Deutsche Bank 20 Tan Virus & gmer startet nicht richtig

#0
11.09.2010, 17:26
Moderator

Beiträge: 5694
#16 Liste mir mal auf welche Du meinst.

Wie làuft das System nach dem OTL Scan?
Seitenanfang Seitenende
12.09.2010, 14:31
Member

Themenstarter

Beiträge: 13
#17 Ich würde vermuten, dass die dlls die mir avz antiviral angibt nicht ok sind...
Deutsche Bank Seite fragt mich jetzt nicht mehr nach den TANs.
gmer und antivir antirootkit starten immer noch nicht.

hier die logs von OTL und AVZ:

OTL:

Code

OTL logfile created on: 12.09.2010 14:26:12 - Run 4
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\schnppl\Desktop
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 199,90 Gb Total Space | 41,66 Gb Free Space | 20,84% Space Free | Partition Type: NTFS
Drive D: | 200,00 Gb Total Space | 140,48 Gb Free Space | 70,24% Space Free | Partition Type: NTFS
Drive E: | 65,76 Gb Total Space | 4,37 Gb Free Space | 6,65% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SCHNPPL-PC
Current User Name: schnppl
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Users\schnppl\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\schnppl\Desktop\avz4\avz4\avz.exe (Лаборатория Касперского, 2007-2010)
PRC - C:\Program Files (x86)\SOUNDGRAPH\iMON\iMON.exe (SoundGraph, Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch)


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - C:\Users\schnppl\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files (x86)\SOUNDGRAPH\iMON\SG_ShellMon.dll (SoundGraph, Inc.)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:[b]64bit:[/b] - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (StorSvc) -- C:\Windows\SysNative\StorSvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab)
SRV - (CSObjectsSrv) -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - (uzqxmzc1) -- C:\Windows\SysNative\Drivers\uzqxmzc1.sys File not found
DRV:[b]64bit:[/b] - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:[b]64bit:[/b] - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:[b]64bit:[/b] - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:[b]64bit:[/b] - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:[b]64bit:[/b] - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:[b]64bit:[/b] - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:[b]64bit:[/b] - (CSCrySec) -- C:\Windows\SysNative\drivers\CSCrySec.sys (Infowatch)
DRV:[b]64bit:[/b] - (CSVirtualDiskDrv) -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys (Infowatch)
DRV:[b]64bit:[/b] - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:[b]64bit:[/b] - (KLBG) -- C:\Windows\SysNative\drivers\klbg.sys (Kaspersky Lab)
DRV:[b]64bit:[/b] - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:[b]64bit:[/b] - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab)
DRV:[b]64bit:[/b] - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab)
DRV:[b]64bit:[/b] - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:[b]64bit:[/b] - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:[b]64bit:[/b] - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:[b]64bit:[/b] - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:[b]64bit:[/b] - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:[b]64bit:[/b] - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:[b]64bit:[/b] - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:[b]64bit:[/b] - (copperhd) -- C:\Windows\SysNative\drivers\copperhd.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (uzqxmzc1) -- C:\Windows\SysWOW64\drivers\uzqxmzc1.sys ()


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FD 3C 9B 23 52 48 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.192
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.09.09 01:43:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.09.09 01:55:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\THBExt [2010.09.08 18:04:06 | 000,000,000 | ---D | M]

[2010.08.03 20:52:22 | 000,000,000 | ---D | M] -- C:\Users\schnppl\AppData\Roaming\Mozilla\Extensions
[2010.09.10 23:43:15 | 000,000,000 | ---D | M] -- C:\Users\schnppl\AppData\Roaming\Mozilla\Firefox\Profiles\i6aj1hxs.default\extensions
[2010.08.04 20:20:43 | 000,000,000 | ---D | M] -- C:\Users\schnppl\AppData\Roaming\Mozilla\Firefox\Profiles\i6aj1hxs.default\extensions\firefox@tvunetworks.com
[2010.09.10 23:43:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.09.09 01:55:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.09.08 18:04:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010.09.09 01:55:42 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.07.18 23:22:49 | 000,000,903 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:[b]64bit:[/b] - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\ievkbd.dll (Kaspersky Lab)
O2:[b]64bit:[/b] - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2:[b]64bit:[/b] - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL File not found
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [iMON] C:\Program Files (x86)\SOUNDGRAPH\iMON\iMON.exe (SoundGraph, Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:[b]64bit:[/b] - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\klwtbbho.dll (Kaspersky Lab)
O9:[b]64bit:[/b] - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.191.74.11 213.191.92.82
O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O20:[b]64bit:[/b] - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\kloehk.dll (Kaspersky Lab)
O20:[b]64bit:[/b] - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\sbhook64.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\sbhook.dll (Kaspersky Lab)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:[b]64bit:[/b] - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8074f8bd-ea53-11de-bd70-90e6ba5d1a5c}\Shell - "" = AutoRun
O33 - MountPoints2\{8074f8bd-ea53-11de-bd70-90e6ba5d1a5c}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010.09.10 22:24:52 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010.09.10 22:24:52 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010.09.10 22:24:52 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010.09.10 22:24:52 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010.09.10 22:24:52 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010.09.10 22:24:52 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010.09.10 22:24:52 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010.09.10 22:24:52 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010.09.10 22:20:25 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.09.10 22:20:25 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.09.10 22:20:25 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.09.10 22:20:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.09.10 22:20:25 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.09.10 22:20:25 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.09.10 22:20:24 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010.09.10 22:20:24 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010.09.10 22:20:24 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010.09.10 22:20:21 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010.09.10 22:20:21 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010.09.10 22:20:00 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.09.10 22:20:00 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.09.10 22:20:00 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010.09.10 22:20:00 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010.09.10 22:19:17 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010.09.10 22:19:17 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010.09.09 01:56:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010.09.09 01:55:46 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010.09.09 01:55:46 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.09.09 01:55:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.09.09 01:55:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.09.08 23:29:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010.09.08 21:04:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.09.08 18:59:50 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.09.08 18:04:13 | 000,085,048 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSCrySec.sys
[2010.09.08 18:04:13 | 000,066,104 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys
[2010.09.08 18:03:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2010.09.08 18:03:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InfoWatch
[2010.09.08 18:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010.09.08 18:03:15 | 000,353,296 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2010.09.08 17:55:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010.09.08 13:25:14 | 000,000,000 | ---D | C] -- C:\Users\schnppl\Desktop\Research
[2010.09.08 11:28:54 | 000,000,000 | ---D | C] -- C:\Users\schnppl\Desktop\avz4
[2010.09.08 11:08:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Internet Explorer
[2010.09.07 20:59:05 | 000,000,000 | ---D | C] -- C:\Users\schnppl\AppData\Local\CrashDumps
[2010.09.07 16:25:44 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\schnppl\Desktop\OTL.exe
[2010.09.01 20:30:26 | 000,000,000 | ---D | C] -- C:\Users\schnppl\Documents\KONAMI
[2010.09.01 20:14:38 | 000,000,000 | ---D | C] -- C:\ProgramData\KONAMI
[2010.09.01 20:14:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KONAMI
[2010.08.31 21:42:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2010.08.31 21:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010.08.31 21:34:41 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010.08.29 15:21:37 | 000,000,000 | ---D | C] -- C:\Users\schnppl\Desktop\Prakt
[2010.08.23 18:17:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Blender
[2010.08.23 17:57:37 | 000,000,000 | ---D | C] -- C:\Users\schnppl\Documents\Template
[2010.08.23 17:25:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2010.08.21 16:38:42 | 000,000,000 | ---D | C] -- C:\Users\schnppl\AppData\Roaming\download2
[2010.08.18 16:15:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DigiDNA
[2010.08.18 14:10:33 | 000,000,000 | ---D | C] -- C:\Users\schnppl\AppData\Roaming\DiskAid

