| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: eine menge viren, unteranderem Exploit.Java.CVE-2009Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.08.2010, 11:09
| #16 |
 |  eine menge viren, unteranderem Exploit.Java.CVE-2009 hier its es: Code:
ATTFilter All processes killed
========== OTL ==========
No active process named cledx.exe was found!
Error: Unable to stop service CLEDX!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CLEDX deleted successfully.
C:\Windows\System32\drivers\cledx.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\H2O deleted successfully.
C:\Programme\Syncrosoft\POS\H2O\cledx.exe moved successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
D:\autorun.inf moved successfully.
ADS C:\Users\MeinPC\Desktop\110847997.jpg:FS_dl_url deleted successfully.
ADS C:\Users\MeinPC\Desktop\28280_131673653532013_100000681378212_204346_3656952_n.jpg:FS_dl_url deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
->Temp folder emptied: 23 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Mcx1-MEINPC-PC
->Temp folder emptied: 516 bytes
->Temporary Internet Files folder emptied: 405112 bytes
User: MeinPC
->Temp folder emptied: 271077815 bytes
->Temporary Internet Files folder emptied: 9074899 bytes
->Java cache emptied: 15609771 bytes
->FireFox cache emptied: 87075348 bytes
->Google Chrome cache emptied: 18692003 bytes
->Flash cache emptied: 16112 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 526136 bytes
RecycleBin emptied: 842006583 bytes
Total Files Cleaned = 1.187,00 mb
OTL by OldTimer - Version 3.2.9.1 log created on 08162010_120248
Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\kls80BE.tmp not found!
Registry entries deleted on Reboot...
|
|
16.08.2010, 11:24
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | eine menge viren, unteranderem Exploit.Java.CVE-2009 Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ |
|
16.08.2010, 12:34
| #18 |
| | eine menge viren, unteranderem Exploit.Java.CVE-2009 ComboFix Log:
__________________Code:
ATTFilter ComboFix 10-08-15.02 - MeinPC 16.08.2010 13:16:39.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.959.328 [GMT 2:00]
ausgeführt von:: c:\users\MeinPC\Desktop\cofi.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\msvcsv60.dll
.
((((((((((((((((((((((( Dateien erstellt von 2010-07-16 bis 2010-08-16 ))))))))))))))))))))))))))))))
.
2010-08-16 10:02 . 2010-08-16 10:02 -------- d-----w- C:\_OTL
2010-08-13 16:18 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-13 16:18 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-12 22:35 . 2009-12-05 17:42 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-08-12 22:34 . 2010-08-12 22:35 -------- d-----w- c:\program files\ffdshow
2010-08-12 21:23 . 2010-08-12 21:23 -------- d-----w- c:\program files\TVersity Codec Pack
2010-08-12 21:23 . 2010-08-12 21:23 -------- d-----w- c:\users\MeinPC\AppData\Local\TVersity
2010-08-12 09:16 . 2010-08-12 09:16 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-08-12 09:16 . 2010-08-12 09:16 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-08-12 09:15 . 2010-08-12 09:15 -------- d-----w- c:\program files\Kaspersky Lab
2010-08-11 18:44 . 2010-08-11 19:51 -------- d-----w- c:\program files\trend micro
2010-08-11 18:44 . 2010-08-11 18:44 -------- d-----w- C:\rsit
2010-08-11 16:43 . 2010-08-16 10:07 -------- d-----w- c:\programdata\Kaspersky Lab
2010-08-11 16:19 . 2010-08-11 16:19 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-08-11 16:08 . 2010-08-11 16:08 -------- d-----w- c:\programdata\Avira
2010-08-11 16:08 . 2010-08-11 16:08 -------- d-----w- c:\program files\Avira
2010-08-11 12:30 . 2010-08-11 12:30 -------- d-----w- c:\programdata\SITEguard
2010-08-11 12:29 . 2010-08-11 12:29 -------- d-----w- c:\program files\Common Files\iS3
2010-08-11 12:29 . 2010-08-11 18:20 -------- d-----w- c:\programdata\STOPzilla!
2010-08-06 11:18 . 2010-08-06 11:18 -------- d-----w- c:\users\MeinPC\AppData\Roaming\Malwarebytes
2010-08-06 11:17 . 2010-08-06 11:17 -------- d-----w- c:\programdata\Malwarebytes
2010-08-06 11:17 . 2010-08-13 16:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-06 11:04 . 2010-08-16 11:11 -------- d-----w- c:\program files\CCleaner
2010-08-04 15:32 . 2010-08-14 17:17 -------- d-----w- c:\users\MeinPC\AppData\Roaming\MessengerDiscovery 2
2010-08-04 15:31 . 2010-08-04 15:31 -------- d-----w- c:\programdata\MessengerDiscovery 2
2010-08-04 15:31 . 2010-08-04 15:31 -------- d-----w- c:\program files\MessengerDiscovery 2
2010-07-30 22:45 . 2010-07-30 22:45 -------- d-----w- c:\users\MeinPC\AppData\Local\Xilisoft
2010-07-30 22:44 . 2010-07-30 22:44 -------- d-----w- c:\users\MeinPC\AppData\Roaming\Xilisoft
2010-07-30 22:33 . 2010-07-30 22:33 -------- d-----w- c:\program files\Xilisoft
2010-07-28 20:19 . 2010-07-28 20:19 -------- d-----w- c:\programdata\PC Suite
2010-07-28 20:19 . 2010-07-28 20:19 -------- d-----w- c:\users\MeinPC\AppData\Roaming\PC Suite
2010-07-28 20:13 . 2007-05-02 14:31 90624 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-07-28 09:20 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-07-28 09:20 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-07-28 09:19 . 2010-07-28 09:19 -------- d-----w- c:\program files\iPod
2010-07-28 09:19 . 2010-07-28 09:20 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-28 09:19 . 2010-07-28 09:20 -------- d-----w- c:\program files\iTunes
2010-07-28 09:18 . 2010-07-28 09:19 -------- d-----w- c:\programdata\Apple Computer
2010-07-28 09:18 . 2010-07-28 09:18 -------- d-----w- c:\program files\QuickTime
2010-07-28 09:18 . 2010-07-28 09:18 -------- d-----w- c:\users\MeinPC\AppData\Local\Apple
2010-07-28 09:17 . 2010-07-28 09:17 -------- d-----w- c:\program files\Apple Software Update
2010-07-28 09:17 . 2010-07-28 09:17 -------- d-----w- c:\program files\Bonjour
2010-07-28 09:16 . 2010-08-15 16:41 -------- d-----w- c:\programdata\Apple
2010-07-28 09:16 . 2010-07-28 09:19 -------- d-----w- c:\program files\Common Files\Apple
2010-07-21 20:25 . 2010-07-21 20:25 -------- d-----w- c:\users\MeinPC\AppData\Roaming\InstallShield
