Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Antimalware Doctor entfernen

Antimalware Doctor entfernen


Plagegeister aller Art und deren Bekämpfung: Antimalware Doctor entfernen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 2 von 2 1 2
Alt 05.06.2010, 14:52   #16
almir_de
 
Antimalware Doctor entfernen - Standard

Antimalware Doctor entfernen


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 05.06.2010 15:48:19 - Run 1
OTL by OldTimer - Version 3.2.5.3     Folder = C:\Users\almir\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 67,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78,13 Gb Total Space | 53,60 Gb Free Space | 68,61% Space Free | Partition Type: NTFS
Drive D: | 294,47 Gb Total Space | 293,52 Gb Free Space | 99,68% Space Free | Partition Type: NTFS
Drive E: | 141,84 Gb Total Space | 120,43 Gb Free Space | 84,91% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 15,02 Gb Total Space | 14,89 Gb Free Space | 99,11% Space Free | Partition Type: NTFS
Drive J: | 1,87 Gb Total Space | 0,41 Gb Free Space | 22,06% Space Free | Partition Type: NTFS
 
Computer Name: ALMIR-PC
Current User Name: almir
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.06.05 15:38:38 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\almir\Desktop\OTL.exe
PRC - [2010.06.05 15:24:15 | 042,341,360 | ---- | M] () -- C:\Users\almir\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\09210X9N\avira_antivir_personal_de[1].exe
PRC - [2010.03.02 10:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.02.22 16:17:50 | 001,226,024 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero 10\Nero BackItUp\NBAgent.exe
PRC - [2010.02.18 14:01:06 | 000,462,632 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe
PRC - [2010.01.27 02:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe
PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.10.30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\DTLite.exe
PRC - [2009.10.20 19:34:38 | 000,207,376 | ---- | M] (Kaspersky Lab) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
PRC - [2009.07.14 03:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.06.05 15:38:38 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\almir\Desktop\OTL.exe
MOD - [2009.07.14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009.07.14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009.07.14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009.07.14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009.07.14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009.07.14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009.07.14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009.07.14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009.07.14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009.07.14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.03.16 15:36:29 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.02.18 14:01:06 | 000,462,632 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009.10.20 19:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)
SRV - [2009.07.14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009.07.14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009.07.14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009.07.14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009.07.14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009.07.14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009.07.14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009.07.14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009.07.14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.07.14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009.07.14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009.07.14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV)
SRV - [2009.07.14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009.07.14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Boot | Running] --  -- (pxscan)
DRV - File not found [File_System | Auto | Running] --  -- (pxrts)
DRV - File not found [Kernel | On_Demand | Running] --  -- (pxkbf)
DRV - [2010.06.05 10:21:40 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2010.05.30 09:40:38 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.03.01 09:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.01.12 13:03:34 | 011,586,280 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.11.04 20:13:10 | 000,294,912 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2009.11.04 20:13:10 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2009.11.04 20:13:10 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2009.11.04 20:13:09 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2009.11.03 16:33:40 | 000,021,520 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009.10.14 20:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\klbg.sys -- (klbg)
DRV - [2009.10.02 18:39:36 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.09.01 14:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2009.07.14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009.07.14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009.07.14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009.07.14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009.07.14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009.07.14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009.07.14 03:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009.07.14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009.07.14 03:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009.07.14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009.07.14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009.07.14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009.07.14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009.07.14 03:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009.07.14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009.07.14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009.07.14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009.07.14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009.07.14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009.07.14 03:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009.07.14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009.07.14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009.07.14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009.07.14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009.07.14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009.07.14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009.07.14 03:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009.07.14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009.07.14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009.07.14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009.07.14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009.07.14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009.07.14 03:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009.07.14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009.07.14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009.07.14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009.07.14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009.07.14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009.07.14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009.07.14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009.07.14 01:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009.07.14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009.07.14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009.07.14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009.07.14 01:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009.07.14 01:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009.07.14 01:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009.07.14 01:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009.07.14 01:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009.07.14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009.07.14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009.07.14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009.07.14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009.07.14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009.07.14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009.07.14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009.07.14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009.07.14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009.07.14 00:02:47 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.05.22 12:31:16 | 000,115,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PciSPorts.sys -- (PciSPorts)
DRV - [2006.12.12 15:38:00 | 000,286,208 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr61.sys -- (rt61x86)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FC 42 6A 71 EB A8 CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010.06.05 10:22:05 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (PDFXChange 4.0) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Programme\S.A.D\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Programme\S.A.D\PDF Viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (PDFXChange 4.0) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Programme\S.A.D\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.03.20 17:42:25 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5eca40ee-5730-11df-bb5e-0022155305f7}\Shell - "" = AutoRun
O33 - MountPoints2\{5eca40ee-5730-11df-bb5e-0022155305f7}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009.07.14 04:37:08 | 000,000,000 | ---D | M]
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.06.05 15:39:25 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\almir\Desktop\OTL.exe
[2010.06.05 15:33:39 | 000,000,000 | ---D | C] -- C:\Users\almir\AppData\Roaming\Avira
[2010.06.05 15:26:37 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.06.05 15:26:37 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.06.05 10:21:48 | 000,000,000 | ---D | C] -- C:\Programme\Kaspersky Lab
[2010.06.05 10:21:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010.06.05 10:21:40 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010.06.05 10:01:19 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.06.05 10:01:19 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.06.05 10:01:19 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.06.05 10:01:19 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.06.05 10:01:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.06.05 09:37:02 | 000,061,952 | ---- | C] (Prevx) -- C:\Windows\System32\PxSecure.dll-914711
[2010.06.03 17:02:38 | 000,000,000 | ---D | C] -- C:\Users\almir\AppData\Roaming\Malwarebytes
[2010.06.03 17:02:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.06.03 17:02:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.06.03 17:02:34 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.06.03 17:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.06.03 16:47:51 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.06.03 16:37:14 | 000,000,000 | ---D | C] -- C:\Users\almir\AppData\Local\hgqvavkiy
[2010.06.03 16:36:47 | 000,000,000 | ---D | C] -- C:\Users\almir\AppData\Roaming\FBF315FB3B49E033C000DDCC591C50FA
[2010.05.30 22:01:53 | 000,000,000 | ---D | C] -- C:\Users\almir\AppData\Roaming\vlc
[2010.05.30 22:01:29 | 000,000,000 | ---D | C] -- C:\Programme\VideoLAN
[2010.05.30 12:56:00 | 000,000,000 | ---D | C] -- C:\Users\almir\AppData\Roaming\WinRAR
[2010.05.30 10:19:38 | 000,000,000 | ---D | C] -- C:\Users\almir\AppData\Local\GHISLER
[2010.05.30 10:16:13 | 000,000,000 | ---D | C] -- C:\Programme\JDownloader
[2010.05.30 10:16:03 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2010.05.30 10:15:04 | 000,000,000 | ---D | C] -- C:\totalcmd
[2010.05.30 10:15:04 | 000,000,000 | ---D | C] -- C:\Users\almir\AppData\Roaming\GHISLER
[2010.05.30 09:51:20 | 000,000,000 | ---D | C] -- C:\Users\almir\AppData\Roaming\bizarre creations
[2010.05.30 09:49:25 | 000,000,000 | ---D | C] -- C:\Programme\InstallShield Installation Information
[2010.05.30 09:43:55 | 000,000,000 | ---D | C] -- C:\Programme\Activision
[2010.05.30 09:40:55 | 000,000,000 | ---D | C] -- C:\Programme\DAEMON Tools Toolbar
[2010.05.30 09:40:26 | 000,000,000 | ---D | C] -- C:\Programme\DAEMON Tools Lite
[2010.05.30 09:40:15 | 000,000,000 | ---D | C] -- C:\Users\almir\AppData\Roaming\DAEMON Tools Lite
[2010.05.30 09:40:13 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010.05.24 15:24:22 | 000,000,000 | ---D | C] -- C:\Programme\Franzis
[2010.05.24 15:24:12 | 000,000,000 | ---D | C] -- C:\Windows\uninstall
[2010.05.24 15:06:46 | 000,053,016 | ---- | C] (Tracker Software Products Ltd.) -- C:\Windows\System32\pxc40pm.dll
[2010.05.24 15:06:33 | 000,000,000 | ---D | C] -- C:\Programme\S.A.D
[2010.05.13 14:10:36 | 000,000,000 | ---D | C] -- C:\Users\almir\Documents\NeroVision
[2010.05.13 14:10:24 | 000,000,000 | ---D | C] -- C:\Users\almir\AppData\Local\Nero_AG
[2010.05.13 14:10:09 | 000,000,000 | ---D | C] -- C:\Users\almir\AppData\Local\Nero
[2010.05.13 14:08:22 | 000,000,000 | ---D | C] -- C:\Users\almir\AppData\Roaming\Nero
[2010.05.13 13:53:48 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET
[2010.05.13 13:44:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010.05.13 13:43:56 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Nero
[2010.05.13 13:43:50 | 000,000,000 | ---D | C] -- C:\Programme\Nero
[2010.04.18 20:53:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010.04.18 20:53:08 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe
[2010.04.18 20:53:08 | 000,000,000 | ---D | C] -- C:\Programme\Adobe
[2010.04.18 20:52:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\Installationsprogramm für Adobe Reader 9
[2010.04.18 20:51:01 | 000,000,000 | ---D | C] -- C:\Users\almir\AppData\Local\Adobe
[2010.04.18 20:50:51 | 000,000,000 | ---D | C] -- C:\Users\almir\AppData\Roaming\Macromedia
[2010.04.18 20:50:51 | 000,000,000 | ---D | C] -- C:\Users\almir\AppData\Roaming\Adobe
[2010.04.18 20:50:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
 
