Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Keylogger werde gehackt

Keylogger werde gehackt


Plagegeister aller Art und deren Bekämpfung: Keylogger werde gehackt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 04.04.2010, 22:44   #1
Popeye
 
Keylogger werde gehackt - Daumen runter

Keylogger werde gehackt


Hallo zusammen

Heute wurden viele Accounts von mir gehackt, von msn bis facebook, 3board ect. Malewarebytes fand nichts, hier mein HijackThis file. Vielen Dank und sorry wenn ich im falschen bereich bin, aber brauche hilfe, bevor es noch zu den konten kommt.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:16:37, on 04.04.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 6535 bytes

Alt 05.04.2010, 10:08   #2
counter
Gesperrt
 
Keylogger werde gehackt - Standard

Keylogger werde gehackt


http://www.trojaner-board.de/69886-a...-beachten.html beachten und abarbeiten. Beim Scan mit Malwarebytes auch alle externen Speicher (ext. Platten, USB-Sticks, ... mit anklemmen!! )
Windows Vista und Windows 7 Benutzer per rechtsklick ausführen, als administrator ausführen.
__________________
Alt 05.04.2010, 12:16   #3
Popeye
 
Keylogger werde gehackt - Standard

Keylogger werde gehackt


Hier mal einige Logs, KIS und Windows Defender haben nichts gefunden.

Sorry, aber ich war gestern sehr in Panik. Möchte mich entschuldigen.


Malwarebytes Log

[spoiler]Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3954

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

05.04.2010 12:30:57
mbam-log-2010-04-05 (12-30-57).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 201434
Laufzeit: 1 Stunde(n), 14 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
[/spoiler]

Gmer log
[spoiler]GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-04-05 12:46:41
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\Nigi\AppData\Local\Temp\kxldqpod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x8EE50BD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x8EE5252C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x8EE52782]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x8EE529FC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x8EE51450]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x8EE51B32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x8EE51F3C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x8EE515F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x8EE51E14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x8EE507D6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x8EE51CD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x8EE50992]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x8EE5206E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0x8EE53CB0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x8EE510EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x8EE511EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x8EE51D72]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x8EE536A2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x8EE54672]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x8EE51752]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x8EE53734]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x8EE53D64]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x8EE51FDE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x8EE514D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x8EE51EAC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x8EE50DD6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x8EE53CDA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x8EE52110]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x8EE50CFA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x8EE52C3E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x8EE5407C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x8EE539CA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x8EE5249A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x8EE52360]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x8EE53442]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x8EE54554]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x8EE5186C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x8EE5130C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x8EE52CF2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x8EE5382E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x8EE541BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x8EE542A0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x8EE543C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x8EE535CE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x8EE50F4E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x8EE50EA4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x8EE53F32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x8EE5102E]

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A25AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A25104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A253F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A0E2D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A0D898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A251DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A25958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A256F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A25F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A261A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82A855C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AAA052 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 250 82AB1850 4 Bytes [D0, 0B, E5, 8E] {ROR BYTE [EBX], 0x1; IN EAX, 0x8e}
.text ntkrnlpa.exe!RtlSidHashLookup + 278 82AB1878 8 Bytes [2C, 25, E5, 8E, 82, 27, E5, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 2BC 82AB18BC 4 Bytes [FC, 29, E5, 8E]
.text ntkrnlpa.exe!RtlSidHashLookup + 2E8 82AB18E8 4 Bytes [50, 14, E5, 8E]
.text ntkrnlpa.exe!RtlSidHashLookup + 30C 82AB190C 4 Bytes [32, 1B, E5, 8E] {XOR BL, [EBX]; IN EAX, 0x8e}
.text ...
.text peauth.sys 9C365C9E 27 Bytes [FB, C3, 8F, 5E, BE, D9, 8F, ...]
.text peauth.sys 9C365CC2 27 Bytes [FB, C3, 8F, 5E, BE, D9, 8F, ...]
PAGE peauth.sys 9C36BB9C 71 Bytes [38, 76, B6, 99, F1, 13, 96, ...]
PAGE peauth.sys 9C36BBED 110 Bytes [32, D8, 40, 81, 25, 4F, 94, ...]
PAGE peauth.sys 9C36C02D 101 Bytes [89, A9, 0C, 8E, 46, E7, CC, ...]

