspersky Anti-Virus	Datei-Anti-Virus	Aufgabe wurde beendet	24.02.2012 09:01:31	
Kaspersky Anti-Virus	Mail-Anti-Virus	Aufgabe wurde beendet	24.02.2012 09:01:31	
Kaspersky Anti-Virus			24.02.2012 09:01:31	
Kaspersky Anti-Virus	Aktivitätsmonitor	Aufgabe wurde beendet	24.02.2012 09:01:31	
Kaspersky Anti-Virus		Der Schutz wurde deaktiviert	24.02.2012 09:01:31	
Kaspersky Anti-Virus		Der Schutz wurde aktiviert	24.02.2012 09:01:16	
Kaspersky Anti-Virus		Der Schutz funktioniert nicht	24.02.2012 09:01:05	
Kaspersky Anti-Virus	Web-Anti-Virus	Aufgabe wurde gestartet	24.02.2012 09:01:05	
Kaspersky Anti-Virus			24.02.2012 09:01:05	
Kaspersky Anti-Virus			24.02.2012 09:01:05	
Kaspersky Anti-Virus	Proaktiver Schutz	Aufgabe wurde gestartet	24.02.2012 09:01:05	
Kaspersky Anti-Virus	Aktivitätsmonitor	Aufgabe wurde gestartet	24.02.2012 09:01:05	
Kaspersky Anti-Virus	Mail-Anti-Virus	Aufgabe wurde gestartet	24.02.2012 09:01:05	
Kaspersky Anti-Virus	IM-Anti-Virus	Aufgabe wurde gestartet	24.02.2012 09:01:05	
Kaspersky Anti-Virus	Datei-Anti-Virus	Aufgabe wurde gestartet	24.02.2012 09:01:05	
Kaspersky Anti-Virus	Untersuchung bei Computerleerlauf	Aufgabe wurde beendet	24.02.2012 08:36:53	
Kaspersky Anti-Virus	Untersuchung bei Computerleerlauf	Aufgabe wurde gestartet	24.02.2012 08:36:49	
Kaspersky Anti-Virus	Update	Aufgabe wurde abgeschlossen	24.02.2012 08:17:38	
Kaspersky Anti-Virus	Update	Aufgabe wurde gestartet	24.02.2012 08:15:40	
Kaspersky Anti-Virus	Update	Aufgabe wurde abgeschlossen	24.02.2012 02:06:03	
Kaspersky Anti-Virus	Update	Aufgabe wurde gestartet	24.02.2012 02:02:44	
Kaspersky Anti-Virus	Update	Aufgabe wurde abgeschlossen	24.02.2012 00:02:32	
Kaspersky Anti-Virus		Es liegt eine wichtige Meldung zur Lizenz vor	24.02.2012 00:00:53	
Datum: Donnerstag (47)	
Kaspersky Anti-Virus		Das Programm wurde nicht aktiviert	23.02.2012 21:12:48	
Kaspersky Anti-Virus		Der Schutz funktioniert nicht	23.02.2012 21:12:48	
Kaspersky Anti-Virus		Die Datenbanken sind stark veraltet	23.02.2012 21:12:48	
Kaspersky Anti-Virus	Datei-Anti-Virus	Aufgabe wurde gestartet	23.02.2012 21:12:48	
Kaspersky Anti-Virus	IM-Anti-Virus	Aufgabe wurde gestartet	23.02.2012 21:12:48	
Kaspersky Anti-Virus	Mail-Anti-Virus	Aufgabe wurde gestartet	23.02.2012 21:12:48	
Kaspersky Anti-Virus			23.02.2012 21:12:48	
Kaspersky Anti-Virus	Proaktiver Schutz	Aufgabe wurde gestartet	23.02.2012 21:12:48	
Kaspersky Anti-Virus	Aktivitätsmonitor	Aufgabe wurde gestartet	23.02.2012 21:12:48	
Kaspersky Anti-Virus	Web-Anti-Virus	Aufgabe wurde gestartet	23.02.2012 21:12:48	
Kaspersky Anti-Virus			23.02.2012 21:12:48	
Windows Explorer	MyClubVAIO.exe	Gepackt: UPX	23.02.2012 21:13:17	
Kaspersky Anti-Virus		Der Schutz wurde aktiviert	23.02.2012 21:14:23	
Task Scheduler Engine	avp.exe	Verboten	23.02.2012 21:22:54	
Kaspersky Anti-Virus		Der Schutz wurde deaktiviert	23.02.2012 21:23:29	
Kaspersky Anti-Virus	Aktivitätsmonitor	Aufgabe wurde beendet	23.02.2012 21:23:29	
Kaspersky Anti-Virus	IM-Anti-Virus	Aufgabe wurde beendet	23.02.2012 21:23:29	
Kaspersky Anti-Virus			23.02.2012 21:23:29	
Kaspersky Anti-Virus	Mail-Anti-Virus	Aufgabe wurde beendet	23.02.2012 21:23:29	
Kaspersky Anti-Virus			23.02.2012 21:23:29	
Kaspersky Anti-Virus	Datei-Anti-Virus	Aufgabe wurde beendet	23.02.2012 21:23:29	
Kaspersky Anti-Virus	Web-Anti-Virus	Aufgabe wurde beendet	23.02.2012 21:23:29	
Kaspersky Anti-Virus	Proaktiver Schutz	Aufgabe wurde beendet	23.02.2012 21:23:29	
Kaspersky Anti-Virus	IM-Anti-Virus	Aufgabe wurde gestartet	23.02.2012 21:23:59	
Kaspersky Anti-Virus	Datei-Anti-Virus	Aufgabe wurde gestartet	23.02.2012 21:23:59	
Kaspersky Anti-Virus	Proaktiver Schutz	Aufgabe wurde gestartet	23.02.2012 21:23:59	
Kaspersky Anti-Virus	Aktivitätsmonitor	Aufgabe wurde gestartet	23.02.2012 21:23:59	
Kaspersky Anti-Virus			23.02.2012 21:23:59	
Kaspersky Anti-Virus			23.02.2012 21:23:59	
Kaspersky Anti-Virus	Web-Anti-Virus	Aufgabe wurde gestartet	23.02.2012 21:23:59	
Kaspersky Anti-Virus	Mail-Anti-Virus	Aufgabe wurde gestartet	23.02.2012 21:23:59	
Kaspersky Anti-Virus		Der Schutz wurde aktiviert	23.02.2012 21:24:07	
Firefox	imgad?id=CICAgMDOnYa09wEQ0AIYmAIyCPfPT9bDYC-S	Gepackt: Swf2Swc	23.02.2012 21:25:10	
Firefox	F17EAd01	Gepackt: Swf2Swc	23.02.2012 21:25:31	
Kaspersky Anti-Virus		Der Schutz wurde deaktiviert	23.02.2012 21:26:08	
Kaspersky Anti-Virus	Mail-Anti-Virus	Aufgabe wurde beendet	23.02.2012 21:26:08	
Kaspersky Anti-Virus	IM-Anti-Virus	Aufgabe wurde beendet	23.02.2012 21:26:08	
Kaspersky Anti-Virus	Aktivitätsmonitor	Aufgabe wurde beendet	23.02.2012 21:26:08	
Kaspersky Anti-Virus			23.02.2012 21:26:08	
Kaspersky Anti-Virus			23.02.2012 21:26:08	
Kaspersky Anti-Virus	Web-Anti-Virus	Aufgabe wurde beendet	23.02.2012 21:26:08	
Kaspersky Anti-Virus	Datei-Anti-Virus	Aufgabe wurde beendet	23.02.2012 21:26:09	
Kaspersky Anti-Virus	Proaktiver Schutz	Aufgabe wurde beendet	23.02.2012 21:26:12	
Kaspersky Anti-Virus	Update	Aufgabe wurde gestartet	23.02.2012 21:26:56	
Kaspersky Anti-Virus			23.02.2012 21:59:21	
Kaspersky Anti-Virus	Update	Aufgabe wurde abgeschlossen	23.02.2012 21:59:33	
Kaspersky Anti-Virus	Update	Aufgabe wurde gestartet	23.02.2012 23:59:58
         
Code:
ATTFilter
Typ: legales Programm, das von einem Angreifer benutzt werden kann, um den Computer oder die Benutzerdaten zu beschädigen (2)	
not-a-virus:RemoteAdmin.Win32.NetCat.a	Desinfiziert	24.02.2012 21:01:59	
not-a-virus:RemoteAdmin.Win32.NetCat.a	Gelöscht	24.02.2012 21:01:58	
Typ: trojanisches Programm (7)	
Trojan.Win32.FakeAV.kxpe	Gelöscht	24.02.2012 21:13:43	
Exploit.Java.CVE-2011-3544.id	Desinfiziert	24.02.2012 19:48:39	
Exploit.Java.CVE-2011-3544.id	Gelöscht	24.02.2012 19:48:39	
Trojan.Win32.FakeAV.kxpe	Gelöscht	24.02.2012 18:27:03	
Exploit.Java.CVE-2011-3544.id	Gelöscht	24.02.2012 18:27:03	
Packed.Win32.Krap.r	Gelöscht	24.02.2012 18:27:02	
Packed.Win32.Krap.r	Gelöscht	24.02.2012 18:27:02	
Typ: Virus (1)	
HEUR:Trojan.Win32.Generic	Nicht gefunden	24.02.2012 17:28:59
         

Alt 26.02.2012, 14:43   #17
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Festplattenproblem nach Avira Free Antivirus-Meldung - Standard

Festplattenproblem nach Avira Free Antivirus-Meldung



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________

__________________

Alt 26.02.2012, 17:46   #18
Xave
 
Festplattenproblem nach Avira Free Antivirus-Meldung - Standard

Festplattenproblem nach Avira Free Antivirus-Meldung



So, hier ist das gute Stück
Code:
ATTFilter
OTL logfile created on: 26.02.2012 16:19:54 - Run 3
OTL by OldTimer - Version 3.2.33.2     Folder = c:\Users\****\Downloads
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 59,98% Memory free
6,13 Gb Paging File | 4,70 Gb Available in Paging File | 76,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 179,11 Gb Total Space | 10,22 Gb Free Space | 5,70% Space Free | Partition Type: NTFS
 
Computer Name: ****-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - c:\Users\****\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\FileServe Manager\FSStarter.exe (FileServe Limited)
PRC - C:\Programme\FileServe Manager\FileManager.exe (FileServe Limited)
PRC - C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC)
PRC - C:\Programme\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe (SMART Technologies)
PRC - C:\Programme\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation)
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor)
PRC - C:\Programme\Sony\Network Utility\NSUService.exe (Sony Corporation)
PRC - C:\Programme\Sony\Network Utility\LANUtil.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Mode Switch\VMSwitch.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Programme\Protector Suite QL\upeksvr.exe (UPEK Inc.)
PRC - C:\Programme\Protector Suite QL\psqltray.exe (UPEK Inc.)
PRC - C:\Programme\Sony\VAIO Update 3\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Programme\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\FileServe Manager\FFChromeExtHelper.dll ()
MOD - C:\Programme\FileServe Manager\MT.WindowsUI.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\bf3b757c821a36e6a9c7c1988b39a15d\System.IdentityModel.Selectors.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\3fb6b9b320c78fa02be3fa8ce26b7559\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\0393b1448497e28ae9bbfed9be19bd3e\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\06bb41fe681650a017fa2c99e197edf0\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\0dd1924dbe8ac43b923a28409d351619\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\f280cfb373553c7b3ca0581a89944b91\System.Deployment.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\81a310f5bd696b74485a513680672a5e\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
MOD - C:\Windows\System32\CmdLineExt03.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtgui4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtsql4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtscript4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtnetwork4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtcore4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtdeclarative4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll ()
MOD - C:\Programme\Google\Google Desktop Search\gzlib.dll ()
MOD - C:\Programme\SMART Technologies\SMART Product Drivers\ZipArchive.dll ()
MOD - C:\Programme\SMART Technologies\SMART Product Drivers\QtCore4.dll ()
MOD - C:\Programme\SMART Technologies\SMART Product Drivers\QtGui4.dll ()
MOD - C:\Programme\SMART Technologies\SMART Product Drivers\QtNetwork4.dll ()
MOD - C:\Programme\Logitech\SetPoint\khalwrapper.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll ()
MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\SPMDam\3.0.0.4140__1b3c579b6925895f\SPMDam.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\SPMCommon\3.0.0.4140__e3c7096ba83f9295\SPMCommon.dll ()
MOD - C:\Programme\Sony\VAIO Event Service\VESBasePS.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Windows\System32\btwhidcs.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (RtkHDMIService) -- C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor)
SRV - (NSUService) -- C:\Program Files\Sony\Network Utility\NSUService.exe (Sony Corporation)
SRV - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SMARTVHidMini2000x86) -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys (SMART Technologies ULC)
DRV - (SMARTMouseFilterx86) -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys (SMART Technologies ULC)
DRV - (SMARTVTabletPCx86) -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys (SMART Technologies ULC)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (jatmlano) -- C:\Users\****\AppData\Local\Temp\jatmlano.sys ()
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (shpf) -- C:\Windows\system32\DRIVERS\shpf.sys (Sony Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (RT25USBAP) -- C:\Windows\System32\drivers\RT25USBAP.SYS (Ralink Technology Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=92.243.163.7:3128
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=92.243.163.7:3128
 