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010.09.12 14:27:20 | 003,932,160 | -HS- | M] () -- C:\Users\schnppl\ntuser.dat
[2010.09.12 14:12:49 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.12 14:12:49 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.12 14:08:24 | 000,007,168 | ---- | M] () -- C:\Windows\SysWow64\drivers\utqxmzc1.sys
[2010.09.12 14:06:22 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.12 14:06:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.12 14:06:12 | 3220,574,208 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.11 14:38:50 | 004,408,830 | -H-- | M] () -- C:\Users\schnppl\AppData\Local\IconCache.db
[2010.09.10 22:30:54 | 004,979,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.09.10 08:17:39 | 000,673,032 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.09.10 08:17:39 | 000,574,600 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.09.10 08:17:39 | 000,096,434 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.09.09 17:24:59 | 000,018,083 | ---- | M] () -- C:\Users\schnppl\Documents\operators.xlsx
[2010.09.09 01:55:42 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010.09.09 01:55:42 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.09.09 01:55:42 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.09.09 01:55:42 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.09.08 18:59:47 | 431,361,316 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.09.08 18:12:39 | 000,149,773 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2010.09.08 18:12:39 | 000,106,765 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2010.09.08 18:03:15 | 000,353,296 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2010.09.08 17:42:09 | 000,011,264 | ---- | M] () -- C:\Windows\SysWow64\drivers\uzqxmzc1.sys
[2010.09.08 11:13:14 | 000,001,437 | ---- | M] () -- C:\Users\schnppl\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010.09.07 16:56:19 | 000,293,376 | ---- | M] () -- C:\Users\schnppl\Desktop\jr2mvxwy.exe
[2010.09.07 16:25:47 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\schnppl\Desktop\OTL.exe
[2010.08.31 09:02:16 | 000,002,093 | ---- | M] () -- C:\Users\schnppl\Desktop\HijackThis.lnk
[2010.08.30 00:08:48 | 000,271,680 | ---- | M] () -- C:\Users\schnppl\Documents\dehst new.xlsm
[2010.08.25 10:43:19 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010.08.25 10:43:19 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2010.08.23 17:40:55 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini
[2010.08.23 17:31:17 | 000,108,840 | ---- | M] () -- C:\Users\schnppl\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.18 13:53:16 | 000,139,432 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.08.18 11:41:29 | 000,168,133 | ---- | M] () -- C:\Users\schnppl\Documents\dehst.xlsm

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010.09.12 14:08:24 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\utqxmzc1.sys
[2010.09.08 18:59:47 | 431,361,316 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.09.08 18:04:44 | 000,149,773 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2010.09.08 18:04:43 | 000,106,765 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2010.09.08 17:34:27 | 000,018,083 | ---- | C] () -- C:\Users\schnppl\Documents\operators.xlsx
[2010.09.08 11:30:25 | 000,011,264 | ---- | C] () -- C:\Windows\SysWow64\drivers\uzqxmzc1.sys
[2010.09.08 11:13:12 | 000,001,437 | ---- | C] () -- C:\Users\schnppl\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010.09.07 16:56:17 | 000,293,376 | ---- | C] () -- C:\Users\schnppl\Desktop\jr2mvxwy.exe
[2010.08.31 09:02:16 | 000,002,093 | ---- | C] () -- C:\Users\schnppl\Desktop\HijackThis.lnk
[2010.08.25 10:43:06 | 000,002,562 | ---- | C] () -- C:\Windows\diagwrn.xml
[2010.08.25 10:43:06 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2010.08.18 13:53:16 | 000,139,432 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.08.18 12:17:27 | 000,271,680 | ---- | C] () -- C:\Users\schnppl\Documents\dehst new.xlsm
[2010.08.03 20:45:14 | 000,000,000 | ---- | C] () -- C:\Users\schnppl\AppData\Roaming\193334A8D1A6415994998556736BDFE0.dat
[2010.06.12 00:29:08 | 000,000,901 | ---- | C] () -- C:\Windows\venple.ini
[2010.05.04 22:22:39 | 000,000,132 | ---- | C] () -- C:\Users\schnppl\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2010.02.07 18:54:06 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2010.01.29 15:11:16 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2010.01.27 19:39:28 | 000,000,276 | ---- | C] () -- C:\Windows\_delis32.ini
[2010.01.27 19:35:25 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2010.01.21 10:43:54 | 000,722,382 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.12.16 15:43:52 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009.12.16 15:43:50 | 000,028,617 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.04.02 14:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

[color=#E56717]========== LOP Check ==========[/color]

[2010.05.03 21:27:50 | 000,000,000 | ---D | M] -- C:\Users\schnppl\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009.12.16 17:03:27 | 000,000,000 | ---D | M] -- C:\Users\schnppl\AppData\Roaming\DAEMON Tools Lite
[2010.09.10 22:27:12 | 000,000,000 | ---D | M] -- C:\Users\schnppl\AppData\Roaming\DiskAid
[2010.08.27 10:52:20 | 000,000,000 | ---D | M] -- C:\Users\schnppl\AppData\Roaming\download2
[2009.12.16 17:21:21 | 000,000,000 | ---D | M] -- C:\Users\schnppl\AppData\Roaming\Leadertech
[2010.06.13 13:13:24 | 000,000,000 | ---D | M] -- C:\Users\schnppl\AppData\Roaming\Mathsoft
[2010.09.12 14:06:53 | 000,000,000 | ---D | M] -- C:\Users\schnppl\AppData\Roaming\SOUNDGRAPH
[2010.08.03 20:45:14 | 000,000,000 | ---D | M] -- C:\Users\schnppl\AppData\Roaming\Technology Lighthouse
[2010.04.13 14:40:20 | 000,000,000 | ---D | M] -- C:\Users\schnppl\AppData\Roaming\Trillian
[2010.04.02 16:52:22 | 000,000,000 | ---D | M] -- C:\Users\schnppl\AppData\Roaming\Ubisoft
[2010.09.06 22:27:53 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]


< End of report >
extras:

Code

OTL Extras logfile created on: 12.09.2010 14:26:12 - Run 4
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\schnppl\Desktop
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 199,90 Gb Total Space | 41,66 Gb Free Space | 20,84% Space Free | Partition Type: NTFS
Drive D: | 200,00 Gb Total Space | 140,48 Gb Free Space | 70,24% Space Free | Partition Type: NTFS
Drive E: | 65,76 Gb Total Space | 4,37 Gb Free Space | 6,65% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SCHNPPL-PC
Current User Name: schnppl
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\schnppl\AppData\Local\Temp\0.41039457283498526.exe" = C:\Users\schnppl\AppData\Local\Temp\0.41039457283498526.exe:*:Enabled:ldrsoft -- File not found
"C:\Users\schnppl\AppData\Roaming\download2\svcnost.exe" = C:\Users\schnppl\AppData\Roaming\download2\svcnost.exe:*:Enabled:ldrsoft -- File not found
"C:\Users\schnppl\AppData\Local\Temp\0.41039457283498526.exe" = C:\Users\schnppl\AppData\Local\Temp\0.41039457283498526.exe:*:Enabled:ldrsoft -- File not found
"C:\Users\schnppl\AppData\Roaming\download2\svcnost.exe" = C:\Users\schnppl\AppData\Roaming\download2\svcnost.exe:*:Enabled:ldrsoft -- File not found


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2729DB28-1CDC-EB41-A806-35D0AA7A8A72}" = ATI Catalyst Install Manager
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{53529DAD-F7C9-476E-87CC-1547C4E3E821}" = iTunes
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8A837C47-2B21-4FDF-8370-41A1EB6A26E8}" = Microsoft Xbox 360 Accessories 1.1
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}" = Microsoft Sync Framework Services v1.0 (x86)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"{205ACCD7-5342-4694-91F3-3A99E4FD5AA6}" = Mathcad 14 Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3B2A1453-E69E-5F62-AA11-AB09A4E962AD}" = Catalyst Control Center InstallProxy
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{A8BD5A60-E843-46DC-8271-ABF20756BE0F}" = Microsoft Sync Framework Runtime v1.0 (x86)
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C6B29F03-4D97-3B4E-D906-70958E6B1448}" = HydraVision
"{C96A23CB-DDE6-4DEF-AD83-D5D5037D4316}" = iMON
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E666A69B-A76D-43D5-AF28-4B2150A6EDE2}" = Mathcad 14
"{EBD38AE9-D52D-448D-9DB4-4D5F66E1DAFC}" = Mathcad 14 Resource Center
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AFE37E47-37E7-435a-A665-729806B98AEF_is1" = PTFB Pro 4.0.0.0
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2(CREATED BY XEONKING©)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DiskAid_is1" = DiskAid 4.05
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"HijackThis" = HijackThis 2.0.2
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallWIX_{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"Office14.PRJPROR" = Microsoft Project Professional 2010
"R-Studio 4.6NSIS" = R-Studio 4.6
"SopCast" = SopCast 3.2.9
"StarCraft II Beta" = StarCraft II Beta
"Steam App 10" = Counter-Strike
"Veetle TV" = Veetle TV 0.9.17
"Vensim® PLE" = Vensim® PLE
"VLC media player" = VLC media player 1.0.3
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 10.09.2010 19:18:05 | Computer Name = schnppl-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.  .