========== Files - Modified Within 90 Days ==========
 
[2010.06.05 15:48:20 | 002,097,152 | -HS- | M] () -- C:\Users\almir\NTUSER.DAT
[2010.06.05 15:38:38 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\almir\Desktop\OTL.exe
[2010.06.05 15:29:15 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.05 15:29:15 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.05 15:27:15 | 001,472,002 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.06.05 15:27:15 | 000,645,502 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.06.05 15:27:15 | 000,607,530 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.06.05 15:27:15 | 000,126,822 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.06.05 15:27:15 | 000,103,908 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.06.05 15:21:28 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.05 15:21:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.05 15:21:20 | 1609,834,496 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.05 15:19:55 | 001,378,652 | -H-- | M] () -- C:\Users\almir\AppData\Local\IconCache.db
[2010.06.05 15:12:40 | 000,113,933 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2010.06.05 15:12:40 | 000,097,549 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2010.06.05 10:21:40 | 000,311,312 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010.06.05 10:01:28 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.06.05 09:37:02 | 000,061,952 | ---- | M] (Prevx) -- C:\Windows\System32\PxSecure.dll-914711
[2010.06.03 17:02:37 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.03 16:47:51 | 000,001,831 | ---- | M] () -- C:\Users\almir\Desktop\CCleaner.lnk
[2010.05.30 22:01:35 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010.05.30 10:16:19 | 000,000,989 | ---- | M] () -- C:\Users\almir\Desktop\JDownloader.lnk
[2010.05.30 10:15:05 | 000,000,632 | ---- | M] () -- C:\Users\almir\Desktop\Total Commander.lnk
[2010.05.30 09:49:50 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\Blur(TM).lnk
[2010.05.30 09:42:55 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.05.30 09:40:49 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2010.05.30 09:40:38 | 000,691,696 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys
[2010.05.24 15:25:04 | 000,002,210 | ---- | M] () -- C:\Users\Public\Desktop\Windows 7 Games.lnk
[2010.05.24 15:06:40 | 000,001,028 | ---- | M] () -- C:\Users\almir\Desktop\PDF-Viewer.lnk
[2010.05.24 15:06:39 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\Office2PDF.lnk
[2010.05.24 15:06:39 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\PDF-Tools 4.lnk
[2010.05.13 14:15:31 | 000,000,000 | -H-- | M] () -- C:\Users\almir\Documents\Default.rdp
[2010.05.13 13:46:31 | 000,002,923 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart 10.lnk
[2010.05.13 13:46:03 | 000,002,901 | ---- | M] () -- C:\Users\Public\Desktop\Nero Vision 10.lnk
[2010.05.13 13:45:33 | 000,002,895 | ---- | M] () -- C:\Users\Public\Desktop\Nero MediaHub 10.lnk
[2010.05.13 13:44:44 | 000,003,013 | ---- | M] () -- C:\Users\Public\Desktop\Nero BackItUp 10.lnk
[2010.05.13 13:44:30 | 000,002,915 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.28 21:01:32 | 000,524,288 | -HS- | M] () -- C:\Users\almir\NTUSER.DAT{efb613d2-52df-11df-a6d1-0022155305f7}.TMContainer00000000000000000002.regtrans-ms
[2010.04.28 21:01:32 | 000,524,288 | -HS- | M] () -- C:\Users\almir\NTUSER.DAT{efb613d2-52df-11df-a6d1-0022155305f7}.TMContainer00000000000000000001.regtrans-ms
[2010.04.28 21:01:32 | 000,065,536 | -HS- | M] () -- C:\Users\almir\NTUSER.DAT{efb613d2-52df-11df-a6d1-0022155305f7}.TM.blf
[2010.04.28 16:22:03 | 000,057,560 | ---- | M] () -- C:\Users\almir\AppData\Local\GDIPFONTCACHEV1.DAT
 
========== Files Created - No Company Name ==========
 
[2010.06.05 10:22:30 | 000,113,933 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010.06.05 10:22:30 | 000,097,549 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010.06.05 10:01:28 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.06.03 17:02:37 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.03 16:47:51 | 000,001,831 | ---- | C] () -- C:\Users\almir\Desktop\CCleaner.lnk
[2010.05.30 22:01:35 | 000,001,024 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010.05.30 10:16:19 | 000,000,989 | ---- | C] () -- C:\Users\almir\Desktop\JDownloader.lnk
[2010.05.30 10:15:05 | 000,000,632 | ---- | C] () -- C:\Users\almir\Desktop\Total Commander.lnk
[2010.05.30 10:15:04 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF
[2010.05.30 10:15:04 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF
[2010.05.30 10:15:04 | 000,000,545 | ---- | C] () -- C:\Windows\PKZIP.PIF
[2010.05.30 10:15:04 | 000,000,545 | ---- | C] () -- C:\Windows\PKUNZIP.PIF
[2010.05.30 10:15:04 | 000,000,545 | ---- | C] () -- C:\Windows\NOCLOSE.PIF
[2010.05.30 10:15:04 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF
[2010.05.30 10:15:04 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF
[2010.05.30 09:49:50 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\Blur(TM).lnk
[2010.05.30 09:40:49 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2010.05.30 09:40:38 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010.05.24 15:25:04 | 000,002,210 | ---- | C] () -- C:\Users\Public\Desktop\Windows 7 Games.lnk
[2010.05.24 15:06:40 | 000,001,028 | ---- | C] () -- C:\Users\almir\Desktop\PDF-Viewer.lnk
[2010.05.24 15:06:39 | 000,001,048 | ---- | C] () -- C:\Users\Public\Desktop\Office2PDF.lnk
[2010.05.24 15:06:39 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\PDF-Tools 4.lnk
[2010.05.13 14:15:31 | 000,000,000 | -H-- | C] () -- C:\Users\almir\Documents\Default.rdp
[2010.05.13 13:46:31 | 000,002,923 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart 10.lnk
[2010.05.13 13:46:03 | 000,002,901 | ---- | C] () -- C:\Users\Public\Desktop\Nero Vision 10.lnk
[2010.05.13 13:45:33 | 000,002,895 | ---- | C] () -- C:\Users\Public\Desktop\Nero MediaHub 10.lnk
[2010.05.13 13:44:44 | 000,003,013 | ---- | C] () -- C:\Users\Public\Desktop\Nero BackItUp 10.lnk
[2010.05.13 13:44:30 | 000,002,915 | ---- | C] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
[2010.04.28 18:06:11 | 000,524,288 | -HS- | C] () -- C:\Users\almir\NTUSER.DAT{efb613d2-52df-11df-a6d1-0022155305f7}.TMContainer00000000000000000002.regtrans-ms
[2010.04.28 18:06:11 | 000,524,288 | -HS- | C] () -- C:\Users\almir\NTUSER.DAT{efb613d2-52df-11df-a6d1-0022155305f7}.TMContainer00000000000000000001.regtrans-ms
[2010.04.28 18:06:11 | 000,065,536 | -HS- | C] () -- C:\Users\almir\NTUSER.DAT{efb613d2-52df-11df-a6d1-0022155305f7}.TM.blf
[2010.04.28 16:28:19 | 000,115,712 | ---- | C] () -- C:\Windows\System32\drivers\PciSPorts.sys
[2010.04.28 16:28:19 | 000,081,920 | ---- | C] () -- C:\Windows\System32\drivers\PciPPorts.sys
[2010.04.18 20:53:12 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009.07.14 02:55:09 | 001,332,736 | ---- | C] () -- C:\Windows\System32\hpotiop1.dll
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
 
