HiJackThis Log post

Veltins · 12.03.2010, 14:31

Hallo,

als ich meinen Computer heute hochgefahren habe. Konnte ich feststellen, dass ich nur noch einige Programme starten konnte. ICQ hängt sich automatisch auf und iTunes und z.B. den Internet Explorer kann ich gar nicht starten. Dann habe ich sofort eine Virensuche mit Kaspersky gestarten, doch es wurde nicht gefunden.
Dann habe ich HijackThis installiert und habe hir nun mein Log gepostet.
Villeicht fällt euch was auf.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:05:18, on 12.03.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Silicon Integrated Systems\SiSRaidPackage\hot_plug.exe
C:\Programme\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
D:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\drivers\PhiBtn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Vtune\TBPanel.exe
C:\Programme\DNA\btdna.exe
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Programme\Mindjet\MindManager 5\sys\PDF\GER\W2K\PDFSaver.exe
C:\Programme\MioNet\MioNetManager.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\TeamViewer\Version5\TeamViewer.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dwwin.exe
C:\Programme\Internet Explorer\iexplore.exe
D:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\MioNet\jvm\bin\MioNet.exe
d:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [Hotplug] C:\Programme\Silicon Integrated Systems\SiSRaidPackage\hot_plug.exe
O4 - HKLM\..\Run: [SiSRaid] C:\Programme\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [TrayMin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TBPanel] C:\Programme\Vtune\TBPanel.exe /A
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programme\DNA\btdna.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ICQ] "d:\Programme\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: MindManager PDF Writer.lnk = D:\Programme\Mindjet\MindManager 5\sys\PDF\GER\W2K\PDFSaver.exe
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - d:\Programme\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - d:\Programme\ICQ7.0\ICQ.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Programme\MioNet\MioNetManager.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 7727 bytes

Franz1968 · 12.03.2010, 14:37

Hi,

arbeite bitte das ab und poste die Logfiles.

Veltins · 12.03.2010, 14:41

Der Link geht irgendwie nicht.

Franz1968 · 12.03.2010, 14:44

Sry, sehr peinlich.

Das ist der richtige: http://www.trojaner-board.de/69886-a...-beachten.html

Relevant ist Punkt 2.

Veltins · 12.03.2010, 15:28

Was soll ich denn da jetzt genau machen?
Die Log Files habe ich doch bereits gepostet

Franz1968 · 12.03.2010, 15:33

Bisher hast du nur das HijackThis-Logfile gepostet. Darin ist nichts zu finden, also brauche ich die anderen Logfiles, die RSIT und Malwarebytes liefern.

Veltins · 12.03.2010, 16:16

Logfile of random's system information tool 1.06 (written by random/random)
Run by Felix at 2010-03-12 15:54:02
Microsoft Windows XP Professional Service Pack 2
System drive C: has 24 GB (60%) free of 40 GB
Total RAM: 2047 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:54:05, on 12.03.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\ICQ6Toolbar\ICQ Service.exe
C:\Programme\MioNet\MioNetManager.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Silicon Integrated Systems\SiSRaidPackage\hot_plug.exe
C:\Programme\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
D:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\drivers\PhiBtn.exe
C:\WINDOWS\System32\drivers\Tray900.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Vtune\TBPanel.exe
C:\Programme\DNA\btdna.exe
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dwwin.exe
D:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\MioNet\jvm\bin\MioNet.exe
G:\RSIT.exe
D:\Programme\Trend Micro\HijackThis\Felix.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Hotplug] C:\Programme\Silicon Integrated Systems\SiSRaidPackage\hot_plug.exe
O4 - HKLM\..\Run: [SiSRaid] C:\Programme\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [TrayMin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TBPanel] C:\Programme\Vtune\TBPanel.exe /A
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programme\DNA\btdna.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ICQ] "d:\Programme\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: MindManager PDF Writer.lnk = D:\Programme\Mindjet\MindManager 5\sys\PDF\GER\W2K\PDFSaver.exe
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - d:\Programme\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - d:\Programme\ICQ7.0\ICQ.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Programme\MioNet\MioNetManager.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 7183 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-12-26 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-11-11 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Hotplug"=C:\Programme\Silicon Integrated Systems\SiSRaidPackage\hot_plug.exe [2005-01-12 278528]
"SiSRaid"=C:\Programme\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe [2005-03-01 897024]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-21 13574144]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-10-21 86016]
"Adobe Reader Speed Launcher"=D:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"TkBellExe"=C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [2009-12-26 198160]
"AVP"=C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-12-30 208616]
"QuickTime Task"=C:\Programme\QuickTime\qttask.exe [2009-11-10 417792]
"AppleSyncNotifier"=C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"iTunesHelper"=D:\Programme\iTunes\iTunesHelper.exe [2010-01-22 141608]
"AdobeCS4ServiceManager"=C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"PhiBtn"=C:\WINDOWS\System32\drivers\PhiBtn.exe [2005-08-25 155648]
"TrayMin900"=C:\WINDOWS\System32\drivers\Tray900.exe [2005-08-25 266240]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"TBPanel"=C:\Programme\Vtune\TBPanel.exe [2008-10-21 2154496]
"BitTorrent DNA"=C:\Programme\DNA\btdna.exe [2009-12-26 323392]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe [2005-12-16 94208]
"ICQ"=d:\Programme\ICQ7.0\ICQ.exe [2010-02-11 133368]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
MindManager PDF Writer.lnk - D:\Programme\Mindjet\MindManager 5\sys\PDF\GER\W2K\PDFSaver.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-11-11 218376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\DNA\btdna.exe"="C:\Programme\DNA\btdna.exe:*:Enabled