---- User code sections - GMER 1.0.15 ----

? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] USER32.dll!NotifyWinEvent + 48B 767FF724 4 Bytes [70, 11, 33, 6D]
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] USER32.dll!NotifyWinEvent + 48B 767FF724 4 Bytes [70, 11, 33, 6D]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 002F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 002F02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 002F0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 002F0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 002F07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 002F0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 002F0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 002F0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 002F0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 002F0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 00670DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 002F0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 00670E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 00670E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] 00670EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00670F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 773C0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 773C08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 773C0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 773C09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 002F0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 002F0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 773C0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 773C0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 773C0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 773C0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 773C0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 773C0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 772B0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 772B0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 772B07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 772B08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 00680400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 00680470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 006804E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 00680550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 006805C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 00680630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 006806A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 772B0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] 00680710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00680780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 773A06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 006902B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 00690320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 00690390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 773A0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 773A07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 00690400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 00690470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 006904E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 00690550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 006905C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 00690630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 006906A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 00690710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00690780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 773A0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 773A08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 773A0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00690B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00690BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree] 773A00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!VirtualAlloc] 773A0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 773C04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 773C0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW] 773C01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] 773C0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 773C02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 773C0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 773C00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryExA] 773C0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 773C00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 773C0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 773C04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!CreateThread] 773A0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!SetErrorMode] 773C0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!LoadLibraryW] 773C0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!HeapFree] 773A00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 773C04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!LoadLibraryExW] 773C0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetProcAddress] 773C0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!LoadLibraryA] 773C02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!FreeLibrary] 773C00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetModuleFileNameW] 773C01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2000] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetModuleFileNameA] 773C0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 001F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 001F02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 001F0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 001F0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 001F07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 001F0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 001F0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 001F0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 001F0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 001F0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 003F0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 001F0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 003F0E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 003F0E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] 003F0EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 003F0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 773C0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 773C08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 773C0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 773C09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 001F0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 001F0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 773C0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 773C0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 773C0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 773C0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 773C0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 773C0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 772B0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 772B0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 772B07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 772B08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 00530400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 00530470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 005304E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 00530550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 005305C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 00530630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 005306A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 772B0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] 00530710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00530780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 773A06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 005402B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 00540320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 00540390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 773A0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 773A07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 00540400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 00540470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 005404E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 00540550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 005405C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 00540630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 005406A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 00540710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00540780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 773A0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 773A08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 773A0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00540B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00540BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!LoadLibraryExA] 773C0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!FreeLibrary] 773C00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!GetProcAddress] 773C0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 773C04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree] 773A00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!VirtualAlloc] 773A0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 773C04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 773C0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW] 773C01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] 773C0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 773C02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 773C0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 773C00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateThread] 773A0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetErrorMode] 773C0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 773C0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!HeapFree] 773A00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 773C04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 773C0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 773C0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 773C02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 773C00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameW] 773C01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3720] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameA] 773C0160

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0021867f3bb2
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0021867f3bb2 (not active ControlSet)

---- EOF - GMER 1.0.15 ----


Hijackthis Log
[spoiler]Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:16:37, on 04.04.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 6535 bytes
__________________
Alt 05.04.2010, 16:59   #4
Popeye
 
Keylogger werde gehackt - Standard

Keylogger werde gehackt


Jetzt ist es klar ein Stealer. Der hat mir alles geklaut. Ich brauche dringend hilfe. Auch per Teamviewer ect..

Alt 05.04.2010, 18:27   #5
counter
Gesperrt
 
Keylogger werde gehackt - Standard

Keylogger werde gehackt


schau nach über welche ports der stealer die daten versendet und blockier diese


Alt 05.04.2010, 18:54   #6
Popeye
 
Keylogger werde gehackt - Standard

Keylogger werde gehackt


wie? wo finde ich das?

Antwort

Themen zu Keylogger werde gehackt
adobe, bho, bonjour, brauche hilfe, browser, explorer, firefox, hijack, hijackthis, ics, internet, internet explorer, kaspersky, keylogger, micro, microsoft, mozilla, msn, nvidia, plug-in, security, senden, software, system, tastatur, windows


« Trojaner TR/Crypt.ZPACK.Gen, Datei mslots32.exe | TR/agent.ruo - mich hats auch erwischt »


Ähnliche Themen: Keylogger werde gehackt


  1. Wahrscheinlich E-mail durch Keylogger gehackt
    Plagegeister aller Art und deren Bekämpfung - 23.05.2013 (8)
  2. wurde ich gehackt.. verdacht auf troja/keylogger
    Plagegeister aller Art und deren Bekämpfung - 15.02.2011 (1)
  3. Wie werde ich TR/Spy.Keylogger.lig los?
    Plagegeister aller Art und deren Bekämpfung - 06.02.2011 (14)
  4. Steam acc wurde gehackt - keylogger?
    Plagegeister aller Art und deren Bekämpfung - 24.01.2011 (15)
  5. PC wurde gehackt - Keylogger?
    Log-Analyse und Auswertung - 21.06.2010 (6)
  6. Keylogger email account gehackt! wer weiß was
    Log-Analyse und Auswertung - 18.03.2010 (1)
  7. Keylogger(Acc gehackt)
    Log-Analyse und Auswertung - 03.03.2010 (18)
  8. Wow Account gehackt, Keylogger?
    Log-Analyse und Auswertung - 05.01.2010 (1)
  9. Keylogger, WoW - Account gehackt :X
    Log-Analyse und Auswertung - 17.12.2009 (10)
  10. Keylogger auf dem System? (Wow wurde gehackt)
    Log-Analyse und Auswertung - 16.12.2009 (3)
  11. WoW Account gehackt. Wie werd ich den Trojaner/Keylogger los?
    Log-Analyse und Auswertung - 09.12.2009 (6)
  12. email-acc mit 12-stelligem Pw gehackt - keylogger?
    Log-Analyse und Auswertung - 21.08.2009 (10)
  13. ICQ evtl gehackt. Keylogger? Trojaner?
    Log-Analyse und Auswertung - 22.07.2009 (5)
  14. Paypal Account gehackt! Keylogger auf dem Rechner?
    Log-Analyse und Auswertung - 07.07.2009 (0)
  15. Email-Acc. gehackt - Angst vor Keylogger
    Plagegeister aller Art und deren Bekämpfung - 13.06.2009 (7)
  16. Hilfe mit Hijacklog -> (gehackt- vermutlich ein Keylogger)
    Log-Analyse und Auswertung - 01.06.2009 (3)
  17. Keylogger ?? ... WoW Account gehackt ...
    Log-Analyse und Auswertung - 20.01.2009 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Keylogger werde gehackt - Hallo zusammen Heute wurden viele Accounts von mir gehackt, von msn bis facebook, 3board ect. Malewarebytes fand nichts, hier mein HijackThis file. Vielen Dank und sorry wenn ich im falschen - Keylogger werde gehackt...
Archiv
Du betrachtest: Keylogger werde gehackt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131