Error - 10.09.2010 19:18:05 | Computer Name = schnppl-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.  .

Error - 10.09.2010 19:18:05 | Computer Name = schnppl-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.  .

Error - 10.09.2010 19:18:06 | Computer Name = schnppl-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.  .

Error - 11.09.2010 08:38:51 | Computer Name = schnppl-PC | Source = Bonjour Service | ID = 100
Description = 492: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11.09.2010 08:38:51 | Computer Name = schnppl-PC | Source = Bonjour Service | ID = 100
Description = 496: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11.09.2010 08:38:51 | Computer Name = schnppl-PC | Source = Bonjour Service | ID = 100
Description = 468: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11.09.2010 08:38:51 | Computer Name = schnppl-PC | Source = Bonjour Service | ID = 100
Description = 476: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11.09.2010 15:26:23 | Computer Name = schnppl-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AUDIODG.EXE, version: 6.1.7600.16385, time
stamp: 0x4a5bced5  Faulting module name: VIASysFx.dll, version: 1.0.0.0, time stamp:
0x4a8929b1  Exception code: 0xc0000005  Fault offset: 0x000000000005d272  Faulting process
id: 0xd04  Faulting application start time: 0x01cb51e73667b8e3  Faulting application
path: C:\Windows\system32\AUDIODG.EXE  Faulting module path: C:\Windows\system32\VIASysFx.dll
Report
Id: 75dce34c-bdda-11df-8d08-90e6ba5d1a5c

Error - 12.09.2010 08:18:03 | Computer Name = schnppl-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AUDIODG.EXE, version: 6.1.7600.16385, time
stamp: 0x4a5bced5  Faulting module name: VIASysFx.dll, version: 1.0.0.0, time stamp:
0x4a8929b1  Exception code: 0xc0000005  Fault offset: 0x000000000005d272  Faulting process
id: 0xdf4  Faulting application start time: 0x01cb52748aec4845  Faulting application
path: C:\Windows\system32\AUDIODG.EXE  Faulting module path: C:\Windows\system32\VIASysFx.dll
Report
Id: c9d24ddb-be67-11df-b4c9-90e6ba5d1a5c

[ OSession Events ]
Error - 29.06.2010 17:01:17 | Computer Name = schnppl-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 536
seconds with 420 seconds of active time.  This session ended with a crash.

Error - 13.07.2010 17:03:01 | Computer Name = schnppl-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5262
seconds with 780 seconds of active time.  This session ended with a crash.

[ System Events ]
Error - 11.09.2010 12:56:56 | Computer Name = schnppl-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 11.09.2010 12:56:56 | Computer Name = schnppl-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 11.09.2010 12:56:58 | Computer Name = schnppl-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 11.09.2010 12:56:58 | Computer Name = schnppl-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 11.09.2010 15:02:06 | Computer Name = schnppl-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 12.09.2010 08:06:11 | Computer Name = schnppl-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\Drivers\uzqxmzc1.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 12.09.2010 08:06:18 | Computer Name = schnppl-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 12.09.2010 08:06:18 | Computer Name = schnppl-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 12.09.2010 08:08:24 | Computer Name = schnppl-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\Drivers\utqxmzc1.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 12.09.2010 08:08:24 | Computer Name = schnppl-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\Drivers\utqxmzc1.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.


< End of report >
avz:

Code

AVZ Antiviral Toolkit log; AVZ version is 4.35
Scanning started at 12.09.2010 14:29:16
Database loaded: signatures - 278951, NN profile(s) - 2, malware removal microprograms - 56, signature database released 08.09.2010 10:01
Heuristic microprograms loaded: 383
PVS microprograms loaded: 9
Digital signatures of system files loaded: 221157
Heuristic analyzer mode: Medium heuristics mode
Malware removal mode: enabled
Windows version is: 6.1.7600,  ; AVZ is run with administrator rights
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
Analysis: ntdll.dll, export table found in section .text
Analysis: user32.dll, export table found in section .text
Function user32.dll:DefDlgProcA (1657) intercepted, method - ProcAddressHijack.GetProcAddress ->75805F5A->770E8944
Function user32.dll:DefDlgProcW (1658) intercepted, method - ProcAddressHijack.GetProcAddress ->75805F75->770D3F54
Function user32.dll:DefWindowProcA (1664) intercepted, method - ProcAddressHijack.GetProcAddress ->75805F90->770B2893
Function user32.dll:DefWindowProcW (1665) intercepted, method - ProcAddressHijack.GetProcAddress ->75805FAB->770A247D
Analysis: advapi32.dll, export table found in section .text
Function advapi32.dll:AddMandatoryAce (1029) intercepted, method - ProcAddressHijack.GetProcAddress ->75DB24B5->74D5C334
Function advapi32.dll:I_QueryTagInformation (1361) intercepted, method - ProcAddressHijack.GetProcAddress ->75DB2655->75B972D8
Function advapi32.dll:I_ScIsSecurityProcess (1362) intercepted, method - ProcAddressHijack.GetProcAddress ->75DB268C->75B9733F
Function advapi32.dll:I_ScPnPGetServiceName (1363) intercepted, method - ProcAddressHijack.GetProcAddress ->75DB26C3->75B97C40
Function advapi32.dll:I_ScQueryServiceConfig (1364) intercepted, method - ProcAddressHijack.GetProcAddress ->75DB26FA->75B95F8A
Function advapi32.dll:I_ScSendPnPMessage (1365) intercepted, method - ProcAddressHijack.GetProcAddress ->75DB2732->75B95E7D
Function advapi32.dll:I_ScSendTSMessage (1366) intercepted, method - ProcAddressHijack.GetProcAddress ->75DB2766->75B971C5
Function advapi32.dll:I_ScValidatePnPService (1369) intercepted, method - ProcAddressHijack.GetProcAddress ->75DB2799->75B96B9D
Function advapi32.dll:IsValidRelativeSecurityDescriptor (1389) intercepted, method - ProcAddressHijack.GetProcAddress ->75DB27D1->74D5C5DF
Function advapi32.dll:PerfCreateInstance (1515) intercepted, method - ProcAddressHijack.GetProcAddress ->75DB2858->74972187
Function advapi32.dll:PerfDecrementULongCounterValue (1516) intercepted, method - ProcAddressHijack.GetProcAddress ->75DB2871->74972A1D
Function advapi32.dll:PerfDecrementULongLongCounterValue (1517) intercepted, method - ProcAddressHijack.GetProcAddress ->75DB2896->74972B3C
Function advapi32.dll:PerfDeleteInstance (1519) intercepted, method - ProcAddressHijack.GetProcAddress ->75DB28BF->74972259
Function advapi32.dll:PerfIncrementULongCounterValue (1522) intercepted, method - ProcAddressHijack.GetProcAddress ->75DB28D8->749727B9
Function advapi32.dll:PerfIncrementULongLongCounterValue (1523) intercepted, method - ProcAddressHijack.GetProcAddress ->75DB28FD->749728D6
Function advapi32.dll:PerfQueryInstance (1528) intercepted, method - ProcAddressHijack.GetProcAddress ->75DB2926->74972373
Function advapi32.dll:PerfSetCounterRefValue (1529) intercepted, method - ProcAddressHijack.GetProcAddress ->75DB293E->74972447
Function advapi32.dll:PerfSetCounterSetInfo (1530) intercepted, method - ProcAddressHijack.GetProcAddress ->75DB295B->749720B0
Function advapi32.dll:PerfSetULongCounterValue (1531) intercepted, method - ProcAddressHijack.GetProcAddress ->75DB2977->74972565
Function advapi32.dll:PerfSetULongLongCounterValue (1532) intercepted, method - ProcAddressHijack.GetProcAddress ->75DB2996->74972680
Function advapi32.dll:PerfStartProvider (1533) intercepted, method - ProcAddressHijack.GetProcAddress ->75DB29B9->74971FED
Function advapi32.dll:PerfStartProviderEx (1534) intercepted, method - ProcAddressHijack.GetProcAddress ->75DB29D1->74971F34
Function advapi32.dll:PerfStopProvider (1535) intercepted, method - ProcAddressHijack.GetProcAddress ->75DB29EB->74972026
Function advapi32.dll:SystemFunction035 (1753) intercepted, method - ProcAddressHijack.GetProcAddress ->75DB2A3C->733F3EA8
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
Function netapi32.dll:DavAddConnection (1) intercepted, method - ProcAddressHijack.GetProcAddress ->73483B10->734E29DD
Function netapi32.dll:DavDeleteConnection (2) intercepted, method - ProcAddressHijack.GetProcAddress ->73483B29->734E181B
Function netapi32.dll:DavFlushFile (3) intercepted, method - ProcAddressHijack.GetProcAddress ->73483B45->734E1713
Function netapi32.dll:DavGetExtendedError (4) intercepted, method - ProcAddressHijack.GetProcAddress ->73483B5A->734E2347
Function netapi32.dll:DavGetHTTPFromUNCPath (5) intercepted, method - ProcAddressHijack.GetProcAddress ->73483B76->734E275B
Function netapi32.dll:DavGetUNCFromHTTPPath (6) intercepted, method - ProcAddressHijack.GetProcAddress ->73483B94->734E257D
Function netapi32.dll:DsAddressToSiteNamesA (7) intercepted, method - ProcAddressHijack.GetProcAddress ->73483BB2->6FEE4A4D
Function netapi32.dll:DsAddressToSiteNamesExA (8) intercepted, method - ProcAddressHijack.GetProcAddress ->73483BD1->6FEE4D79
Function netapi32.dll:DsAddressToSiteNamesExW (9) intercepted, method - ProcAddressHijack.GetProcAddress ->73483BF2->6FEE5049
Function netapi32.dll:DsAddressToSiteNamesW (10) intercepted, method - ProcAddressHijack.GetProcAddress ->73483C13->6FEE4C29
Function netapi32.dll:DsDeregisterDnsHostRecordsA (11) intercepted, method - ProcAddressHijack.GetProcAddress ->73483C32->6FEE6DD9
Function netapi32.dll:DsDeregisterDnsHostRecordsW (12) intercepted, method - ProcAddressHijack.GetProcAddress ->73483C57->6FEE6D59
Function netapi32.dll:DsEnumerateDomainTrustsA (13) intercepted, method - ProcAddressHijack.GetProcAddress ->73483C7C->6FEE6771
Function netapi32.dll:DsEnumerateDomainTrustsW (14) intercepted, method - ProcAddressHijack.GetProcAddress ->73483C9E->6FED60BC
Function netapi32.dll:DsGetDcCloseW (15) intercepted, method - ProcAddressHijack.GetProcAddress ->73483CC0->6FEE495D
Function netapi32.dll:DsGetDcNameA (16) intercepted, method - ProcAddressHijack.GetProcAddress ->73483CD7->6FEE5BB2
Function netapi32.dll:DsGetDcNameW (17) intercepted, method - ProcAddressHijack.GetProcAddress ->73483CED->6FED4CA8
Function netapi32.dll:DsGetDcNameWithAccountA (18) intercepted, method - ProcAddressHijack.GetProcAddress ->73483D03->6FEE55E9
Function netapi32.dll:DsGetDcNameWithAccountW (19) intercepted, method - ProcAddressHijack.GetProcAddress ->73483D24->6FED4CD1
Function netapi32.dll:DsGetDcNextA (20) intercepted, method - ProcAddressHijack.GetProcAddress ->73483D45->6FEE4896
Function netapi32.dll:DsGetDcNextW (21) intercepted, method - ProcAddressHijack.GetProcAddress ->73483D5B->6FEE47ED
Function netapi32.dll:DsGetDcOpenA (22) intercepted, method - ProcAddressHijack.GetProcAddress ->73483D71->6FEE473D
Function netapi32.dll:DsGetDcOpenW (23) intercepted, method - ProcAddressHijack.GetProcAddress ->73483D87->6FEE46AB
Function netapi32.dll:DsGetDcSiteCoverageA (24) intercepted, method - ProcAddressHijack.GetProcAddress ->73483D9D->6FEE5239
Function netapi32.dll:DsGetDcSiteCoverageW (25) intercepted, method - ProcAddressHijack.GetProcAddress ->73483DBB->6FEE5409
Function netapi32.dll:DsGetForestTrustInformationW (26) intercepted, method - ProcAddressHijack.GetProcAddress ->73483DD9->6FEE6E6F
Function netapi32.dll:DsGetSiteNameA (27) intercepted, method - ProcAddressHijack.GetProcAddress ->73483DFF->6FEE5B39
Function netapi32.dll:DsGetSiteNameW (28) intercepted, method - ProcAddressHijack.GetProcAddress ->73483E17->6FED5F24
Function netapi32.dll:DsMergeForestTrustInformationW (29) intercepted, method - ProcAddressHijack.GetProcAddress ->73483E2F->6FEE6F71
Function netapi32.dll:DsRoleAbortDownlevelServerUpgrade (30) intercepted, method - ProcAddressHijack.GetProcAddress ->73483E57->72FD4339
Function netapi32.dll:DsRoleCancel (31) intercepted, method - ProcAddressHijack.GetProcAddress ->73483E80->72FD34A9
Function netapi32.dll:DsRoleDcAsDc (32) intercepted, method - ProcAddressHijack.GetProcAddress ->73483E94->72FD3EAD
Function netapi32.dll:DsRoleDcAsReplica (33) intercepted, method - ProcAddressHijack.GetProcAddress ->73483EA8->72FD3F99
Function netapi32.dll:DsRoleDemoteDc (34) intercepted, method - ProcAddressHijack.GetProcAddress ->73483EC1->72FD4189
Function netapi32.dll:DsRoleDnsNameToFlatName (35) intercepted, method - ProcAddressHijack.GetProcAddress ->73483ED7->72FD32B5
Function netapi32.dll:DsRoleFreeMemory (36) intercepted, method - ProcAddressHijack.GetProcAddress ->73483EF6->72FD19A9
Function netapi32.dll:DsRoleGetDatabaseFacts (37) intercepted, method - ProcAddressHijack.GetProcAddress ->73483F0E->72FD3651