2010-07-21 20:25 . 2010-07-21 20:25 -------- d-----w- c:\program files\Conduit
2010-07-21 20:25 . 2010-07-21 20:25 -------- d-----w- c:\program files\Winload
2010-07-21 20:25 . 2010-03-24 14:13 52224 ----a-w- c:\users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\components\FFExternalAlert.dll
2010-07-21 20:25 . 2010-03-24 14:13 101376 ----a-w- c:\users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\components\RadioWMPCore.dll
2010-07-21 20:18 . 2010-07-21 20:18 -------- d-----w- c:\program files\Forum Verlag
2010-07-21 20:18 . 2010-07-21 20:18 -------- d-----w- c:\users\MeinPC\AppData\Roaming\ATLAS_Ausfuhr
2010-07-21 20:18 . 2010-07-21 20:18 473600 ----a-w- c:\users\MeinPC\AppData\Roaming\AusfuhrPortal\Uninstall\uninstall.exe
2010-07-21 20:18 . 2010-07-21 20:18 -------- d-----w- c:\users\MeinPC\AppData\Local\Apps
2010-07-21 20:18 . 2010-07-21 20:26 -------- d-----w- c:\users\MeinPC\AppData\Roaming\AusfuhrPortal
2010-07-21 20:10 . 2010-07-21 20:10 -------- d-----w- c:\program files\SmartForm
2010-07-21 14:30 . 2010-07-21 14:30 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-17 13:15 . 2008-08-26 07:35 9117008 ----a-w- c:\users\MeinPC\AppData\Roaming\TomTom\HOME\Profiles\u238hpkm.default\extensions\Navcore.8.016.9380@tomtom.com\8-016-9380-1.dll
2010-07-17 13:03 . 2010-07-17 13:03 -------- d-----w- c:\programdata\TomTom
2010-07-17 13:02 . 2010-07-17 13:02 -------- d-----w- c:\users\MeinPC\AppData\Roaming\TomTom
2010-07-17 13:02 . 2010-07-17 13:02 -------- d-----w- c:\users\MeinPC\AppData\Local\TomTom
2010-07-17 13:02 . 2010-07-17 13:02 -------- d-----w- c:\program files\TomTom International B.V
2010-07-17 13:02 . 2010-07-17 13:02 -------- d-----w- c:\program files\TomTom HOME 2
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-15 16:42 . 2010-07-28 09:21 -------- d-----w- c:\users\MeinPC\AppData\Roaming\Apple Computer
2010-08-12 18:11 . 2010-03-20 23:02 -------- d-----w- c:\program files\JDownloader
2010-08-12 09:14 . 2010-03-20 22:13 -------- d-----w- c:\program files\F-Secure
2010-08-12 09:12 . 2010-03-20 22:11 -------- d-----w- c:\programdata\f-secure
2010-08-12 09:12 . 2009-07-14 08:47 646244 ----a-w- c:\windows\system32\perfh007.dat
2010-08-12 09:12 . 2009-07-14 08:47 127402 ----a-w- c:\windows\system32\perfc007.dat
2010-08-11 19:52 . 2010-03-20 22:08 113944 ----a-w- c:\users\MeinPC\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-11 19:51 . 2010-03-25 15:23 -------- d-----w- c:\programdata\FLEXnet
2010-08-11 10:58 . 2010-05-27 14:27 -------- d-----w- c:\users\MeinPC\AppData\Roaming\Yspa
2010-07-28 20:13 . 2010-04-23 09:06 -------- d-----w- c:\program files\Samsung
2010-07-28 20:12 . 2010-04-23 09:08 -------- d-----w- c:\program files\DIFX
2010-07-28 20:12 . 2010-07-28 20:08 -------- d-----w- c:\program files\PC Connectivity Solution
2010-07-28 20:08 . 2010-07-28 20:08 -------- d-----w- c:\program files\MarkAny
2010-07-28 20:01 . 2010-03-21 20:27 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-21 20:26 . 2010-07-21 20:26 -------- d-----w- c:\program files\KSR
2010-07-21 20:26 . 2010-03-21 22:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-17 13:33 . 2010-03-21 16:32 -------- d-----w- c:\program files\VstPlugins
2010-07-16 12:09 . 2010-05-20 17:14 720896 ----a-w- c:\windows\iun6002ev.exe
2010-07-15 11:40 . 2010-07-15 11:40 -------- d-----w- c:\program files\Google
2010-07-11 13:37 . 2010-04-10 13:49 -------- d-----w- c:\program files\Steinberg
2010-07-09 09:50 . 2010-07-09 09:50 16 ----a-w- c:\windows\msocreg32.dat
2010-06-30 12:54 . 2010-03-21 16:30 -------- d-----w- c:\program files\Image-Line
2010-06-30 12:15 . 2010-04-04 19:12 -------- d-----w- c:\program files\Windows Live Safety Center
2010-06-30 12:13 . 2010-03-20 22:31 -------- d-----w- c:\programdata\Messenger Plus!
2010-06-22 12:42 . 2010-06-22 12:42 -------- d-----w- c:\users\MeinPC\AppData\Roaming\F-Secure
2010-06-16 13:32 . 2010-05-19 11:00 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-06-16 13:32 . 2010-05-19 10:59 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-06-16 13:32 . 2010-05-11 18:00 1127240 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-06-06 21:37 . 2010-07-11 13:37 2785792 ----a-w- c:\windows\system32\GuaD.dll
2010-06-03 11:10 . 2010-05-11 18:00 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-06-03 11:00 . 2010-06-03 11:00 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-06-02 10:57 . 2010-06-02 10:57 1222464 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-05-26 20:56 . 2010-05-26 20:56 50354 ----a-w- c:\users\MeinPC\AppData\Roaming\Facebook\uninstall.exe
2010-05-18 14:35 . 2010-05-18 14:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 14:35 . 2010-05-18 14:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 14:35 . 2010-05-18 14:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2010-03-17 13:45 2355224 ----a-w- c:\program files\Winload\tbWinl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{40C3CC16-7269-4B32-9531-17F2950FB06F}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Aim"="c:\program files\AIM\aim.exe" [2010-03-08 3972440]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-03-19 5248312]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-06-24 247144]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 102400]
"Google Update"="c:\users\MeinPC\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-07-15 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-05-07 344736]
" Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
c:\users\MeinPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Forum-Updater.lnk - c:\program files\Forum Verlag\AESimple\ForumUpdater.exe [2010-7-21 988672]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
R1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-05-06 132184]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-15 136176]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys [2002-11-25 16896]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-03-23 691696]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-07-17 3576320]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-06-24 92008]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
.