========== LOP Check ==========
 
[2009.07.14 06:53:46 | 000,011,212 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2009.06.10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009.06.10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010.06.05 15:21:20 | 1609,834,496 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.05 15:21:22 | 2146,447,360 | -HS- | M] () -- C:\pagefile.sys
[2010.06.03 17:15:35 | 000,000,268 | ---- | M] () -- C:\rkill.log
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009.07.14 03:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\drivers\*.sys /90 >
[2010.06.05 10:21:40 | 000,311,312 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.05.30 09:40:38 | 000,691,696 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys

< End of report >
--- --- ---
Alt 06.06.2010, 20:08   #17
Larusso
/// Selecta Jahrusso
 
Antimalware Doctor entfernen - Standard

Antimalware Doctor entfernen


Sorry
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
:OTL
DRV - File not found [Kernel | Boot | Running] --  -- (pxscan)
DRV - File not found [File_System | Auto | Running] --  -- (pxrts)
DRV - File not found [Kernel | On_Demand | Running] --  -- (pxkbf)
[2010.06.03 16:37:14 | 000,000,000 | ---D | C] -- C:\Users\almir\AppData\Local\hgqvavkiy
[2010.06.03 16:36:47 | 000,000,000 | ---D | C] -- C:\Users\almir\AppData\Roaming\FBF315FB3B49E033C000DDCC591C50FA

:services
:files
:reg
:Commands
[purity]
[emptytemp]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • Klick auf .
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Schritt 2
  • Bitte
  • alle anderen Scanner gegen Viren, Spyware, usw. deaktiviert sein,
  • keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
  • nichts am Rechner getan werden,
  • nach jedem Scan der Rechner neu gestartet werden.
Gmer scannen lassen
  • Lade Dir Gmer von dieser Seite herunter
    (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
  • Gmer ist geeignet für => NT/W2K/XP/VISTA.
  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
  • Vista-User mit Rechtsklick und als Administrator starten.
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf "Save" und speichere das Log als "Gmer.txt" auf dem Desktop, Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Bitte poste in Deiner nächsten Antwort
Gmer.txt
__________________

__________________
Alt 07.06.2010, 17:46   #18
almir_de
 
Antimalware Doctor entfernen - Standard

Antimalware Doctor entfernen


All processes killed
========== OTL ==========
Error: No service named pxscan was found to stop!
Service\Driver key pxscan not found.
Error: No service named pxrts was found to stop!
Service\Driver key pxrts not found.
Error: No service named pxkbf was found to stop!
Service\Driver key pxkbf not found.
C:\Users\almir\AppData\Local\hgqvavkiy folder moved successfully.
C:\Users\almir\AppData\Roaming\FBF315FB3B49E033C000DDCC591C50FA folder moved successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: almir
->Temp folder emptied: 24019170 bytes
->Temporary Internet Files folder emptied: 50426509 bytes
->Java cache emptied: 10709299 bytes
->Flash cache emptied: 1503 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 116013 bytes
RecycleBin emptied: 8731 bytes

Total Files Cleaned = 81,00 mb


OTL by OldTimer - Version 3.2.5.3 log created on 06072010_184341

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
__________________
Alt 07.06.2010, 18:12   #19
almir_de
 
Antimalware Doctor entfernen - Standard

Antimalware Doctor entfernen


GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-06-07 19:09:00
Windows 6.1.7600 
Running: zgg6yz96.exe; Driver: C:\Users\almir\AppData\Local\Temp\kglcrpod.sys