Function netapi32.dll:DsRoleGetDcOperationProgress (38) intercepted, method - ProcAddressHijack.GetProcAddress ->73483F2C->72FD3351
Function netapi32.dll:DsRoleGetDcOperationResults (39) intercepted, method - ProcAddressHijack.GetProcAddress ->73483F50->72FD3401
Function netapi32.dll:DsRoleGetPrimaryDomainInformation (40) intercepted, method - ProcAddressHijack.GetProcAddress ->73483F73->72FD1F3D
Function netapi32.dll:DsRoleIfmHandleFree (41) intercepted, method - ProcAddressHijack.GetProcAddress ->73483F9C->72FD3539
Function netapi32.dll:DsRoleServerSaveStateForUpgrade (42) intercepted, method - ProcAddressHijack.GetProcAddress ->73483FB7->72FD35C9
Function netapi32.dll:DsRoleUpgradeDownlevelServer (43) intercepted, method - ProcAddressHijack.GetProcAddress ->73483FDE->72FD4261
Function netapi32.dll:DsValidateSubnetNameA (44) intercepted, method - ProcAddressHijack.GetProcAddress ->73484002->6FEE5AF9
Function netapi32.dll:DsValidateSubnetNameW (45) intercepted, method - ProcAddressHijack.GetProcAddress ->73484021->6FEE49E1
Function netapi32.dll:I_BrowserDebugCall (46) intercepted, method - ProcAddressHijack.GetProcAddress ->73484040->72FC24A9
Function netapi32.dll:I_BrowserDebugTrace (47) intercepted, method - ProcAddressHijack.GetProcAddress ->7348405B->72FC2581
Function netapi32.dll:I_BrowserQueryEmulatedDomains (48) intercepted, method - ProcAddressHijack.GetProcAddress ->73484077->72FC29F9
Function netapi32.dll:I_BrowserQueryOtherDomains (49) intercepted, method - ProcAddressHijack.GetProcAddress ->7348409D->72FC22C1
Function netapi32.dll:I_BrowserQueryStatistics (50) intercepted, method - ProcAddressHijack.GetProcAddress ->734840C0->72FC2651
Function netapi32.dll:I_BrowserResetNetlogonState (51) intercepted, method - ProcAddressHijack.GetProcAddress ->734840E1->72FC23D1
Function netapi32.dll:I_BrowserResetStatistics (52) intercepted, method - ProcAddressHijack.GetProcAddress ->73484105->72FC2729
Function netapi32.dll:I_BrowserServerEnum (53) intercepted, method - ProcAddressHijack.GetProcAddress ->73484126->72FC20BF
Function netapi32.dll:I_BrowserSetNetlogonState (54) intercepted, method - ProcAddressHijack.GetProcAddress ->73484142->72FC2919
Function netapi32.dll:I_DsUpdateReadOnlyServerDnsRecords (55) intercepted, method - ProcAddressHijack.GetProcAddress ->73484164->6FEE5569
Function netapi32.dll:I_NetAccountDeltas (56) intercepted, method - ProcAddressHijack.GetProcAddress ->73484190->6FEE63AB
Function netapi32.dll:I_NetAccountSync (57) intercepted, method - ProcAddressHijack.GetProcAddress ->734841AC->6FEE63AB
Function netapi32.dll:I_NetChainSetClientAttributes (59) intercepted, method - ProcAddressHijack.GetProcAddress ->734841C6->6FEE6FA6
Function netapi32.dll:I_NetChainSetClientAttributes2 (58) intercepted, method - ProcAddressHijack.GetProcAddress ->734841ED->6FEE7029
Function netapi32.dll:I_NetDatabaseDeltas (60) intercepted, method - ProcAddressHijack.GetProcAddress ->73484215->6FEE6391
Function netapi32.dll:I_NetDatabaseRedo (61) intercepted, method - ProcAddressHijack.GetProcAddress ->73484232->6FEE6521
Function netapi32.dll:I_NetDatabaseSync (63) intercepted, method - ProcAddressHijack.GetProcAddress ->7348424D->6FEE6391
Function netapi32.dll:I_NetDatabaseSync2 (62) intercepted, method - ProcAddressHijack.GetProcAddress ->73484268->6FEE639E
Function netapi32.dll:I_NetDfsGetVersion (64) intercepted, method - ProcAddressHijack.GetProcAddress ->73484284->73457CA1
Function netapi32.dll:I_NetDfsIsThisADomainName (65) intercepted, method - ProcAddressHijack.GetProcAddress ->7348429E->72F84E39
Function netapi32.dll:I_NetGetDCList (66) intercepted, method - ProcAddressHijack.GetProcAddress ->734842BF->6FEE5D9C
Function netapi32.dll:I_NetGetForestTrustInformation (67) intercepted, method - ProcAddressHijack.GetProcAddress ->734842D7->6FEE6EF1
Function netapi32.dll:I_NetLogonControl (69) intercepted, method - ProcAddressHijack.GetProcAddress ->734842FF->6FEE63B8
Function netapi32.dll:I_NetLogonControl2 (68) intercepted, method - ProcAddressHijack.GetProcAddress ->7348431A->6FEE6439
Function netapi32.dll:I_NetLogonGetDomainInfo (70) intercepted, method - ProcAddressHijack.GetProcAddress ->73484336->6FED64A4
Function netapi32.dll:I_NetLogonSamLogoff (71) intercepted, method - ProcAddressHijack.GetProcAddress ->73484357->6FEE6091
Function netapi32.dll:I_NetLogonSamLogon (72) intercepted, method - ProcAddressHijack.GetProcAddress ->73484374->6FEE5F39
Function netapi32.dll:I_NetLogonSamLogonEx (73) intercepted, method - ProcAddressHijack.GetProcAddress ->73484390->6FEE5FE1
Function netapi32.dll:I_NetLogonSamLogonWithFlags (74) intercepted, method - ProcAddressHijack.GetProcAddress ->734843AE->6FEDB22A
Function netapi32.dll:I_NetLogonSendToSam (75) intercepted, method - ProcAddressHijack.GetProcAddress ->734843D3->6FEE6111
Function netapi32.dll:I_NetLogonUasLogoff (76) intercepted, method - ProcAddressHijack.GetProcAddress ->734843F0->6FEE5EC9
Function netapi32.dll:I_NetLogonUasLogon (77) intercepted, method - ProcAddressHijack.GetProcAddress ->7348440D->6FEE5E53
Function netapi32.dll:I_NetServerAuthenticate (80) intercepted, method - ProcAddressHijack.GetProcAddress ->73484429->6FEE6191
Function netapi32.dll:I_NetServerAuthenticate2 (78) intercepted, method - ProcAddressHijack.GetProcAddress ->7348444A->6FEE6211
Function netapi32.dll:I_NetServerAuthenticate3 (79) intercepted, method - ProcAddressHijack.GetProcAddress ->7348446C->6FED6393
Function netapi32.dll:I_NetServerGetTrustInfo (81) intercepted, method - ProcAddressHijack.GetProcAddress ->7348448E->6FEE6C61
Function netapi32.dll:I_NetServerPasswordGet (82) intercepted, method - ProcAddressHijack.GetProcAddress ->734844AF->6FEE6B61
Function netapi32.dll:I_NetServerPasswordSet (84) intercepted, method - ProcAddressHijack.GetProcAddress ->734844CF->6FEE6291
Function netapi32.dll:I_NetServerPasswordSet2 (83) intercepted, method - ProcAddressHijack.GetProcAddress ->734844EF->6FEE6311
Function netapi32.dll:I_NetServerReqChallenge (85) intercepted, method - ProcAddressHijack.GetProcAddress ->73484510->6FED6424
Function netapi32.dll:I_NetServerSetServiceBits (86) intercepted, method - ProcAddressHijack.GetProcAddress ->73484531->7345426D
Function netapi32.dll:I_NetServerSetServiceBitsEx (87) intercepted, method - ProcAddressHijack.GetProcAddress ->73484552->73456D11
Function netapi32.dll:I_NetServerTrustPasswordsGet (88) intercepted, method - ProcAddressHijack.GetProcAddress ->73484575->6FEE6BE1
Function netapi32.dll:I_NetlogonComputeClientDigest (89) intercepted, method - ProcAddressHijack.GetProcAddress ->7348459B->6FED5C20
Function netapi32.dll:I_NetlogonComputeServerDigest (90) intercepted, method - ProcAddressHijack.GetProcAddress ->734845C2->6FEE6AEC
Function netapi32.dll:NetAddAlternateComputerName (97) intercepted, method - ProcAddressHijack.GetProcAddress ->734845E9->73445B21
Function netapi32.dll:NetAddServiceAccount (98) intercepted, method - ProcAddressHijack.GetProcAddress ->7348460C->6FEE70B1
Function netapi32.dll:NetApiBufferAllocate (101) intercepted, method - ProcAddressHijack.GetProcAddress ->7348462A->73471415
Function netapi32.dll:NetApiBufferFree (102) intercepted, method - ProcAddressHijack.GetProcAddress ->73484648->734713D2
Function netapi32.dll:NetApiBufferReallocate (103) intercepted, method - ProcAddressHijack.GetProcAddress ->73484662->73473729
Function netapi32.dll:NetApiBufferSize (104) intercepted, method - ProcAddressHijack.GetProcAddress ->73484682->73473771
Function netapi32.dll:NetBrowserStatisticsGet (108) intercepted, method - ProcAddressHijack.GetProcAddress ->7348469C->72FC2801
Function netapi32.dll:NetConnectionEnum (112) intercepted, method - ProcAddressHijack.GetProcAddress ->734846BC->73455521
Function netapi32.dll:NetDfsAdd (113) intercepted, method - ProcAddressHijack.GetProcAddress ->734846D5->72F878FD
Function netapi32.dll:NetDfsAddFtRoot (114) intercepted, method - ProcAddressHijack.GetProcAddress ->734846E6->72F86859
Function netapi32.dll:NetDfsAddRootTarget (115) intercepted, method - ProcAddressHijack.GetProcAddress ->734846FD->72F87401
Function netapi32.dll:NetDfsAddStdRoot (116) intercepted, method - ProcAddressHijack.GetProcAddress ->73484718->72F82B1E
Function netapi32.dll:NetDfsAddStdRootForced (117) intercepted, method - ProcAddressHijack.GetProcAddress ->73484730->72F82BB1
Function netapi32.dll:NetDfsEnum (118) intercepted, method - ProcAddressHijack.GetProcAddress ->7348474E->72F870F9
Function netapi32.dll:NetDfsGetClientInfo (119) intercepted, method - ProcAddressHijack.GetProcAddress ->73484760->72F83F25
Function netapi32.dll:NetDfsGetDcAddress (120) intercepted, method - ProcAddressHijack.GetProcAddress ->7348477B->72F82C51
Function netapi32.dll:NetDfsGetFtContainerSecurity (121) intercepted, method - ProcAddressHijack.GetProcAddress ->73484795->72F85363
Function netapi32.dll:NetDfsGetInfo (122) intercepted, method - ProcAddressHijack.GetProcAddress ->734847B9->72F82D69