Inhalt des "geplante Tasks" Ordners
2010-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-15 11:40]
2010-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-15 11:40]
2010-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3200165665-2754296958-3640837520-1001Core.job
- c:\users\MeinPC\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-15 11:40]
2010-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3200165665-2754296958-3640837520-1001UA.job
- c:\users\MeinPC\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-15 11:40]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
uInternet Settings,ProxyOverride = *.local
IE: Download with Xilisoft Download YouTube Video - c:\program files\Xilisoft\Download YouTube Video\upod_link.HTM
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Winload Customized Web Search
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - component: c:\users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\components\FFExternalAlert.dll
FF - component: c:\users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\MeinPC\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\MeinPC\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
---- FIREFOX Richtlinien ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKLM-Run-NPSStartup - (no file)
AddRemove-Steinberg Hypersonic v1.12.808 - c:\progra~1\VSTPLU~1\HYPERS~1\HYPERS~1\UNWISE.EXE
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-08-16 13:27:46
ComboFix-quarantined-files.txt 2010-08-16 11:27
Vor Suchlauf: 11 Verzeichnis(se), 32.011.780.096 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 31.817.474.048 Bytes frei
- - End Of File - - CB9A31001D0690AA0CC99C6E3A900BB6
|
|
16.08.2010, 12:59
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | eine menge viren, unteranderem Exploit.Java.CVE-2009 Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
16.08.2010, 15:33
| #20 |
| | eine menge viren, unteranderem Exploit.Java.CVE-2009 GMER Log: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-16 15:14:48
Windows 6.1.7600
Running: 80tckost.exe; Driver: C:\Users\MeinPC\AppData\Local\Temp\uwryypog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x87D22992]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x87D243FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x87D24674]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x87D248E6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x87D232AA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x87D23A52]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x87D23E4E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x87D234C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x87D23D34]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x87D22582]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x87D23C08]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x87D2272A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x87D23F6E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x87D22F32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x87D23030]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x87D23C9E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x87D25596]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x87D26716]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x87D23694]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x87D25688]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x87D25D62]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x87D23EE4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x87D23336]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x87D23DC4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x87D22BDC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x87D25AFC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x87D24004]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x87D22AD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x87D24B30]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x87D2609C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x87D2598E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x87D24368]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x87D2422E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x87D25330]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x87D265B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x87D2379C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x87D2314C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x87D24BD2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x87D25790]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x87D261EC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x87D262DE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x87D26418]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x87D254BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x87D22D7C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x87D22CD2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x87D25F40]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x87D22E68]
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C3EAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C3E104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C3E3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C272D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C26898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C3E1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C3E958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C3E6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C3EF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C3F1A8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 828575C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8287C052 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 250 82883850 4 Bytes [92, 29, D2, 87]
.text ntkrnlpa.exe!RtlSidHashLookup + 278 82883878 8 Bytes [FA, 43, D2, 87, 74, 46, D2, ...] {CLI ; INC EBX; ROL BYTE [EDI-0x782db98c], CL}
.text ntkrnlpa.exe!RtlSidHashLookup + 2BC 828838BC 4 Bytes [E6, 48, D2, 87]
.text ntkrnlpa.exe!RtlSidHashLookup + 2E8 828838E8 4 Bytes [AA, 32, D2, 87]
.text ntkrnlpa.exe!RtlSidHashLookup + 30C 8288390C 4 Bytes [52, 3A, D2, 87]
.text ...
.text peauth.sys 98C17C9D 28 Bytes [15, 8D, 3F, 60, CB, 83, A3, ...]
.text peauth.sys 98C17CC1 28 Bytes [15, 8D, 3F, 60, CB, 83, A3, ...]
? C:\Users\MeinPC\AppData\Local\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. !
? C:\Windows\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
? C:\Users\MeinPC\AppData\Local\Temp\mbr.sys Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
? C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe[2028] C:\Windows\system32\ADVAPI32.dll IMAGE_DOS_SIGNATURE not found;
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] USER32.dll!NotifyWinEvent + 48B 776AF724 4 Bytes [70, 11, 46, 6C] {JO 0x13; INC ESI; INSB }
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75975E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2052] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75975E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2052] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75975E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2052] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75975E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2052] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75975E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 00270240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 002702B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 00270320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 00270390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 00270A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 00270B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 00270B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 00270BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 77090D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 77090DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 00270C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 77090E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 77090E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 77090EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] 77090F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01290010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 01290080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 012900F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 01290160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 012901D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 00270CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 00270D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01290240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 012902B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 01290320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 01290390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 01290400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 01290470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetModuleHandleA] 012904E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 00270F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 77B305C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 77B30630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 77B30710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 012907F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 01290860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 012908D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 01290940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 012909B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 01290A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 01290A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 77B308D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] 01290B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01290B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 01290BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 77B30A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 77B30B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 003800F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 012A0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 012A04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 012A0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 00380160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 00380240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 012A05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 012A0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 012A06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 012A0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 012A0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 012A07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 012A0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 012A08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 012A0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 012A09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 012A0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] 00380A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] 00380A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree] 00380BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW] 012B0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!VirtualAlloc] 00380C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 012B09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 012B0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW] 012B0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] 012B0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 012B0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 012B0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 012B0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] 003A0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] 003A06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\IPHLPAPI.DLL [ntdll.dll!RtlFreeHeap] 003C00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\IPHLPAPI.DLL [ntdll.dll!RtlAllocateHeap] 003C0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 003C05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 003C0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 003C06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 019E0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 019E0B00
IAT C:\Program Files\Forum Verlag\AESimple\ForumUpdater.exe[2732] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75975E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Forum Verlag\AESimple\ForumUpdater.exe[2732] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75975E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Forum Verlag\AESimple\ForumUpdater.exe[2732] @ C:\Windows\system32\advapi32.dll [KERNEL32.dll!GetProcAddress] [75975E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Forum Verlag\AESimple\ForumUpdater.exe[2732] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75975E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Forum Verlag\AESimple\ForumUpdater.exe[2732] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetProcAddress] [75975E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Forum Verlag\AESimple\ForumUpdater.exe[2732] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75975E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 00510240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 005102B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 00510320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 00510390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 00510A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 00510B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 00510B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 00510BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 77090D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 77090DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 00510C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 77090E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 77090E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 77090EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] 77090F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 015A0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 015A0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 015A00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 015A0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 015A01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 00510CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 00510D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 015A0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 015A02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 015A0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 015A0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 015A0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 015A0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetModuleHandleA] 015A04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 00510F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 77B305C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 77B30630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 77B30710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 015A07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 015A0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 015A08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 015A0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 015A09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 015A0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 015A0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 77B308D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] 015A0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 015A0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 015A0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 77B30A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 77B30B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 005200F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 015B0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 015B04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 015B0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 00520160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 00520240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 015B05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 015B0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 015B06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 015B0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 015B0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 015B07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 015B0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 015B08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 015B0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 015B09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 015B0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] 00520A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] 00520A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree] 00520BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW] 015C0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!VirtualAlloc] 00520C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 015C09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 015C0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW] 015C0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] 015C0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 015C0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 015C0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 015C0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] 00540780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] 005407F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\IPHLPAPI.DLL [ntdll.dll!RtlFreeHeap] 00E50240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\IPHLPAPI.DLL [ntdll.dll!RtlAllocateHeap] 00E502B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 00E50710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 00E50780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 00E507F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 01640E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 01640E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryExA] 77090400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 770900F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 770902B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 77090320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 770905C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!CreateThread] 77B301D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetModuleHandleA] 77090240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!SetErrorMode] 77090550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!LoadLibraryW] 770904E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!HeapFree] 77B302B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 770905C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!LoadLibraryExW] 77090470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetProcAddress] 77090320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!LoadLibraryA] 77090390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!FreeLibrary] 770900F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetModuleFileNameW] 770901D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetModuleFileNameA] 77090160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetModuleHandleW] 770902B0
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4E 0xA2 0xFD 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x88 0xCE 0xEA 0x76 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x79 0x16 0xDB 0x0A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4E 0xA2 0xFD 0x80 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x88 0xCE 0xEA 0x76 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x79 0x16 0xDB 0x0A ...