---- System - GMER 1.0.15 ----

INT 0x1F        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                               82E35AF8
INT 0x37        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                               82E35104
INT 0xC1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                               82E353F4
INT 0xD1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                               82E1D634
INT 0xD2        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                               82E1D898
INT 0xDF        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                               82E351DC
INT 0xE1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                               82E35958
INT 0xE3        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                               82E356F8
INT 0xFD        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                               82E35F2C
INT 0xFE        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                               82E361A8

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                                                        82A4E579 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                 82A72F52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
?               System32\Drivers\spip.sys                                                                                                              Das System kann den angegebenen Pfad nicht finden. !
.text           USBPORT.SYS!DllUnload                                                                                                                  8E975CA0 5 Bytes  JMP 867851D8 
.text           adajgpno.SYS                                                                                                                           8E9C6000 12 Bytes  [44, 08, E2, 82, EE, 06, E2, ...]
.text           adajgpno.SYS                                                                                                                           8E9C600D 9 Bytes  [E7, E1, 82, 48, 0B, E2, 82, ...] {OUT 0xe1, EAX; OR BYTE [EAX+0xb], -0x1e; ADD BYTE [EAX], 0x0}
.text           adajgpno.SYS                                                                                                                           8E9C6017 170 Bytes  [00, DE, 27, B9, 88, E6, 25, ...]
.text           adajgpno.SYS                                                                                                                           8E9C60C3 8 Bytes  [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text           adajgpno.SYS                                                                                                                           8E9C60CE 4 Bytes  [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text           ...                                                                                                                                    
.text           peauth.sys                                                                                                                             98415C9E 27 Bytes  [30, 0E, 02, 0F, 1C, D6, 91, ...]
.text           peauth.sys                                                                                                                             98415CC2 27 Bytes  [30, 0E, 02, 0F, 1C, D6, 91, ...]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Internet Explorer\iexplore.exe[3068] USER32.dll!CreateWindowExW                                                       760D0E51 5 Bytes  JMP 6D73801F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3068] USER32.dll!DialogBoxIndirectParamW                                               760F4AA7 5 Bytes  JMP 6D85EDC0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3068] USER32.dll!DialogBoxParamW                                                       760F564A 5 Bytes  JMP 6D654D5B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3068] USER32.dll!DialogBoxParamA                                                       7610CF6A 5 Bytes  JMP 6D85ED5D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3068] USER32.dll!DialogBoxIndirectParamA                                               7610D29C 5 Bytes  JMP 6D85EE23 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3068] USER32.dll!MessageBoxIndirectA                                                   7611E8C9 5 Bytes  JMP 6D85ECF2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3068] USER32.dll!MessageBoxIndirectW                                                   7611E9C3 5 Bytes  JMP 6D85EC87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3068] USER32.dll!MessageBoxExA                                                         7611EA29 5 Bytes  JMP 6D85EC25 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3068] USER32.dll!MessageBoxExW                                                         7611EA4D 5 Bytes  JMP 6D85EBC3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!CreateDialogParamW                                                    760C9BFF 5 Bytes  JMP 6D68C720 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!EnableWindow                                                          760CA72E 5 Bytes  JMP 6D68C69B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!GetAsyncKeyState                                                      760CC09A 5 Bytes  JMP 6D64D8A9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!UnhookWindowsHookEx                                                   760CCC7B 5 Bytes  JMP 6D7481D8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!CallNextHookEx                                                        760CCC8F 5 Bytes  JMP 6D729A6C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!CreateWindowExW                                                       760D0E51 5 Bytes  JMP 6D73801F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!SetWindowsHookExW                                                     760D210A 5 Bytes  JMP 6D6E46DB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!GetKeyState                                                           760D4FDA 5 Bytes  JMP 6D68D8F2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!IsDialogMessageW                                                      760D6F06 5 Bytes  JMP 6D654438 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!CreateDialogParamA                                                    760E3E79 5 Bytes  JMP 6D85F9DA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!IsDialogMessage                                                       760E407A 5 Bytes  JMP 6D85F27B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!CreateDialogIndirectParamA                                            760E9110 5 Bytes  JMP 6D85FA11 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!CreateDialogIndirectParamW                                            760F08AD 5 Bytes  JMP 6D85FA48 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!DialogBoxIndirectParamW                                               760F4AA7 5 Bytes  JMP 6D85EDC0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!EndDialog                                                             760F555C 5 Bytes  JMP 6D655C9D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!DialogBoxParamW                                                       760F564A 5 Bytes  JMP 6D654D5B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!SetKeyboardState                                                      760F6B52 5 Bytes  JMP 6D85F5E0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!SendInput                                                             760F7055 5 Bytes  JMP 6D8601A8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!SetCursorPos                                                          7610C1D8 5 Bytes  JMP 6D860200 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!DialogBoxParamA                                                       7610CF6A 5 Bytes  JMP 6D85ED5D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!DialogBoxIndirectParamA                                               7610D29C 5 Bytes  JMP 6D85EE23 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!MessageBoxIndirectA                                                   7611E8C9 5 Bytes  JMP 6D85ECF2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!MessageBoxIndirectW                                                   7611E9C3 5 Bytes  JMP 6D85EC87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!MessageBoxExA                                                         7611EA29 5 Bytes  JMP 6D85EC25 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!MessageBoxExW                                                         7611EA4D 5 Bytes  JMP 6D85EBC3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!keybd_event                                                           7611EC9B 5 Bytes  JMP 6D860533 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] SHELL32.dll!SHChangeNotification_Lock + 45BE                                     76A4B3D8 4 Bytes  [11, 36, 38, 72]
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] SHELL32.dll!SHChangeNotification_Lock + 45C6                                     76A4B3E0 8 Bytes  [5F, 35, 38, 72, D0, 73, 37, ...]
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] ole32.dll!OleLoadFromStream                                                      766D5B88 5 Bytes  JMP 6D85F137 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] ole32.dll!CoCreateInstance                                                       767257FC 5 Bytes  JMP 6D738B0D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                                               [88A96042] \SystemRoot\System32\Drivers\spip.sys
IAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                                              [88A966D6] \SystemRoot\System32\Drivers\spip.sys
IAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                                       [88A96800] \SystemRoot\System32\Drivers\spip.sys
IAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                                        [88A9613E] \SystemRoot\System32\Drivers\spip.sys
IAT             \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortNotification]                                                             00147880
IAT             \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortQuerySystemTime]                                                          78800C75
IAT             \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortReadPortUchar]                                                            06750015
IAT             \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortStallExecution]                                                           C25DC033
IAT             \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortWritePortUchar]                                                           458B0008
IAT             \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortWritePortUlong]                                                           6A006A08
IAT             \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortGetPhysicalAddress]                                                       50056A24
IAT             \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong]                                            005AB7E8
IAT             \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortGetScatterGatherList]                                                     0001B800
IAT             \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortGetParentBusType]                                                         C25D0000
IAT             \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortRequestCallback]                                                          CCCC0008
IAT             \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortWritePortBufferUshort]                                                    CCCCCCCC
IAT             \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortGetUnCachedExtension]                                                     CCCCCCCC
IAT             \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortCompleteRequest]                                                          CCCCCCCC
IAT             \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortCopyMemory]                                                               53EC8B55
IAT             \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortEtwTraceLog]                                                              800C5D8B
IAT             \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests]                                                7500117B
IAT             \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb]                                                   127B806A
IAT             \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb]                                                     80647500
IAT             \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortReadPortBufferUshort]                                                     7500137B
IAT             \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortInitialize]                                                               157B805E
IAT             \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortGetDeviceBase]                                                            56587500
IAT             \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortDeviceStateChange]                                                        8008758B

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                 [72369F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW]                      [72373932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                   [72371ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW]                   [7236C028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW]             [72373B9B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose]                        [7237595C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW]                    [723747A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW]                   [72374EB8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA]                   [72371D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW]         [7236F312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                   [72369F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW]                     [72371BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW]                      [723706BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW]       [7236FAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW]                    [72371ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]                      [72371A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW]                         [72370043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW]                       [72370CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW]                       [72373932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW]                      [72371BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                    [72369F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW]                       [723706BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW]                    [72371BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW]                     [72370CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW]                    [72372ADB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA]        [7236F1BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW]        [7236F312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW]      [7236FAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]                    [72371A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW]                  [72371ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW]                  [72374EB8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW]                   [723747A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW]              [7236DF55] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW]                     [723706BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW]                     [72373932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW]              [7236DCFA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA]              [7236DE25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA]                     [72370571] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                  [72369F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA]                  [72371D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA]              [7236DBCF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA]                     [723741F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose]                       [7237595C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA]                   [72374735] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA]                  [72374B56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA]                      [7237823A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW]                 [723789C0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW]                       [72378584] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW]                  [72377E55] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW]            [72378CD4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W]                [723790D9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW]                     [72377C72] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA]                     [72378D26] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW]                 [72377F8E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW]           [7237794A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW]               [72377D19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW]                    [72378898] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW]              [723786C0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW]                  [72378760] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsContentTypeW]               [72377EF3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegQueryUSValueW]               [72379B99] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegEnumUSKeyW]                  [7237958E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyA]                  [723799D2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW]            [72378026] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA]                 [72377F42] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA]                   [72377AE4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW]                    [723797FC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCanonicalizeW]                [72377BD1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW]                    [72379C52] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW]                 [723798B5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW]                   [723777ED] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW]             [723796FD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW]                  [723781EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW]               [723780BE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW]                      [72378286] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW]                     [72378D75] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW]                  [72377DBA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW]                     [72378F70] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW]                   [7237892C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyW]                  [72379A2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW]                  [723792E3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW]                      [72379E71] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW]                   [72378E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW]                   [72377B33] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW]                      [72379029] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW]                [7237789A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW]                       [723783BC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW]            [7237861C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW]          [72378A5E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW]                 [72378454] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW]            [723784EC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW]                   [72379974] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW]                     [72378EBD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile]               [7236D9AD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW]                        [72370F2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW]                          [72371904] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW]              [7237141F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                    [72371A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW]                 [723709C2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW]      [7236FAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW]     [7236F834] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW]  [7236F084] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW]                     [723727FF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW]                    [72371BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW]        [7236F312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW]           [7236EB7A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA]               [7236E563] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW]                    [72372ADB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW]                       [723727DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW]                  [7236E901] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW]                       [72370043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW]       [7236EE02] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW]                      [72371BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]                      [72371A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]                  [72369F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW]                   [72379974] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA]                   [72379916] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA]          [72378A0C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA]                     [72378D26] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW]                   [72378E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW]               [72377D19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA]                      [72378FCE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA]                      [72379E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW]                      [72379029] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW]                      [72379E71] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW]                     [72377C72] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]                  [72369F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                                 84A7A1F8
Device          \FileSystem\fastfat \FatCdrom                                                                                                          87665500
Device          \Driver\volmgr \Device\VolMgrControl                                                                                                   84A751F8
Device          \Driver\PCI_PNP1862 \Device\00000051                                                                                                   spip.sys
Device          \Driver\usbuhci \Device\USBPDO-0                                                                                                       867861F8
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                                       867861F8
Device          \Driver\usbuhci \Device\USBPDO-2                                                                                                       867861F8
Device          \Driver\usbehci \Device\USBPDO-3                                                                                                       86792500
Device          \Driver\usbuhci \Device\USBPDO-4                                                                                                       867861F8
Device          \Driver\ACPI_HAL \Device\00000049                                                                                                      halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device          \Driver\usbuhci \Device\USBPDO-5                                                                                                       867861F8
Device          \Driver\usbuhci \Device\USBPDO-6                                                                                                       867861F8
Device          \Driver\usbehci \Device\USBPDO-7                                                                                                       86792500
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                                                 84A751F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\volmgr \Device\HarddiskVolume2                                                                                                 84A751F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\cdrom \Device\CdRom0                                                                                                           8654F1F8
Device          \Driver\volmgr \Device\HarddiskVolume3                                                                                                 84A751F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                                                            84A781F8
Device          \Driver\iaStorV \Device\Ide\iaStor0                                                                                                    84A771F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                                     84A781F8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                                     84A781F8
Device          \Driver\iaStorV \Device\Ide\IAAStorageDevice-0                                                                                         84A771F8
Device          \Driver\iaStorV \Device\Ide\IAAStorageDevice-1                                                                                         84A771F8
Device          \Driver\cdrom \Device\CdRom1                                                                                                           8654F1F8
Device          \Driver\volmgr \Device\HarddiskVolume4                                                                                                 84A751F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                                 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\volmgr \Device\HarddiskVolume5                                                                                                 84A751F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                                                 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\USBSTOR \Device\00000076                                                                                                       865881F8
Device          \Driver\volmgr \Device\HarddiskVolume6                                                                                                 84A751F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                                                                 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\USBSTOR \Device\00000077                                                                                                       865881F8
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                                                865731F8
Device          \Driver\volmgr \Device\HarddiskVolume7                                                                                                 84A751F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7                                                                                                 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\USBSTOR \Device\00000078                                                                                                       865881F8
Device          \Driver\USBSTOR \Device\00000079                                                                                                       865881F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{B087707E-5BFC-490C-8F7D-B9B5BE28546C}                                                               865731F8
Device          \Driver\sptd \Device\3440801863                                                                                                        spip.sys
Device          \Driver\usbuhci \Device\USBFDO-0                                                                                                       867861F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{33EF70D9-E774-4B65-8E5B-331714413EFF}                                                               865731F8
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                                       867861F8
Device          \Driver\USBSTOR \Device\0000007a                                                                                                       865881F8
Device          \Driver\usbuhci \Device\USBFDO-2                                                                                                       867861F8
Device          \Driver\USBSTOR \Device\0000007b                                                                                                       865881F8
Device          \Driver\usbehci \Device\USBFDO-3                                                                                                       86792500
Device          \Driver\usbuhci \Device\USBFDO-4                                                                                                       867861F8
Device          \Driver\usbuhci \Device\USBFDO-5                                                                                                       867861F8
Device          \Driver\usbuhci \Device\USBFDO-6                                                                                                       867861F8
Device          \Driver\usbehci \Device\USBFDO-7                                                                                                       86792500
Device          \Driver\adajgpno \Device\Scsi\adajgpno1Port3Path0Target0Lun0                                                                           867831F8
Device          \Driver\adajgpno \Device\Scsi\adajgpno1                                                                                                867831F8
Device          \FileSystem\fastfat \Fat                                                                                                               87665500

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                               fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                                     771343423
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                                     285507792
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                                     1
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                       
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                    C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                    0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                    0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                 0x5A 0x34 0x94 0x29 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                              
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                           0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                        0x0A 0x6A 0x93 0x0D ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                         
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                   0xAD 0x30 0xD3 0x08 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                   
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                        C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                        0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                        0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                     0x5A 0x34 0x94 0x29 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                          
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                               0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                            0x0A 0x6A 0x93 0x0D ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                     
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                       0xAD 0x30 0xD3 0x08 ...

---- EOF - GMER 1.0.15 ----
--- --- ---
Alt 07.06.2010, 18:22   #20
Larusso
/// Selecta Jahrusso
 
Antimalware Doctor entfernen - Standard

Antimalware Doctor entfernen


Ist AntiMalware Doctor noch präsent ?

__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie
Alt 07.06.2010, 19:00   #21
almir_de
 
Antimalware Doctor entfernen - Standard

Antimalware Doctor entfernen


Keine Ahnung ob das Dingens noch da ist.
Werde das mal beobachten und mich ggf wieder hier melden.
Danke für die Unterstützung !
Mfg
ALMIR

Alt 07.06.2010, 19:05   #22
Larusso
/// Selecta Jahrusso
 
Antimalware Doctor entfernen - Standard

Antimalware Doctor entfernen


Aktiv sehe ich nämlich nicht in den Logs

Schritt 1

Bereinigung mit Malwarebytes' Anti-Malware (Quick-Scan)

Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
  • Denke daran, bei Vista das Programm als Admin zu starten, ansonsten per Doppelklick starten.
  • Lasse es online updaten (Reiter Updates), sofern sich das Programm bereits auf dem Rechner befand.
  • Aktiviere "Quick-Scan durchführen" => Scan.
  • Wenn der Scan beendet ist, klicke auf "Ergebnisse anzeigen".
  • Bei Funden in C:\System Volume Information den Haken entfernen.
    Ansonsten wird dieser Systemwiederherstellungspunkt nicht mehr funktionieren.
    Er könnte jedoch trotz Malware noch gebraucht werden.
  • Versichere Dich, dass ansonsten alle Funde markiert sind und drücke "Entferne Auswahl".
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Scan-Berichte" finden.
  • Berichte, wie der Rechner nun läuft.
Hier findest Du eine ausführliche und bebilderte Anleitung.


Schritt 2
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Unterstützte Betriebssysteme: Microsoft Windows 98/ME/NT 4.0/2000/XP und Windows Vista
  • Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
  • Dein Anti-Virus-Programm während des Scans deaktivieren.
  • Button "ESET Online Scanner" drücken.
  • Firefox-User müssen ein zusätzliches Addon (esetsmartinstaller_enu.exe) installieren.
  • Das Firefox-Addon auf dem Desktop speichern und dann installieren.
  • IE-User müssen das Installieren eines ActiveX Elements erlauben.
  • Einen Haken bei "Remove found threads" und "Scan archives" machen.
  • Start drücken.
  • Signaturen werden heruntergeladen.
  • Der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
  • IE-User zusätzlich: mit HJT folgenden Eintrag fixen:
  • O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control)


Schritt 3

Starte bitte OTL, Wähle unter Extra- Registrierung Benutze Safe List und klicke auf den Scan Button.


Bitte poste in Deiner nächsten Antwort
Log von Malwarebytes
Log von ESET
OTL.txt
Extras.txt
Berichte wie der Rechner läuft
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie
Antwort
Seite 2 von 2 1 2

Themen zu Antimalware Doctor entfernen
anleitung, anti-malware, antimalware, bösartige, dateien, doctor, durchlauf, entferne, entfernen, ergebnis, explorer, folge, folgendes, gefunde, harter, leitung, minute, probleme, schei, seite, super, troja, trojaner, version, verzeichnisse, viren, öffnet


« autorun.inf und RECYCLER Wurm durch USB / SD Karte bekommen. | aspimgr wird über AntiVir angezeigt »


Ähnliche Themen: Antimalware Doctor entfernen


  1. Antimalware Doctor entfernen
    Log-Analyse und Auswertung - 24.04.2011 (15)
  2. antimalware doctor endlich entfernen!
    Plagegeister aller Art und deren Bekämpfung - 08.04.2011 (3)
  3. Probleme mit Antimalware Doctor - Wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 07.04.2011 (13)
  4. Antimalware Doctor entfernen
    Plagegeister aller Art und deren Bekämpfung - 06.04.2011 (5)
  5. Antimalware Doctor entfernen
    Plagegeister aller Art und deren Bekämpfung - 10.03.2011 (13)
  6. Wie kann ich den Antimalware Doctor entfernen?
    Plagegeister aller Art und deren Bekämpfung - 24.02.2011 (9)
  7. Wie Antimalware Doctor entfernen?
    Plagegeister aller Art und deren Bekämpfung - 22.12.2010 (15)
  8. Antimalware Doctor, Adware.BHO, Malware.Packer.Gen entfernen
    Plagegeister aller Art und deren Bekämpfung - 06.09.2010 (32)
  9. security suite und antimalware doctor entfernen
    Plagegeister aller Art und deren Bekämpfung - 23.08.2010 (23)
  10. Antimalware Doctor endgültig entfernen
    Plagegeister aller Art und deren Bekämpfung - 22.08.2010 (1)
  11. antimalware doctor spurlos entfernen
    Plagegeister aller Art und deren Bekämpfung - 08.06.2010 (1)
  12. Antimalware Doctor ganz entfernen
    Plagegeister aller Art und deren Bekämpfung - 03.06.2010 (11)
  13. Antimalware Doctor lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 01.06.2010 (2)
  14. Antimalware Doctor entfernen
    Plagegeister aller Art und deren Bekämpfung - 14.05.2010 (6)
  15. Antimalware Doctor lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 04.05.2010 (0)
  16. Antimalware doctor entfernen, Malwarebytes startet nicht usw.
    Plagegeister aller Art und deren Bekämpfung - 21.04.2010 (1)
  17. Antimalware Doctor entfernen
    Anleitungen, FAQs & Links - 22.02.2010 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Antimalware Doctor entfernen - OTL Logfile: Code: Alles auswählen Aufklappen ATTFilter OTL logfile created on: 05.06.2010 15:48:19 - Run 1 OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\almir\Desktop Ultimate Edition (Version = 6.1.7600) - Antimalware Doctor entfernen...
Archiv
Du betrachtest: Antimalware Doctor entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55