Function netapi32.dll:NetDfsGetSecurity (123) intercepted, method - ProcAddressHijack.GetProcAddress ->734847CE->72F87741
Function netapi32.dll:NetDfsGetStdContainerSecurity (124) intercepted, method - ProcAddressHijack.GetProcAddress ->734847E7->72F83AD5
Function netapi32.dll:NetDfsGetSupportedNamespaceVersion (125) intercepted, method - ProcAddressHijack.GetProcAddress ->7348480C->72F85C19
Function netapi32.dll:NetDfsManagerGetConfigInfo (126) intercepted, method - ProcAddressHijack.GetProcAddress ->73484836->72F82E9C
Function netapi32.dll:NetDfsManagerInitialize (127) intercepted, method - ProcAddressHijack.GetProcAddress ->73484858->72F82F91
Function netapi32.dll:NetDfsManagerSendSiteInfo (128) intercepted, method - ProcAddressHijack.GetProcAddress ->73484877->72F872C5
Function netapi32.dll:NetDfsMove (129) intercepted, method - ProcAddressHijack.GetProcAddress ->73484898->72F85651
Function netapi32.dll:NetDfsRemove (130) intercepted, method - ProcAddressHijack.GetProcAddress ->734848AA->72F87A19
Function netapi32.dll:NetDfsRemoveFtRoot (131) intercepted, method - ProcAddressHijack.GetProcAddress ->734848BE->72F86A99
Function netapi32.dll:NetDfsRemoveFtRootForced (132) intercepted, method - ProcAddressHijack.GetProcAddress ->734848D8->72F86BE5
Function netapi32.dll:NetDfsRemoveRootTarget (133) intercepted, method - ProcAddressHijack.GetProcAddress ->734848F8->72F85879
Function netapi32.dll:NetDfsRemoveStdRoot (134) intercepted, method - ProcAddressHijack.GetProcAddress ->73484916->72F82CE1
Function netapi32.dll:NetDfsRename (135) intercepted, method - ProcAddressHijack.GetProcAddress ->73484931->72F82E91
Function netapi32.dll:NetDfsSetClientInfo (136) intercepted, method - ProcAddressHijack.GetProcAddress ->73484945->72F84301
Function netapi32.dll:NetDfsSetFtContainerSecurity (137) intercepted, method - ProcAddressHijack.GetProcAddress ->73484960->72F853AF
Function netapi32.dll:NetDfsSetInfo (138) intercepted, method - ProcAddressHijack.GetProcAddress ->73484984->72F86D8B
Function netapi32.dll:NetDfsSetSecurity (139) intercepted, method - ProcAddressHijack.GetProcAddress ->73484999->72F87822
Function netapi32.dll:NetDfsSetStdContainerSecurity (140) intercepted, method - ProcAddressHijack.GetProcAddress ->734849B2->72F83B24
Function netapi32.dll:NetEnumerateComputerNames (141) intercepted, method - ProcAddressHijack.GetProcAddress ->734849D7->73445E39
Function netapi32.dll:NetEnumerateServiceAccounts (142) intercepted, method - ProcAddressHijack.GetProcAddress ->734849F8->6FEE7199
Function netapi32.dll:NetEnumerateTrustedDomains (143) intercepted, method - ProcAddressHijack.GetProcAddress ->73484A1D->6FEE652E
Function netapi32.dll:NetFileClose (147) intercepted, method - ProcAddressHijack.GetProcAddress ->73484A41->73455659
Function netapi32.dll:NetFileEnum (148) intercepted, method - ProcAddressHijack.GetProcAddress ->73484A55->73455729
Function netapi32.dll:NetFileGetInfo (149) intercepted, method - ProcAddressHijack.GetProcAddress ->73484A68->73455859
Function netapi32.dll:NetGetAnyDCName (150) intercepted, method - ProcAddressHijack.GetProcAddress ->73484A7E->6FEE496D
Function netapi32.dll:NetGetDCName (151) intercepted, method - ProcAddressHijack.GetProcAddress ->73484A97->6FEE5913
Function netapi32.dll:NetGetDisplayInformationIndex (152) intercepted, method - ProcAddressHijack.GetProcAddress ->73484AAD->73EE4117
Function netapi32.dll:NetGetJoinInformation (153) intercepted, method - ProcAddressHijack.GetProcAddress ->73484AD2->73442DC7
Function netapi32.dll:NetGetJoinableOUs (154) intercepted, method - ProcAddressHijack.GetProcAddress ->73484AEF->734459D1
Function netapi32.dll:NetGroupAdd (155) intercepted, method - ProcAddressHijack.GetProcAddress ->73484B08->73EE71C3
Function netapi32.dll:NetGroupAddUser (156) intercepted, method - ProcAddressHijack.GetProcAddress ->73484B1B->73EE73AD
Function netapi32.dll:NetGroupDel (157) intercepted, method - ProcAddressHijack.GetProcAddress ->73484B32->73EE73CB
Function netapi32.dll:NetGroupDelUser (158) intercepted, method - ProcAddressHijack.GetProcAddress ->73484B45->73EE73EB
Function netapi32.dll:NetGroupEnum (159) intercepted, method - ProcAddressHijack.GetProcAddress ->73484B5C->73EE7409
Function netapi32.dll:NetGroupGetInfo (160) intercepted, method - ProcAddressHijack.GetProcAddress ->73484B70->73EE78C8
Function netapi32.dll:NetGroupGetUsers (161) intercepted, method - ProcAddressHijack.GetProcAddress ->73484B87->73EE7952
Function netapi32.dll:NetGroupSetInfo (162) intercepted, method - ProcAddressHijack.GetProcAddress ->73484B9F->73EE7C02
Function netapi32.dll:NetGroupSetUsers (163) intercepted, method - ProcAddressHijack.GetProcAddress ->73484BB6->73EE7DAE
Function netapi32.dll:NetIsServiceAccount (164) intercepted, method - ProcAddressHijack.GetProcAddress ->73484BCE->6FEE72D9
Function netapi32.dll:NetJoinDomain (165) intercepted, method - ProcAddressHijack.GetProcAddress ->73484BEB->734454B9
Function netapi32.dll:NetLocalGroupAdd (166) intercepted, method - ProcAddressHijack.GetProcAddress ->73484C00->73EE875A
Function netapi32.dll:NetLocalGroupAddMember (167) intercepted, method - ProcAddressHijack.GetProcAddress ->73484C18->73EE8886
Function netapi32.dll:NetLocalGroupAddMembers (168) intercepted, method - ProcAddressHijack.GetProcAddress ->73484C36->73EE8E99
Function netapi32.dll:NetLocalGroupDel (169) intercepted, method - ProcAddressHijack.GetProcAddress ->73484C55->73EE88A4
Function netapi32.dll:NetLocalGroupDelMember (170) intercepted, method - ProcAddressHijack.GetProcAddress ->73484C6D->73EE8928
Function netapi32.dll:NetLocalGroupDelMembers (171) intercepted, method - ProcAddressHijack.GetProcAddress ->73484C8B->73EE8EBD
Function netapi32.dll:NetLocalGroupEnum (172) intercepted, method - ProcAddressHijack.GetProcAddress ->73484CAA->73EE8946
Function netapi32.dll:NetLocalGroupGetInfo (173) intercepted, method - ProcAddressHijack.GetProcAddress ->73484CC3->73EE8CE4
Function netapi32.dll:NetLocalGroupGetMembers (174) intercepted, method - ProcAddressHijack.GetProcAddress ->73484CDF->73EE2265
Function netapi32.dll:NetLocalGroupSetInfo (175) intercepted, method - ProcAddressHijack.GetProcAddress ->73484CFE->73EE8D57
Function netapi32.dll:NetLocalGroupSetMembers (176) intercepted, method - ProcAddressHijack.GetProcAddress ->73484D1A->73EE8E75
Function netapi32.dll:NetLogonGetTimeServiceParentDomain (177) intercepted, method - ProcAddressHijack.GetProcAddress ->73484D39->6FEE6CE9
Function netapi32.dll:NetLogonSetServiceBits (178) intercepted, method - ProcAddressHijack.GetProcAddress ->73484D65->6FED603C
Function netapi32.dll:NetProvisionComputerAccount (184) intercepted, method - ProcAddressHijack.GetProcAddress ->73484D85->6E0FF2D3
Function netapi32.dll:NetQueryDisplayInformation (185) intercepted, method - ProcAddressHijack.GetProcAddress ->73484DA9->73EE3D87
Function netapi32.dll:NetQueryServiceAccount (186) intercepted, method - ProcAddressHijack.GetProcAddress ->73484DCB->6FEE7249
Function netapi32.dll:NetRemoteComputerSupports (188) intercepted, method - ProcAddressHijack.GetProcAddress ->73484DEB->73472160
Function netapi32.dll:NetRemoteTOD (189) intercepted, method - ProcAddressHijack.GetProcAddress ->73484E0E->73456C11
Function netapi32.dll:NetRemoveAlternateComputerName (190) intercepted, method - ProcAddressHijack.GetProcAddress ->73484E22->73445C29
Function netapi32.dll:NetRemoveServiceAccount (191) intercepted, method - ProcAddressHijack.GetProcAddress ->73484E48->6FEE7129
Function netapi32.dll:NetRenameMachineInDomain (192) intercepted, method - ProcAddressHijack.GetProcAddress ->73484E69->73445751
Function netapi32.dll:NetRequestOfflineDomainJoin (208) intercepted, method - ProcAddressHijack.GetProcAddress ->73484E89->6E0FB52F
Function netapi32.dll:NetScheduleJobAdd (209) intercepted, method - ProcAddressHijack.GetProcAddress ->73484EAD->72BD19D1
Function netapi32.dll:NetScheduleJobDel (210) intercepted, method - ProcAddressHijack.GetProcAddress ->73484EC8->72BD1AC9
Function netapi32.dll:NetScheduleJobEnum (211) intercepted, method - ProcAddressHijack.GetProcAddress ->73484EE3->72BD1BC1
Function netapi32.dll:NetScheduleJobGetInfo (212) intercepted, method - ProcAddressHijack.GetProcAddress ->73484EFF->72BD1CE1
Function netapi32.dll:NetServerAliasAdd (213) intercepted, method - ProcAddressHijack.GetProcAddress ->73484F1E->73457843
Function netapi32.dll:NetServerAliasDel (214) intercepted, method - ProcAddressHijack.GetProcAddress ->73484F37->73457A79
Function netapi32.dll:NetServerAliasEnum (215) intercepted, method - ProcAddressHijack.GetProcAddress ->73484F50->73457931
Function netapi32.dll:NetServerComputerNameAdd (216) intercepted, method - ProcAddressHijack.GetProcAddress ->73484F6A->73457411
Function netapi32.dll:NetServerComputerNameDel (217) intercepted, method - ProcAddressHijack.GetProcAddress ->73484F8A->734576FB