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{F77A3523-3469-11DF-8600-806E6F6E6963} 1182065408
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 16:25:36 on 16.08.2010 OS: Windows 7 Ultimate Edition (Build 7600), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.8 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Kaspersky Lab ZAO" - C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskUserS-1-5-21-3200165665-2754296958-3640837520-1001Core.job" - "Google Inc." - C:\Users\MeinPC\AppData\Local\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-3200165665-2754296958-3640837520-1001UA.job" - "Google Inc." - C:\Users\MeinPC\AppData\Local\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "camcpl.cpl" - "Logitech Inc." - C:\Windows\system32\camcpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "adfs" (adfs) - "Adobe Systems, Inc." - C:\Windows\system32\drivers\adfs.sys "catchme" (catchme) - ? - C:\Users\MeinPC\AppData\Local\Temp\catchme.sys (File not found) "FsUsbExDisk" (FsUsbExDisk) - ? - C:\Windows\system32\FsUsbExDisk.SYS (File found, but it contains no detailed information) "Nsynas32" (Nsynas32) - "Syncrosoft Hard- und Software GmbH" - C:\Windows\system32\drivers\Nsynas32.sys "SynasUSB" (SynasUSB) - "Syncrosoft GmbH" - C:\Windows\System32\drivers\SynasUSB.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA32A~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {400CFEE2-39D0-46DC-96DF-E0BB5A4324B3} "My Logitech Pictures" - "Logitech Inc." - C:\Program Files\Logitech\Video\Namespc2.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) <binary data> "Winload Toolbar" - "Conduit Ltd." - C:\Program Files\Winload\tbWinl.dll -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" - "Conduit Ltd." - C:\Program Files\Winload\tbWinl.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {4248FE82-7FCB-46AC-B270-339F08212110} "&Virtuelle Tastatur" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} "ClsidExtension" - "Google Inc." - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll {CCF151D8-D089-449F-A5A4-D9909053F20F} "Li&nks untersuchen" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" - "Conduit Ltd." - C:\Program Files\Winload\tbWinl.dll <binary data> "Yahoo! Toolbar" - "Yahoo! Inc." - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {02478D38-C3F9-4efb-9B51-7695ECA05670} "&Yahoo! Toolbar Helper" - "Yahoo! Inc." - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {E33CF602-D945-461A-83F0-819F76A199F8} "FilterBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} "Google Gears Helper" - "Google Inc." - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} "SingleInstance Class" - "Yahoo! Inc" - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" - "Conduit Ltd." - C:\Program Files\Winload\tbWinl.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Shortcut exists | File exists) "desktop.ini" - ? - C:\Users\MeinPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Forum-Updater.lnk" - "Forum Verlag Herkert GmbH" - C:\Program Files\Forum Verlag\AESimple\ForumUpdater.exe (Shortcut exists | File exists) "Lexmark X125 Einstellungsdienstprogramm.lnk" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lexmark X125 Einstellungsdienstprogramm.lnk (Shortcut exists | File not found) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Aim" - "AOL Inc." - "C:\Program Files\AIM\aim.exe" /d locale=de-DE "AutoStartNPSAgent" - "Samsung Electronics Co., Ltd." - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe "DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun "Google Update" - "Google Inc." - "C:\Users\MeinPC\AppData\Local\Google\Update\GoogleUpdate.exe" /c "LogitechSoftwareUpdate" - "Logitech Inc." - "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot "Messenger (Yahoo!)" - "Yahoo! Inc." - "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet "msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background "TomTomHOME.exe" - "TomTom" - "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "AdobeCS4ServiceManager" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin "AVP" - "Kaspersky Lab ZAO" - "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" "GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "LogitechVideoRepair" - "Logitech Inc." - C:\Program Files\Logitech\Video\ISStart.exe "LogitechVideoTray" - "Logitech Inc." - C:\Program Files\Logitech\Video\LogiTray.exe " Malwarebytes Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime [Network Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )----- "Adobe Drive CS4 Network" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "FsUsbExService" (FsUsbExService) - "Teruten" - C:\Windows\system32\FsUsbExService.Exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Kaspersky Anti-Virus Service" (AVP) - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe "NIHardwareService" (NIHardwareService) - "Native Instruments GmbH" - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "ServiceLayer" (ServiceLayer) - "Nokia." - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe "TomTomHOMEService" (TomTomHOMEService) - "TomTom" - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe "TVersityMediaServer" (TVersityMediaServer) - ? - C:\Users\MeinPC\AppData\Local\TVersity\Media Server\MediaServer.exe (File found, but it contains no detailed information) "Yahoo! Updater" (YahooAUService) - "Yahoo! Inc." - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [Winlogon] -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "klogon" - "Kaspersky Lab ZAO" - C:\Windows\system32\klogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
16.08.2010, 17:08
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | eine menge viren, unteranderem Exploit.Java.CVE-2009 Beim remover seh ich nichts, kein Log, die anderen beiden sehen IMO ok aus.
__________________ --> eine menge viren, unteranderem Exploit.Java.CVE-2009 |
|
17.08.2010, 18:23
| #22 |
| | eine menge viren, unteranderem Exploit.Java.CVE-2009 ya hab ein link gepostet. ist irgendwie nicht angekommen. aber hier ist es noch mal.  |
|
17.08.2010, 19:47
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | eine menge viren, unteranderem Exploit.Java.CVE-2009 Auch das ist ok (siehe grüne Schrift  )Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.08.2010, 16:06
| #24 |
| | eine menge viren, unteranderem Exploit.Java.CVE-2009 Malbytes log: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4363
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
18.08.2010 14:29:14
mbam-log-2010-08-18 (14-29-14).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 295447
Laufzeit: 53 Minute(n), 46 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.77 85.255.112.6 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f358f42d-deb9-4bf8-8d6d-52d283c26ed4}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.77 85.255.112.6 -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 08/18/2010 at 04:06 PM
Application Version : 4.41.1000
Core Rules Database Version : 5242
Trace Rules Database Version: 3054
Scan type : Complete Scan
Total Scan Time : 01:29:35
Memory items scanned : 480
Memory threats detected : 0
Registry items scanned : 9275
Registry threats detected : 0
File items scanned : 158131
File threats detected : 89
Adware.Tracking Cookie
C:\Users\MeinPC\AppData\Roaming\Microsoft\Windows\Cookies\meinpc@tacoda[2].txt
C:\Users\MeinPC\AppData\Roaming\Microsoft\Windows\Cookies\meinpc@cdn.at.atwola[2].txt
C:\Users\MeinPC\AppData\Roaming\Microsoft\Windows\Cookies\meinpc@atdmt[2].txt
C:\Users\MeinPC\AppData\Roaming\Microsoft\Windows\Cookies\meinpc@at.atwola[1].txt
C:\Users\MeinPC\AppData\Roaming\Microsoft\Windows\Cookies\meinpc@ar.atwola[1].txt
C:\Users\MeinPC\AppData\Roaming\Microsoft\Windows\Cookies\meinpc@bs.serving-sys[1].txt
C:\Users\MeinPC\AppData\Roaming\Microsoft\Windows\Cookies\meinpc@serving-sys[1].txt
C:\Users\MeinPC\AppData\Roaming\Microsoft\Windows\Cookies\meinpc@tradedoubler[2].txt
C:\Users\MeinPC\AppData\Roaming\Microsoft\Windows\Cookies\meinpc@adtech[1].txt
C:\Users\MeinPC\AppData\Roaming\Microsoft\Windows\Cookies\meinpc@apmebf[1].txt
C:\Users\MeinPC\AppData\Roaming\Microsoft\Windows\Cookies\meinpc@atwola[2].txt
C:\Users\MeinPC\AppData\Roaming\Microsoft\Windows\Cookies\meinpc@advertising[2].txt
C:\Users\MeinPC\AppData\Roaming\Microsoft\Windows\Cookies\meinpc@mediaplex[2].txt
C:\Users\MeinPC\AppData\Roaming\Microsoft\Windows\Cookies\meinpc@weborama[2].txt
ia.media-imdb.com [ C:\Users\MeinPC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABX6SS65 ]
www.naiadsystems.com [ C:\Users\MeinPC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABX6SS65 ]
www.pornkeeper.com [ C:\Users\MeinPC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABX6SS65 ]