NA"
"d:\Programme\BitTorrent\bittorrent.exe"="d:\Programme\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"D:\Programme\ICQ6.5\ICQ.exe"="D:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\Programme\Ubisoft\Far Cry 2\bin\FarCry2.exe"="D:\Programme\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2"
"D:\Programme\Ubisoft\Far Cry 2\bin\FC2Launcher.exe"="D:\Programme\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"
"D:\Programme\Ubisoft\Far Cry 2\bin\FC2Editor.exe"="D:\Programme\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\Programme\Activision\Call of Duty 4\iw3mp.exe"="D:\Programme\Activision\Call of Duty 4\iw3mp.exe:*:Enabled:iw3mp"
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\German\setup.exe"="C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\German\setup.exe:*:Enabled:Installationsprogramm für Kaspersky Internet Security 2009"
"D:\Programme\ICQ7.0\ICQ.exe"="D:\Programme\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"D:\Programme\ICQ7.0\aolload.exe"="D:\Programme\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"D:\Programme\iTunes\iTunes.exe"="D:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Programme\TeamViewer\Version5\TeamViewer.exe"="C:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"G:\Spiele\Battlefield Bad Company 2\BFBC2Updater.exe"="G:\Spiele\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Programme\Skype\Plugin Manager\skypePM.exe"="C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Programme\ICQ7.0\ICQ.exe"="D:\Programme\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"D:\Programme\ICQ7.0\aolload.exe"="D:\Programme\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2010-03-12 15:54:02 ----D---- C:\rsit
2010-03-12 15:12:16 ----D---- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Malwarebytes
2010-03-12 15:12:10 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-03-11 21:33:13 ----D---- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\skypePM
2010-03-11 21:28:42 ----D---- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Skype
2010-03-11 21:27:09 ----D---- C:\Programme\Gemeinsame Dateien\Skype
2010-03-11 21:27:07 ----RD---- C:\Programme\Skype
2010-03-11 21:27:05 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
2010-03-11 21:05:55 ----D---- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\ArcSoft
2010-03-11 21:05:31 ----D---- C:\Programme\MioNet
2010-03-11 21:05:04 ----N---- C:\WINDOWS\UNSIPPS.exe
2010-03-11 21:05:00 ----D---- C:\Programme\Ahead
2010-03-11 21:04:56 ----D---- C:\Programme\Gemeinsame Dateien\ArcSoft
2010-03-11 21:04:56 ----A---- C:\WINDOWS\PCDLIB32.DLL
2010-03-11 21:04:15 ----D---- C:\WINDOWS\Options
2010-03-11 21:03:47 ----D---- C:\Programme\Philips
2010-03-11 20:42:29 ----RA---- C:\WINDOWS\system32\vortm.dll
2010-03-11 20:42:28 ----RA---- C:\WINDOWS\system32\winvocon.dll
2010-03-11 20:42:28 ----RA---- C:\WINDOWS\system32\jpeglib.dll
2010-03-11 20:42:28 ----RA---- C:\WINDOWS\system32\fpxlib.dll
2010-03-11 19:09:10 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts
2010-03-11 18:51:50 ----A---- C:\WINDOWS\system32\pbsvc_bc2.exe
2010-03-11 18:41:52 ----D---- C:\WINDOWS\LastGood.Tmp
2010-03-11 17:15:10 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrackMania
2010-03-09 20:31:59 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FLEXnet
2010-03-09 20:23:17 ----D---- C:\Programme\Gemeinsame Dateien\Macrovision Shared
2010-03-09 16:54:43 ----D---- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\TeamViewer
2010-03-09 16:54:36 ----D---- C:\Programme\TeamViewer
2010-02-25 17:54:51 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2010-02-25 17:54:51 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2010-02-25 17:54:51 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2010-02-25 17:54:51 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2010-02-25 17:54:50 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2010-02-25 17:54:50 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2010-02-25 17:54:50 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2010-02-25 17:54:50 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2010-02-25 17:54:50 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2010-02-25 17:54:49 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2010-02-25 17:54:49 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2010-02-25 17:54:49 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2010-02-25 17:54:49 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2010-02-25 17:54:49 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2010-02-25 17:54:49 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2010-02-25 17:54:49 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2010-02-25 17:54:48 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2010-02-25 17:54:48 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2010-02-25 17:54:48 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2010-02-25 17:54:48 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2010-02-25 17:54:48 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2010-02-15 11:01:12 ----D---- C:\Programme\iPod
2010-02-14 23:31:20 ----A---- C:\WINDOWS\system32\javaws.exe
2010-02-14 23:31:20 ----A---- C:\WINDOWS\system32\javaw.exe
2010-02-14 23:31:20 ----A---- C:\WINDOWS\system32\java.exe
2010-02-14 23:31:06 ----D---- C:\Programme\Java
2010-02-14 23:31:05 ----D---- C:\Programme\Gemeinsame Dateien\Java
2010-02-14 23:30:54 ----D---- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Sun

======List of files/folders modified in the last 1 months======

2010-03-12 15:54:01 ----D---- C:\WINDOWS\Prefetch
2010-03-12 15:50:43 ----D---- C:\WINDOWS\Temp
2010-03-12 15:45:40 ----D---- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\DNA
2010-03-12 15:43:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-12 15:32:08 ----D---- C:\WINDOWS\system32\Restore
2010-03-12 15:27:01 ----D---- C:\WINDOWS\system32\drivers
2010-03-12 15:25:37 ----D---- C:\Programme\DNA
2010-03-12 15:25:21 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2010-03-12 15:25:11 ----D---- C:\WINDOWS\system32\config
2010-03-12 14:20:51 ----D---- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\BitTorrent
2010-03-12 14:20:37 ----D---- C:\WINDOWS\Lhsp
2010-03-12 12:29:30 ----D---- C:\WINDOWS\system32
2010-03-12 12:21:38 ----D---- C:\WINDOWS
2010-03-11 22:33:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-11 21:49:21 ----HD---- C:\WINDOWS\inf
2010-03-11 21:28:36 ----SHD---- C:\WINDOWS\Installer
2010-03-11 21:27:09 ----D---- C:\Programme\Gemeinsame Dateien
2010-03-11 21:27:07 ----RD---- C:\Programme
2010-03-11 21:05:01 ----D---- C:\Programme\Gemeinsame Dateien\Ahead
2010-03-11 21:04:55 ----HD---- C:\Programme\InstallShield Installation Information
2010-03-11 21:04:50 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-11 20:42:53 ----SD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft
2010-03-11 20:42:44 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-11 20:42:30 ----D---- C:\WINDOWS\Media
2010-03-11 20:42:29 ----D---- C:\WINDOWS\twain_32
2010-03-11 20:42:28 ----D---- C:\WINDOWS\system
2010-03-11 20:42:28 ----D---- C:\WINDOWS\Help
2010-03-11 20:03:42 ----D---- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\ICQ
2010-03-11 20:00:57 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-03-11 18:42:13 ----D---- C:\WINDOWS\system32\DirectX
2010-03-11 18:41:59 ----RSD---- C:\WINDOWS\assembly
2010-03-11 18:40:50 ----D---- C:\WINDOWS\WinSxS
2010-03-11 18:40:50 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2010-03-11 10:52:01 ----A---- C:\TextToConsole.txt
2010-03-11 10:14:02 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-10 22:29:18 ----D---- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\vlc
2010-03-10 17:41:01 ----A---- C:\WINDOWS\NeroDigital.ini
2010-03-10 16:19:26 ----D---- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Adobe
2010-03-09 20:35:26 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe
2010-03-09 20:27:59 ----D---- C:\Programme\Gemeinsame Dateien\Adobe
2010-03-09 20:27:39 ----RSD---- C:\WINDOWS\Fonts
2010-03-09 20:23:48 ----D---- C:\Programme\Adobe
2010-03-07 15:52:36 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real
2010-03-07 15:52:27 ----D---- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Real
2010-02-20 10:44:43 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2010-02-16 21:28:15 ----SD---- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Microsoft
2010-02-16 21:24:11 ----D---- C:\WINDOWS\system32\wbem
2010-02-16 21:24:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-16 18:39:49 ----D---- C:\DVDVideoSoft
2010-02-15 11:01:11 ----D---- C:\Programme\Gemeinsame Dateien\Apple
2010-02-14 11:41:05 ----D---- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\dvdcss

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 43008]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-12-30 226832]
R2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\system32\DRIVERS\nvcap.sys [2008-10-21 141246]
R2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2008-10-21 16176]
R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2007-03-16 12256]
R3 cmpci;TerraTec Aureon 5.1 (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-07-16 379726]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12288]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-21 6133856]
R3 SiSGbeXP;SiS191/SiS190 Ethernet Device NDIS 5.1 Driver; C:\WINDOWS\system32\DRIVERS\SiSGbeXP.sys [2005-02-18 124160]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 camvid40;Philips SPC 900NC PC Camera; C:\WINDOWS\system32\DRIVERS\camdrv41.sys [2005-08-25 1240576]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 AVP;Kaspersky Internet Security; C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-12-30 208616]
R2 ICQ Service;ICQ Service; C:\Programme\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 MioNet;MioNet Service; C:\Programme\MioNet\MioNetManager.exe [2005-07-15 139264]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-21 163908]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-12-26 75064]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-03-09 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2010-01-22 545576]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-10-24 920576]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Franz1968 · 12.03.2010, 16:26

Ist es immer noch so, dass du den IE nicht starten kannst? In deinen Logfiles ist er nämlich als laufender Prozess zu sehen.

Was macht Malwarebytes?

Veltins · 12.03.2010, 16:39

Also der IE lässt sich immer noch nicht starten und ICQ gibt keine rückmeldung. Auch das abspielen von Musik ist nicht möglich, weil sich die Player (iTunes und RealPlayer) aufhängen und Itunes lässt sich gar nicht erst starten. Malware funktionier auch nicht so balt ich auf Scan drücke gibt das Programm keine rückmeldung.

Franz1968 · 12.03.2010, 16:56

Dann versuche bitte GMER. Vielleicht bringt das einen Anhaltspunkt.

Veltins · 12.03.2010, 17:14

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-12 17:09:56
Windows 5.1.2600 Service Pack 2
Running: v31cbukz.exe; Driver: C:\DOKUME~1\Felix\LOKALE~1\Temp\fwryrkob.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwAdjustPrivilegesToken [0xB3C611DA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwClose [0xB3C617AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwConnectPort [0xB3C631EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateFile [0xB3C62B9C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateKey [0xB3C60950]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xB3C64B7C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateThread [0xB3C615AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteKey [0xB3C60D92]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteValueKey [0xB3C60F92]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeviceIoControlFile [0xB3C62EAC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDuplicateObject [0xB3C65084]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateKey [0xB3C610A8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateValueKey [0xB3C61110]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwFsControlFile [0xB3C62D5E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwLoadDriver [0xB3C64620]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenFile [0xB3C629F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenKey [0xB3C60AB2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenProcess [0xB3C613B2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenSection [0xB3C64BA6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenThread [0xB3C612FE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryKey [0xB3C61178]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryMultipleValueKey [0xB3C60E7C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryValueKey [0xB3C60C5A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueueApcThread [0xB3C64888]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwReplaceKey [0xB3C605D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRequestWaitReplyPort [0xB3C63A74]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRestoreKey [0xB3C60734]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwResumeThread [0xB3C64F56]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSaveKey [0xB3C603D0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSecureConnectPort [0xB3C6308C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetContextThread [0xB3C616AC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSecurityObject [0xB3C6471A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSystemInformation [0xB3C64BD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetValueKey [0xB3C60B08]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendProcess [0xB3C64CB4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendThread [0xB3C64DE0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSystemDebugControl [0xB3C6454C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwTerminateProcess [0xB3C6147E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwWriteVirtualMemory [0xB3C614F0]

INT 0x62 ? 8A576BF8
INT 0x63 ? 89883BF8
INT 0x83 ? 8A50AF00
INT 0x84 ? 89883BF8
INT 0xA4 ? 89883BF8
INT 0xB4 ? 89883BF8

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804E9E74 5 Bytes JMP B3C78626 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EE758 5 Bytes JMP B3C789E0 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 23A8 80501298 4 Bytes JMP 10B3C631
.text ntkrnlpa.exe!ZwCallbackReturn + 2431 80501321 7 Bytes [0F, C6, B3, AC, 2E, C6, B3]
.text ntkrnlpa.exe!ZwCallbackReturn + 2720 80501610 12 Bytes [B4, 4C, C6, B3, E0, 4D, C6, ...]
? spjq.sys Das System kann die angegebene Datei nicht finden. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8A15360, 0x32E00D, 0xE8000020]
.text USBPORT.SYS!DllUnload B89AE62C 5 Bytes JMP 898831D8

---- User code sections - GMER 1.0.15 ----

? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] USER32.dll!VRipOutput + FFFA5010 77D12A78 4 Bytes [70, 11, 41, 6D] {JO 0x13; INC ECX; INSD }
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[3216] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[3216] USER32.dll!VRipOutput + FFFA5010 77D12A78 4 Bytes [70, 11, 41, 6D] {JO 0x13; INC ECX; INSD }

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6A9040] spjq.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6A913C] spjq.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6A90BE] spjq.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6A97FC] spjq.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6A96D2] spjq.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6B9048] spjq.sys
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [BACC13FC] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [BACC1458] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [BACC16B2] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [BACC1684] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [BACC1684] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [BACC1458] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [BACC13FC] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [BACC16B2] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [BACC16B2] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [BACC1684] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [BACC1458] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [BACC13FC] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [BACC1684] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [BACC13FC] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [BACC1458] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [BACC16B2] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [BACC13FC] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [BACC1458] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [BACC1684] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [B9FF0820] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [B9FF0820] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [BACC16B2] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [BACC1684] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [BACC1458] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [BACC13FC] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [BACC1684] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [BACC16B2] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [BACC13FC] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [BACC1458] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)

---- Devices - GMER 1.0.15 ----

Device 8A5061F8
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider)

Device 8913C500
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \Driver\usbohci \Device\USBPDO-0 897D71F8
Device \Driver\usbohci \Device\USBPDO-1 897D71F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A5081F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A5081F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A5081F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A5081F8
Device \Driver\usbohci \Device\USBPDO-2 897D71F8
Device \Driver\usbehci \Device\USBPDO-3 897F11F8

AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \Driver\usbstor \Device\00000070 89313500
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A5771F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A5771F8
Device \Driver\Cdrom \Device\CdRom0 89894500
Device \Driver\Cdrom \Device\CdRom1 89894500
Device \Driver\atapi \Device\Ide\IdePort0 8A5761F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 8A5761F8
Device \Driver\atapi \Device\Ide\IdePort1 8A5761F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 8A5761F8
Device \Driver\usbstor \Device\00000069 89313500
Device \Driver\NetBT \Device\NetBt_Wins_Export 893751F8
Device \Driver\NetBT \Device\NetbiosSmb 893751F8

AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \Driver\usbohci \Device\USBFDO-0 897D71F8
Device \Driver\usbstor \Device\0000006d 89313500
Device \Driver\usbohci \Device\USBFDO-1 897D71F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8935B1F8
Device \Driver\usbstor \Device\0000006e 89313500
Device \Driver\usbohci \Device\USBFDO-2 897D71F8

Franz1968 · 12.03.2010, 17:39

Das Logfile ist nicht vollständig. Lass GMER bitte noch mal laufen, sonst hilft das Log nicht weiter.

Veltins · 12.03.2010, 17:57

So das ist jetzt aber vollständig.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-12 17:56:49
Windows 5.1.2600 Service Pack 2
Running: v31cbukz.exe; Driver: C:\DOKUME~1\Felix\LOKALE~1\Temp\fwryrkob.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwAdjustPrivilegesToken [0xB3C611DA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwClose [0xB3C617AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwConnectPort [0xB3C631EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateFile [0xB3C62B9C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateKey [0xB3C60950]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xB3C64B7C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateThread [0xB3C615AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteKey [0xB3C60D92]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteValueKey [0xB3C60F92]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeviceIoControlFile [0xB3C62EAC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDuplicateObject [0xB3C65084]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateKey [0xB3C610A8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateValueKey [0xB3C61110]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwFsControlFile [0xB3C62D5E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwLoadDriver [0xB3C64620]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenFile [0xB3C629F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenKey [0xB3C60AB2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenProcess [0xB3C613B2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenSection [0xB3C64BA6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenThread [0xB3C612FE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryKey [0xB3C61178]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryMultipleValueKey [0xB3C60E7C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryValueKey [0xB3C60C5A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueueApcThread [0xB3C64888]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwReplaceKey [0xB3C605D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRequestWaitReplyPort [0xB3C63A74]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRestoreKey [0xB3C60734]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwResumeThread [0xB3C64F56]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSaveKey [0xB3C603D0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSecureConnectPort [0xB3C6308C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetContextThread [0xB3C616AC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSecurityObject [0xB3C6471A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSystemInformation [0xB3C64BD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetValueKey [0xB3C60B08]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendProcess [0xB3C64CB4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendThread [0xB3C64DE0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSystemDebugControl [0xB3C6454C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwTerminateProcess [0xB3C6147E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwWriteVirtualMemory [0xB3C614F0]

INT 0x62 ? 8A576BF8
INT 0x63 ? 89883BF8
INT 0x83 ? 8A50AF00
INT 0x84 ? 89883BF8
INT 0xA4 ? 89883BF8
INT 0xB4 ? 89883BF8

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804E9E74 5 Bytes JMP B3C78626 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EE758 5 Bytes JMP B3C789E0 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 23A8 80501298 4 Bytes JMP 10B3C631
.text ntkrnlpa.exe!ZwCallbackReturn + 2431 80501321 7 Bytes [0F, C6, B3, AC, 2E, C6, B3]
.text ntkrnlpa.exe!ZwCallbackReturn + 2720 80501610 12 Bytes [B4, 4C, C6, B3, E0, 4D, C6, ...]
? spjq.sys Das System kann die angegebene Datei nicht finden. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8A15360, 0x32E00D, 0xE8000020]
.text USBPORT.SYS!DllUnload B89AE62C 5 Bytes JMP 898831D8

---- User code sections - GMER 1.0.15 ----

? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] USER32.dll!VRipOutput + FFFA5010 77D12A78 4 Bytes [70, 11, 41, 6D] {JO 0x13; INC ECX; INSD }

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6A9040] spjq.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6A913C] spjq.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6A90BE] spjq.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6A97FC] spjq.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6A96D2] spjq.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6B9048] spjq.sys
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [BACC13FC] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [BACC1458] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [BACC16B2] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [BACC1684] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [BACC1684] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [BACC1458] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [BACC13FC] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [BACC16B2] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [BACC16B2] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [BACC1684] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [BACC1458] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [BACC13FC] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [BACC1684] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [BACC13FC] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [BACC1458] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [BACC16B2] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [BACC13FC] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [BACC1458] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [BACC1684] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [B9FF0820] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [B9FF0820] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [BACC16B2] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [BACC1684] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [BACC1458] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [BACC13FC] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [BACC1684] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [BACC16B2] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [BACC13FC] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [BACC1458] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA] 00AB04A8
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 00AB04D2
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 00AB04FC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 00AB0526
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 00AB0550
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00AB057A
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 00AB05A4
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 00AB05CE
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 00AB05F8
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00AB0622
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 00AB064C
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 00AB0676
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 00AB06A0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 00AB06CA
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00AB06F4
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 00AB071E
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 00AB0748
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleFileNameW] 00AB0772
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 00AB079C
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 00AB07C6
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 00AB07F0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 00AB081A
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 00AB0844
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 00AB086E
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00AB0898
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 00AB08C2
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 00AB08EC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 00AB0916
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 00AB0940
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00AB096A
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 00AB0994
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 00AB09BE
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 00AB09E8
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 00AB0A12
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 00AB0A3C
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 00AB0C34
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00AB0C5E
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 00AB0C88
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 00AB0CB2
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 00AB0CDC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 00AB0D06
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 00AB0D30
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameA] 00AB0D5A
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameW] 00AB0D84
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00AB0E02
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 00AB0E2C
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 00AB0E56
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameW] 00AB0E80
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 00AB0EAA
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 00AB0ED4
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 00AB0EFE
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 00AB0F28
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 00AB0F52
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] 00AB0F7C
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00AB0FA6
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 00AB0FD0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 00AF0010
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 00AF003A
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 00AF0064
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 00AF008E
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 00AF00B8
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 00AF00E2
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 00AF010C
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 00AF0136
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 00AF0160
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 00AF018A
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00AF01B4
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00AF01DE
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00AF0208
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00AF0232
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameW] 00AF025C
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00AF0286
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 00AF02B0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 00AF02DA
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00AF0304
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 00AF0A90
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] 00AF0ABA
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 00AF0AE4
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 00AF0B0E
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 00AF0CDC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] 00AF0D06
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] 00AF0D30
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateProcessW] 00AF0D5A
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetModuleFileNameW] 00AF0D84
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 00AF0DAE
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 00AF0DD8
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] 00AF0E02
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00AF0E2C
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 00AB025C
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameA] 00AB0208
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 00AB0286
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 00AB01DE
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00AB0358
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] 00AB01DE
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00AB0358
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 00AB0286
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleFileNameA] 00AB0208
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 00AB025C
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 00AB0304
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00AB0358
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 00AB0286
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 00AB01DE
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 00AB025C
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetModuleFileNameA] 00AB0208
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00AB0358
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] 00AB01DE
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 00AB025C
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 00AB0286
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 00AB01DE
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 00AB025C
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 00AB0286
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00AB0358
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] 00AB02B0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 00AB02DA
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW] 00AB0232
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameA] 00AB0208
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00AB0358
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 00AB0304
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetErrorMode] 00AB032E
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameA] 00AB0208
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00AB0358
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 00AB02DA
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 00AB025C
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 00AB0286
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 00AB01DE
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1840] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameW] 00AB0232

---- Devices - GMER 1.0.15 ----

Device 8A5061F8
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider)

Device 8913C500
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \Driver\usbohci \Device\USBPDO-0 897D71F8
Device \Driver\usbohci \Device\USBPDO-1 897D71F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A5081F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A5081F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A5081F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A5081F8
Device \Driver\usbohci \Device\USBPDO-2 897D71F8
Device \Driver\usbehci \Device\USBPDO-3 897F11F8

AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \Driver\usbstor \Device\00000070 89313500
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A5771F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A5771F8
Device \Driver\Cdrom \Device\CdRom0 89894500
Device \Driver\Cdrom \Device\CdRom1 89894500
Device \Driver\atapi \Device\Ide\IdePort0 8A5761F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 8A5761F8
Device \Driver\atapi \Device\Ide\IdePort1 8A5761F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 8A5761F8
Device \Driver\usbstor \Device\00000080 89313500
Device \Driver\usbstor \Device\00000069 89313500
Device \Driver\NetBT \Device\NetBt_Wins_Export 893751F8
Device \Driver\NetBT \Device\NetbiosSmb 893751F8

AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \Driver\usbohci \Device\USBFDO-0 897D71F8
Device \Driver\usbstor \Device\0000006d 89313500
Device \Driver\usbohci \Device\USBFDO-1 897D71F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8935B1F8
Device \Driver\usbstor \Device\0000006e 89313500
Device \Driver\usbohci \Device\USBFDO-2 897D71F8
Device 8935B1F8
Device \Driver\usbstor \Device\0000006f 89313500
Device \Driver\usbehci \Device\USBFDO-3 897F11F8
Device \Driver\Ftdisk \Device\FtControl 8A5771F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{F0A5B6DA-EEF3-45F3-A84F-82B393554B54} 893751F8
Device \Driver\usbstor \Device\0000007f 89313500
Device \Driver\SiSRaid2 \Device\Scsi\SiSRaid21 8A5071F8
Device \Driver\SiSRaid2 \Device\Scsi\SiSRaid21Port2Path0Target0Lun0 8A5071F8
Device \FileSystem\Cdfs \Cdfs 89104500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\iexplore@Count 740
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{88EB38EF-4D2C-436D-ABD3-56B232674062}\iexplore@Count 394
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\iexplore@Count 807
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore@Count 815

---- Files - GMER 1.0.15 ----

File C:\Dokumente und Einstellungen\Felix\Cookies\felix@tacoda[2].txt 0 bytes
File C:\Dokumente und Einstellungen\Felix\Lokale Einstellungen\Temp\plugtmp\plugin-dartshell7.xml 1175 bytes
File C:\Dokumente und Einstellungen\Felix\Lokale Einstellungen\Temp\fla2E.tmp 3933818 bytes
File C:\Dokumente und Einstellungen\Felix\Lokale Einstellungen\Temporary Internet Files\Content.IE5\U1NZH3II\crossdomain[2].xml 298 bytes
File C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb 65536 bytes

---- EOF - GMER 1.0.15 ----

Franz1968 · 12.03.2010, 18:44

Zwei Zwischenfragen:

Hast du Daemon Tools installiert?
Kannst du den Internet Explorer = iexplore.exe über den Taskmanager beenden? (Wie gesagt, dieser Prozess ist in deinen Logfiles vorhanden.)

Veltins · 12.03.2010, 18:49

Deamon Tool habe ich nicht installiert und ja ich kann den IE über den Taskmanager schließen.

Wolle mich an dieser Stelle schon bald für die ganze Arbeit bedanken.

12.03.2010, 14:37	#2
Franz1968 /// Helfer-Team	HiJackThis Log post Hi, arbeite bitte das ab und poste die Logfiles. __________________ __________________

12.03.2010, 14:44	#4
Franz1968 /// Helfer-Team	HiJackThis Log post Sry, sehr peinlich. Das ist der richtige: http://www.trojaner-board.de/69886-a...-beachten.html Relevant ist Punkt 2. __________________ Alle Tipps und Anleitungen ohne Gewähr

12.03.2010, 15:33	#6
Franz1968 /// Helfer-Team	HiJackThis Log post Bisher hast du nur das HijackThis-Logfile gepostet. Darin ist nichts zu finden, also brauche ich die anderen Logfiles, die RSIT und Malwarebytes liefern. __________________ --> HiJackThis Log post

12.03.2010, 16:26	#8
Franz1968 /// Helfer-Team	HiJackThis Log post Ist es immer noch so, dass du den IE nicht starten kannst? In deinen Logfiles ist er nämlich als laufender Prozess zu sehen. Was macht Malwarebytes? __________________ Alle Tipps und Anleitungen ohne Gewähr

12.03.2010, 16:56	#10
Franz1968 /// Helfer-Team	HiJackThis Log post Dann versuche bitte GMER. Vielleicht bringt das einen Anhaltspunkt. __________________ Alle Tipps und Anleitungen ohne Gewähr

HiJackThis Log post

Log-Analyse und Auswertung: HiJackThis Log post