Function netapi32.dll:NetServerDiskEnum (218) intercepted, method - ProcAddressHijack.GetProcAddress ->73484FAA->73456559
Function netapi32.dll:NetServerEnum (219) intercepted, method - ProcAddressHijack.GetProcAddress ->73484FC3->72FC2F61
Function netapi32.dll:NetServerEnumEx (220) intercepted, method - ProcAddressHijack.GetProcAddress ->73484FD9->72FC2C5F
Function netapi32.dll:NetServerGetInfo (221) intercepted, method - ProcAddressHijack.GetProcAddress ->73484FF1->73453CFA
Function netapi32.dll:NetServerSetInfo (222) intercepted, method - ProcAddressHijack.GetProcAddress ->73485009->73456681
Function netapi32.dll:NetServerTransportAdd (223) intercepted, method - ProcAddressHijack.GetProcAddress ->73485021->73456851
Function netapi32.dll:NetServerTransportAddEx (224) intercepted, method - ProcAddressHijack.GetProcAddress ->7348503E->73457329
Function netapi32.dll:NetServerTransportDel (225) intercepted, method - ProcAddressHijack.GetProcAddress ->7348505D->73456A01
Function netapi32.dll:NetServerTransportEnum (226) intercepted, method - ProcAddressHijack.GetProcAddress ->7348507A->73456AD9
Function netapi32.dll:NetSessionDel (231) intercepted, method - ProcAddressHijack.GetProcAddress ->73485098->73455941
Function netapi32.dll:NetSessionEnum (232) intercepted, method - ProcAddressHijack.GetProcAddress ->734850AD->73455A11
Function netapi32.dll:NetSessionGetInfo (233) intercepted, method - ProcAddressHijack.GetProcAddress ->734850C3->73455B41
Function netapi32.dll:NetSetPrimaryComputerName (234) intercepted, method - ProcAddressHijack.GetProcAddress ->734850DC->73445D31
Function netapi32.dll:NetShareAdd (235) intercepted, method - ProcAddressHijack.GetProcAddress ->734850FD->73455C81
Function netapi32.dll:NetShareCheck (236) intercepted, method - ProcAddressHijack.GetProcAddress ->73485110->73455E91
Function netapi32.dll:NetShareDel (237) intercepted, method - ProcAddressHijack.GetProcAddress ->73485125->73455F81
Function netapi32.dll:NetShareDelEx (238) intercepted, method - ProcAddressHijack.GetProcAddress ->73485138->73457B61
Function netapi32.dll:NetShareDelSticky (239) intercepted, method - ProcAddressHijack.GetProcAddress ->7348514D->734560D1
Function netapi32.dll:NetShareEnum (240) intercepted, method - ProcAddressHijack.GetProcAddress ->73485166->73453F91
Function netapi32.dll:NetShareEnumSticky (241) intercepted, method - ProcAddressHijack.GetProcAddress ->7348517A->734561C9
Function netapi32.dll:NetShareGetInfo (242) intercepted, method - ProcAddressHijack.GetProcAddress ->73485194->7345433F
Function netapi32.dll:NetShareSetInfo (243) intercepted, method - ProcAddressHijack.GetProcAddress ->734851AB->73456341
Function netapi32.dll:NetUnjoinDomain (245) intercepted, method - ProcAddressHijack.GetProcAddress ->734851C2->73445641
Function netapi32.dll:NetUseAdd (247) intercepted, method - ProcAddressHijack.GetProcAddress ->734851D9->73443693
Function netapi32.dll:NetUseDel (248) intercepted, method - ProcAddressHijack.GetProcAddress ->734851EA->73445FA9
Function netapi32.dll:NetUseEnum (249) intercepted, method - ProcAddressHijack.GetProcAddress ->734851FB->73443184
Function netapi32.dll:NetUseGetInfo (250) intercepted, method - ProcAddressHijack.GetProcAddress ->7348520D->73446039
Function netapi32.dll:NetUserAdd (251) intercepted, method - ProcAddressHijack.GetProcAddress ->73485222->73EE464F
Function netapi32.dll:NetUserChangePassword (252) intercepted, method - ProcAddressHijack.GetProcAddress ->73485234->73EE5A06
Function netapi32.dll:NetUserDel (253) intercepted, method - ProcAddressHijack.GetProcAddress ->73485251->73EE4826
Function netapi32.dll:NetUserEnum (254) intercepted, method - ProcAddressHijack.GetProcAddress ->73485263->73EE49D6
Function netapi32.dll:NetUserGetGroups (255) intercepted, method - ProcAddressHijack.GetProcAddress ->73485276->73EE4E01
Function netapi32.dll:NetUserGetInfo (256) intercepted, method - ProcAddressHijack.GetProcAddress ->7348528E->73EE1C60
Function netapi32.dll:NetUserGetLocalGroups (257) intercepted, method - ProcAddressHijack.GetProcAddress ->734852A4->73EE2875
Function netapi32.dll:NetUserModalsGet (258) intercepted, method - ProcAddressHijack.GetProcAddress ->734852C1->73EE206B
Function netapi32.dll:NetUserModalsSet (259) intercepted, method - ProcAddressHijack.GetProcAddress ->734852D9->73EE54AA
Function netapi32.dll:NetUserSetGroups (260) intercepted, method - ProcAddressHijack.GetProcAddress ->734852F1->73EE5095
Function netapi32.dll:NetUserSetInfo (261) intercepted, method - ProcAddressHijack.GetProcAddress ->73485309->73EE4D1D
Function netapi32.dll:NetValidateName (262) intercepted, method - ProcAddressHijack.GetProcAddress ->7348531F->73445859
Function netapi32.dll:NetValidatePasswordPolicy (263) intercepted, method - ProcAddressHijack.GetProcAddress ->73485336->73EE9967
Function netapi32.dll:NetValidatePasswordPolicyFree (264) intercepted, method - ProcAddressHijack.GetProcAddress ->73485357->73EE9B6B
Function netapi32.dll:NetWkstaTransportAdd (267) intercepted, method - ProcAddressHijack.GetProcAddress ->7348537C->73444E45
Function netapi32.dll:NetWkstaTransportDel (268) intercepted, method - ProcAddressHijack.GetProcAddress ->73485398->73444F21
Function netapi32.dll:NetWkstaTransportEnum (269) intercepted, method - ProcAddressHijack.GetProcAddress ->734853B4->73444CF9
Function netapi32.dll:NetWkstaUserEnum (270) intercepted, method - ProcAddressHijack.GetProcAddress ->734853D1->73444AD1
Function netapi32.dll:NetWkstaUserGetInfo (271) intercepted, method - ProcAddressHijack.GetProcAddress ->734853E9->73443280
Function netapi32.dll:NetWkstaUserSetInfo (272) intercepted, method - ProcAddressHijack.GetProcAddress ->73485404->73444C15
Function netapi32.dll:NetapipBufferAllocate (273) intercepted, method - ProcAddressHijack.GetProcAddress ->7348541F->734737AA
Function netapi32.dll:NetpIsRemote (289) intercepted, method - ProcAddressHijack.GetProcAddress ->7348543E->7347382D
Function netapi32.dll:NetpwNameCanonicalize (296) intercepted, method - ProcAddressHijack.GetProcAddress ->73485454->73471C30
Function netapi32.dll:NetpwNameCompare (297) intercepted, method - ProcAddressHijack.GetProcAddress ->73485473->73471F2E
Function netapi32.dll:NetpwNameValidate (298) intercepted, method - ProcAddressHijack.GetProcAddress ->7348548D->73471990
Function netapi32.dll:NetpwPathCanonicalize (299) intercepted, method - ProcAddressHijack.GetProcAddress ->734854A8->7347275D
Function netapi32.dll:NetpwPathCompare (300) intercepted, method - ProcAddressHijack.GetProcAddress ->734854C7->73474086
Function netapi32.dll:NetpwPathType (301) intercepted, method - ProcAddressHijack.GetProcAddress ->734854E1->73472533
Function netapi32.dll:NlBindingAddServerToCache (302) intercepted, method - ProcAddressHijack.GetProcAddress ->734854F8->6FED61F8
Function netapi32.dll:NlBindingRemoveServerFromCache (303) intercepted, method - ProcAddressHijack.GetProcAddress ->7348551B->6FED5D67
Function netapi32.dll:NlBindingSetAuthInfo (304) intercepted, method - ProcAddressHijack.GetProcAddress ->73485543->6FED6198
1.2 Searching for kernel-mode API hooks
Error loading driver - operation interrupted [C000036B]
1.4 Searching for masking processes and drivers
Checking not performed: extended monitoring driver (AVZPM) is not installed
1.5 Checking IRP handlers
Error loading driver - operation interrupted [C000036B]
2. Scanning RAM
Number of processes found: 11
Number of modules loaded: 209
Scanning RAM - complete
3. Scanning disks
4. Checking  Winsock Layered Service Provider (SPI/LSP)
LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
C:\Program Files (x86)\SOUNDGRAPH\iMON\SG_ShellMon.dll --> Suspicion for Keylogger or Trojan DLL
C:\Program Files (x86)\SOUNDGRAPH\iMON\SG_ShellMon.dll>>> Behaviour analysis
Behaviour typical for keyloggers was not detected
Note: Do NOT delete suspicious files, send them for analysis  (see FAQ for more details),  because there are lots of useful hooking DLLs
6. Searching for opened TCP/UDP ports used by malicious software
Checking - disabled by user
7. Heuristic system check
Latent DLL loading through AppInit_DLLs suspected: "C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll"
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Remote Desktop Services)
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery)
>> Services: potentially dangerous service allowed: Schedule (Task Scheduler)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
>>  HDD autorun is allowed
>>  Network drives autorun is allowed
>>  Removable media autorun is allowed
Checking - complete
Files scanned: 221, extracted from archives: 0, malicious software found 0, suspicions - 0
Scanning finished at 12.09.2010 14:29:30
Time of scanning: 00:00:14
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://virusinfo.info conference
Vielen Dank!
Seitenanfang Seitenende
12.09.2010, 15:38
Moderator