toplisted.us [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.adfarm1.adition.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.adfarm1.adition.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.doubleclick.net [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
ww251.smartadserver.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.adtech.de [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
de.sitestat.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
de.sitestat.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.statcounter.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.2o7.net [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.myroitracking.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.clicksor.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.clicksor.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.clicksor.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.clicksor.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.clicksor.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
bridge2.admarketplace.net [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.admarketplace.net [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
ad.zanox.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.zanox.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.zanox-affiliate.de [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.traffictrack.de [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.bizzclick.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
xml.happytofind.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.zedo.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.zedo.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.zedo.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.zedo.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.zedo.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.zedo.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.apmebf.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.fastclick.net [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.fastclick.net [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.fastclick.net [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
.tracking.mindshare.de [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
Adware.Flash Tracking Cookie
C:\Users\MeinPC\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ABX6SS65\IA.MEDIA-IMDB.COM
Rogue.Agent/Gen-Nullo[DLL]
C:\WINDOWS\SYSTEM32\MFC1O.DLL
|
|
18.08.2010, 18:33
| #25 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | eine menge viren, unteranderem Exploit.Java.CVE-2009Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.08.2010, 20:47
| #26 |
| | eine menge viren, unteranderem Exploit.Java.CVE-2009 wie schon zuvor gesagt, ich kann nichts updaten auch nicht manuell. ich weiß nicht warum.  |
|
18.08.2010, 20:56
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | eine menge viren, unteranderem Exploit.Java.CVE-2009 Immer noch nicht? Deinstallier es mal komplett. Dann installierst Du es wieder aber diesen Installer verwenden, der ist zufällig benannt => http://malwarebytes.org/mbam-download-exe-random.php Sofort im Anschluss aktualisieren lassen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.08.2010, 10:18
| #28 |
| | eine menge viren, unteranderem Exploit.Java.CVE-2009 es geht noch immer nicht. die seite kann nicht bei mir angezeigt werden  |
|
19.08.2010, 10:30
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | eine menge viren, unteranderem Exploit.Java.CVE-2009 CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.08.2010, 12:44
| #30 |
| | eine menge viren, unteranderem Exploit.Java.CVE-2009 hier ist der OTL log: Code:
ATTFilter OTL logfile created on: 19.08.2010 11:59:47 - Run 2 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\MeinPC\Downloads Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 959,00 Mb Total Physical Memory | 131,00 Mb Available Physical Memory | 14,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 38,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 78,13 Gb Total Space | 40,14 Gb Free Space | 51,38% Space Free | Partition Type: NTFS Drive D: | 70,91 Gb Total Space | 63,61 Gb Free Space | 89,70% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MEINPC-PC Current User Name: MeinPC Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Minimal Quick Scan ========== Processes (SafeList) ========== PRC - C:\Users\MeinPC\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\MeinPC\AppData\Local\TVersity\Media Server\MediaServer.exe () PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) PRC - C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.) PRC - C:\Program Files\Logitech\Video\FxSvr2.exe (Logitech Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\MeinPC\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (TVersityMediaServer) -- C:\Users\MeinPC\AppData\Local\TVersity\Media Server\MediaServer.exe () SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (NIHardwareService) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\MeinPC\AppData\Local\Temp\catchme.sys File not found DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO) DRV - (KL1) -- C:\Windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC-Seriellschnittstellentreiber (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) Brother MFC-nur-Fax-Modem (USB) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) Brother MFC-WDM-Treiber (USB,seriell) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) Brother WDM-Treiber (seriell) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation) DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI) DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation) DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (SynasUSB) -- C:\Windows\System32\drivers\synasUSB.sys (Syncrosoft GmbH) DRV - (Nsynas32) -- C:\Windows\System32\drivers\NSynas32.sys (Syncrosoft Hard- und Software GmbH) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9C 20 35 68 BE 24 CB 01 [binary data] IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AIM Search" FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Winload Customized Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.5331 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3 FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:1.0.2 FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.5.8.6 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.0.232 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.07.15 13:40:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.28 11:18:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.16 12:11:58 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt [2010.08.12 11:16:14 | 000,000,000 | ---D | M] [2010.07.17 15:02:31 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\mozilla\Extensions [2010.07.17 15:02:31 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2010.08.18 19:33:25 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\mozilla\Firefox\Profiles\yprpyq5u.default\extensions [2010.07.21 22:25:13 | 000,000,000 | ---D | M] (Winload Toolbar) -- C:\Users\MeinPC\AppData\Roaming\mozilla\Firefox\Profiles\yprpyq5u.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} [2010.05.02 18:30:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\MeinPC\AppData\Roaming\mozilla\Firefox\Profiles\yprpyq5u.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.07.09 17:59:35 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\MeinPC\AppData\Roaming\mozilla\Firefox\Profiles\yprpyq5u.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.04.26 17:07:48 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Users\MeinPC\AppData\Roaming\mozilla\Firefox\Profiles\yprpyq5u.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760} [2010.07.21 22:25:09 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\mozilla\Firefox\Profiles\yprpyq5u.default\extensions\finder@meingutscheincode.de [2010.03.21 16:01:07 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\mozilla\Firefox\Profiles\yprpyq5u.default\extensions\firefox@tvunetworks.com [2010.06.22 14:42:32 | 000,002,267 | ---- | M] () -- C:\Users\MeinPC\AppData\Roaming\Mozilla\FireFox\Profiles\yprpyq5u.default\searchplugins\aim-search.xml [2010.03.24 16:13:02 | 000,000,917 | ---- | M] () -- C:\Users\MeinPC\AppData\Roaming\Mozilla\FireFox\Profiles\yprpyq5u.default\searchplugins\conduit.xml [2010.08.12 11:17:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.08.12 11:17:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2010.07.26 19:47:24 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.26 19:47:24 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.26 19:47:24 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.26 19:47:25 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.26 19:47:25 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.08.16 13:24:45 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.) O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.) O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.) O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - Startup: C:\Users\MeinPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.255.112.77 85.255.112.6 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\mzvkbd3.dll (Kaspersky Lab ZAO) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation) NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootMin: Primary disk - Driver Group SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {58BEB942-8EFC-3F01-F747-5929BDD4370A} - Internet Explorer ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {8DBE3535-8ABF-82EA-F524-2C69A81BDE1D} - Internet Explorer ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {DF96EFF3-A4DF-294E-4DFB-88F65825DBA1} - Microsoft Windows Media Player ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error. ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation) Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll () ========== Files/Folders - Created Within 90 Days ========== [2010.08.18 00:26:20 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2010.08.18 00:26:19 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Roaming\SUPERAntiSpyware.com [2010.08.18 00:26:05 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2010.08.16 13:27:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2010.08.16 13:27:48 | 000,000,000 | ---D | C] -- C:\Windows\temp [2010.08.16 13:27:48 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Local\temp [2010.08.16 13:15:02 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2010.08.16 13:15:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2010.08.16 13:15:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010.08.16 13:14:53 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.08.16 13:12:24 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.08.16 13:12:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010.08.16 12:02:48 | 000,000,000 | ---D | C] -- C:\_OTL [2010.08.13 18:18:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.08.13 18:18:09 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.08.13 00:34:59 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow [2010.08.12 23:23:44 | 000,000,000 | ---D | C] -- C:\Program Files\TVersity Codec Pack [2010.08.12 23:23:21 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Local\TVersity [2010.08.12 11:15:58 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab [2010.08.12 11:15:49 | 000,475,224 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2010.08.11 20:44:19 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2010.08.11 20:44:19 | 000,000,000 | ---D | C] -- C:\rsit [2010.08.11 18:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2010.08.11 18:43:00 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\Desktop\Virus Removal Tool [2010.08.11 18:19:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files [2010.08.11 18:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.08.11 18:08:05 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2010.08.11 18:06:29 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\Documents\avira_antivir_personal_de1000567 [2010.08.11 14:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SITEguard [2010.08.11 14:29:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3 [2010.08.11 14:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla! [2010.08.10 23:00:30 | 000,000,000 | ---D | C] -- C:\Windows\pss [2010.08.10 12:01:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt [2010.08.10 01:01:42 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\Desktop\Neuer Ordner (3) [2010.08.06 13:57:00 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\Desktop\photoshop sachn [2010.08.06 13:18:17 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Roaming\Malwarebytes [2010.08.06 13:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.08.06 13:17:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.08.06 13:04:58 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010.08.05 12:56:31 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\Documents\My Webcam Recordings [2010.08.04 17:32:02 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Roaming\MessengerDiscovery 2 [2010.08.04 17:31:49 | 000,000,000 | ---D | C] -- C:\ProgramData\MessengerDiscovery 2 [2010.08.04 17:31:49 | 000,000,000 | ---D | C] -- C:\Program Files\MessengerDiscovery 2 [2010.07.31 00:45:35 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Local\Xilisoft [2010.07.31 00:45:02 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\Documents\Xilisoft [2010.07.31 00:44:55 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Roaming\Xilisoft [2010.07.31 00:34:32 | 000,000,000 | ---D | C] -- C:\Config.Msi [2010.07.31 00:33:20 | 000,000,000 | ---D | C] -- C:\Program Files\Xilisoft [2010.07.28 22:51:24 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\Desktop\Neuer Ordner (2) [2010.07.28 22:43:21 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\Documents\My Art [2010.07.28 22:29:11 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\Desktop\Neuer Ordner [2010.07.28 22:19:40 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite [2010.07.28 22:19:38 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Roaming\PC Suite [2010.07.28 22:13:01 | 000,090,624 | ---- | C] (Nokia) -- C:\Windows\System32\nmwcdcls.dll [2010.07.28 22:12:55 | 000,021,632 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys [2010.07.28 22:12:16 | 000,121,856 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bmdm.sys [2010.07.28 22:12:16 | 000,090,112 | ---- | C] (MCCI) -- C:\Windows\System32\drivers\ss_bbus.sys [2010.07.28 22:12:16 | 000,014,976 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bmdfl.sys [2010.07.28 22:12:16 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bwhnt.sys [2010.07.28 22:12:16 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bwh.sys [2010.07.28 22:12:16 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bcmnt.sys [2010.07.28 22:12:16 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bcm.sys [2010.07.28 22:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny [2010.07.28 22:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution [2010.07.28 11:21:03 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Roaming\Apple Computer [2010.07.28 11:21:03 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Local\Apple Computer [2010.07.28 11:20:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE [2010.07.28 11:19:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010.07.28 11:19:40 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010.07.28 11:19:40 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.07.28 11:18:18 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2010.07.28 11:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2010.07.28 11:18:00 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Local\Apple [2010.07.28 11:17:55 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2010.07.28 11:17:06 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2010.07.28 11:16:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2010.07.28 11:16:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2010.07.21 22:26:23 | 000,362,200 | ---- | C] (ComponentOne) -- C:\Windows\System32\vsprint7.ocx [2010.07.21 22:26:23 | 000,173,784 | ---- | C] (ComponentOne ) -- C:\Windows\System32\vspdf.ocx [2010.07.21 22:26:23 | 000,128,728 | ---- | C] (ComponentOne) -- C:\Windows\System32\vsppgvp7.dll [2010.07.21 22:26:23 | 000,036,864 | ---- | C] (KSR EDV Ing. Buero GmbH) -- C:\Windows\System32\udaNEXTNUMBER_ActiveX.dll [2010.07.21 22:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\KSR [2010.07.21 22:26:22 | 002,379,776 | ---- | C] (KSR EDV Ing. Buero GmbH) -- C:\Windows\System32\udaFUNCTIONS_ActiveX.dll [2010.07.21 22:26:22 | 000,352,256 | ---- | C] (KSR EDV Ing. Buero GmbH) -- C:\Windows\System32\UDA_ActiveX.dll [2010.07.21 22:26:22 | 000,294,912 | ---- | C] (KSR EDV Ing. Buero GmbH) -- C:\Windows\System32\KSR_LizenzReg_ActiveX.dll [2010.07.21 22:26:22 | 000,245,760 | ---- | C] (KSR EDV Ing. Buero GmbH) -- C:\Windows\System32\KSR_PrintEngine_ActiveX.ocx [2010.07.21 22:26:22 | 000,094,275 | ---- | C] (KSR EDV Ing.büro GmbH) -- C:\Windows\System32\KSR_RegistryAccess_ActiveX.dll [2010.07.21 22:26:22 | 000,057,344 | ---- | C] (KSR EDV Ing. Büro GmbH) -- C:\Windows\System32\KSR_Error.dll [2010.07.21 22:26:22 | 000,057,344 | ---- | C] (INNO-TECH Software) -- C:\Windows\System32\inPOPUPMenu_ActiveX.ocx [2010.07.21 22:26:22 | 000,053,248 | ---- | C] (Creative Software GmbH) -- C:\Windows\System32\ksrTtoolText.dll [2010.07.21 22:26:22 | 000,049,152 | ---- | C] (KSR EDV Ing.büro GmbH) -- C:\Windows\System32\KSR_Ttool_ActiveX.dll [2010.07.21 22:26:22 | 000,032,768 | ---- | C] (ksr) -- C:\Windows\System32\KSR_RegAccessAdmin.exe [2010.07.21 22:25:42 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Roaming\InstallShield [2010.07.21 22:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2010.07.21 22:25:15 | 000,000,000 | ---D | C] -- C:\Program Files\Winload [2010.07.21 22:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\Forum Verlag [2010.07.21 22:18:52 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Roaming\ATLAS_Ausfuhr [2010.07.21 22:18:49 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Local\Apps [2010.07.21 22:18:47 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Roaming\AusfuhrPortal [2010.07.21 22:10:31 | 000,000,000 | ---D | C] -- C:\Program Files\SmartForm [2010.07.17 15:03:25 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\Documents\TomTom [2010.07.17 15:03:22 | 000,000,000 | ---D | C] -- C:\ProgramData\TomTom [2010.07.17 15:02:30 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Roaming\TomTom [2010.07.17 15:02:30 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Local\TomTom [2010.07.17 15:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V [2010.07.17 15:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom HOME 2 [2010.07.17 01:54:09 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010.07.15 13:40:15 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2010.07.15 13:40:07 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Local\Google [2010.07.11 15:37:52 | 002,785,792 | ---- | C] (AiR) -- C:\Windows\System32\GuaD.dll [2010.07.09 18:00:35 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\dwhelper [2010.06.29 23:41:25 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\Documents\Verlauf [2010.06.22 14:42:01 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Roaming\F-Secure [2010.06.07 16:21:39 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Roaming\4Media [2010.06.07 16:20:23 | 000,000,000 | ---D | C] -- C:\Program Files\4Media [2010.06.05 21:03:16 | 000,000,000 | ---D | C] -- C:\ProgramData\AppData [2010.05.27 16:27:47 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Roaming\Yspa [2010.05.26 23:08:39 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\Neuer Ordner [2010.05.26 22:55:57 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Roaming\Facebook ========== Files - Modified Within 90 Days ========== [2010.08.19 12:02:11 | 003,145,728 | -HS- | M] () -- C:\Users\MeinPC\ntuser.dat [2010.08.19 11:45:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.08.19 11:18:20 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.19 11:18:20 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.19 11:12:52 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.08.19 11:12:47 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.19 11:12:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.19 11:12:41 | 753,836,032 | -HS- | M] () -- C:\hiberfil.sys [2010.08.18 21:05:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3200165665-2754296958-3640837520-1001UA.job [2010.08.18 21:05:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3200165665-2754296958-3640837520-1001Core.job [2010.08.18 16:10:02 | 002,788,422 | -H-- | M] () -- C:\Users\MeinPC\AppData\Local\IconCache.db [2010.08.18 00:26:08 | 000,001,925 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.08.16 16:30:27 | 000,071,235 | ---- | M] () -- C:\Users\MeinPC\Desktop\Unbenannt.jpg [2010.08.16 15:16:37 | 000,002,028 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Forum-Updater.lnk [2010.08.16 13:24:53 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini [2010.08.16 13:24:45 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010.08.16 13:11:26 | 000,000,969 | ---- | M] () -- C:\Users\MeinPC\Desktop\CCleaner.lnk [2010.08.16 13:08:19 | 003,817,889 | R--- | M] () -- C:\Users\MeinPC\Desktop\cofi.exe [2010.08.16 12:11:59 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.08.15 21:03:17 | 000,002,322 | ---- | M] () -- C:\Users\MeinPC\Desktop\Google Chrome.lnk [2010.08.13 23:11:07 | 002,741,419 | ---- | M] () -- C:\Users\MeinPC\Desktop\Quo - Complicated (written by Jack Knight).mp3 [2010.08.13 18:18:16 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.12 23:23:46 | 000,002,435 | ---- | M] () -- C:\Users\MeinPC\Desktop\TVersity.lnk [2010.08.12 11:16:52 | 000,113,933 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat [2010.08.12 11:16:51 | 000,097,549 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat [2010.08.12 11:15:49 | 000,475,224 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2010.08.12 11:12:34 | 000,646,244 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.08.12 11:12:34 | 000,609,608 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.08.12 11:12:34 | 000,127,402 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.08.12 11:12:34 | 000,104,584 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.11 22:50:19 | 000,524,288 | -HS- | M] () -- C:\Users\MeinPC\ntuser.dat{0806124e-a581-11df-8194-00e04d5e418e}.TMContainer00000000000000000002.regtrans-ms [2010.08.11 22:50:19 | 000,524,288 | -HS- | M] () -- C:\Users\MeinPC\ntuser.dat{0806124e-a581-11df-8194-00e04d5e418e}.TMContainer00000000000000000001.regtrans-ms [2010.08.11 22:50:19 | 000,065,536 | -HS- | M] () -- C:\Users\MeinPC\ntuser.dat{0806124e-a581-11df-8194-00e04d5e418e}.TM.blf [2010.08.11 21:52:55 | 000,113,944 | ---- | M] () -- C:\Users\MeinPC\AppData\Local\GDIPFONTCACHEV1.DAT [2010.08.09 23:54:56 | 003,353,355 | ---- | M] () -- C:\Users\MeinPC\Desktop\JBarbz - HardCore (final).mp3 [2010.07.30 23:08:32 | 004,747,026 | ---- | M] () -- C:\Users\MeinPC\Desktop\Gambler Pop Mix 3.mp3 [2010.07.28 22:28:09 | 000,000,619 | ---- | M] () -- C:\Users\MeinPC\Desktop\Track03 - Verknüpfung.lnk [2010.07.28 22:23:46 | 001,493,750 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.07.28 22:08:27 | 000,002,116 | ---- | M] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk [2010.07.21 22:26:32 | 000,001,873 | ---- | M] () -- C:\Users\Public\Desktop\Export Formular Manager.lnk [2010.07.21 22:18:52 | 000,002,497 | ---- | M] () -- C:\Users\MeinPC\Desktop\AESimple & SanScreen & eForm Zoll.lnk [2010.07.17 01:54:25 | 002,350,384 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.07.16 14:09:33 | 000,720,896 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002ev.exe [2010.07.09 11:50:12 | 000,000,016 | ---- | M] () -- C:\Windows\System32\w3data.vss [2010.07.09 11:50:12 | 000,000,016 | ---- | M] () -- C:\Windows\msocreg32.dat [2010.06.30 13:01:35 | 000,021,744 | ---- | M] () -- C:\Users\MeinPC\Desktop\28280_131673653532013_100000681378212_204346_3656952_n.jpg [2010.06.22 21:32:27 | 000,012,016 | ---- | M] () -- C:\Users\MeinPC\Desktop\Vergleich Felix Krull und Simplicissimus.docx [2010.06.14 00:44:51 | 003,796,086 | ---- | M] () -- C:\Users\MeinPC\Desktop\01 California Girls (Master).mp3 [2010.06.07 00:36:56 | 000,015,945 | ---- | M] () -- C:\Users\MeinPC\Desktop\110847997.jpg [2010.06.06 23:37:12 | 002,785,792 | ---- | M] (AiR) -- C:\Windows\System32\GuaD.dll [2010.05.30 15:46:40 | 000,010,378 | ---- | M] () -- C:\Users\MeinPC\Desktop\rechnung.xlsx [2010.05.24 17:22:13 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml [2010.05.24 17:22:13 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml ========== Files Created - No Company Name ========== [2010.08.18 00:26:08 | 000,001,925 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.08.16 16:30:27 | 000,071,235 | ---- | C] () -- C:\Users\MeinPC\Desktop\Unbenannt.jpg [2010.08.16 13:15:02 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2010.08.16 13:15:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010.08.16 13:15:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010.08.16 13:15:02 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010.08.16 13:15:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010.08.16 13:11:26 | 000,000,969 | ---- | C] () -- C:\Users\MeinPC\Desktop\CCleaner.lnk [2010.08.16 13:07:21 | 003,817,889 | R--- | C] () -- C:\Users\MeinPC\Desktop\cofi.exe [2010.08.15 21:03:17 | 000,002,322 | ---- | C] () -- C:\Users\MeinPC\Desktop\Google Chrome.lnk [2010.08.15 21:00:59 | 000,001,122 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3200165665-2754296958-3640837520-1001UA.job [2010.08.15 21:00:57 | 000,001,070 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3200165665-2754296958-3640837520-1001Core.job [2010.08.13 23:10:48 | 002,741,419 | ---- | C] () -- C:\Users\MeinPC\Desktop\Quo - Complicated (written by Jack Knight).mp3 [2010.08.13 18:18:16 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.13 00:35:00 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.08.12 23:23:46 | 000,002,435 | ---- | C] () -- C:\Users\MeinPC\Desktop\TVersity.lnk [2010.08.12 11:16:52 | 000,113,933 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2010.08.12 11:16:51 | 000,097,549 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2010.08.11 21:52:21 | 000,524,288 | -HS- | C] () -- C:\Users\MeinPC\ntuser.dat{0806124e-a581-11df-8194-00e04d5e418e}.TMContainer00000000000000000002.regtrans-ms [2010.08.11 21:52:21 | 000,524,288 | -HS- | C] () -- C:\Users\MeinPC\ntuser.dat{0806124e-a581-11df-8194-00e04d5e418e}.TMContainer00000000000000000001.regtrans-ms [2010.08.11 21:52:21 | 000,065,536 | -HS- | C] () -- C:\Users\MeinPC\ntuser.dat{0806124e-a581-11df-8194-00e04d5e418e}.TM.blf [2010.08.11 13:39:27 | 000,002,028 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Forum-Updater.lnk [2010.08.11 13:39:27 | 000,001,889 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lexmark X125 Einstellungsdienstprogramm.lnk [2010.08.10 00:27:30 | 003,353,355 | ---- | C] () -- C:\Users\MeinPC\Desktop\JBarbz - HardCore (final).mp3 [2010.08.07 20:19:24 | 004,747,026 | ---- | C] () -- C:\Users\MeinPC\Desktop\Gambler Pop Mix 3.mp3 [2010.07.28 22:28:09 | 000,000,619 | ---- | C] () -- C:\Users\MeinPC\Desktop\Track03 - Verknüpfung.lnk [2010.07.28 22:08:27 | 000,002,116 | ---- | C] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk [2010.07.21 22:26:32 | 000,001,873 | ---- | C] () -- C:\Users\Public\Desktop\Export Formular Manager.lnk [2010.07.21 22:26:23 | 000,139,264 | ---- | C] () -- C:\Windows\System32\vsppg7.dll [2010.07.21 22:26:22 | 000,000,601 | ---- | C] () -- C:\Windows\System32\KSR_RegAccessAdmin.exe.manifest [2010.07.21 22:18:52 | 000,002,497 | ---- | C] () -- C:\Users\MeinPC\Desktop\AESimple & SanScreen & eForm Zoll.lnk [2010.07.15 13:40:21 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.07.15 13:40:19 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.07.09 11:50:12 | 000,000,016 | ---- | C] () -- C:\Windows\System32\w3data.vss [2010.07.09 11:50:12 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat [2010.06.30 13:01:32 | 000,021,744 | ---- | C] () -- C:\Users\MeinPC\Desktop\28280_131673653532013_100000681378212_204346_3656952_n.jpg [2010.06.22 21:32:26 | 000,012,016 | ---- | C] () -- C:\Users\MeinPC\Desktop\Vergleich Felix Krull und Simplicissimus.docx [2010.06.14 00:42:48 | 003,796,086 | ---- | C] () -- C:\Users\MeinPC\Desktop\01 California Girls (Master).mp3 [2010.06.07 00:36:48 | 000,015,945 | ---- | C] () -- C:\Users\MeinPC\Desktop\110847997.jpg [2010.05.30 15:42:00 | 000,010,378 | ---- | C] () -- C:\Users\MeinPC\Desktop\rechnung.xlsx [2010.05.24 17:21:50 | 000,002,562 | ---- | C] () -- C:\Windows\diagwrn.xml [2010.05.24 17:21:50 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml [2010.04.23 11:08:04 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.04.23 11:08:04 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys ========== LOP Check ========== [2010.06.07 16:21:39 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\4Media [2010.04.26 17:08:13 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\acccore [2010.07.21 22:18:52 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\ATLAS_Ausfuhr [2010.07.21 22:26:53 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\AusfuhrPortal [2010.03.23 13:12:26 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\DAEMON Tools Lite [2010.06.22 14:42:01 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\F-Secure [2010.05.26 22:56:00 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\Facebook [2010.08.14 19:17:51 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\MessengerDiscovery 2 [2010.03.24 19:51:20 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\Music Recognition [2010.07.28 22:19:38 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\PC Suite [2010.04.03 20:16:30 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\Propellerhead Software [2010.04.23 11:07:30 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\Samsung [2010.04.12 17:37:16 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\Steinberg [2010.07.17 15:02:30 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\TomTom [2010.07.31 00:44:55 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\Xilisoft [2010.08.11 12:58:00 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\Yspa [2010.06.17 20:03:42 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.06.07 16:21:39 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\4Media [2010.03.27 14:51:26 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\ABBYY [2010.04.26 17:08:13 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\acccore [2010.03.26 10:50:07 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\Adobe [2010.08.15 18:42:30 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\Apple Computer [2010.07.21 22:18:52 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\ATLAS_Ausfuhr [2010.07.21 22:26:53 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\AusfuhrPortal [2010.03.23 13:12:26 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\DAEMON Tools Lite [2010.06.22 14:42:01 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\F-Secure [2010.05.26 22:56:00 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\Facebook [2010.03.20 23:53:07 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\Identities [2010.07.21 22:25:42 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\InstallShield [2010.03.20 23:58:23 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\Macromedia [2010.08.06 13:18:17 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\Malwarebytes [2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\Media Center Programs [2010.08.14 19:17:51 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\MessengerDiscovery 2 [2010.07.21 22:27:09 | 000,000,000 | --SD | M] -- C:\Users\MeinPC\AppData\Roaming\Microsoft [2010.03.20 23:58:57 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\Mozilla [2010.03.24 19:51:20 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\Music Recognition [2010.07.28 22:19:38 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\PC Suite [2010.04.03 20:16:30 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\Propellerhead Software [2010.04.23 11:07:30 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\Samsung [2010.04.12 17:37:16 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\Steinberg [2010.08.18 00:26:20 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\SUPERAntiSpyware.com [2010.07.17 15:02:30 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\TomTom [2010.03.21 00:09:28 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\WinRAR [2010.07.31 00:44:55 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\Xilisoft [2010.05.02 18:31:19 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\Yahoo! [2010.08.11 12:58:00 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\Yspa < %APPDATA%\*.exe /s > [2010.07.21 22:18:49 | 000,473,600 | ---- | M] () -- C:\Users\MeinPC\AppData\Roaming\AusfuhrPortal\Uninstall\uninstall.exe [2010.05.26 22:56:00 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Users\MeinPC\AppData\Roaming\Facebook\uninstall.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\ERDNT\cache\user32.dll [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.05.07 00:19:02 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\System32\drivers\kl1.sys [2010.05.07 00:19:06 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\System32\drivers\kl2.sys [2010.08.12 11:15:49 | 000,475,224 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\System32\drivers\klif.sys [2010.04.22 19:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\System32\drivers\klim6.sys [2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\System32\drivers\klmouflt.sys < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2010.05.07 12:37:58 | 000,228,024 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\System32\klogon.dll [2009.07.14 03:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msvbvm60.dll < End of report > |
|
| Themen zu eine menge viren, unteranderem Exploit.Java.CVE-2009 |
| brauche, browser, datei, entferne, entfernen, garnicht, gefunde, konnte, langsam, malewarebytes, menge, probleme, programm, prüfen, sache, sachen, sehr langsam, viren, wichtig, woche, wochen |
Textbox.
.
Linear-Darstellung