 
 
IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=92.243.163.7:3128
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9F6FB1C9-22DA-4123-A7D4-9E7844B60EE5}: C:\Program Files\FileServe Manager\FireFox_Extension\{9F6FB1C9-22DA-4123-A7D4-9E7844B60EE5}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2012.02.23 21:45:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.02.23 21:45:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.20 21:07:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.09.19 19:03:12 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2012.02.17 23:05:24 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\6pq22yl3.default\extensions
[2011.12.04 16:50:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\DOROTHEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6PQ22YL3.DEFAULT\EXTENSIONS\GROOVESHARKUNLOCKER@OVERLORD1337.XPI
() (No name found) -- C:\USERS\DOROTHEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6PQ22YL3.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
[2012.01.20 21:07:24 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.01.20 21:07:14 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.20 21:07:14 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.20 21:07:14 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.20 21:07:14 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.20 21:07:14 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.20 21:07:14 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (FileServeManager) - {00000001-AB3B-4334-9DA2-EC6B2A02AFC6} - C:\Program Files\FileServe Manager\FileServeBHO.dll File not found
O2 - BHO: (IE7Pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Programme\IEPro\IEPro.dll (IE7Pro.com)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Programme\SMART Technologies\SMART Notebook\NotebookPlugin.dll (SMART Technologies ULC.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Google BAE\BAE.dll (Your Company Name)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [FileServe Manager Task] C:\Program Files\FileServe Manager\FSStarter.exe (FileServe Limited)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [MarketingTools] C:\Programme\Sony\Marketing Tools\MarketingTools.exe (Sony NSCE)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMART Board Service] C:\Programme\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe (SMART Technologies)
O4 - HKLM..\Run: [SMART SNMP Agent] C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VMSwitch] C:\Program Files\Sony\VAIO Mode Switch\VMSwitch.exe (Sony Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-693028979-1333035428-2070866895-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-693028979-1333035428-2070866895-1003..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Download with FileServe Manager - C:\Program Files\FileServe Manager\GetUrl.htm File not found
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Programme\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Programme\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AFDDF51-F6E0-4C87-ACB0-BCDD40DE25EA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63642535-A480-4AE5-BDDE-F0273A585FFA}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -  File not found
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img17.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img17.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{f535c700-b12f-11e0-b624-001e3df4a216}\Shell - "" = AutoRun
O33 - MountPoints2\{f535c700-b12f-11e0-b624-001e3df4a216}\Shell\AutoRun\command - "" = G:\launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32: vidc.CSCD - camcodec.dll File not found
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.IPJ2 - jp2avi.dll File not found
Drivers32: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.LAGS - lagarith.dll File not found
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.tscc - tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.VP40 - vp4vfw.dll File not found
Drivers32: vidc.VP60 - vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - vp6vfw.dll (On2.com)
Drivers32: vidc.VP70 - vp7vfw.dll File not found
Drivers32: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - yv12vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.24 08:55:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.24 08:55:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes
[2012.02.24 08:55:22 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.02.24 08:55:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.02.23 21:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.02.23 20:52:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2012
[2012.02.23 20:49:52 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2012.02.23 20:49:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\Kaspersky Lab
[2012.02.23 20:48:52 | 000,570,160 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012.02.22 14:12:46 | 000,000,000 | -H-D | C] -- C:\Users\****\Desktop\Scans
[2012.02.22 03:42:19 | 000,583,168 | -H-- | C] (OldTimer Tools) -- C:\Users\Dorothea\Desktop\OTL.exe
[2012.02.22 03:36:49 | 000,000,000 | -H-D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2012.02.21 23:43:34 | 000,000,000 | -H-D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.02.06 00:01:37 | 000,000,000 | ---D | C] -- C:\Program Files\Cryptload
[2012.02.05 23:09:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.02.05 23:09:54 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.02.05 23:04:42 | 000,231,376 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys
[2012.02.05 23:03:42 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2012.02.05 22:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.26 16:21:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.26 16:01:14 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.26 16:01:14 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.26 14:55:33 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.26 14:50:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.26 14:50:12 | 3186,581,504 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.25 02:50:21 | 000,000,836 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.02.24 18:46:19 | 000,001,733 | ---- | M] () -- C:\Users\Dorothea\Desktop\Vollständige Untersuchung.lnk
[2012.02.24 08:55:25 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.23 21:13:01 | 000,017,408 | -H-- | M] () -- C:\Users\****\AppData\Local\WebpageIcons.db
[2012.02.23 20:52:34 | 000,115,369 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2012.02.23 20:52:34 | 000,097,961 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2012.02.23 20:48:52 | 000,570,160 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012.02.22 03:42:33 | 000,583,168 | -H-- | M] (OldTimer Tools) -- C:\Users\Dorothea\Desktop\OTL.exe
[2012.02.22 03:34:03 | 000,000,846 | -H-- | M] () -- C:\Users\****\Desktop\firefox - Verknüpfung.lnk
[2012.02.21 23:56:05 | 000,000,448 | -H-- | M] () -- C:\ProgramData\4FM90s4Px3hoPw
[2012.02.21 23:54:45 | 000,000,312 | -H-- | M] () -- C:\ProgramData\~4FM90s4Px3hoPw
[2012.02.21 23:54:41 | 000,000,192 | -H-- | M] () -- C:\ProgramData\~4FM90s4Px3hoPwr
[2012.02.21 23:43:35 | 000,000,605 | -H-- | M] () -- C:\Users\****\Desktop\System Check.lnk
[2012.02.14 18:53:59 | 000,001,751 | -H-- | M] () -- C:\Users\****\Desktop\JDownloader.lnk
[2012.02.07 22:48:28 | 000,001,356 | -H-- | M] () -- C:\Users\****\AppData\Local\d3d9caps.dat
[2012.02.06 00:03:20 | 000,000,682 | -H-- | M] () -- C:\Users\****\Desktop\CryptLoad - Verknüpfung.lnk
[2012.02.05 23:04:43 | 000,231,376 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys
[2012.01.31 22:53:46 | 000,002,631 | -H-- | M] () -- C:\Users\****\Desktop\Microsoft Office Word 2007.lnk
 
========== Files Created - No Company Name ==========
 
[2012.02.24 18:46:19 | 000,001,733 | ---- | C] () -- C:\Users\****\Desktop\Vollständige Untersuchung.lnk
[2012.02.24 08:55:25 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.23 21:12:59 | 000,017,408 | -H-- | C] () -- C:\Users\****\AppData\Local\WebpageIcons.db
[2012.02.23 20:52:34 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2012.02.23 20:52:34 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2012.02.22 03:34:03 | 000,000,846 | -H-- | C] () -- C:\Users\****\Desktop\firefox - Verknüpfung.lnk
[2012.02.21 23:43:35 | 000,000,605 | -H-- | C] () -- C:\Users\****\Desktop\System Check.lnk
[2012.02.21 23:43:35 | 000,000,312 | -H-- | C] () -- C:\ProgramData\~4FM90s4Px3hoPw
[2012.02.21 23:43:35 | 000,000,192 | -H-- | C] () -- C:\ProgramData\~4FM90s4Px3hoPwr
[2012.02.21 23:43:20 | 000,000,448 | -H-- | C] () -- C:\ProgramData\4FM90s4Px3hoPw
[2012.02.14 18:53:59 | 000,001,751 | -H-- | C] () -- C:\Users\****\Desktop\JDownloader.lnk
[2012.02.06 00:03:20 | 000,000,682 | -H-- | C] () -- C:\Users\****\Desktop\CryptLoad - Verknüpfung.lnk
[2011.07.19 00:39:18 | 000,000,038 | -HS- | C] () -- C:\Windows\camcodec100.ini
[2011.07.19 00:39:18 | 000,000,028 | -HS- | C] () -- C:\Windows\lagarith.ini
[2011.07.19 00:38:54 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2011.07.19 00:33:59 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll
[2011.07.18 15:51:45 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.07.18 15:51:12 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.07.13 20:36:12 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2011.07.13 20:36:12 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2011.04.07 16:58:35 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.03.11 12:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2010.06.07 18:01:12 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
 
========== LOP Check ==========
 
[2011.07.18 15:46:43 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite
[2011.07.18 12:39:50 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\GrabPro
[2012.01.22 23:31:43 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\ICQ
[2009.05.11 17:05:10 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\InterVideo
[2011.07.17 17:58:09 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Leadertech
[2010.07.24 15:56:02 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien
[2011.07.19 16:29:39 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\MiniDm
[2012.02.22 22:47:49 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Orbit
[2011.07.18 12:39:55 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\ProgSense
[2010.12.08 21:54:42 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\SMART Technologies
[2010.12.08 19:57:54 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\SMART Technologies Inc
[2009.06.14 16:54:18 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\SpeedProject
[2012.02.25 02:50:21 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.07.20 16:08:03 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Adobe
[2011.11.21 15:26:09 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Apple Computer
[2011.07.29 00:18:35 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\ArcSoft
[2008.06.19 13:23:32 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\ATI
[2011.07.18 15:46:43 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite
[2009.06.15 15:58:40 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Google
[2011.07.18 12:39:50 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\GrabPro
[2012.01.22 23:31:43 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\ICQ
[2008.05.08 14:31:20 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Identities
[2008.06.19 13:14:49 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\InstallShield
[2009.05.11 17:05:10 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\InterVideo
[2011.07.17 17:58:09 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Leadertech
[2011.07.17 17:58:16 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Logitech
[2008.06.19 13:10:22 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Macromedia
[2012.02.22 03:36:49 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2010.07.24 15:56:02 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien
[2011.08.23 22:02:51 | 000,000,000 | --SD | M] -- C:\Users\****\AppData\Roaming\Microsoft
[2011.07.19 16:29:39 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\MiniDm
[2011.09.19 19:03:12 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Mozilla
[2012.02.22 22:47:49 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Orbit
[2011.07.18 12:39:55 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\ProgSense
[2011.04.07 18:28:33 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Skype
[2011.04.07 16:58:35 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\skypePM
[2010.12.08 21:54:42 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\SMART Technologies
[2010.12.08 19:57:54 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\SMART Technologies Inc
[2008.06.19 13:23:33 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Sony Corporation
[2009.06.14 16:54:18 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\SpeedProject
[2011.07.18 18:46:49 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2004.01.26 16:15:29 | 000,233,472 | RH-- | M] () -- C:\Users\****\AppData\Roaming\MafiaSetup.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.21 03:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.03 12:00:34 | 000,033,280 | ---- | M] (UPEK Inc.) MD5=F489A11A103A76CA3E2D42BBCF16DAAD -- C:\Program Files\Protector Suite QL\eventlog.dll
 
< MD5 for: IASTOR.SYS  >
[2008.04.22 01:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\Drivers\INF\SATA Driver (Intel) (Non-RAID)\IaStor.sys
[2008.04.22 01:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\drivers\iaStor.sys
[2008.04.22 01:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_77c04a30\iaStor.sys
[2008.04.22 01:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_054cd65f\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:31 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.21 03:24:31 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:25:18 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.21 03:25:18 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 03:24:47 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.01.21 03:24:47 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:24:09 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:24:09 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:25:17 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 03:25:17 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:25:11 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:25:11 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011.03.04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl1.sys
[2011.03.04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl2.sys
[2012.02.23 20:48:52 | 000,570,160 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klif.sys
[2011.03.10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\klim6.sys
[2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klmouflt.sys
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:20:25 | 017,223,680 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:20:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:20:25 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2009.03.08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2011.04.24 23:13:10 | 000,229,776 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\klogon.dll

< End of report >
         
__________________

Alt 26.02.2012, 18:26   #19
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Festplattenproblem nach Avira Free Antivirus-Meldung - Standard

Festplattenproblem nach Avira Free Antivirus-Meldung



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=92.243.163.7:3128
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=92.243.163.7:3128
IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=92.243.163.7:3128
O2 - BHO: (FileServeManager) - {00000001-AB3B-4334-9DA2-EC6B2A02AFC6} - C:\Program Files\FileServe Manager\FileServeBHO.dll File not found
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{f535c700-b12f-11e0-b624-001e3df4a216}\Shell - "" = AutoRun
O33 - MountPoints2\{f535c700-b12f-11e0-b624-001e3df4a216}\Shell\AutoRun\command - "" = G:\launcher.exe
[2012.02.21 23:56:05 | 000,000,448 | -H-- | M] () -- C:\ProgramData\4FM90s4Px3hoPw
[2012.02.21 23:54:45 | 000,000,312 | -H-- | M] () -- C:\ProgramData\~4FM90s4Px3hoPw
[2012.02.21 23:54:41 | 000,000,192 | -H-- | M] () -- C:\ProgramData\~4FM90s4Px3hoPwr
[2012.02.21 23:43:35 | 000,000,605 | -H-- | M] () -- C:\Users\****\Desktop\System Check.lnk
:Files
C:\Programme\ICQ6Toolbar
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.02.2012, 21:37   #20
Xave
 
Festplattenproblem nach Avira Free Antivirus-Meldung - Standard

Festplattenproblem nach Avira Free Antivirus-Meldung



So, ich habe mich mal wieder blöd angestellt und versehentlich auf fix geklickt, als der alte Kram vom Scan noch drin stand. Er konnte die Befehle erwartungsgemäß nicht interpretieren, also scheint nichts passiert zu sein, ch poste das erste Log dennoch.
Code:
ATTFilter
Error: Unable to interpret <%ALLUSERSPROFILE%\Application Data\*.> in the current context!
Error: Unable to interpret <%ALLUSERSPROFILE%\Application Data\*.exe /s> in the current context!
Error: Unable to interpret <%APPDATA%\*.> in the current context!
Error: Unable to interpret <%APPDATA%\*.exe /s> in the current context!
Error: Unable to interpret <%SYSTEMDRIVE%\*.exe> in the current context!
Error: Unable to interpret </md5start> in the current context!
Error: Unable to interpret <wininit.exe> in the current context!
Error: Unable to interpret <userinit.exe> in the current context!
Error: Unable to interpret <eventlog.dll> in the current context!
Error: Unable to interpret <scecli.dll> in the current context!
Error: Unable to interpret <netlogon.dll> in the current context!
Error: Unable to interpret <cngaudit.dll> in the current context!
Error: Unable to interpret <ws2ifsl.sys> in the current context!
Error: Unable to interpret <sceclt.dll> in the current context!
Error: Unable to interpret <ntelogon.dll> in the current context!
Error: Unable to interpret <winlogon.exe> in the current context!
Error: Unable to interpret <logevent.dll> in the current context!
Error: Unable to interpret <user32.DLL> in the current context!
Error: Unable to interpret <iaStor.sys> in the current context!
Error: Unable to interpret <nvstor.sys> in the current context!
Error: Unable to interpret <atapi.sys> in the current context!
Error: Unable to interpret <IdeChnDr.sys> in the current context!
Error: Unable to interpret <viasraid.sys> in the current context!
Error: Unable to interpret <AGP440.sys> in the current context!
Error: Unable to interpret <vaxscsi.sys> in the current context!
Error: Unable to interpret <nvatabus.sys> in the current context!
Error: Unable to interpret <viamraid.sys> in the current context!
Error: Unable to interpret <nvata.sys> in the current context!
Error: Unable to interpret <nvgts.sys> in the current context!
Error: Unable to interpret <iastorv.sys> in the current context!
Error: Unable to interpret <ViPrt.sys> in the current context!
Error: Unable to interpret <eNetHook.dll> in the current context!
Error: Unable to interpret <ahcix86.sys> in the current context!
Error: Unable to interpret <KR10N.sys> in the current context!
Error: Unable to interpret <nvstor32.sys> in the current context!
Error: Unable to interpret <ahcix86s.sys> in the current context!
Error: Unable to interpret </md5stop> in the current context!
Error: Unable to interpret <%systemroot%\system32\drivers\*.sys /lockedfiles> in the current context!
Error: Unable to interpret <%systemroot%\System32\config\*.sav> in the current context!
Error: Unable to interpret <%systemroot%\*. /mp /s> in the current context!
Error: Unable to interpret <%systemroot%\system32\*.dll /lockedfiles> in the current context!
 
OTL by OldTimer - Version 3.2.33.2 log created on 02262012_185405
         
Und hier jetzt das eigentliche Log:

Code:
ATTFilter
All processes killed
========== OTL ==========
Process ICQ Service.exe killed successfully!
Service ICQ Service stopped successfully!
Service ICQ Service deleted successfully!
C:\Programme\ICQ6Toolbar\ICQ Service.exe moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-693028979-1333035428-2070866895-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-693028979-1333035428-2070866895-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKU\S-1-5-21-693028979-1333035428-2070866895-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-693028979-1333035428-2070866895-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-693028979-1333035428-2070866895-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ not found.
Registry value HKEY_USERS\S-1-5-21-693028979-1333035428-2070866895-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Programme\ICQ6Toolbar\ICQToolBar.dll moved successfully.
HKU\S-1-5-21-693028979-1333035428-2070866895-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000001-AB3B-4334-9DA2-EC6B2A02AFC6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000001-AB3B-4334-9DA2-EC6B2A02AFC6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_USERS\S-1-5-21-693028979-1333035428-2070866895-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-693028979-1333035428-2070866895-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableCAD deleted successfully.
Registry value HKEY_USERS\S-1-5-21-693028979-1333035428-2070866895-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f535c700-b12f-11e0-b624-001e3df4a216}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f535c700-b12f-11e0-b624-001e3df4a216}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f535c700-b12f-11e0-b624-001e3df4a216}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f535c700-b12f-11e0-b624-001e3df4a216}\ not found.
File G:\launcher.exe not found.
C:\ProgramData\4FM90s4Px3hoPw moved successfully.
C:\ProgramData\~4FM90s4Px3hoPw moved successfully.
C:\ProgramData\~4FM90s4Px3hoPwr moved successfully.
File C:\Users\****\Desktop\System Check.lnk not found.
========== FILES ==========
File\Folder C:\Programme\ICQ6Toolbar not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: ****xxxx
 
User: Default
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 198 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: ****
->Temp folder emptied: 814185007 bytes
->Temporary Internet Files folder emptied: 3544136077 bytes
->Java cache emptied: 2593590 bytes
->FireFox cache emptied: 70677842 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 48955 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 949790769 bytes
RecycleBin emptied: 1143 bytes
 
Total Files Cleaned = 5.132,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.33.2 log created on 02262012_185621

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\klsE223.tmp not found!

Registry entries deleted on Reboot...
         
P.S.: Er musste übrigens neu starten, falls das wichtig ist...


Alt 26.02.2012, 22:15   #21
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Festplattenproblem nach Avira Free Antivirus-Meldung - Standard

Festplattenproblem nach Avira Free Antivirus-Meldung



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
--> Festplattenproblem nach Avira Free Antivirus-Meldung

Alt 29.02.2012, 20:49   #22
Xave
 
Festplattenproblem nach Avira Free Antivirus-Meldung - Standard

Festplattenproblem nach Avira Free Antivirus-Meldung



So, er hat drei Sachen gefunden. unhide habe ich vorher auch ausgeführt.
Code:
ATTFilter
20:39:09.0658 5452	TDSS rootkit removing tool 2.7.17.0 Feb 29 2012 14:02:24
20:39:10.0073 5452	============================================================
20:39:10.0073 5452	Current date / time: 2012/02/29 20:39:10.0073
20:39:10.0074 5452	SystemInfo:
20:39:10.0074 5452	
20:39:10.0074 5452	OS Version: 6.0.6001 ServicePack: 1.0
20:39:10.0074 5452	Product type: Workstation
20:39:10.0074 5452	ComputerName: BENNI-PC
20:39:10.0075 5452	UserName: Dorothea
20:39:10.0075 5452	Windows directory: C:\Windows
20:39:10.0075 5452	System windows directory: C:\Windows
20:39:10.0075 5452	Processor architecture: Intel x86
20:39:10.0075 5452	Number of processors: 2
20:39:10.0075 5452	Page size: 0x1000
20:39:10.0075 5452	Boot type: Normal boot
20:39:10.0075 5452	============================================================
20:39:11.0243 5452	Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:39:11.0255 5452	\Device\Harddisk0\DR0:
20:39:11.0256 5452	MBR used
20:39:11.0256 5452	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xE68800, BlocksNum 0x166361B0
20:39:11.0293 5452	Initialize success
20:39:11.0293 5452	============================================================
20:39:32.0535 1788	============================================================
20:39:32.0535 1788	Scan started
20:39:32.0535 1788	Mode: Manual; SigCheck; TDLFS; 
20:39:32.0535 1788	============================================================
20:39:33.0340 1788	ACPI            (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
20:39:33.0612 1788	ACPI - ok
20:39:33.0683 1788	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
20:39:33.0736 1788	adp94xx - ok
20:39:33.0775 1788	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
20:39:33.0813 1788	adpahci - ok
20:39:33.0909 1788	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
20:39:33.0938 1788	adpu160m - ok
20:39:33.0976 1788	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
20:39:34.0007 1788	adpu320 - ok
20:39:34.0086 1788	AFD             (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
20:39:34.0182 1788	AFD - ok
20:39:34.0436 1788	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
20:39:34.0462 1788	agp440 - ok
20:39:34.0550 1788	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:39:34.0581 1788	aic78xx - ok
20:39:34.0615 1788	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
20:39:34.0639 1788	aliide - ok
20:39:34.0671 1788	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
20:39:34.0697 1788	amdagp - ok
20:39:34.0724 1788	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
20:39:34.0750 1788	amdide - ok
20:39:34.0778 1788	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
20:39:34.0842 1788	AmdK7 - ok
20:39:34.0871 1788	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
20:39:34.0962 1788	AmdK8 - ok
20:39:35.0083 1788	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
20:39:35.0111 1788	arc - ok
20:39:35.0190 1788	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
20:39:35.0217 1788	arcsas - ok
20:39:35.0301 1788	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:39:35.0379 1788	AsyncMac - ok
20:39:35.0411 1788	atapi           (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
20:39:35.0435 1788	atapi - ok
20:39:35.0500 1788	athr            (24b4375abbc587bdc99e231383c16b8f) C:\Windows\system32\DRIVERS\athr.sys
20:39:35.0628 1788	athr - ok
20:39:35.0835 1788	atikmdag        (eb4652a6571ef66c6c778e1007623f1f) C:\Windows\system32\DRIVERS\atikmdag.sys
20:39:36.0199 1788	atikmdag - ok
20:39:36.0317 1788	atksgt          (6e996cf8459a2594e0e9609d0e34d41f) C:\Windows\system32\DRIVERS\atksgt.sys
20:39:36.0360 1788	atksgt ( UnsignedFile.Multi.Generic ) - warning
20:39:36.0361 1788	atksgt - detected UnsignedFile.Multi.Generic (1)
20:39:36.0440 1788	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:39:36.0529 1788	Beep - ok
20:39:36.0594 1788	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
20:39:36.0668 1788	blbdrive - ok
20:39:36.0785 1788	bowser          (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
20:39:36.0861 1788	bowser - ok
20:39:36.0906 1788	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:39:37.0052 1788	BrFiltLo - ok
20:39:37.0217 1788	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:39:37.0302 1788	BrFiltUp - ok
20:39:37.0368 1788	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:39:37.0620 1788	Brserid - ok
20:39:37.0703 1788	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:39:37.0831 1788	BrSerWdm - ok
20:39:37.0866 1788	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:39:37.0983 1788	BrUsbMdm - ok
20:39:38.0014 1788	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:39:38.0149 1788	BrUsbSer - ok
20:39:38.0244 1788	BthEnum         (e5145a9dec2a863de262d40eff7d793a) C:\Windows\system32\DRIVERS\BthEnum.sys
20:39:38.0324 1788	BthEnum - ok
20:39:38.0434 1788	BTHMODEM        (5ffa6988ff9597986ff2ada736cc90c0) C:\Windows\system32\DRIVERS\bthmodem.sys
20:39:38.0523 1788	BTHMODEM - ok
20:39:38.0551 1788	BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
20:39:38.0641 1788	BthPan - ok
20:39:38.0678 1788	BTHPORT         (9f299c5274672900591e7c616d725f56) C:\Windows\system32\Drivers\BTHport.sys
20:39:38.0730 1788	BTHPORT - ok
20:39:38.0768 1788	BTHUSB          (31c9453df130b4b89eafcdc97319ccc2) C:\Windows\system32\Drivers\BTHUSB.sys
20:39:38.0819 1788	BTHUSB - ok
20:39:38.0872 1788	btwaudio        (7f256d9fff384faa40df5db1cb8531d9) C:\Windows\system32\drivers\btwaudio.sys
20:39:39.0876 1788	btwaudio - ok
20:39:39.0957 1788	btwavdt         (d87d990131aaabb27d4046790292366d) C:\Windows\system32\drivers\btwavdt.sys
20:39:39.0978 1788	btwavdt - ok
20:39:40.0000 1788	btwl2cap        (d02f4d18aa4a38f781beefeb1892e144) C:\Windows\system32\DRIVERS\btwl2cap.sys
20:39:40.0020 1788	btwl2cap - ok
20:39:40.0038 1788	btwrchid        (e1771c0fb49e747ab2b2d29da50510f9) C:\Windows\system32\DRIVERS\btwrchid.sys
20:39:40.0057 1788	btwrchid - ok
20:39:40.0103 1788	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:39:40.0197 1788	cdfs - ok
20:39:40.0257 1788	cdrom           (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
20:39:40.0338 1788	cdrom - ok
20:39:40.0372 1788	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
20:39:40.0452 1788	circlass - ok
20:39:40.0544 1788	CLFS            (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
20:39:40.0580 1788	CLFS - ok
20:39:40.0665 1788	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
20:39:40.0726 1788	CmBatt - ok
20:39:40.0757 1788	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
20:39:40.0782 1788	cmdide - ok
20:39:40.0797 1788	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
20:39:40.0822 1788	Compbatt - ok
20:39:40.0845 1788	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
20:39:40.0870 1788	crcdisk - ok
20:39:40.0901 1788	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
20:39:40.0999 1788	Crusoe - ok
20:39:41.0101 1788	CSC             (9a5434125c3dfe42393de4bbb791bd19) C:\Windows\system32\drivers\csc.sys
20:39:41.0203 1788	CSC - ok
20:39:41.0279 1788	DfsC            (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
20:39:41.0362 1788	DfsC - ok
20:39:41.0449 1788	disk            (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
20:39:41.0476 1788	disk - ok
20:39:41.0532 1788	DMICall         (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
20:39:41.0556 1788	DMICall - ok
20:39:41.0681 1788	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:39:41.0750 1788	drmkaud - ok
20:39:41.0829 1788	dtsoftbus01     (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
20:39:41.0857 1788	dtsoftbus01 - ok
20:39:41.0940 1788	DXGKrnl         (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
20:39:42.0067 1788	DXGKrnl - ok
20:39:42.0189 1788	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:39:42.0293 1788	E1G60 - ok
20:39:42.0353 1788	Ecache          (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
20:39:42.0384 1788	Ecache - ok
20:39:42.0486 1788	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
20:39:42.0547 1788	elxstor - ok
20:39:42.0660 1788	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
20:39:42.0737 1788	ErrDev - ok
20:39:42.0820 1788	exfat           (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
20:39:42.0897 1788	exfat - ok
20:39:42.0930 1788	fastfat         (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
20:39:43.0011 1788	fastfat - ok
20:39:43.0083 1788	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
20:39:43.0176 1788	fdc - ok
20:39:43.0562 1788	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:39:43.0588 1788	FileInfo - ok
20:39:43.0613 1788	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:39:43.0694 1788	Filetrace - ok
20:39:43.0772 1788	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
20:39:43.0840 1788	flpydisk - ok
20:39:43.0947 1788	FltMgr          (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
20:39:43.0988 1788	FltMgr - ok
20:39:44.0083 1788	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
20:39:44.0161 1788	Fs_Rec - ok
20:39:44.0204 1788	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
20:39:44.0229 1788	gagp30kx - ok
20:39:44.0271 1788	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:39:44.0290 1788	GEARAspiWDM - ok
20:39:44.0432 1788	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
20:39:44.0604 1788	HdAudAddService - ok
20:39:44.0690 1788	HDAudBus        (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:39:44.0772 1788	HDAudBus - ok
20:39:44.0814 1788	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:39:44.0953 1788	HidBth - ok
20:39:44.0989 1788	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:39:45.0098 1788	HidIr - ok
20:39:45.0187 1788	HidUsb          (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
20:39:45.0275 1788	HidUsb - ok
20:39:45.0337 1788	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
20:39:45.0364 1788	HpCISSs - ok
20:39:45.0445 1788	HSFHWAZL        (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
20:39:45.0524 1788	HSFHWAZL - ok
20:39:45.0659 1788	HSF_DPV         (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
20:39:45.0801 1788	HSF_DPV - ok
20:39:45.0848 1788	HSXHWAZL        (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
20:39:45.0907 1788	HSXHWAZL - ok
20:39:46.0023 1788	HTTP            (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
20:39:46.0138 1788	HTTP - ok
20:39:46.0178 1788	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
20:39:46.0207 1788	i2omp - ok
20:39:46.0259 1788	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:39:46.0327 1788	i8042prt - ok
20:39:46.0407 1788	iaStor          (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
20:39:46.0436 1788	iaStor - ok
20:39:46.0525 1788	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
20:39:46.0569 1788	iaStorV - ok
20:39:46.0590 1788	igfx - ok
20:39:46.0638 1788	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:39:46.0662 1788	iirsp - ok
20:39:46.0778 1788	IntcAzAudAddService (2deb2538c9372568bb67b5fdf2359790) C:\Windows\system32\drivers\RTKVHDA.sys
20:39:46.0925 1788	IntcAzAudAddService - ok
20:39:47.0029 1788	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
20:39:47.0053 1788	intelide - ok
20:39:47.0133 1788	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:39:47.0214 1788	intelppm - ok
20:39:47.0265 1788	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:39:47.0350 1788	IpFilterDriver - ok
20:39:47.0373 1788	IpInIp - ok
20:39:47.0415 1788	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
20:39:47.0479 1788	IPMIDRV - ok
20:39:47.0569 1788	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:39:47.0699 1788	IPNAT - ok
20:39:48.0002 1788	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:39:48.0092 1788	IRENUM - ok
20:39:48.0121 1788	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
20:39:48.0147 1788	isapnp - ok
20:39:48.0197 1788	iScsiPrt        (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
20:39:48.0250 1788	iScsiPrt - ok
20:39:48.0282 1788	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:39:48.0306 1788	iteatapi - ok
20:39:48.0331 1788	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:39:48.0355 1788	iteraid - ok
20:39:48.0456 1788	jatmlano - ok
20:39:48.0551 1788	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:39:48.0575 1788	kbdclass - ok
20:39:48.0607 1788	kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
20:39:48.0688 1788	kbdhid - ok
20:39:48.0756 1788	KL1             (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\kl1.sys
20:39:48.0781 1788	KL1 - ok
20:39:48.0803 1788	kl2             (bf485bfba13c0ab116701fd9c55324d0) C:\Windows\system32\DRIVERS\kl2.sys
20:39:48.0820 1788	kl2 - ok
20:39:48.0918 1788	KLIF            (af04d0ce7939324e9a605b159295706c) C:\Windows\system32\DRIVERS\klif.sys
20:39:49.0070 1788	KLIF - ok
20:39:49.0168 1788	KLIM6           (6295a19003f935ecc6ccbe9e2376427b) C:\Windows\system32\DRIVERS\klim6.sys
20:39:49.0189 1788	KLIM6 - ok
20:39:49.0257 1788	klmouflt        (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys
20:39:49.0276 1788	klmouflt - ok
20:39:49.0337 1788	KSecDD          (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
20:39:49.0390 1788	KSecDD - ok
20:39:49.0475 1788	LHidFilt        (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
20:39:49.0496 1788	LHidFilt - ok
20:39:49.0558 1788	lirsgt          (975b6cf65f44e95883f3855bae8cecaf) C:\Windows\system32\DRIVERS\lirsgt.sys
20:39:49.0569 1788	lirsgt ( UnsignedFile.Multi.Generic ) - warning
20:39:49.0569 1788	lirsgt - detected UnsignedFile.Multi.Generic (1)
20:39:49.0671 1788	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:39:49.0769 1788	lltdio - ok
20:39:49.0815 1788	LMouFilt        (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
20:39:49.0834 1788	LMouFilt - ok
20:39:49.0876 1788	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
20:39:49.0903 1788	LSI_FC - ok
20:39:49.0945 1788	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
20:39:49.0987 1788	LSI_SAS - ok
20:39:50.0062 1788	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
20:39:50.0090 1788	LSI_SCSI - ok
20:39:50.0358 1788	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:39:50.0444 1788	luafv - ok
20:39:50.0504 1788	LUsbFilt        (77030525cd86a93f1af34fa9b96d33ce) C:\Windows\system32\Drivers\LUsbFilt.Sys
20:39:50.0523 1788	LUsbFilt - ok
20:39:50.0561 1788	mdmxsdk         (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:39:50.0609 1788	mdmxsdk - ok
20:39:50.0654 1788	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
20:39:50.0679 1788	megasas - ok
20:39:50.0717 1788	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
20:39:50.0795 1788	MegaSR - ok
20:39:50.0898 1788	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:39:50.0988 1788	Modem - ok
20:39:51.0018 1788	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:39:51.0103 1788	monitor - ok
20:39:51.0138 1788	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:39:51.0163 1788	mouclass - ok
20:39:51.0187 1788	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:39:51.0273 1788	mouhid - ok
20:39:51.0321 1788	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:39:51.0365 1788	MountMgr - ok
20:39:51.0502 1788	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
20:39:51.0530 1788	mpio - ok
20:39:51.0567 1788	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:39:51.0618 1788	mpsdrv - ok
20:39:51.0682 1788	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:39:51.0706 1788	Mraid35x - ok
20:39:51.0753 1788	MRxDAV          (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
20:39:51.0833 1788	MRxDAV - ok
20:39:51.0871 1788	mrxsmb          (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:39:51.0948 1788	mrxsmb - ok
20:39:52.0029 1788	mrxsmb10        (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:39:52.0091 1788	mrxsmb10 - ok
20:39:52.0135 1788	mrxsmb20        (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:39:52.0187 1788	mrxsmb20 - ok
20:39:52.0234 1788	msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
20:39:52.0261 1788	msahci - ok
20:39:52.0307 1788	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
20:39:52.0347 1788	msdsm - ok
20:39:52.0503 1788	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:39:52.0585 1788	Msfs - ok
20:39:52.0660 1788	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:39:52.0684 1788	msisadrv - ok
20:39:52.0748 1788	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:39:52.0812 1788	MSKSSRV - ok
20:39:52.0836 1788	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:39:52.0911 1788	MSPCLOCK - ok
20:39:52.0942 1788	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:39:53.0020 1788	MSPQM - ok
20:39:53.0059 1788	MsRPC           (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
20:39:53.0090 1788	MsRPC - ok
20:39:53.0138 1788	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:39:53.0162 1788	mssmbios - ok
20:39:53.0214 1788	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:39:53.0304 1788	MSTEE - ok
20:39:53.0521 1788	Mup             (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
20:39:53.0547 1788	Mup - ok
20:39:53.0632 1788	NativeWifiP     (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
20:39:53.0705 1788	NativeWifiP - ok
20:39:53.0776 1788	NDIS            (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
20:39:53.0868 1788	NDIS - ok
20:39:53.0963 1788	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:39:54.0038 1788	NdisTapi - ok
20:39:54.0075 1788	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:39:54.0153 1788	Ndisuio - ok
20:39:54.0192 1788	NdisWan         (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
20:39:54.0259 1788	NdisWan - ok
20:39:54.0289 1788	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:39:54.0362 1788	NDProxy - ok
20:39:54.0400 1788	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:39:54.0489 1788	NetBIOS - ok
20:39:54.0527 1788	netbt           (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
20:39:54.0616 1788	netbt - ok
20:39:54.0883 1788	NETw5v32        (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
20:39:55.0161 1788	NETw5v32 - ok
20:39:55.0301 1788	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:39:55.0325 1788	nfrd960 - ok
20:39:55.0354 1788	Npfs            (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
20:39:55.0433 1788	Npfs - ok
20:39:55.0477 1788	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:39:55.0574 1788	nsiproxy - ok
20:39:55.0670 1788	Ntfs            (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
20:39:55.0756 1788	Ntfs - ok
20:39:55.0821 1788	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:39:55.0940 1788	ntrigdigi - ok
20:39:55.0972 1788	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:39:56.0033 1788	Null - ok
20:39:56.0072 1788	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
20:39:56.0101 1788	nvraid - ok
20:39:56.0136 1788	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
20:39:56.0161 1788	nvstor - ok
20:39:56.0198 1788	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
20:39:56.0226 1788	nv_agp - ok
20:39:56.0250 1788	NwlnkFlt - ok
20:39:56.0277 1788	NwlnkFwd - ok
20:39:56.0332 1788	ohci1394        (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
20:39:56.0415 1788	ohci1394 - ok
20:39:56.0509 1788	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:39:56.0636 1788	Parport - ok
20:39:56.0675 1788	partmgr         (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
20:39:56.0701 1788	partmgr - ok
20:39:56.0738 1788	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:39:56.0862 1788	Parvdm - ok
20:39:56.0888 1788	pci             (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
20:39:56.0918 1788	pci - ok
20:39:56.0947 1788	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
20:39:56.0971 1788	pciide - ok
20:39:57.0004 1788	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:39:57.0034 1788	pcmcia - ok
20:39:57.0121 1788	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:39:57.0355 1788	PEAUTH - ok
20:39:57.0518 1788	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:39:57.0603 1788	PptpMiniport - ok
20:39:57.0632 1788	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
20:39:57.0704 1788	Processor - ok
20:39:57.0787 1788	PSched          (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
20:39:57.0862 1788	PSched - ok
20:39:57.0903 1788	PxHelp20        (d970470f8f39470bdae94d313a1ccdce) C:\Windows\system32\Drivers\PxHelp20.sys
20:39:57.0924 1788	PxHelp20 - ok
20:39:58.0005 1788	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
20:39:58.0109 1788	ql2300 - ok
20:39:58.0229 1788	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:39:58.0256 1788	ql40xx - ok
20:39:58.0317 1788	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:39:58.0375 1788	QWAVEdrv - ok
20:39:58.0414 1788	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:39:58.0500 1788	RasAcd - ok
20:39:58.0558 1788	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:39:58.0643 1788	Rasl2tp - ok
20:39:58.0674 1788	RasPppoe        (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
20:39:58.0745 1788	RasPppoe - ok
20:39:58.0784 1788	RasSstp         (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
20:39:58.0868 1788	RasSstp - ok
20:39:58.0939 1788	rdbss           (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
20:39:59.0046 1788	rdbss - ok
20:39:59.0116 1788	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:39:59.0214 1788	RDPCDD - ok
20:39:59.0273 1788	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\DRIVERS\rdpdr.sys
20:39:59.0369 1788	rdpdr - ok
20:39:59.0386 1788	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:39:59.0448 1788	RDPENCDD - ok
20:39:59.0490 1788	RDPWD           (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
20:39:59.0559 1788	RDPWD - ok
20:39:59.0601 1788	regi            (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
20:39:59.0620 1788	regi - ok
20:39:59.0676 1788	RFCOMM          (34cc78c06587718c2ad6d3aa83b1f072) C:\Windows\system32\DRIVERS\rfcomm.sys
20:39:59.0757 1788	RFCOMM - ok
20:39:59.0816 1788	rimsptsk        (f2993908be03181c781228daadc55230) C:\Windows\system32\DRIVERS\rimsptsk.sys
20:39:59.0880 1788	rimsptsk - ok
20:39:59.0915 1788	risdptsk        (cd6e3947724b337f9bc1524b710231eb) C:\Windows\system32\DRIVERS\risdptsk.sys
20:39:59.0962 1788	risdptsk - ok
20:40:00.0023 1788	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:40:00.0087 1788	rspndr - ok
20:40:00.0135 1788	RT25USBAP       (9c377dbf9d2d19098db935dc1e8361a3) C:\Windows\system32\DRIVERS\rt25usbap.sys
20:40:00.0173 1788	RT25USBAP ( UnsignedFile.Multi.Generic ) - warning
20:40:00.0173 1788	RT25USBAP - detected UnsignedFile.Multi.Generic (1)
20:40:00.0357 1788	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:40:00.0383 1788	sbp2port - ok
20:40:00.0485 1788	sdbus           (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
20:40:00.0577 1788	sdbus - ok
20:40:00.0623 1788	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:40:00.0753 1788	secdrv - ok
20:40:00.0797 1788	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:40:00.0919 1788	Serenum - ok
20:40:00.0953 1788	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:40:01.0064 1788	Serial - ok
20:40:01.0107 1788	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:40:01.0201 1788	sermouse - ok
20:40:01.0350 1788	SFEP            (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
20:40:01.0387 1788	SFEP - ok
20:40:01.0442 1788	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
20:40:01.0506 1788	sffdisk - ok
20:40:01.0538 1788	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
20:40:01.0613 1788	sffp_mmc - ok
20:40:01.0657 1788	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
20:40:01.0734 1788	sffp_sd - ok
20:40:01.0780 1788	sfloppy         (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
20:40:01.0844 1788	sfloppy - ok
20:40:01.0895 1788	shpf            (fd165f1309e8da2a969fbbb16635e459) C:\Windows\system32\DRIVERS\shpf.sys
20:40:01.0915 1788	shpf - ok
20:40:02.0003 1788	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
20:40:02.0028 1788	sisagp - ok
20:40:02.0077 1788	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
20:40:02.0102 1788	SiSRaid2 - ok
20:40:02.0140 1788	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
20:40:02.0167 1788	SiSRaid4 - ok
20:40:02.0262 1788	SMARTMouseFilterx86 (9d819137bbdee71f4241706acf80fbe1) C:\Windows\system32\DRIVERS\SMARTMouseFilterx86.sys
20:40:02.0281 1788	SMARTMouseFilterx86 - ok
20:40:02.0316 1788	SMARTVHidMini2000x86 (2d362731fac8440e9d3a43f5d1dae280) C:\Windows\system32\DRIVERS\SMARTVHidMini2000x86.sys
20:40:02.0336 1788	SMARTVHidMini2000x86 - ok
20:40:02.0386 1788	SMARTVTabletPCx86 (cb07b494d60a0f31b12b01dee0fb251f) C:\Windows\system32\DRIVERS\SMARTVTabletPCx86.sys
20:40:02.0470 1788	SMARTVTabletPCx86 - ok
20:40:02.0507 1788	Smb             (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
20:40:02.0592 1788	Smb - ok
20:40:02.0691 1788	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:40:02.0715 1788	spldr - ok
20:40:02.0802 1788	srv             (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
20:40:02.0880 1788	srv - ok
20:40:02.0914 1788	srv2            (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
20:40:02.0963 1788	srv2 - ok
20:40:03.0008 1788	srvnet          (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
20:40:03.0063 1788	srvnet - ok
20:40:03.0154 1788	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
20:40:03.0175 1788	ssmdrv - ok
20:40:03.0243 1788	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:40:03.0287 1788	swenum - ok
20:40:03.0439 1788	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:40:03.0464 1788	Symc8xx - ok
20:40:03.0507 1788	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:40:03.0531 1788	Sym_hi - ok
20:40:03.0564 1788	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:40:03.0589 1788	Sym_u3 - ok
20:40:03.0631 1788	SynTP           (99da94793332aadbb17bbb521ae56e21) C:\Windows\system32\DRIVERS\SynTP.sys
20:40:03.0659 1788	SynTP - ok
20:40:03.0788 1788	Tcpip           (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
20:40:03.0868 1788	Tcpip - ok
20:40:03.0965 1788	Tcpip6          (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
20:40:04.0034 1788	Tcpip6 - ok
20:40:04.0074 1788	tcpipreg        (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
20:40:04.0138 1788	tcpipreg - ok
20:40:04.0198 1788	TcUsb           (72b9e77565da5fa564581976e000d29b) C:\Windows\system32\Drivers\tcusb.sys
20:40:04.0219 1788	TcUsb - ok
20:40:04.0246 1788	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:40:04.0327 1788	TDPIPE - ok
20:40:04.0369 1788	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:40:04.0454 1788	TDTCP - ok
20:40:04.0541 1788	tdx             (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
20:40:04.0608 1788	tdx - ok
20:40:04.0671 1788	TermDD          (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
20:40:04.0696 1788	TermDD - ok
20:40:04.0748 1788	TPM             (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys
20:40:04.0773 1788	TPM - ok
20:40:09.0338 1788	truecrypt       (746b8cf9cededdd865472544edf626da) C:\Windows\system32\drivers\truecrypt.sys
20:40:09.0376 1788	truecrypt - ok
20:40:09.0628 1788	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:40:09.0691 1788	tssecsrv - ok
20:40:09.0726 1788	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:40:09.0803 1788	tunmp - ok
20:40:09.0879 1788	tunnel          (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
20:40:09.0935 1788	tunnel - ok
20:40:09.0964 1788	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
20:40:09.0991 1788	uagp35 - ok
20:40:10.0044 1788	udfs            (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
20:40:10.0148 1788	udfs - ok
20:40:10.0249 1788	UIUSys - ok
20:40:10.0292 1788	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
20:40:10.0318 1788	uliagpkx - ok
20:40:10.0352 1788	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
20:40:10.0389 1788	uliahci - ok
20:40:10.0422 1788	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:40:10.0448 1788	UlSata - ok
20:40:10.0480 1788	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:40:10.0509 1788	ulsata2 - ok
20:40:10.0547 1788	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:40:10.0624 1788	umbus - ok
20:40:10.0682 1788	USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
20:40:10.0740 1788	USBAAPL - ok
20:40:10.0830 1788	usbccgp         (a7cd5b4adea26765cab06bdab7b07b13) C:\Windows\system32\DRIVERS\usbccgp.sys
20:40:10.0904 1788	usbccgp - ok
20:40:10.0936 1788	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:40:11.0045 1788	usbcir - ok
20:40:11.0088 1788	usbehci         (686d4188ae36254c3008b71fedacadf3) C:\Windows\system32\DRIVERS\usbehci.sys
20:40:11.0144 1788	usbehci - ok
20:40:11.0235 1788	usbhub          (4e42f665a658f08d153f7fffe7c83806) C:\Windows\system32\DRIVERS\usbhub.sys
20:40:11.0309 1788	usbhub - ok
20:40:11.0502 1788	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
20:40:11.0639 1788	usbohci - ok
20:40:11.0720 1788	usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
20:40:11.0830 1788	usbprint - ok
20:40:11.0871 1788	USBSTOR         (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:40:11.0961 1788	USBSTOR - ok
20:40:12.0047 1788	usbuhci         (40f95a3d6d50d82f947f1d167c2ec39d) C:\Windows\system32\DRIVERS\usbuhci.sys
20:40:12.0076 1788	usbuhci - ok
20:40:12.0144 1788	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
20:40:12.0237 1788	usbvideo - ok
20:40:12.0337 1788	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
20:40:12.0415 1788	vga - ok
20:40:12.0455 1788	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:40:12.0552 1788	VgaSave - ok
20:40:12.0581 1788	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
20:40:12.0608 1788	viaagp - ok
20:40:12.0828 1788	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
20:40:12.0919 1788	ViaC7 - ok
20:40:12.0947 1788	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
20:40:12.0972 1788	viaide - ok
20:40:13.0004 1788	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:40:13.0031 1788	volmgr - ok
20:40:13.0062 1788	volmgrx         (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
20:40:13.0099 1788	volmgrx - ok
20:40:13.0140 1788	volsnap         (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
20:40:13.0177 1788	volsnap - ok
20:40:13.0242 1788	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
20:40:13.0271 1788	vsmraid - ok
20:40:13.0322 1788	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:40:13.0446 1788	WacomPen - ok
20:40:13.0568 1788	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:40:13.0619 1788	Wanarp - ok
20:40:13.0629 1788	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:40:13.0679 1788	Wanarpv6 - ok
20:40:13.0778 1788	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
20:40:13.0817 1788	Wd - ok
20:40:13.0866 1788	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:40:13.0917 1788	Wdf01000 - ok
20:40:14.0064 1788	WimFltr         (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
20:40:14.0093 1788	WimFltr - ok
20:40:14.0165 1788	winachsf        (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
20:40:14.0266 1788	winachsf - ok
20:40:14.0396 1788	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
20:40:14.0447 1788	WmiAcpi - ok
20:40:14.0547 1788	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:40:14.0610 1788	ws2ifsl - ok
20:40:14.0696 1788	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:40:14.0785 1788	WUDFRd - ok
20:40:14.0848 1788	XAudio          (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
20:40:14.0890 1788	XAudio - ok
20:40:15.0006 1788	xnacc           (9eea6d029fef5f3016d089b1a603837d) C:\Windows\system32\DRIVERS\xnacc.sys
20:40:15.0140 1788	xnacc - ok
20:40:15.0209 1788	xusb21          (09e5340bd9b2cb730bf4dc6be7721291) C:\Windows\system32\DRIVERS\xusb21.sys
20:40:15.0233 1788	xusb21 - ok
20:40:15.0289 1788	yukonwlh        (67e3d2af24c3873e6a0cac89de78d63b) C:\Windows\system32\DRIVERS\yk60x86.sys
20:40:15.0372 1788	yukonwlh - ok
20:40:15.0418 1788	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:40:15.0568 1788	\Device\Harddisk0\DR0 - ok
20:40:15.0576 1788	Boot (0x1200)   (682b1841548126c6998432dfdadb121b) \Device\Harddisk0\DR0\Partition0
20:40:15.0579 1788	\Device\Harddisk0\DR0\Partition0 - ok
20:40:15.0584 1788	============================================================
20:40:15.0584 1788	Scan finished
20:40:15.0584 1788	============================================================
20:40:15.0613 4552	Detected object count: 3
20:40:15.0613 4552	Actual detected object count: 3
20:46:20.0617 4552	atksgt ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:20.0617 4552	atksgt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:46:20.0621 4552	lirsgt ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:20.0621 4552	lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:46:20.0625 4552	RT25USBAP ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:20.0625 4552	RT25USBAP ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 01.03.2012, 12:09   #23
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Festplattenproblem nach Avira Free Antivirus-Meldung - Standard

Festplattenproblem nach Avira Free Antivirus-Meldung



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.03.2012, 22:10   #24
Xave
 
Festplattenproblem nach Avira Free Antivirus-Meldung - Standard

Festplattenproblem nach Avira Free Antivirus-Meldung



So, hier ist das Log. Eine Fehlermeldung habe ich beim Starten von Firefox nicht erhalten, ich musste ihn nur wieder als Standardbrowser festlegen
Code:
ATTFilter
ComboFix 12-03-02.01 - Dorothea 02.03.2012  18:26:57.1.2 - x86
Microsoft® Windows Vista™ Business   6.0.6001.1.1252.49.1031.18.3038.1786 [GMT 1:00]
ausgeführt von:: c:\users\****\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\users\****\Desktop\System Check.lnk
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\oobe\audit.exe
c:\windows\system32\oobe\msoobe.exe
c:\windows\system32\oobe\oobeldr.exe
c:\windows\system32\oobe\Setup.exe
c:\windows\system32\oobe\windeploy.exe
c:\windows\system32\Thumbs.db
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-02 bis 2012-03-02  ))))))))))))))))))))))))))))))
.
.
2012-03-02 17:46 . 2012-03-02 17:46	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-02 17:14 . 2012-02-20 00:05	6552120	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{210D9088-1083-4CE4-BF41-F42713D1818F}\mpengine.dll
2012-02-26 17:54 . 2012-02-26 17:54	--------	d-----w-	C:\_OTL
2012-02-24 07:55 . 2012-02-24 07:55	--------	d-----w-	c:\programdata\Malwarebytes
2012-02-24 07:55 . 2012-02-24 07:55	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-02-24 07:55 . 2011-12-10 14:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-02-23 20:26 . 2012-02-23 20:26	--------	d-----w-	c:\program files\ESET
2012-02-23 19:52 . 2012-02-23 19:52	97961	----a-w-	c:\windows\system32\drivers\klick.dat
2012-02-23 19:52 . 2012-02-23 19:52	115369	----a-w-	c:\windows\system32\drivers\klin.dat
2012-02-23 19:49 . 2012-02-23 19:49	--------	d-----w-	c:\program files\Kaspersky Lab
2012-02-23 19:49 . 2012-03-02 17:10	--------	d-----w-	c:\programdata\Kaspersky Lab
2012-02-23 19:17 . 2012-01-29 04:10	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-02-22 02:36 . 2012-02-22 02:36	--------	d-----w-	c:\users\****\AppData\Roaming\Malwarebytes
2012-02-05 23:01 . 2012-02-05 23:01	--------	d-----w-	c:\program files\Cryptload
2012-02-05 22:09 . 2012-02-05 22:09	--------	d-----w-	c:\program files\7-Zip
2012-02-05 22:04 . 2012-02-05 22:04	231376	----a-w-	c:\windows\system32\drivers\truecrypt.sys
2012-02-05 22:03 . 2012-02-05 22:04	--------	d-----w-	c:\program files\TrueCrypt
2012-02-05 21:59 . 2012-02-05 21:59	--------	d-----w-	c:\program files\CCleaner
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-05 14:09 . 2011-09-24 00:08	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-20 20:07 . 2012-01-20 20:07	121816	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06	163328	--sha-r-	c:\windows\System32\flvDX.dll
2007-02-21 11:47	31232	--sha-r-	c:\windows\System32\msfDX.dll
2008-03-16 13:30	216064	--sha-r-	c:\windows\System32\nbDX.dll
2010-01-06 22:00	107520	--sha-r-	c:\windows\System32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2008-04-03 11:10	2957312	----a-w-	c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2008-04-03 11:10	2957312	----a-w-	c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-05-29 262144]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-15 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-03 317280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-06 6111232]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-07 30192]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-06-19 36864]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2008-04-03 48904]
"VMSwitch"="c:\program files\Sony\VAIO Mode Switch\VMSwitch.exe" [2008-05-26 534368]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"SMART Board Service"="c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe" [2010-07-15 5350288]
"SMART SNMP Agent"="c:\program files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe" [2010-07-15 1662352]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 718688]
"FileServe Manager Task"="c:\program files\FileServe Manager\FSStarter.exe" [2011-09-02 954648]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-24 202296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat - Schnellstart.lnk - c:\windows\Installer\{AC76BA86-1033-F400-BA7E-000000000003}\_SC_Acrobat.exe [2008-5-9 295606]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 734872]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-10-30 748072]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-7-17 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"disableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2008-04-03 10:57	90112	----a-w-	c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-05-12 21:45	98304	----a-w-	c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
bthsvcs	REG_MULTI_SZ   	BthServ
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 12:09]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 12:09]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Download with FileServe Manager - c:\program files\FileServe Manager\GetUrl.htm
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6pq22yl3.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-{5A07D8BC-C982-43B3-B24F-6FD8D6E89F02}_is1 - c:\program files\FileServe Manager\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-03-02 18:46
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(880)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll
.
Zeit der Fertigstellung: 2012-03-02  18:50:30
ComboFix-quarantined-files.txt  2012-03-02 17:50
.
Vor Suchlauf: 13 Verzeichnis(se), 15.136.571.392 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 14.852.784.128 Bytes frei
.
- - End Of File - - F29E413F611EB8BADB40938B55663904
         

Alt 05.03.2012, 11:42   #25
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Festplattenproblem nach Avira Free Antivirus-Meldung - Standard

Festplattenproblem nach Avira Free Antivirus-Meldung



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.03.2012, 22:36   #26
Xave
 
Festplattenproblem nach Avira Free Antivirus-Meldung - Standard

Festplattenproblem nach Avira Free Antivirus-Meldung



So, beim zweiten Versuhc hat es nach einem Neustart geklappt. Hier das Log vom GMER, die anderen folgen noch

Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-06 22:33:59
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.DC4O
Running: fb3jqn5s.exe; Driver: C:\Users\****\AppData\Local\Temp\pgloqpog.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwAdjustPrivilegesToken [0x92AF428A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwAlpcConnectPort [0x92B0E342]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwAlpcCreatePort [0x92B0E678]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwAlpcSendWaitReceivePort [0x92B0E9EE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwClose [0x92AF4D04]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwConnectPort [0x92B0E02A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwCreateEvent [0x92AF5276]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwCreateMutant [0x92AF5164]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwCreatePort [0x92B0E4E8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwCreateSection [0x92AF4046]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwCreateSemaphore [0x92AF538E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwCreateThread [0x92AF48BA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwCreateWaitablePort [0x92B0E5B0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwDebugActiveProcess [0x92AF574E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwDeviceIoControlFile [0x92AF4D46]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwDuplicateObject [0x92AF6750]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwLoadDriver [0x92AF5840]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwMapViewOfSection [0x92AF5DAC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwNotifyChangeKey [0x92B0C840]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwOpenEvent [0x92AF5308]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwOpenMutant [0x92AF51F0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwOpenProcess [0x92AF44C4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwOpenSection [0x92AF5B90]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwOpenSemaphore [0x92AF5420]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwOpenThread [0x92AF43B8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwQueryDirectoryObject [0x92AF555C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwQueryObject [0x92B0CA38]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwQuerySection [0x92AF60D2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwQueueApcThread [0x92AF59E0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwReplaceKey [0x92B09334]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwReplyPort [0x92B0E7DC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwReplyWaitReceivePort [0x92B0E72A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwRequestWaitReplyPort [0x92B0E848]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwRestoreKey [0x92B0953E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwResumeThread [0x92AF65F2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwSaveKey [0x92B08E5A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwSaveKeyEx [0x92B08FF4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwSaveMergedKeys [0x92B09194]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwSecureConnectPort [0x92B0E1B2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwSetContextThread [0x92AF4BA4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwSetInformationToken [0x92AF55FA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwSetSystemInformation [0x92AF6222]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwSuspendProcess [0x92AF6316]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwSuspendThread [0x92AF6450]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwSystemDebugControl [0x92AF5670]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwTerminateProcess [0x92AF4664]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwTerminateThread [0x92AF45BA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwUnmapViewOfSection [0x92AF5F8A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwWriteVirtualMemory [0x92AF4750]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwCreateThreadEx [0x92AF4A2A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwCreateUserProcess [0x92AF54A6]

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetTimerEx + 34C                                                                                                                       82302970 4 Bytes  [8A, 42, AF, 92] {MOV AL, [EDX-0x51]; XCHG EDX, EAX}
.text           ntkrnlpa.exe!KeSetTimerEx + 370                                                                                                                       82302994 8 Bytes  [42, E3, B0, 92, 78, E6, B0, ...] {INC EDX; JECXZ 0xffffffffffffffb3; XCHG EDX, EAX; JS 0xffffffffffffffec; MOV AL, 0x92}
.text           ntkrnlpa.exe!KeSetTimerEx + 3B4                                                                                                                       823029D8 4 Bytes  JMP AFF3BC8D 
.text           ntkrnlpa.exe!KeSetTimerEx + 3DC                                                                                                                       82302A00 4 Bytes  [04, 4D, AF, 92] {ADD AL, 0x4d; SCASD ; XCHG EDX, EAX}
.text           ntkrnlpa.exe!KeSetTimerEx + 3F4                                                                                                                       82302A18 4 Bytes  [2A, E0, B0, 92] {SUB AH, AL; MOV AL, 0x92}
.text           ...                                                                                                                                                   
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                                                              section is writeable [0x8F205000, 0x1F926A, 0xE8000020]
.text           C:\Windows\system32\DRIVERS\atksgt.sys                                                                                                                section is writeable [0x9F923300, 0x3ACC8, 0xE8000020]
.text           C:\Windows\system32\DRIVERS\lirsgt.sys                                                                                                                section is writeable [0x9F966300, 0x1B7E, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

?               C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] C:\Windows\system32\ntdll.dll                                                  time/date stamp mismatch; 
.text           C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] ntdll.dll!NtProtectVirtualMemory                                               776C85D8 5 Bytes  JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)
?               C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] C:\Windows\system32\kernel32.dll                                               time/date stamp mismatch; unknown module: 32.dll
.text           C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] USER32.dll!GetAppCompatFlags2 + 880                                            777B6390 4 Bytes  [E0, 13, 54, 67]
?               C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] C:\Windows\system32\ntdll.dll                                                  time/date stamp mismatch; 
.text           C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] ntdll.dll!NtProtectVirtualMemory                                               776C85D8 5 Bytes  JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)
?               C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] C:\Windows\system32\kernel32.dll                                               time/date stamp mismatch; unknown module: 32.dll
.text           C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] USER32.dll!GetAppCompatFlags2 + 880                                            777B6390 4 Bytes  [E0, 13, 54, 67]

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap]                 7DFF05F8
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap]                     7DFF0664
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap]                     7DFF06D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap]               7DFF073C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode]                   7DFF0DFC
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleW]               7DFF0D24
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress]                 7DFF0D90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary]                    7DFF0C4C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy]                    7DFF0520
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!HeapCreate]                     7DFF04B4
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!HeapFree]                       7DFF058C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    7DFF0E68
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA]               7DFF0CB8
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateThread]                   7DFF0448
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap]                       7DFF0304
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap]                   7DFF0298
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    7DFF0E68
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress]                 7DFF0D90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary]                    7DFF0C4C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!HeapFree]                       7DFF058C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateThread]                   7DFF0448
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetModuleHandleW]               7DFF0D24
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap]                     7DFF0304
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap]                 7DFF0298
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]               7DFF0D90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree]                     7DFF058C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA]             7DFF0CB8
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary]                  7DFF0C4C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode]                 7DFF0DFC
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread]                 7DFF0448
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW]             7DFF0D24
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  7DFF0E68
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap]                       7DFF03DC
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap]                 7DFF0370
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap]                   7DFF0298
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap]                       7DFF0304
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread]                   7DFF0448
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA]               7DFF0CB8
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    7DFF0E68
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW]               7DFF0D24
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                 7DFF0D90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary]                    7DFF0C4C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap]                    7DFF0298
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap]                        7DFF0304
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     7DFF0E68
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary]                     7DFF0C4C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                  7DFF0D90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree]                      7DFF058C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread]                  7DFF0448
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW]              7DFF0D24
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   7DFF0E68
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA]              7DFF0CB8
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode]                  7DFF0DFC
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary]                   7DFF0C4C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                7DFF0D90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   7DFF0E68
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW]              7DFF0D24
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary]                   7DFF0C4C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]                7DFF0D90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!CreateThread]                  7DFF0448
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA]              7DFF0CB8
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap]                      7DFF0304
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap]                  7DFF0298
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USERENV.dll [ntdll.dll!RtlFreeHeap]                      7DFF0304
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!HeapFree]                      7DFF058C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!CreateThread]                  7DFF0448
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetErrorMode]                  7DFF0DFC
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress]                7DFF0D90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!FreeLibrary]                   7DFF0C4C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   7DFF0E68
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap]                  7DFF0298
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlFreeHeap]                      7DFF0304
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   7DFF0E68
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW]              7DFF0D24
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress]                7DFF0D90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary]                   7DFF0C4C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetModuleHandleA]               7DFF0CB8
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    7DFF0E68
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary]                    7DFF0C4C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!CreateThread]                   7DFF0448
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress]                 7DFF0D90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy]                    7DFF0520
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!HeapCreate]                     7DFF04B4
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!HeapFree]                       7DFF058C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   7DFF0E68
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy]                   7DFF0520
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateThread]                  7DFF0448
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode]                  7DFF0DFC
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleW]              7DFF0D24
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]                7DFF0D90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary]                   7DFF0C4C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!HeapCreate]                    7DFF04B4
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!HeapFree]                      7DFF058C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap]                      7DFF0304
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter]     7DFF0E68
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!HeapFree]                        7DFF058C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateThread]                    7DFF0448
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!HeapDestroy]                     7DFF0520
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!HeapCreate]                      7DFF04B4
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     7DFF0E68
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetModuleHandleW]                7DFF0D24
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FreeLibrary]                     7DFF0C4C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress]                  7DFF0D90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap]                        7DFF0304
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap]                    7DFF0298
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap]                  7DFF0370
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap]                     7DFF0304
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap]                 7DFF0298
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!HeapFree]                     7DFF058C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  7DFF0E68
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary]                  7DFF0C4C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress]               7DFF0D90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!GetModuleHandleW]             7DFF0D24
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap]                 7DFF0298
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap]                     7DFF0304
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary]                  7DFF0C4C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress]               7DFF0D90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  7DFF0E68
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!HeapFree]                     7DFF058C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!CreateThread]                 7DFF0448
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!CreateThread]                  7DFF0448
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!SetErrorMode]                  7DFF0DFC
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetModuleHandleA]              7DFF0CB8
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetModuleHandleW]              7DFF0D24
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!HeapFree]                      7DFF058C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   7DFF0E68
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetProcAddress]                7DFF0D90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!FreeLibrary]                   7DFF0C4C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SAMLIB.dll [ntdll.dll!RtlFreeHeap]                       7DFF0304
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!FreeLibrary]                    7DFF0C4C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress]                 7DFF0D90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    7DFF0E68
IAT             C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                                                 [74BB8864] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                                                  [74BF9855] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                                              [74BBB984] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                                                        [74BAFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                                                  [74BB7A29] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                                               [74BAEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]                                                   [74BEB12D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                                                      [74BBBC4A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                                              [74BB0756] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                                               [74BB06BD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                                                [74BA71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                                                        [74C3D9E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                                                           [74BD7329] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                                              [74BAE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                                                        [74BA697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                                                       [74BA69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                                                          [74BB2475] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap]                 7DFF05F8
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap]                     7DFF0664
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap]                     7DFF06D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap]               7DFF073C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode]                   7DFF0DFC
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleW]               7DFF0D24
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress]                 7DFF0D90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary]                    7DFF0C4C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy]                    7DFF0520
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!HeapCreate]                     7DFF04B4
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!HeapFree]                       7DFF058C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    7DFF0E68
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA]               7DFF0CB8
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateThread]                   7DFF0448
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap]                       7DFF0304
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap]                   7DFF0298
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    7DFF0E68
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress]                 7DFF0D90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary]                    7DFF0C4C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!HeapFree]                       7DFF058C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateThread]                   7DFF0448
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetModuleHandleW]               7DFF0D24
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap]                     7DFF0304
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap]                 7DFF0298
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]               7DFF0D90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree]                     7DFF058C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA]             7DFF0CB8
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary]                  7DFF0C4C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode]                 7DFF0DFC
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread]                 7DFF0448
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW]             7DFF0D24
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  7DFF0E68
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap]                       7DFF03DC
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap]                 7DFF0370
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap]                   7DFF0298
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap]                       7DFF0304
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread]                   7DFF0448
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA]               7DFF0CB8
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    7DFF0E68
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW]               7DFF0D24
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                 7DFF0D90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary]                    7DFF0C4C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap]                    7DFF0298
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap]                        7DFF0304
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     7DFF0E68
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary]                     7DFF0C4C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                  7DFF0D90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree]                      7DFF058C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread]                  7DFF0448
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW]              7DFF0D24
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   7DFF0E68
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA]              7DFF0CB8
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode]                  7DFF0DFC
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary]                   7DFF0C4C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                7DFF0D90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   7DFF0E68
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW]              7DFF0D24
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary]                   7DFF0C4C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]                7DFF0D90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!CreateThread]                  7DFF0448
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA]              7DFF0CB8
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap]                      7DFF0304
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap]                  7DFF0298
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USERENV.dll [ntdll.dll!RtlFreeHeap]                      7DFF0304
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!HeapFree]                      7DFF058C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!CreateThread]                  7DFF0448
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetErrorMode]                  7DFF0DFC
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress]                7DFF0D90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!FreeLibrary]                   7DFF0C4C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   7DFF0E68
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap]                  7DFF0298
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlFreeHeap]                      7DFF0304
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   7DFF0E68
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW]              7DFF0D24
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress]                7DFF0D90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary]                   7DFF0C4C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetModuleHandleA]               7DFF0CB8
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    7DFF0E68
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary]                    7DFF0C4C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!CreateThread]                   7DFF0448
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress]                 7DFF0D90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy]                    7DFF0520
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!HeapCreate]                     7DFF04B4
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!HeapFree]                       7DFF058C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   7DFF0E68
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy]                   7DFF0520
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateThread]                  7DFF0448
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode]                  7DFF0DFC
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleW]              7DFF0D24
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]                7DFF0D90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary]                   7DFF0C4C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!HeapCreate]                    7DFF04B4
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!HeapFree]                      7DFF058C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap]                      7DFF0304
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter]     7DFF0E68
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!HeapFree]                        7DFF058C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateThread]                    7DFF0448
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!HeapDestroy]                     7DFF0520
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!HeapCreate]                      7DFF04B4
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     7DFF0E68
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetModuleHandleW]                7DFF0D24
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FreeLibrary]                     7DFF0C4C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress]                  7DFF0D90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap]                        7DFF0304
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap]                    7DFF0298
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap]                  7DFF0370
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap]                 7DFF0298
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap]                     7DFF0304
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary]                  7DFF0C4C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress]               7DFF0D90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  7DFF0E68
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!HeapFree]                     7DFF058C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!CreateThread]                 7DFF0448

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                               Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                                               Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d02af9f                                                                           
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d8b714f                                                                           
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d8b7151                                                                           
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d8b715f                                                                           
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d8b7165                                                                           
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d8b716e                                                                           
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d8b7172                                                                           
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3df4a216                                                                           
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3df4a216@000000c90500                                                              0x36 0x0C 0x69 0x4A ...
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3d02af9f (not active ControlSet)                                                       
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3d8b714f (not active ControlSet)                                                       
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3d8b7151 (not active ControlSet)                                                       
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3d8b715f (not active ControlSet)                                                       
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3d8b7165 (not active ControlSet)                                                       
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3d8b716e (not active ControlSet)                                                       
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3d8b7172 (not active ControlSet)                                                       
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3df4a216 (not active ControlSet)                                                       
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3df4a216@000000c90500                                                                  0x36 0x0C 0x69 0x4A ...

---- EOF - GMER 1.0.15 ----
         
Irgendwie hat der was gegen Kaspersky, dabei war das Ding aus. Naja...

Nach erneutem Neustart jetzt OSAM:

Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 23:13:14 on 06.03.2012

OS: Windows Vista Business Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Mozilla Corporation Firefox 9.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"iproset.cpl" - "Intel(R) Corporation" - C:\Windows\system32\iproset.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLCFG32.CPL
"PROSet Tools" - "Intel(R) Corporation" - C:\Windows\System32\iPROSet.cpl
"ProtectorSuiteInfoPanel" - "UPEK Inc." - C:\Program Files\Protector Suite QL\infopnl.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
"SMARTBoardCPL" - "SMART Technologies ULC" - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardCPL.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"catchme" (catchme) - ? - C:\Users\****\AppData\Local\Temp\catchme.sys  (File not found)
"igfx" (igfx) - ? - C:\Windows\System32\DRIVERS\igdkmd32.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"jatmlano" (jatmlano) - ? - C:\Users\****\AppData\Local\Temp\jatmlano.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"Nintendo Wi-Fi USB Connector Service" (RT25USBAP) - "Ralink Technology Inc." - C:\Windows\System32\DRIVERS\rt25usbap.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"regi" (regi) - "InterVideo" - C:\Windows\System32\drivers\regi.sys
"Sony DMI Call service" (DMICall) - "Sony Corporation" - C:\Windows\System32\DRIVERS\DMICall.sys
"Sony HDD Protection Filter Driver" (shpf) - "Sony Corporation" - C:\Windows\System32\DRIVERS\shpf.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\Windows\System32\drivers\truecrypt.sys
"WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{5513F07E-936B-4E52-9B00-067394E91CC5} "dssrequest" - ? -   (File not found | COM-object registry key not found)
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{5513F07E-936B-4E52-9B00-067394E91CC5} "sacore" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\kbcplext.dll
{B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\mcplext.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL
{9AFDE8D6-200C-4b41-A5FC-B7251DFD1A8E} "Safearchive ContextMenu Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll
{E6D7D89A-2232-446d-8A0F-D0F9B06DB1CA} "Safearchive ExtractIcon Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll
{66C99756-1C92-4d3e-BA69-9400A6F731F5} "Safearchive PropertySheetHandler Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll
{055EF591-5C38-49a0-9BDA-51B1D69D0BF4} "Safearchive ShellFolder Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} "Java Plug-in 1.6.0_04" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{4248FE82-7FCB-46AC-B270-339F08212110} "&Virtuelle Tastatur" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
"ICQ7.5" - "ICQ, LLC." - C:\Program Files\ICQ7.5\ICQ.exe
{CD275D4E-791A-4993-9D4D-6A071EDD2709} "IE7Pro Grab and Drag" - "IE7Pro.com" - C:\Program Files\IEPro\iepro.dll
{B119EB0C-C021-46CF-85B0-34A760E0D5FE} "IE7Pro Preferences" - "IE7Pro.com" - C:\Program Files\IEPro\iepro.dll
{CCF151D8-D089-449F-A5A4-D9909053F20F} "Li&nks untersuchen" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Adobe PDF" - ? - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll  (File not found)
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - ? - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll  (File not found)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - "Your Company Name" - C:\PROGRA~1\GOOGLE~1\BAE.dll
{67BCF957-85FC-4036-8DC4-D4D80E00A77B} "CIEDownload Object" - "SMART Technologies ULC." - C:\Program Files\SMART Technologies\SMART Notebook\NotebookPlugin.dll
{E33CF602-D945-461A-83F0-819F76A199F8} "FilterBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
{00011268-E188-40DF-A514-835FCD78B1BF} "IE7Pro BHO" - "IE7Pro.com" - C:\Program Files\IEPro\iepro.dll
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Notification packages" - "UPEK Inc." - C:\Windows\system32\psqlpwd.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Dorothea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Adobe Acrobat - Schnellstart.lnk" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe  (Shortcut exists | File exists)
"Adobe Reader Synchronizer.lnk" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Logitech SetPoint.lnk" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\SetPoint.exe  (Shortcut exists | File exists)
"BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
"NSUFloatingUI" - "Sony Corporation" - "C:\Program Files\Sony\Network Utility\LANUtil.exe"
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acrobat Assistant 8.0" - "Adobe Systems Inc." - "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"AVP" - "Kaspersky Lab ZAO" - "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
"FileServe Manager Task" - "FileServe Limited" - "C:\Program Files\FileServe Manager\FSStarter.exe"
"Google Desktop Search" - "Google" - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"ISBMgr.exe" - ? - "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"MarketingTools" - "Sony NSCE" - C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
"PSQLLauncher" - "UPEK Inc." - "C:\Program Files\Protector Suite QL\launcher.exe" /startup
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SMART Board Service" - "SMART Technologies" - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
"SMART SNMP Agent" - "SMART Technologies ULC" - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe -e
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"VMSwitch" - "Sony Corporation" - "C:\Program Files\Sony\VAIO Mode Switch\VMSwitch.exe"
"XboxStat" - "Microsoft Corporation" - "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port" - "Adobe Systems Incorporated." - C:\Windows\system32\AdobePDF.dll
"SMART Local Port" - "SMART Technologies ULC" - C:\Windows\system32\smrtlocalmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Adobe Active File Monitor V6" (AdobeActiveFileMonitor6.0) - ? - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe  (File found, but it contains no detailed information)
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"VAIO Power Management" (VAIO Power Management) - "Sony Corporation" - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Intel® PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
"Intel® PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
"Kaspersky Anti-Virus Service" (AVP) - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"NSUService" (NSUService) - "Sony Corporation" - C:\Program Files\Sony\Network Utility\NSUService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"RtkHDMIService" (RtkHDMIService) - "Realtek Semiconductor" - C:\Windows\RtkAudioService.exe
"SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"TeamViewer 6" (TeamViewer6) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
"VAIO Event Service" (VAIO Event Service) - "Sony Corporation" - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"GinaDLL" - "UPEK Inc." - C:\Windows\system32\vrlogon.dll
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"igfxcui" - ? - igfxdev.dll  (File not found)
"klogon" - "Kaspersky Lab ZAO" - C:\Windows\system32\klogon.dll
"psfus" - "UPEK Inc." - C:\Windows\system32\psqlpwd.dll
"VESWinlogon" - "Sony Corporation" - C:\Windows\system32\VESWinlogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         

Geändert von Xave (06.03.2012 um 23:18 Uhr)

Alt 06.03.2012, 23:52   #27
Xave
 
Festplattenproblem nach Avira Free Antivirus-Meldung - Standard

Festplattenproblem nach Avira Free Antivirus-Meldung



Hmm, beim ersten OSAM war der Scanner wieder an, ich habs zur Sicherheit nochmal gemacht:

Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 23:40:36 on 06.03.2012

OS: Windows Vista Business Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Mozilla Corporation Firefox 9.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"iproset.cpl" - "Intel(R) Corporation" - C:\Windows\system32\iproset.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLCFG32.CPL
"PROSet Tools" - "Intel(R) Corporation" - C:\Windows\System32\iPROSet.cpl
"ProtectorSuiteInfoPanel" - "UPEK Inc." - C:\Program Files\Protector Suite QL\infopnl.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
"SMARTBoardCPL" - "SMART Technologies ULC" - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardCPL.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"catchme" (catchme) - ? - C:\Users\****\AppData\Local\Temp\catchme.sys  (File not found)
"igfx" (igfx) - ? - C:\Windows\System32\DRIVERS\igdkmd32.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"jatmlano" (jatmlano) - ? - C:\Users\****\AppData\Local\Temp\jatmlano.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"Nintendo Wi-Fi USB Connector Service" (RT25USBAP) - "Ralink Technology Inc." - C:\Windows\System32\DRIVERS\rt25usbap.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"regi" (regi) - "InterVideo" - C:\Windows\System32\drivers\regi.sys
"Sony DMI Call service" (DMICall) - "Sony Corporation" - C:\Windows\System32\DRIVERS\DMICall.sys
"Sony HDD Protection Filter Driver" (shpf) - "Sony Corporation" - C:\Windows\System32\DRIVERS\shpf.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\Windows\System32\drivers\truecrypt.sys
"WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{5513F07E-936B-4E52-9B00-067394E91CC5} "dssrequest" - ? -   (File not found | COM-object registry key not found)
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{5513F07E-936B-4E52-9B00-067394E91CC5} "sacore" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\kbcplext.dll
{B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\mcplext.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL
{9AFDE8D6-200C-4b41-A5FC-B7251DFD1A8E} "Safearchive ContextMenu Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll
{E6D7D89A-2232-446d-8A0F-D0F9B06DB1CA} "Safearchive ExtractIcon Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll
{66C99756-1C92-4d3e-BA69-9400A6F731F5} "Safearchive PropertySheetHandler Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll
{055EF591-5C38-49a0-9BDA-51B1D69D0BF4} "Safearchive ShellFolder Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} "Java Plug-in 1.6.0_04" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{4248FE82-7FCB-46AC-B270-339F08212110} "&Virtuelle Tastatur" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
"ICQ7.5" - "ICQ, LLC." - C:\Program Files\ICQ7.5\ICQ.exe
{CD275D4E-791A-4993-9D4D-6A071EDD2709} "IE7Pro Grab and Drag" - "IE7Pro.com" - C:\Program Files\IEPro\iepro.dll
{B119EB0C-C021-46CF-85B0-34A760E0D5FE} "IE7Pro Preferences" - "IE7Pro.com" - C:\Program Files\IEPro\iepro.dll
{CCF151D8-D089-449F-A5A4-D9909053F20F} "Li&nks untersuchen" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Adobe PDF" - ? - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll  (File not found)
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - ? - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll  (File not found)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - "Your Company Name" - C:\PROGRA~1\GOOGLE~1\BAE.dll
{67BCF957-85FC-4036-8DC4-D4D80E00A77B} "CIEDownload Object" - "SMART Technologies ULC." - C:\Program Files\SMART Technologies\SMART Notebook\NotebookPlugin.dll
{E33CF602-D945-461A-83F0-819F76A199F8} "FilterBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
{00011268-E188-40DF-A514-835FCD78B1BF} "IE7Pro BHO" - "IE7Pro.com" - C:\Program Files\IEPro\iepro.dll
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Notification packages" - "UPEK Inc." - C:\Windows\system32\psqlpwd.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Dorothea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Adobe Acrobat - Schnellstart.lnk" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe  (Shortcut exists | File exists)
"Adobe Reader Synchronizer.lnk" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Logitech SetPoint.lnk" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\SetPoint.exe  (Shortcut exists | File exists)
"BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
"NSUFloatingUI" - "Sony Corporation" - "C:\Program Files\Sony\Network Utility\LANUtil.exe"
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acrobat Assistant 8.0" - "Adobe Systems Inc." - "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"AVP" - "Kaspersky Lab ZAO" - "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
"FileServe Manager Task" - "FileServe Limited" - "C:\Program Files\FileServe Manager\FSStarter.exe"
"Google Desktop Search" - "Google" - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"ISBMgr.exe" - ? - "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"MarketingTools" - "Sony NSCE" - C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
"PSQLLauncher" - "UPEK Inc." - "C:\Program Files\Protector Suite QL\launcher.exe" /startup
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SMART Board Service" - "SMART Technologies" - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
"SMART SNMP Agent" - "SMART Technologies ULC" - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe -e
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"VMSwitch" - "Sony Corporation" - "C:\Program Files\Sony\VAIO Mode Switch\VMSwitch.exe"
"XboxStat" - "Microsoft Corporation" - "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port" - "Adobe Systems Incorporated." - C:\Windows\system32\AdobePDF.dll
"SMART Local Port" - "SMART Technologies ULC" - C:\Windows\system32\smrtlocalmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Adobe Active File Monitor V6" (AdobeActiveFileMonitor6.0) - ? - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe  (File found, but it contains no detailed information)
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"VAIO Power Management" (VAIO Power Management) - "Sony Corporation" - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Intel® PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
"Intel® PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
"Kaspersky Anti-Virus Service" (AVP) - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"NSUService" (NSUService) - "Sony Corporation" - C:\Program Files\Sony\Network Utility\NSUService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"RtkHDMIService" (RtkHDMIService) - "Realtek Semiconductor" - C:\Windows\RtkAudioService.exe
"SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"TeamViewer 6" (TeamViewer6) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
"VAIO Event Service" (VAIO Event Service) - "Sony Corporation" - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"GinaDLL" - "UPEK Inc." - C:\Windows\system32\vrlogon.dll
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"igfxcui" - ? - igfxdev.dll  (File not found)
"klogon" - "Kaspersky Lab ZAO" - C:\Windows\system32\klogon.dll
"psfus" - "UPEK Inc." - C:\Windows\system32\psqlpwd.dll
"VESWinlogon" - "Sony Corporation" - C:\Windows\system32\VESWinlogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         

Alt 07.03.2012, 00:32   #28
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Festplattenproblem nach Avira Free Antivirus-Meldung - Standard

Festplattenproblem nach Avira Free Antivirus-Meldung



Zitat:
"jatmlano" (jatmlano) - ? - C:\Users\****\AppData\Local\Temp\jatmlano.sys (File not found)
Bitte mit OSAM fixen (deaktivieren+löschen)
Neues Log von OSAM danach wäre gut. Außerdem brauche ich noch das Log von aswMBR
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.03.2012, 00:52   #29
Xave
 
Festplattenproblem nach Avira Free Antivirus-Meldung - Standard

Festplattenproblem nach Avira Free Antivirus-Meldung



So, hier das letzte Log (aswMBR):

Code:
ATTFilter
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-06 23:53:21
-----------------------------
23:53:21.390    OS Version: Windows 6.0.6001 Service Pack 1
23:53:21.390    Number of processors: 2 586 0x1706
23:53:21.390    ComputerName: ****-PC  UserName: ****
23:53:55.835    Initialize success
23:55:00.102    AVAST engine defs: 12030600
23:55:17.184    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:55:17.200    Disk 0 Vendor: Hitachi_ DC4O Size: 190782MB BusType: 3
23:55:17.200    Disk 1  \Device\Harddisk1\DR1 -> \Device\0000006f
23:55:17.216    Disk 1 Vendor: RICOH 01 Size: 190782MB BusType: 0
23:55:17.216    Disk 2  \Device\Harddisk2\DR2 -> \Device\00000070
23:55:17.231    Disk 2 Vendor: RICOH 02 Size: 190782MB BusType: 0
23:55:17.247    Disk 0 MBR read successfully
23:55:17.262    Disk 0 MBR scan
23:55:17.278    Disk 0 Windows VISTA default MBR code
23:55:17.278    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         7376 MB offset 2048
23:55:17.294    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       183404 MB offset 15108096
23:55:17.309    Disk 0 scanning sectors +390719920
23:55:17.387    Disk 0 scanning C:\Windows\system32\drivers
23:55:28.931    Service scanning
23:55:39.508    Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
23:55:39.586    Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
23:55:39.758    Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
23:55:39.773    Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
23:55:57.401    Modules scanning
23:56:02.128    Disk 0 trace - called modules:
23:56:02.144    ntkrnlpa.exe CLASSPNP.SYS disk.sys shpf.sys acpi.sys hal.dll iaStor.sys 
23:56:02.159    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87034738]
23:56:02.175    3 CLASSPNP.SYS[8b16e745] -> nt!IofCallDriver -> [0x863d10c8]
23:56:02.190    5 shpf.sys[8ab55cdd] -> nt!IofCallDriver -> [0x85906020]
23:56:02.190    7 acpi.sys[806956a0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85912028]
23:56:03.688    AVAST engine scan C:\Windows
23:56:07.744    AVAST engine scan C:\Windows\system32
23:59:42.681    AVAST engine scan C:\Windows\system32\drivers
23:59:56.440    AVAST engine scan C:\Users\Dorothea
00:14:17.017    AVAST engine scan C:\ProgramData
00:28:05.566    Scan finished successfully
00:48:48.731    Disk 0 MBR has been saved successfully to "C:\Users\****\Desktop\MBR.dat"
00:48:48.747    The log file has been saved successfully to "C:\Users\****\Desktop\aswMBR.txt"
         

Alt 07.03.2012, 00:59   #30
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Festplattenproblem nach Avira Free Antivirus-Meldung - Standard

Festplattenproblem nach Avira Free Antivirus-Meldung



Ok. Hast du den einen Eintrag mit OSAM schon deaktiviert und anschl. gelöscht?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Festplattenproblem nach Avira Free Antivirus-Meldung
antivirus, avira, bildschirm, computer, datei, entfernen, error, failed, fehlermeldungen, festplatte, free, funktioniert, laptop, neustart, ordner, problem, probleme, programme, ram, scan, schließen, surfen, system, system32, systemsteuerung, versteckte, wiederholung, windows



Ähnliche Themen: Festplattenproblem nach Avira Free Antivirus-Meldung


  1. Avira Free Antivirus stürzt bei Systemscan ab - auch nach Neuinstallation
    Plagegeister aller Art und deren Bekämpfung - 04.09.2015 (17)
  2. Avast Free Antivirus URL:Mal ständige Meldung beim Surfen
    Log-Analyse und Auswertung - 04.08.2015 (14)
  3. Avira Free Antivirus: Systemprüfung: Warnungen. Was tun?
    Plagegeister aller Art und deren Bekämpfung - 11.05.2015 (1)
  4. Avira free antivirus meldet TR/Dropper.A.25752
    Plagegeister aller Art und deren Bekämpfung - 21.03.2015 (17)
  5. Avast Free Antivirus URL:Mal Meldung beim Surfen
    Plagegeister aller Art und deren Bekämpfung - 23.11.2014 (8)
  6. Avira Free Antivirus findet ' TR/Crypt.ZPACK.93528 '
    Plagegeister aller Art und deren Bekämpfung - 17.11.2014 (11)
  7. Trojanerbefall - Avira Antivirus Free durch Gruppenrichtlinie blockiert!
    Log-Analyse und Auswertung - 15.05.2014 (7)
  8. Avira Free Antivirus - 6 Funde nach Systemscan
    Log-Analyse und Auswertung - 24.03.2014 (5)
  9. Avira Free Antivirus meldet Adware/InstallCore7
    Log-Analyse und Auswertung - 19.01.2014 (9)
  10. Avira Free Antivirus hat TR/Agent.57344.206 gefunden - Trojanische Pferd
    Log-Analyse und Auswertung - 23.06.2013 (15)
  11. Avira Free Antivirus hat yontoo.gen gefunden und in Quarantäne geschoben
    Plagegeister aller Art und deren Bekämpfung - 28.04.2013 (2)
  12. TR/ATRAPSGEN2-Meldungen erschienen auf meinem PC und nun ist AVIRA-Regenschirm auf Symbol von Avira Free Antivirus eingeklappt
    Log-Analyse und Auswertung - 27.09.2012 (5)
  13. There is an important Updates for Avira Free Antivirus is Read to Install.
    Log-Analyse und Auswertung - 31.07.2012 (14)
  14. AVG Free Antivirus vs. Avira AntiVir Personal - FREE Antivirus
    Antiviren-, Firewall- und andere Schutzprogramme - 17.05.2012 (23)
  15. meldung: "resistry blockiert" von avira free antivirus und touch pad blockiert
    Log-Analyse und Auswertung - 18.04.2012 (0)
  16. Microsoft Security Essentials oder Avira Free-Antivirus
    Antiviren-, Firewall- und andere Schutzprogramme - 26.12.2011 (10)
  17. 190 Warnungen beim Virenscan! AVIRA PERSONAL FREE ANTIVIRUS
    Antiviren-, Firewall- und andere Schutzprogramme - 23.11.2009 (45)

Zum Thema Festplattenproblem nach Avira Free Antivirus-Meldung - Ach ja Ich habe jetzt die Berichte gespeichert und den Inhalt der Textdatei hier rein kopiert. Das erste ist der "Schutz-Center", das zweite sind "Erkannte Bedrohungen", hoffentlich waren das die - Festplattenproblem nach Avira Free Antivirus-Meldung...
Archiv
Du betrachtest: Festplattenproblem nach Avira Free Antivirus-Meldung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.