Beiträge: 5694
#18 Rootkitscan mit RootRepeal
• Gehe hierhin, scrolle runter und downloade RootRepeal.zip.
• Entpacke die Datei auf Deinen Desktop.
• Doppelklicke die RootRepeal.exe, um den Scanner zu starten.
• Klicke auf den Reiter Report und dann auf den Button Scan.
• Mache einen Haken bei den folgenden Elementen und klicke Ok.
.
Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services
Shadow SSDT

.
• Im Anschluss wirst Du gefragt, welche Laufwerke gescannt werden sollen.
• Wähle C:\ und klicke wieder Ok.
• Der Suchlauf beginnt automatisch, es wird eine Weile dauern, bitte Geduld.
• Wenn der Suchlauf beendet ist, klicke auf Save Report.
• Speichere das Logfile als RootRepeal.txt auf dem Desktop.
• Kopiere den Inhalt hier in den Thread.
Seitenanfang Seitenende
12.09.2010, 16:33
Member

Themenstarter

Beiträge: 13
#19 Sorry aber wenn ich root repeal starten möchte, sagt er mir, dass er keine 64-bit os unterstützt.
;)
Seitenanfang Seitenende
12.09.2010, 22:29
Moderator

Beiträge: 5694
#20 ach mein Fehler ;)

ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte
während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking
und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.


Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
• Dein Anti-Virus-Programm während des Scans deaktivieren.
• Button drücken.Firefox-User: Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
IE-User: müssen das Installieren eines ActiveX Elements erlauben.
• Setze den einen Hacken bei Yes, i accept the Terms of Use.
• Drücke den Button.
• Warte bis die Komponenten herunter geladen wurden.
• Setze einen Haken bei "Remove found threads" und "Scan archives".• drücken.
• Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde

• Klicke Finish.• Browser schließen.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
• Logfile hier posten.
Seitenanfang Seitenende
13.09.2010, 20:11
Member

Themenstarter

Beiträge: 13
#21

Code

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=156811737b7a144db49ea13ca31399e3
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-09-13 06:06:38
# local_time=2010-09-13 08:06:38 (+0100, W. Europe Daylight Time)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 4906385 4906385 0 0
# compatibility_mode=1280 16777215 100 0 432724 432724 0 0
# compatibility_mode=5893 16776573 100 94 244304 36844663 0 0
# compatibility_mode=8192 67108863 100 0 33440 33440 0 0
# scanned=407002
# found=0
# cleaned=0
# scan_time=6668
Seitenanfang Seitenende
13.09.2010, 21:10
Moderator

Beiträge: 5694
#22 Also wenn keine Probleme mehr sind. Dann wären wir durch.
Seitenanfang Seitenende
13.09.2010, 22:01
Member

Themenstarter

Beiträge: 13
#23 naja...gemer startet immer noch nicht mit hinweis auf fehlende datei in c:\windows\system32, avira antirootkit startet auch nicht und avz zeigt mir immer noch die warnungen an die oben in dem avz log auch zu sehen sind.
Seitenanfang Seitenende
14.09.2010, 21:48
Moderator

Beiträge: 5694
#24 Welche Warnungen?

Vergiss das mit GMER ;) Und auch Avira Rootkit. Du hast ein 64Bit System darum gehts nicht. Habe ich leider voll übersehen ;)

Sind denn noch spürbare probleme vorhanden??
Seitenanfang Seitenende
15.09.2010, 16:47
Member

Themenstarter

Beiträge: 13
#25

Code

Analysis: kernel32.dll, export table found in section .text
Analysis: ntdll.dll, export table found in section .text
Analysis: user32.dll, export table found in section .text
Function user32.dll:DefDlgProcA (1657) intercepted, method - ProcAddressHijack.GetProcAddress ->75805F5A->770E8944
Function user32.dll:DefDlgProcW (1658) intercepted, method - ProcAddressHijack.GetProcAddress ->75805F75->770D3F54
Function user32.dll:DefWindowProcA (1664) intercepted, method - ProcAddressHijack.GetProcAddress ->75805F90->770B2893
Function user32.dll:DefWindowProcW (1665) intercepted, method - ProcAddressHijack.GetProcAddress ->75805FAB->770A247D
Analysis: advapi32.dll, export table found in section .text
Function advapi32.dll:AddMandatoryAce (1029) intercepted, method - ProcAddressHijack.GetProcAddress ->75DB24B5->74D5C334
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
Function netapi32.dll:DavAddConnection (1) intercepted, method - ProcAddressHijack.GetProcAddress ->73483B10->734E29DD
...
das sollte doch nicht so sein, oder?
Seitenanfang Seitenende
15.09.2010, 19:01
Moderator

Beiträge: 5694
#26 Ich sage das dürfte mit der 64 Version zusammenhangen.
Hast Du denn noch Probleme???
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: