Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   eine menge viren, unteranderem Exploit.Java.CVE-2009 (https://www.trojaner-board.de/89450-menge-viren-unteranderem-exploit-java-cve-2009-a.html)

oakk 13.08.2010 15:33
eine menge viren, unteranderem Exploit.Java.CVE-2009
 
Hallo,
ich habe seit ein paar wochen probleme mit meinem rechner. er ist sehr langsam und manchma lassen sich meine browser garnicht öffnen. ich hab dann alles mit kasperskys prüfen lassen und er hat ca. 20 sachen gefunden. 11 konnte er entfernen und 9 sind noch drauf die irgendwie nicht wegehen.

Gefunden trojanisches Programm Exploit.Java.CVE-2009-3867.gen
Gefunden trojanisches Programm Exploit.Java.CVE-2009-3867.gen
Gefunden trojanisches Programm Trojan-Downloader.Java.Agent.cd
Gefunden trojanisches Programm Trojan-Downloader.Java.Agent.cd
Gefunden trojanisches Programm Trojan-Downloader.Java.OpenStream.al
Gefunden trojanisches Programm Trojan-Downloader.Java.OpenStream.al
Gefunden trojanisches Programm Exploit.Java.CVE-2009-3867.gen
Gefunden trojanisches Programm Trojan-Downloader.Java.Agent.cd
Gefunden trojanisches Programm Trojan-Downloader.Java.OpenStream.al

ich habe auch diese Malewarebytes programm beutzt. hat aber auch nicht geholfen.

brauche dirgend hilfe. ich hab viele datei auf dem rechner die wichtig sind und viel wert sind.

cosinus 13.08.2010 17:10
Zitat:
Gefunden trojanisches Programm Trojan-Downloader.Java.Agent.cd
Gefunden trojanisches Programm Trojan-Downloader.Java.OpenStream.al
Immer die genauen Schädlingsnamen und Pfadangaben notieren und posten!

Auch das Malwarebytes-Log musst Du posten!

Aus den Regeln:

5. Beschreibe Dein Problem in einigen Sätzen und arbeite diese Anleitung ab Punkt 2. durch
Auch Funde von deiner Sicherheitssoftware bitte im Thema nennen: (z.B. c:\windows\virus.exe)
Fehlen diese Angaben, kann und wird dir hier niemand helfen.

oakk 13.08.2010 17:36
ok hier ist es:

Code:
Gefunden (9)       
13.08.2010 13:10:40        Gefunden        trojanisches Programm Exploit.Java.CVE-2009-3867.gen        C:\Dokumente und Einstellungen\MeinPC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\265a2144-272048a9/dev/s/AdgredY.class        Hoch       
13.08.2010 13:10:40        Gefunden        trojanisches Programm Exploit.Java.CVE-2009-3867.gen        C:\Dokumente und Einstellungen\MeinPC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\467e6c32-6a54b6a6/dev/s/AdgredY.class        Hoch       
13.08.2010 13:10:40        Gefunden        trojanisches Programm Trojan-Downloader.Java.Agent.cd        C:\Dokumente und Einstellungen\MeinPC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\265a2144-272048a9/dev/s/DyesyasZ.class        Hoch       
13.08.2010 13:10:40        Gefunden        trojanisches Programm Trojan-Downloader.Java.Agent.cd        C:\Dokumente und Einstellungen\MeinPC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\467e6c32-6a54b6a6/dev/s/DyesyasZ.class        Hoch       
13.08.2010 13:10:40        Gefunden        trojanisches Programm Trojan-Downloader.Java.OpenStream.al        C:\Dokumente und Einstellungen\MeinPC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\265a2144-272048a9/dev/s/LoaderX.class        Hoch       
13.08.2010 13:10:40        Gefunden        trojanisches Programm Trojan-Downloader.Java.OpenStream.al        C:\Dokumente und Einstellungen\MeinPC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\467e6c32-6a54b6a6/dev/s/LoaderX.class        Hoch       
13.08.2010 13:10:40        Gefunden        trojanisches Programm Exploit.Java.CVE-2009-3867.gen        C:\Dokumente und Einstellungen\MeinPC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\30c24a39-114ddd9e/dev/s/AdgredY.class        Hoch       
13.08.2010 13:10:40        Gefunden        trojanisches Programm Trojan-Downloader.Java.Agent.cd        C:\Dokumente und Einstellungen\MeinPC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\30c24a39-114ddd9e/dev/s/DyesyasZ.class        Hoch       
13.08.2010 13:10:40        Gefunden        trojanisches Programm Trojan-Downloader.Java.OpenStream.al        C:\Dokumente und Einstellungen\MeinPC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\30c24a39-114ddd9e/dev/s/LoaderX.class        Hoch
und der malwarebytes log:

Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4052

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

13.08.2010 18:28:23
mbam-log-2010-08-13 (18-28-23).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 128109
Laufzeit: 9 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 1
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cleansweep.exe (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\attrnatd (Trojan.Agent.U) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.77 85.255.112.6 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f358f42d-deb9-4bf8-8d6d-52d283c26ed4}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.77 85.255.112.6 -> No action taken.

Infizierte Verzeichnisse:
C:\cleansweep.exe (Trojan.Agent) -> No action taken.

Infizierte Dateien:
C:\cleansweep.exe\cleansweep.exe (Trojan.Agent) -> No action taken.
C:\Users\MeinPC\AppData\Local\Temp\svchost.exe (Trojan.Agent) -> No action taken.
C:\Users\MeinPC\AppData\Local\Temp\djoivaws.dll (Trojan.Agent.U) -> No action taken.

cosinus 13.08.2010 17:56
Zitat:
Datenbank Version: 4052
Du hast Malwarebytes vorher nicht aktualisiert. Bitte updaten und einen Vollscan machen.

oakk 13.08.2010 18:12
ich kann malwarebytes nicht updaten. er zeigt mir irgendwie "MBAM_ERORR_UPDATING (12007,0,WinHttpSendRequest). ich kann allgemein nichts updaten z.B. meine firewall und andere programm. das ist auch kein problem bei mir.

cosinus 13.08.2010 18:19
Mach ein manuelles Update => Manual database update - Malwarebytes Forum

oakk 13.08.2010 18:30
ich kann die seite nicht aufrufen. ich bekomm immer eine fehlermeldung: "Der Server unter forums.malwarebytes.org konnte nicht gefunden werden."

cosinus 13.08.2010 18:43
Dann hier ausnahmsweise über file-upload => File-Upload.net - updater.exe

Vorsichtshalber hab ich das Teil zu updater.exe umbenannt.

oakk 13.08.2010 19:54
ok danke für den link. hier ist der log:

Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4363

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

13.08.2010 20:52:29
mbam-log-2010-08-13 (20-52-29).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 294113
Laufzeit: 1 Stunde(n), 2 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.77 85.255.112.6 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f358f42d-deb9-4bf8-8d6d-52d283c26ed4}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.77 85.255.112.6 -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\ProgramData\AppData\Local\Temp\Macromedia\SwUpdate\swupdate.dll (Trojan.Swisyn) -> No action taken.
C:\Users\MeinPC\AppData\Roaming\usernt.dat (Malware.Trace) -> No action taken.
C:\Users\MeinPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\syscron.exe (Trojan.Agent) -> No action taken.

oakk 14.08.2010 00:24
hat jemand vielleicht eine idee?

cosinus 14.08.2010 17:15
Hast Du die Funde nicht entfernt??

oakk 14.08.2010 19:52
natürlich hab ich sie entfernt. hab den log aber bevor ich es entfernt hab gespeichert.

cosinus 14.08.2010 23:44
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

oakk 15.08.2010 13:04
Code:
OTL Extras logfile created on: 15.08.2010 13:57:44 - Run 1
OTL by OldTimer - Version 3.2.9.1    Folder = C:\Users\MeinPC\Downloads
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
959,00 Mb Total Physical Memory | 322,00 Mb Available Physical Memory | 34,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 45,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78,13 Gb Total Space | 31,91 Gb Free Space | 40,84% Space Free | Partition Type: NTFS
Drive D: | 70,91 Gb Total Space | 63,61 Gb Free Space | 89,71% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MEINPC-PC
Current User Name: MeinPC
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [TVersity] -- "C:\Users\MeinPC\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6B3EB9D1-779C-4F4B-A399-E2B2FDCB4E3A}" = Export Formular Manager
"{7930FB47-6452-4476-BF16-D77F748646DB}" = Native Instruments Session IO Driver
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{88739060-F683-11D3-B761-00105AD153C1}" = Lexmark X125
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A404CBF5-D956-401E-B017-06F95660AC4A}" = AESimple 2.0
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2552FA6-86E3-410D-84AD-265C2242D410}" = Native Instruments FM8
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam-Software
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E2E7A0E8-77C4-495F-8FA3-63DAEDAA2DB3}" = F-Secure PSC Prerequisites
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{EBBF81D0-A0FE-4FDB-940E-E3D96A3B5ADD}" = AnyForm
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"02" = Pashto Fonts
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"4Media MP4 to MP3 Converter" = 4Media MP4 to MP3 Converter 6
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AIM Toolbar" = AIM Toolbar
"AIM_7" = AIM 7
"ASIO4ALL" = ASIO4ALL
"Cakewalk Studio Instruments_is1" = Studio Instruments 1.0
"E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem  (01/26/2008 2.6.0.0)
"Edirol HQ Orchestral VSTi v1.03" = Edirol HQ Orchestral VSTi v1.03
"eLicenser Control" = eLicenser Control
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"FL Studio 8" = FL Studio 8
"FL Studio 9" = FL Studio 9
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"Hardcore" = Hardcore
"IL Download Manager" = IL Download Manager
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"MessengerDiscovery_is1" = MessengerDiscovery 2.5.95
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments FM8" = Native Instruments FM8
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Session IO Driver" = Native Instruments Session IO Driver
"PoiZone" = PoiZone
"Reason4_is1" = Reason 4.0
"reFX Nexus_is1" = reFX Nexus VSTi RTAS v2.2.0
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Sawer" = Sawer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Steinberg Hypersonic v1.12.808" = Steinberg Hypersonic v1.12.808
"Steinberg Hypersonic VSTi DXi_is1" = Steinberg Hypersonic VSTi DXi v2.0
"Sylenth1_is1" = Sylenth1 v2.0
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft's License Control" = Syncrosofts Lizenz Kontrolle
"Tolafghan Pashto Support for Windows2.0" = Tolafghan Pashto Support for Windows
"TomTom HOME" = TomTom HOME 2.7.5.2014
"Toxic Biohazard" = Toxic Biohazard
"TVersity Codec Pack" = TVersity Codec Pack 1.4
"TVersity Media Server" = TVersity Media Server 1.9.2
"TVUPlayer" = TVUPlayer 2.5.2.2
"Uninstall_is1" = Uninstall 1.0.0.1
"WIDI Recognition System Pro 4.03" = WIDI Recognition System Pro 4.03 (remove only)
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winload Toolbar" = Winload Toolbar
"WinRAR archiver" = WinRAR
"Xilisoft Download YouTube Video" = Xilisoft Download YouTube Video
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.08.2010 10:25:29 | Computer Name = MeinPC-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5133
 
Error - 12.08.2010 12:09:26 | Computer Name = MeinPC-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 1.9.2.3855,
 Zeitstempel: 0x4c48d590  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bdadb  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00046b90  ID des fehlerhaften
 Prozesses: 0xfc4  Startzeit der fehlerhaften Anwendung: 0x01cb3a35fe33e290  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\plugin-container.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: fa4fedd8-a62b-11df-8b35-00e04d5e418e
 
Error - 12.08.2010 12:49:58 | Computer Name = MeinPC-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16450,
 Zeitstempel: 0x4aeba271  Name des fehlerhaften Moduls: EXPLORERFRAME.dll, Version:
 6.1.7600.16385, Zeitstempel: 0x4a5bda55  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001a256
ID
 des fehlerhaften Prozesses: 0x7c4  Startzeit der fehlerhaften Anwendung: 0x01cb3a25febac0e0
Pfad
 der fehlerhaften Anwendung: C:\Windows\Explorer.EXE  Pfad des fehlerhaften Moduls:
 C:\Windows\system32\EXPLORERFRAME.dll  Berichtskennung: a3a98768-a631-11df-8b35-00e04d5e418e
 
Error - 12.08.2010 14:38:50 | Computer Name = MeinPC-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16450,
 Zeitstempel: 0x4aeba271  Name des fehlerhaften Moduls: EXPLORERFRAME.dll, Version:
 6.1.7600.16385, Zeitstempel: 0x4a5bda55  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001a256
ID
 des fehlerhaften Prozesses: 0x11a4  Startzeit der fehlerhaften Anwendung: 0x01cb3a3e69462478
Pfad
 der fehlerhaften Anwendung: C:\Windows\Explorer.EXE  Pfad des fehlerhaften Moduls:
 C:\Windows\system32\EXPLORERFRAME.dll  Berichtskennung: d956c95c-a640-11df-8b35-00e04d5e418e
 
Error - 12.08.2010 17:34:19 | Computer Name = MeinPC-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 12.08.2010 17:34:19 | Computer Name = MeinPC-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 12.08.2010 17:35:28 | Computer Name = MeinPC-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16450,
 Zeitstempel: 0x4aeba271  Name des fehlerhaften Moduls: EXPLORERFRAME.dll, Version:
 6.1.7600.16385, Zeitstempel: 0x4a5bda55  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001a256
ID
 des fehlerhaften Prozesses: 0xd34  Startzeit der fehlerhaften Anwendung: 0x01cb3a4d9f5f95bc
Pfad
 der fehlerhaften Anwendung: C:\Windows\Explorer.EXE  Pfad des fehlerhaften Moduls:
 C:\Windows\system32\EXPLORERFRAME.dll  Berichtskennung: 864a07d8-a659-11df-8b35-00e04d5e418e
 
Error - 12.08.2010 18:11:54 | Computer Name = MeinPC-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7600.16450,
 Zeitstempel: 0x4aeba271  Name des fehlerhaften Moduls: DUI70.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bda05  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00039742  ID des fehlerhaften
 Prozesses: 0xa74  Startzeit der fehlerhaften Anwendung: 0x01cb3a664e896348  Pfad der
 fehlerhaften Anwendung: C:\Windows\explorer.exe  Pfad des fehlerhaften Moduls: C:\Windows\system32\DUI70.dll
Berichtskennung:
 9d169238-a65e-11df-8b35-00e04d5e418e
 
Error - 13.08.2010 03:14:31 | Computer Name = MeinPC-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 13.08.2010 03:14:31 | Computer Name = MeinPC-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ Media Center Events ]
Error - 12.05.2010 16:27:59 | Computer Name = MeinPC-PC | Source = Microsoft-Windows-Media Center Extender | ID = 701
Description =
 
Error - 12.05.2010 16:27:59 | Computer Name = MeinPC-PC | Source = Microsoft-Windows-Media Center Extender | ID = 700
Description =
 
Error - 12.05.2010 16:29:58 | Computer Name = MeinPC-PC | Source = Microsoft-Windows-Media Center Extender | ID = 701
Description =
 
Error - 16.06.2010 08:31:06 | Computer Name = MeinPC-PC | Source = MCUpdate | ID = 0
Description = 14:31:06 - Fehler beim Herstellen der Internetverbindung.  14:31:06
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 16.06.2010 08:31:40 | Computer Name = MeinPC-PC | Source = MCUpdate | ID = 0
Description = 14:31:35 - Fehler beim Herstellen der Internetverbindung.  14:31:35
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 22.07.2010 04:12:06 | Computer Name = MeinPC-PC | Source = Microsoft-Windows-Media Center Extender | ID = 701
Description =
 
Error - 22.07.2010 04:12:06 | Computer Name = MeinPC-PC | Source = Microsoft-Windows-Media Center Extender | ID = 700
Description =
 
Error - 08.08.2010 07:08:13 | Computer Name = MeinPC-PC | Source = MCUpdate | ID = 0
Description = 13:08:12 - Fehler beim Herstellen der Internetverbindung.  13:08:12
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 08.08.2010 07:08:53 | Computer Name = MeinPC-PC | Source = MCUpdate | ID = 0
Description = 13:08:45 - Fehler beim Herstellen der Internetverbindung.  13:08:45
-    Serververbindung konnte nicht hergestellt werden.. 
 
[ System Events ]
Error - 13.08.2010 03:14:26 | Computer Name = MeinPC-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  kl2
 
Error - 13.08.2010 06:48:53 | Computer Name = MeinPC-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?13.?08.?2010 um 09:39:40 unerwartet heruntergefahren.
 
Error - 13.08.2010 06:49:26 | Computer Name = MeinPC-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Kaspersky Anti-Virus Service erreicht.
 
Error - 13.08.2010 06:49:26 | Computer Name = MeinPC-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Kaspersky Anti-Virus Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1053
 
Error - 13.08.2010 06:49:31 | Computer Name = MeinPC-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  kl2
 
Error - 13.08.2010 12:30:10 | Computer Name = MeinPC-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?13.?08.?2010 um 18:29:02 unerwartet heruntergefahren.
 
Error - 13.08.2010 12:30:43 | Computer Name = MeinPC-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Kaspersky Anti-Virus Service erreicht.
 
Error - 13.08.2010 12:30:43 | Computer Name = MeinPC-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Kaspersky Anti-Virus Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1053
 
Error - 13.08.2010 12:30:48 | Computer Name = MeinPC-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  kl2
 
Error - 13.08.2010 14:57:22 | Computer Name = MeinPC-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?13.?08.?2010 um 20:56:04 unerwartet heruntergefahren.
 
 
< End of report >
Code:
OTL logfile created on: 15.08.2010 13:57:44 - Run 1
OTL by OldTimer - Version 3.2.9.1    Folder = C:\Users\MeinPC\Downloads
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
959,00 Mb Total Physical Memory | 322,00 Mb Available Physical Memory | 34,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 45,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78,13 Gb Total Space | 31,91 Gb Free Space | 40,84% Space Free | Partition Type: NTFS
Drive D: | 70,91 Gb Total Space | 63,61 Gb Free Space | 89,71% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MEINPC-PC
Current User Name: MeinPC
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\MeinPC\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\MeinPC\AppData\Local\TVersity\Media Server\MediaServer.exe ()
PRC - C:\Programme\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtblfs.exe (Kaspersky Lab ZAO)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\Logitech\Video\LogiTray.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\Video\FxSvr2.exe (Logitech Inc.)
PRC - C:\Programme\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\MeinPC\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TVersityMediaServer) -- C:\Users\MeinPC\AppData\Local\TVersity\Media Server\MediaServer.exe ()
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (NIHardwareService) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC-Seriellschnittstellentreiber (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) Brother MFC-nur-Fax-Modem (USB) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) Brother MFC-WDM-Treiber (USB,seriell) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) Brother WDM-Treiber (seriell) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (CLEDX) -- C:\Windows\System32\drivers\cledx.sys (Team H2O)
DRV - (SynasUSB) -- C:\Windows\System32\drivers\synasUSB.sys (Syncrosoft GmbH)
DRV - (Nsynas32) -- C:\Windows\System32\drivers\NSynas32.sys (Syncrosoft Hard- und Software GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Programme\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9C 20 35 68 BE 24 CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Programme\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Winload Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.5331
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:1.0.2
FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.0.232
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.07.15 13:40:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.28 11:18:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.28 11:18:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt [2010.08.12 11:16:14 | 000,000,000 | ---D | M]
 
[2010.07.17 15:02:31 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\mozilla\Extensions
[2010.07.17 15:02:31 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010.08.14 15:49:26 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\mozilla\Firefox\Profiles\yprpyq5u.default\extensions
[2010.07.21 22:25:13 | 000,000,000 | ---D | M] (Winload Toolbar) -- C:\Users\MeinPC\AppData\Roaming\mozilla\Firefox\Profiles\yprpyq5u.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2010.05.02 18:30:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\MeinPC\AppData\Roaming\mozilla\Firefox\Profiles\yprpyq5u.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.07.09 17:59:35 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\MeinPC\AppData\Roaming\mozilla\Firefox\Profiles\yprpyq5u.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.04.26 17:07:48 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Users\MeinPC\AppData\Roaming\mozilla\Firefox\Profiles\yprpyq5u.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010.07.21 22:25:09 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\mozilla\Firefox\Profiles\yprpyq5u.default\extensions\finder@meingutscheincode.de
[2010.03.21 16:01:07 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\mozilla\Firefox\Profiles\yprpyq5u.default\extensions\firefox@tvunetworks.com
[2010.06.22 14:42:32 | 000,002,267 | ---- | M] () -- C:\Users\MeinPC\AppData\Roaming\Mozilla\FireFox\Profiles\yprpyq5u.default\searchplugins\aim-search.xml
[2010.03.24 16:13:02 | 000,000,917 | ---- | M] () -- C:\Users\MeinPC\AppData\Roaming\Mozilla\FireFox\Profiles\yprpyq5u.default\searchplugins\conduit.xml
[2010.08.12 11:17:42 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.08.12 11:17:42 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010.07.26 19:47:24 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.26 19:47:24 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.26 19:47:24 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.26 19:47:25 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.26 19:47:25 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Programme\AIM Toolbar\aimtb.dll (AOL Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Programme\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Programme\AIM Toolbar\aimtb.dll (AOL Inc.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [H2O] C:\Programme\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Users\MeinPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Programme\Xilisoft\Download YouTube Video\upod_link.HTM ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.255.112.77 85.255.112.6
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.08.11 19:45:48 | 000,000,143 | ---- | M] () - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.13 18:18:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.13 18:18:09 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.13 00:34:59 | 000,000,000 | ---D | C] -- C:\Programme\ffdshow
[2010.08.12 23:23:44 | 000,000,000 | ---D | C] -- C:\Programme\TVersity Codec Pack
[2010.08.12 23:23:21 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Local\TVersity
[2010.08.12 11:15:58 | 000,000,000 | ---D | C] -- C:\Programme\Kaspersky Lab
[2010.08.12 11:15:49 | 000,475,224 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010.08.11 20:44:19 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2010.08.11 20:44:19 | 000,000,000 | ---D | C] -- C:\rsit
[2010.08.11 18:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010.08.11 18:43:00 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\Desktop\Virus Removal Tool
[2010.08.11 18:19:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010.08.11 18:08:05 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.08.11 18:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.08.11 18:06:29 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\Documents\avira_antivir_personal_de1000567
[2010.08.11 14:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SITEguard
[2010.08.11 14:29:53 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\iS3
[2010.08.11 14:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2010.08.10 23:00:30 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010.08.10 12:01:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010.08.10 01:01:42 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\Desktop\Neuer Ordner (3)
[2010.08.06 13:57:00 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\Desktop\photoshop sachn
[2010.08.06 13:18:17 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Roaming\Malwarebytes
[2010.08.06 13:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.06 13:17:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.06 13:04:58 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.08.05 12:56:31 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\Documents\My Webcam Recordings
[2010.08.04 17:32:02 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Roaming\MessengerDiscovery 2
[2010.08.04 17:31:49 | 000,000,000 | ---D | C] -- C:\Programme\MessengerDiscovery 2
[2010.08.04 17:31:49 | 000,000,000 | ---D | C] -- C:\ProgramData\MessengerDiscovery 2
[2010.07.31 00:45:35 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Local\Xilisoft
[2010.07.31 00:45:02 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\Documents\Xilisoft
[2010.07.31 00:44:55 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Roaming\Xilisoft
[2010.07.31 00:34:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.07.31 00:33:20 | 000,000,000 | ---D | C] -- C:\Programme\Xilisoft
[2010.07.28 22:51:24 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\Desktop\Neuer Ordner (2)
[2010.07.28 22:43:21 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\Documents\My Art
[2010.07.28 22:29:11 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\Desktop\Neuer Ordner
[2010.07.28 22:19:40 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2010.07.28 22:19:38 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Roaming\PC Suite
[2010.07.28 22:13:01 | 000,090,624 | ---- | C] (Nokia) -- C:\Windows\System32\nmwcdcls.dll
[2010.07.28 22:12:55 | 000,021,632 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2010.07.28 22:12:16 | 000,121,856 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bmdm.sys
[2010.07.28 22:12:16 | 000,090,112 | ---- | C] (MCCI) -- C:\Windows\System32\drivers\ss_bbus.sys
[2010.07.28 22:12:16 | 000,014,976 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bmdfl.sys
[2010.07.28 22:12:16 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bwhnt.sys
[2010.07.28 22:12:16 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bwh.sys
[2010.07.28 22:12:16 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bcmnt.sys
[2010.07.28 22:12:16 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bcm.sys
[2010.07.28 22:08:22 | 000,000,000 | ---D | C] -- C:\Programme\MarkAny
[2010.07.28 22:08:19 | 000,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution
[2010.07.28 11:21:03 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Roaming\Apple Computer
[2010.07.28 11:21:03 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Local\Apple Computer
[2010.07.28 11:20:37 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2010.07.28 11:20:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010.07.28 11:19:45 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.07.28 11:19:40 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.07.28 11:19:40 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.07.28 11:18:18 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.07.28 11:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010.07.28 11:18:00 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Local\Apple
[2010.07.28 11:17:55 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2010.07.28 11:17:06 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.07.28 11:16:48 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Apple
[2010.07.28 11:16:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010.07.21 22:26:24 | 000,209,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tabctl32.ocx
[2010.07.21 22:26:24 | 000,166,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMASK32.OCX
[2010.07.21 22:26:24 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX
[2010.07.21 22:26:24 | 000,109,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSWINSCK.OCX
[2010.07.21 22:26:23 | 000,647,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX
[2010.07.21 22:26:23 | 000,362,200 | ---- | C] (ComponentOne) -- C:\Windows\System32\vsprint7.ocx
[2010.07.21 22:26:23 | 000,173,784 | ---- | C] (ComponentOne ) -- C:\Windows\System32\vspdf.ocx
[2010.07.21 22:26:23 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Comdlg32.ocx
[2010.07.21 22:26:23 | 000,128,728 | ---- | C] (ComponentOne) -- C:\Windows\System32\vsppgvp7.dll
[2010.07.21 22:26:23 | 000,036,864 | ---- | C] (KSR EDV Ing. Buero GmbH) -- C:\Windows\System32\udaNEXTNUMBER_ActiveX.dll
[2010.07.21 22:26:23 | 000,000,000 | ---D | C] -- C:\Programme\KSR
[2010.07.21 22:26:22 | 002,379,776 | ---- | C] (KSR EDV Ing. Buero GmbH) -- C:\Windows\System32\udaFUNCTIONS_ActiveX.dll
[2010.07.21 22:26:22 | 000,352,256 | ---- | C] (KSR EDV Ing. Buero GmbH) -- C:\Windows\System32\UDA_ActiveX.dll
[2010.07.21 22:26:22 | 000,294,912 | ---- | C] (KSR EDV Ing. Buero GmbH) -- C:\Windows\System32\KSR_LizenzReg_ActiveX.dll
[2010.07.21 22:26:22 | 000,245,760 | ---- | C] (KSR EDV Ing. Buero GmbH) -- C:\Windows\System32\KSR_PrintEngine_ActiveX.ocx
[2010.07.21 22:26:22 | 000,094,275 | ---- | C] (KSR EDV Ing.büro GmbH) -- C:\Windows\System32\KSR_RegistryAccess_ActiveX.dll
[2010.07.21 22:26:22 | 000,057,344 | ---- | C] (KSR EDV Ing. Büro GmbH) -- C:\Windows\System32\KSR_Error.dll
[2010.07.21 22:26:22 | 000,057,344 | ---- | C] (INNO-TECH Software) -- C:\Windows\System32\inPOPUPMenu_ActiveX.ocx
[2010.07.21 22:26:22 | 000,053,248 | ---- | C] (Creative Software GmbH) -- C:\Windows\System32\ksrTtoolText.dll
[2010.07.21 22:26:22 | 000,049,152 | ---- | C] (KSR EDV Ing.büro GmbH) -- C:\Windows\System32\KSR_Ttool_ActiveX.dll
[2010.07.21 22:26:22 | 000,032,768 | ---- | C] (ksr) -- C:\Windows\System32\KSR_RegAccessAdmin.exe
[2010.07.21 22:25:42 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Roaming\InstallShield
[2010.07.21 22:25:18 | 000,000,000 | ---D | C] -- C:\Programme\Conduit
[2010.07.21 22:25:15 | 000,000,000 | ---D | C] -- C:\Programme\Winload
[2010.07.21 22:18:57 | 000,000,000 | ---D | C] -- C:\Programme\Forum Verlag
[2010.07.21 22:18:52 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Roaming\ATLAS_Ausfuhr
[2010.07.21 22:18:49 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Local\Apps
[2010.07.21 22:18:47 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Roaming\AusfuhrPortal
[2010.07.21 22:10:31 | 000,000,000 | ---D | C] -- C:\Programme\SmartForm
[2010.07.17 15:03:25 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\Documents\TomTom
[2010.07.17 15:03:22 | 000,000,000 | ---D | C] -- C:\ProgramData\TomTom
[2010.07.17 15:02:30 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Roaming\TomTom
[2010.07.17 15:02:30 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Local\TomTom
[2010.07.17 15:02:23 | 000,000,000 | ---D | C] -- C:\Programme\TomTom International B.V
[2010.07.17 15:02:07 | 000,000,000 | ---D | C] -- C:\Programme\TomTom HOME 2
[2010.07.17 01:54:09 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.15 14:00:52 | 003,145,728 | -HS- | M] () -- C:\Users\MeinPC\ntuser.dat
[2010.08.15 13:45:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.15 13:45:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.15 12:27:02 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.15 12:27:02 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.15 12:21:29 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.15 12:21:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.15 12:21:24 | 753,836,032 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.14 02:53:46 | 001,740,302 | -H-- | M] () -- C:\Users\MeinPC\AppData\Local\IconCache.db
[2010.08.13 23:11:07 | 002,741,419 | ---- | M] () -- C:\Users\MeinPC\Desktop\Quo - Complicated (written by Jack Knight).mp3
[2010.08.13 18:18:16 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.12 23:23:46 | 000,002,435 | ---- | M] () -- C:\Users\MeinPC\Desktop\TVersity.lnk
[2010.08.12 11:16:52 | 000,113,933 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2010.08.12 11:16:51 | 000,097,549 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2010.08.12 11:15:49 | 000,475,224 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010.08.12 11:12:34 | 000,646,244 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.12 11:12:34 | 000,609,608 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.12 11:12:34 | 000,127,402 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.12 11:12:34 | 000,104,584 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.11 22:50:19 | 000,524,288 | -HS- | M] () -- C:\Users\MeinPC\ntuser.dat{0806124e-a581-11df-8194-00e04d5e418e}.TMContainer00000000000000000002.regtrans-ms
[2010.08.11 22:50:19 | 000,524,288 | -HS- | M] () -- C:\Users\MeinPC\ntuser.dat{0806124e-a581-11df-8194-00e04d5e418e}.TMContainer00000000000000000001.regtrans-ms
[2010.08.11 22:50:19 | 000,065,536 | -HS- | M] () -- C:\Users\MeinPC\ntuser.dat{0806124e-a581-11df-8194-00e04d5e418e}.TM.blf
[2010.08.11 21:52:55 | 000,113,944 | ---- | M] () -- C:\Users\MeinPC\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.09 23:54:56 | 003,353,355 | ---- | M] () -- C:\Users\MeinPC\Desktop\JBarbz - HardCore (final).mp3
[2010.07.30 23:08:32 | 004,747,026 | ---- | M] () -- C:\Users\MeinPC\Desktop\Gambler Pop Mix 3.mp3
[2010.07.28 22:28:09 | 000,000,619 | ---- | M] () -- C:\Users\MeinPC\Desktop\Track03 - Verknüpfung.lnk
[2010.07.28 22:23:46 | 001,493,750 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.28 22:08:27 | 000,002,116 | ---- | M] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk
[2010.07.21 22:27:31 | 000,002,068 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Forum-Updater.lnk
[2010.07.21 22:26:32 | 000,001,873 | ---- | M] () -- C:\Users\Public\Desktop\Export Formular Manager.lnk
[2010.07.21 22:18:52 | 000,002,497 | ---- | M] () -- C:\Users\MeinPC\Desktop\AESimple & SanScreen & eForm Zoll.lnk
[2010.07.17 01:54:25 | 002,350,384 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.07.17 01:53:58 | 123,346,376 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.07.16 14:09:33 | 000,720,896 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002ev.exe
 
========== Files Created - No Company Name ==========
 
[2010.08.13 23:10:48 | 002,741,419 | ---- | C] () -- C:\Users\MeinPC\Desktop\Quo - Complicated (written by Jack Knight).mp3
[2010.08.13 18:18:16 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.13 00:35:00 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.08.12 23:23:46 | 000,002,435 | ---- | C] () -- C:\Users\MeinPC\Desktop\TVersity.lnk
[2010.08.12 11:16:52 | 000,113,933 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010.08.12 11:16:51 | 000,097,549 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010.08.11 21:52:21 | 000,524,288 | -HS- | C] () -- C:\Users\MeinPC\ntuser.dat{0806124e-a581-11df-8194-00e04d5e418e}.TMContainer00000000000000000002.regtrans-ms
[2010.08.11 21:52:21 | 000,524,288 | -HS- | C] () -- C:\Users\MeinPC\ntuser.dat{0806124e-a581-11df-8194-00e04d5e418e}.TMContainer00000000000000000001.regtrans-ms
[2010.08.11 21:52:21 | 000,065,536 | -HS- | C] () -- C:\Users\MeinPC\ntuser.dat{0806124e-a581-11df-8194-00e04d5e418e}.TM.blf
[2010.08.11 13:39:27 | 000,002,068 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Forum-Updater.lnk
[2010.08.11 13:39:27 | 000,001,889 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lexmark X125 Einstellungsdienstprogramm.lnk
[2010.08.10 00:27:30 | 003,353,355 | ---- | C] () -- C:\Users\MeinPC\Desktop\JBarbz - HardCore (final).mp3
[2010.08.07 20:19:24 | 004,747,026 | ---- | C] () -- C:\Users\MeinPC\Desktop\Gambler Pop Mix 3.mp3
[2010.07.28 22:28:09 | 000,000,619 | ---- | C] () -- C:\Users\MeinPC\Desktop\Track03 - Verknüpfung.lnk
[2010.07.28 22:08:27 | 000,002,116 | ---- | C] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk
[2010.07.21 22:26:32 | 000,001,873 | ---- | C] () -- C:\Users\Public\Desktop\Export Formular Manager.lnk
[2010.07.21 22:26:23 | 000,139,264 | ---- | C] () -- C:\Windows\System32\vsppg7.dll
[2010.07.21 22:26:22 | 000,000,601 | ---- | C] () -- C:\Windows\System32\KSR_RegAccessAdmin.exe.manifest
[2010.07.21 22:26:21 | 000,009,100 | ---- | C] () -- C:\Windows\System32\Mfc1O.dll
[2010.07.21 22:18:52 | 000,002,497 | ---- | C] () -- C:\Users\MeinPC\Desktop\AESimple & SanScreen & eForm Zoll.lnk
[2010.07.17 01:53:58 | 123,346,376 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.07.09 11:50:12 | 000,000,016 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll
[2010.04.23 11:08:04 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.04.23 11:08:04 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.03.23 12:58:23 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 53 bytes -> C:\Users\MeinPC\Desktop\110847997.jpg:FS_dl_url
@Alternate Data Stream - 113 bytes -> C:\Users\MeinPC\Desktop\28280_131673653532013_100000681378212_204346_3656952_n.jpg:FS_dl_url
< End of report >

cosinus 15.08.2010 18:54
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
PRC - C:\Programme\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
DRV - (CLEDX) -- C:\Windows\System32\drivers\cledx.sys (Team H2O)
O4 - HKLM..\Run: [H2O] C:\Programme\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.255.112.77 85.255.112.6
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - AutoRun File - [2010.08.11 19:45:48 | 000,000,143 | ---- | M] () - D:\autorun.inf -- [ NTFS ]
@Alternate Data Stream - 53 bytes -> C:\Users\MeinPC\Desktop\110847997.jpg:FS_dl_url
@Alternate Data Stream - 113 bytes -> C:\Users\MeinPC\Desktop\28280_131673653532013_100000681378212_204346_3656952_n.jpg:FS_dl_url
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

oakk 16.08.2010 11:09
hier its es:

Code:
All processes killed
========== OTL ==========
No active process named cledx.exe was found!
Error: Unable to stop service CLEDX!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CLEDX deleted successfully.
C:\Windows\System32\drivers\cledx.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\H2O deleted successfully.
C:\Programme\Syncrosoft\POS\H2O\cledx.exe moved successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
D:\autorun.inf moved successfully.
ADS C:\Users\MeinPC\Desktop\110847997.jpg:FS_dl_url deleted successfully.
ADS C:\Users\MeinPC\Desktop\28280_131673653532013_100000681378212_204346_3656952_n.jpg:FS_dl_url deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
->Temp folder emptied: 23 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Mcx1-MEINPC-PC
->Temp folder emptied: 516 bytes
->Temporary Internet Files folder emptied: 405112 bytes
 
User: MeinPC
->Temp folder emptied: 271077815 bytes
->Temporary Internet Files folder emptied: 9074899 bytes
->Java cache emptied: 15609771 bytes
->FireFox cache emptied: 87075348 bytes
->Google Chrome cache emptied: 18692003 bytes
->Flash cache emptied: 16112 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 526136 bytes
RecycleBin emptied: 842006583 bytes
 
Total Files Cleaned = 1.187,00 mb
 
 
OTL by OldTimer - Version 3.2.9.1 log created on 08162010_120248

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\kls80BE.tmp not found!

Registry entries deleted on Reboot...

cosinus 16.08.2010 11:24
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

oakk 16.08.2010 12:34
ComboFix Log:

Code:
ComboFix 10-08-15.02 - MeinPC 16.08.2010  13:16:39.1.2 - x86
Microsoft Windows 7 Ultimate  6.1.7600.0.1252.49.1031.18.959.328 [GMT 2:00]
ausgeführt von:: c:\users\MeinPC\Desktop\cofi.exe
 * Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\msvcsv60.dll

.
(((((((((((((((((((((((  Dateien erstellt von 2010-07-16 bis 2010-08-16  ))))))))))))))))))))))))))))))
.

2010-08-16 10:02 . 2010-08-16 10:02        --------        d-----w-        C:\_OTL
2010-08-13 16:18 . 2010-04-29 10:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-13 16:18 . 2010-04-29 10:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-08-12 22:35 . 2009-12-05 17:42        85504        ----a-w-        c:\windows\system32\ff_vfw.dll
2010-08-12 22:34 . 2010-08-12 22:35        --------        d-----w-        c:\program files\ffdshow
2010-08-12 21:23 . 2010-08-12 21:23        --------        d-----w-        c:\program files\TVersity Codec Pack
2010-08-12 21:23 . 2010-08-12 21:23        --------        d-----w-        c:\users\MeinPC\AppData\Local\TVersity
2010-08-12 09:16 . 2010-08-12 09:16        113933        ----a-w-        c:\windows\system32\drivers\klin.dat
2010-08-12 09:16 . 2010-08-12 09:16        97549        ----a-w-        c:\windows\system32\drivers\klick.dat
2010-08-12 09:15 . 2010-08-12 09:15        --------        d-----w-        c:\program files\Kaspersky Lab
2010-08-11 18:44 . 2010-08-11 19:51        --------        d-----w-        c:\program files\trend micro
2010-08-11 18:44 . 2010-08-11 18:44        --------        d-----w-        C:\rsit
2010-08-11 16:43 . 2010-08-16 10:07        --------        d-----w-        c:\programdata\Kaspersky Lab
2010-08-11 16:19 . 2010-08-11 16:19        --------        d-----w-        c:\programdata\Kaspersky Lab Setup Files
2010-08-11 16:08 . 2010-08-11 16:08        --------        d-----w-        c:\programdata\Avira
2010-08-11 16:08 . 2010-08-11 16:08        --------        d-----w-        c:\program files\Avira
2010-08-11 12:30 . 2010-08-11 12:30        --------        d-----w-        c:\programdata\SITEguard
2010-08-11 12:29 . 2010-08-11 12:29        --------        d-----w-        c:\program files\Common Files\iS3
2010-08-11 12:29 . 2010-08-11 18:20        --------        d-----w-        c:\programdata\STOPzilla!
2010-08-06 11:18 . 2010-08-06 11:18        --------        d-----w-        c:\users\MeinPC\AppData\Roaming\Malwarebytes
2010-08-06 11:17 . 2010-08-06 11:17        --------        d-----w-        c:\programdata\Malwarebytes
2010-08-06 11:17 . 2010-08-13 16:18        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-08-06 11:04 . 2010-08-16 11:11        --------        d-----w-        c:\program files\CCleaner
2010-08-04 15:32 . 2010-08-14 17:17        --------        d-----w-        c:\users\MeinPC\AppData\Roaming\MessengerDiscovery 2
2010-08-04 15:31 . 2010-08-04 15:31        --------        d-----w-        c:\programdata\MessengerDiscovery 2
2010-08-04 15:31 . 2010-08-04 15:31        --------        d-----w-        c:\program files\MessengerDiscovery 2
2010-07-30 22:45 . 2010-07-30 22:45        --------        d-----w-        c:\users\MeinPC\AppData\Local\Xilisoft
2010-07-30 22:44 . 2010-07-30 22:44        --------        d-----w-        c:\users\MeinPC\AppData\Roaming\Xilisoft
2010-07-30 22:33 . 2010-07-30 22:33        --------        d-----w-        c:\program files\Xilisoft
2010-07-28 20:19 . 2010-07-28 20:19        --------        d-----w-        c:\programdata\PC Suite
2010-07-28 20:19 . 2010-07-28 20:19        --------        d-----w-        c:\users\MeinPC\AppData\Roaming\PC Suite
2010-07-28 20:13 . 2007-05-02 14:31        90624        ----a-w-        c:\windows\system32\nmwcdcls.dll
2010-07-28 09:20 . 2009-05-18 11:17        26600        ----a-w-        c:\windows\system32\drivers\GEARAspiWDM.sys
2010-07-28 09:20 . 2008-04-17 10:12        107368        ----a-w-        c:\windows\system32\GEARAspi.dll
2010-07-28 09:19 . 2010-07-28 09:19        --------        d-----w-        c:\program files\iPod
2010-07-28 09:19 . 2010-07-28 09:20        --------        d-----w-        c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-28 09:19 . 2010-07-28 09:20        --------        d-----w-        c:\program files\iTunes
2010-07-28 09:18 . 2010-07-28 09:19        --------        d-----w-        c:\programdata\Apple Computer
2010-07-28 09:18 . 2010-07-28 09:18        --------        d-----w-        c:\program files\QuickTime
2010-07-28 09:18 . 2010-07-28 09:18        --------        d-----w-        c:\users\MeinPC\AppData\Local\Apple
2010-07-28 09:17 . 2010-07-28 09:17        --------        d-----w-        c:\program files\Apple Software Update
2010-07-28 09:17 . 2010-07-28 09:17        --------        d-----w-        c:\program files\Bonjour
2010-07-28 09:16 . 2010-08-15 16:41        --------        d-----w-        c:\programdata\Apple
2010-07-28 09:16 . 2010-07-28 09:19        --------        d-----w-        c:\program files\Common Files\Apple
2010-07-21 20:25 . 2010-07-21 20:25        --------        d-----w-        c:\users\MeinPC\AppData\Roaming\InstallShield
2010-07-21 20:25 . 2010-07-21 20:25        --------        d-----w-        c:\program files\Conduit
2010-07-21 20:25 . 2010-07-21 20:25        --------        d-----w-        c:\program files\Winload
2010-07-21 20:25 . 2010-03-24 14:13        52224        ----a-w-        c:\users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\components\FFExternalAlert.dll
2010-07-21 20:25 . 2010-03-24 14:13        101376        ----a-w-        c:\users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\components\RadioWMPCore.dll
2010-07-21 20:18 . 2010-07-21 20:18        --------        d-----w-        c:\program files\Forum Verlag
2010-07-21 20:18 . 2010-07-21 20:18        --------        d-----w-        c:\users\MeinPC\AppData\Roaming\ATLAS_Ausfuhr
2010-07-21 20:18 . 2010-07-21 20:18        473600        ----a-w-        c:\users\MeinPC\AppData\Roaming\AusfuhrPortal\Uninstall\uninstall.exe
2010-07-21 20:18 . 2010-07-21 20:18        --------        d-----w-        c:\users\MeinPC\AppData\Local\Apps
2010-07-21 20:18 . 2010-07-21 20:26        --------        d-----w-        c:\users\MeinPC\AppData\Roaming\AusfuhrPortal
2010-07-21 20:10 . 2010-07-21 20:10        --------        d-----w-        c:\program files\SmartForm
2010-07-21 14:30 . 2010-07-21 14:30        73000        ----a-w-        c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-17 13:15 . 2008-08-26 07:35        9117008        ----a-w-        c:\users\MeinPC\AppData\Roaming\TomTom\HOME\Profiles\u238hpkm.default\extensions\Navcore.8.016.9380@tomtom.com\8-016-9380-1.dll
2010-07-17 13:03 . 2010-07-17 13:03        --------        d-----w-        c:\programdata\TomTom
2010-07-17 13:02 . 2010-07-17 13:02        --------        d-----w-        c:\users\MeinPC\AppData\Roaming\TomTom
2010-07-17 13:02 . 2010-07-17 13:02        --------        d-----w-        c:\users\MeinPC\AppData\Local\TomTom
2010-07-17 13:02 . 2010-07-17 13:02        --------        d-----w-        c:\program files\TomTom International B.V
2010-07-17 13:02 . 2010-07-17 13:02        --------        d-----w-        c:\program files\TomTom HOME 2

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-15 16:42 . 2010-07-28 09:21        --------        d-----w-        c:\users\MeinPC\AppData\Roaming\Apple Computer
2010-08-12 18:11 . 2010-03-20 23:02        --------        d-----w-        c:\program files\JDownloader
2010-08-12 09:14 . 2010-03-20 22:13        --------        d-----w-        c:\program files\F-Secure
2010-08-12 09:12 . 2010-03-20 22:11        --------        d-----w-        c:\programdata\f-secure
2010-08-12 09:12 . 2009-07-14 08:47        646244        ----a-w-        c:\windows\system32\perfh007.dat
2010-08-12 09:12 . 2009-07-14 08:47        127402        ----a-w-        c:\windows\system32\perfc007.dat
2010-08-11 19:52 . 2010-03-20 22:08        113944        ----a-w-        c:\users\MeinPC\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-11 19:51 . 2010-03-25 15:23        --------        d-----w-        c:\programdata\FLEXnet
2010-08-11 10:58 . 2010-05-27 14:27        --------        d-----w-        c:\users\MeinPC\AppData\Roaming\Yspa
2010-07-28 20:13 . 2010-04-23 09:06        --------        d-----w-        c:\program files\Samsung
2010-07-28 20:12 . 2010-04-23 09:08        --------        d-----w-        c:\program files\DIFX
2010-07-28 20:12 . 2010-07-28 20:08        --------        d-----w-        c:\program files\PC Connectivity Solution
2010-07-28 20:08 . 2010-07-28 20:08        --------        d-----w-        c:\program files\MarkAny
2010-07-28 20:01 . 2010-03-21 20:27        --------        d-----w-        c:\program files\Common Files\Adobe
2010-07-21 20:26 . 2010-07-21 20:26        --------        d-----w-        c:\program files\KSR
2010-07-21 20:26 . 2010-03-21 22:23        --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-07-17 13:33 . 2010-03-21 16:32        --------        d-----w-        c:\program files\VstPlugins
2010-07-16 12:09 . 2010-05-20 17:14        720896        ----a-w-        c:\windows\iun6002ev.exe
2010-07-15 11:40 . 2010-07-15 11:40        --------        d-----w-        c:\program files\Google
2010-07-11 13:37 . 2010-04-10 13:49        --------        d-----w-        c:\program files\Steinberg
2010-07-09 09:50 . 2010-07-09 09:50        16        ----a-w-        c:\windows\msocreg32.dat
2010-06-30 12:54 . 2010-03-21 16:30        --------        d-----w-        c:\program files\Image-Line
2010-06-30 12:15 . 2010-04-04 19:12        --------        d-----w-        c:\program files\Windows Live Safety Center
2010-06-30 12:13 . 2010-03-20 22:31        --------        d-----w-        c:\programdata\Messenger Plus!
2010-06-22 12:42 . 2010-06-22 12:42        --------        d-----w-        c:\users\MeinPC\AppData\Roaming\F-Secure
2010-06-16 13:32 . 2010-05-19 11:00        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-06-16 13:32 . 2010-05-19 10:59        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-06-16 13:32 . 2010-05-11 18:00        1127240        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-06-06 21:37 . 2010-07-11 13:37        2785792        ----a-w-        c:\windows\system32\GuaD.dll
2010-06-03 11:10 . 2010-05-11 18:00        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-06-03 11:00 . 2010-06-03 11:00        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-06-02 10:57 . 2010-06-02 10:57        1222464        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-05-26 20:56 . 2010-05-26 20:56        50354        ----a-w-        c:\users\MeinPC\AppData\Roaming\Facebook\uninstall.exe
2010-05-18 14:35 . 2010-05-18 14:35        91424        ----a-w-        c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35        75040        ----a-w-        c:\windows\system32\jdns_sd.dll
2010-05-18 14:35 . 2010-05-18 14:35        197920        ----a-w-        c:\windows\system32\dnssdX.dll
2010-05-18 14:35 . 2010-05-18 14:35        107808        ----a-w-        c:\windows\system32\dns-sd.exe
2009-06-10 21:26 . 2009-07-14 02:04        9633792        --sha-r-        c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42        396800        --sha-w-        c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2010-03-17 13:45        2355224        ----a-w-        c:\program files\Winload\tbWinl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{40C3CC16-7269-4B32-9531-17F2950FB06F}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Aim"="c:\program files\AIM\aim.exe" [2010-03-08 3972440]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-03-19 5248312]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-06-24 247144]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 102400]
"Google Update"="c:\users\MeinPC\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-07-15 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-05-07 344736]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\MeinPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Forum-Updater.lnk - c:\program files\Forum Verlag\AESimple\ForumUpdater.exe [2010-7-21 988672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-05-06 132184]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-15 136176]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys [2002-11-25 16896]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-03-23 691696]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-07-17 3576320]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-06-24 92008]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]

.
Inhalt des "geplante Tasks" Ordners

2010-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-15 11:40]

2010-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-15 11:40]

2010-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3200165665-2754296958-3640837520-1001Core.job
- c:\users\MeinPC\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-15 11:40]

2010-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3200165665-2754296958-3640837520-1001UA.job
- c:\users\MeinPC\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-15 11:40]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
uInternet Settings,ProxyOverride = *.local
IE: Download with Xilisoft Download YouTube Video - c:\program files\Xilisoft\Download YouTube Video\upod_link.HTM
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Winload Customized Web Search
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - component: c:\users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\components\FFExternalAlert.dll
FF - component: c:\users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\MeinPC\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\MeinPC\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

---- FIREFOX Richtlinien ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-NPSStartup - (no file)
AddRemove-Steinberg Hypersonic v1.12.808 - c:\progra~1\VSTPLU~1\HYPERS~1\HYPERS~1\UNWISE.EXE


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-08-16  13:27:46
ComboFix-quarantined-files.txt  2010-08-16 11:27

Vor Suchlauf: 11 Verzeichnis(se), 32.011.780.096 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 31.817.474.048 Bytes frei

- - End Of File - - CB9A31001D0690AA0CC99C6E3A900BB6

cosinus 16.08.2010 12:59
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

oakk 16.08.2010 15:33
GMER Log:

Code:
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-16 15:14:48
Windows 6.1.7600
Running: 80tckost.exe; Driver: C:\Users\MeinPC\AppData\Local\Temp\uwryypog.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwAdjustPrivilegesToken [0x87D22992]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwAlpcConnectPort [0x87D243FA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwAlpcCreatePort [0x87D24674]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwAlpcSendWaitReceivePort [0x87D248E6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwClose [0x87D232AA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwConnectPort [0x87D23A52]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwCreateEvent [0x87D23E4E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwCreateFile [0x87D234C8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwCreateMutant [0x87D23D34]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwCreateNamedPipeFile [0x87D22582]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwCreatePort [0x87D23C08]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwCreateSection [0x87D2272A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwCreateSemaphore [0x87D23F6E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwCreateThread [0x87D22F32]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwCreateThreadEx [0x87D23030]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwCreateWaitablePort [0x87D23C9E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwDebugActiveProcess [0x87D25596]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwDuplicateObject [0x87D26716]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwFsControlFile [0x87D23694]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwLoadDriver [0x87D25688]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwMapViewOfSection [0x87D25D62]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwOpenEvent [0x87D23EE4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwOpenFile [0x87D23336]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwOpenMutant [0x87D23DC4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwOpenProcess [0x87D22BDC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwOpenSection [0x87D25AFC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwOpenSemaphore [0x87D24004]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwOpenThread [0x87D22AD0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwQueryDirectoryObject [0x87D24B30]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwQuerySection [0x87D2609C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwQueueApcThread [0x87D2598E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwReplyPort [0x87D24368]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwReplyWaitReceivePort [0x87D2422E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwRequestWaitReplyPort [0x87D25330]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwResumeThread [0x87D265B8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwSecureConnectPort [0x87D2379C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwSetContextThread [0x87D2314C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwSetInformationToken [0x87D24BD2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwSetSecurityObject [0x87D25790]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwSetSystemInformation [0x87D261EC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwSuspendProcess [0x87D262DE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwSuspendThread [0x87D26418]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwSystemDebugControl [0x87D254BA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwTerminateProcess [0x87D22D7C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwTerminateThread [0x87D22CD2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwUnmapViewOfSection [0x87D25F40]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                  ZwWriteVirtualMemory [0x87D22E68]

INT 0x1F        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                              82C3EAF8
INT 0x37        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                              82C3E104
INT 0xC1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                              82C3E3F4
INT 0xD1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                              82C272D8
INT 0xD2        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                              82C26898
INT 0xDF        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                              82C3E1DC
INT 0xE1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                              82C3E958
INT 0xE3        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                              82C3E6F8
INT 0xFD        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                              82C3EF2C
INT 0xFE        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                              82C3F1A8

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwSaveKeyEx + 13BD                                                                                                                      828575C9 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                                8287C052 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          ntkrnlpa.exe!RtlSidHashLookup + 250                                                                                                                  82883850 4 Bytes  [92, 29, D2, 87]
.text          ntkrnlpa.exe!RtlSidHashLookup + 278                                                                                                                  82883878 8 Bytes  [FA, 43, D2, 87, 74, 46, D2, ...] {CLI ; INC EBX; ROL BYTE [EDI-0x782db98c], CL}
.text          ntkrnlpa.exe!RtlSidHashLookup + 2BC                                                                                                                  828838BC 4 Bytes  [E6, 48, D2, 87]
.text          ntkrnlpa.exe!RtlSidHashLookup + 2E8                                                                                                                  828838E8 4 Bytes  [AA, 32, D2, 87]
.text          ntkrnlpa.exe!RtlSidHashLookup + 30C                                                                                                                  8288390C 4 Bytes  [52, 3A, D2, 87]
.text          ...                                                                                                                                                 
.text          peauth.sys                                                                                                                                            98C17C9D 28 Bytes  [15, 8D, 3F, 60, CB, 83, A3, ...]
.text          peauth.sys                                                                                                                                            98C17CC1 28 Bytes  [15, 8D, 3F, 60, CB, 83, A3, ...]
?              C:\Users\MeinPC\AppData\Local\Temp\catchme.sys                                                                                                        Das System kann die angegebene Datei nicht finden. !
?              C:\Windows\system32\Drivers\PROCEXP113.SYS                                                                                                            Das System kann die angegebene Datei nicht finden. !
?              C:\Users\MeinPC\AppData\Local\Temp\mbr.sys                                                                                                            Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

?              C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe[2028] C:\Windows\system32\ADVAPI32.dll                                              IMAGE_DOS_SIGNATURE not found;
?              C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] C:\Windows\SYSTEM32\ntdll.dll                                                  time/date stamp mismatch;
?              C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] C:\Windows\system32\kernel32.dll                                              time/date stamp mismatch; unknown module: KERNELBASE.dll
?              C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] C:\Windows\SYSTEM32\ntdll.dll                                                  time/date stamp mismatch;
?              C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] C:\Windows\system32\kernel32.dll                                              time/date stamp mismatch; unknown module: KERNELBASE.dll
.text          C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] USER32.dll!NotifyWinEvent + 48B                                                776AF724 4 Bytes  [70, 11, 46, 6C] {JO 0x13; INC ESI; INSB }

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                      [75975E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2052] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                        [75975E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2052] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                        [75975E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2052] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                      [75975E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2052] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]                      [75975E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap]              00270240
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap]                    002702B0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap]                00270320
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap]                    00270390
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap]                      00270A90
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap]                00270B00
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap]                  00270B70
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap]                      00270BE0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW]              77090D30
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                77090DA0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread]                  00270C50
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW]                77090E10
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA]            77090E80
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA]              77090EF0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA]                77090F60
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    01290010
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary]                    01290080
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                012900F0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW]                  01290160
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW]            012901D0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap]                    00270CC0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap]                        00270D30
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    01290240
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW]                  012902B0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]                    01290320
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW]                    01290390
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary]                    01290400
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                  01290470
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetModuleHandleA]                012904E0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap]                    00270F60
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap]                77B305C0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap]              77B30630
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree]                  77B30710
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW]          012907F0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW]              01290860
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode]                012908D0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]              01290940
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA]                012909B0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary]                  01290A20
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW]                01290A90
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree]                    77B308D0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA]              01290B00
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  01290B70
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW]            01290BE0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap]                      77B30A90
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap]                  77B30B00
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap]                      003800F0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                  012A0470
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW]                  012A04E0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW]                  012A0550
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread]                  00380160
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree]                      00380240
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA]            012A05C0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW]            012A0630
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW]              012A06A0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA]              012A0710
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]                  012A0780
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW]                012A07F0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                012A0860
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary]                  012A08D0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA]                012A0940
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode]                  012A09B0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  012A0A20
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap]                      00380A20
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap]                  00380A90
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree]                      00380BE0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW]              012B0940
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!VirtualAlloc]                  00380C50
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  012B09B0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW]                012B0A20
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW]            012B0A90
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA]                012B0B00
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA]                  012B0B70
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]                012B0BE0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary]                  012B0C50
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap]                      003A0630
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap]                  003A06A0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\IPHLPAPI.DLL [ntdll.dll!RtlFreeHeap]                    003C00F0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\IPHLPAPI.DLL [ntdll.dll!RtlAllocateHeap]                003C0160
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap]                        003C05C0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap]                    003C0630
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap]                  003C06A0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW]                    019E0A90
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2080] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]                    019E0B00
IAT            C:\Program Files\Forum Verlag\AESimple\ForumUpdater.exe[2732] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                          [75975E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Forum Verlag\AESimple\ForumUpdater.exe[2732] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                          [75975E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Forum Verlag\AESimple\ForumUpdater.exe[2732] @ C:\Windows\system32\advapi32.dll [KERNEL32.dll!GetProcAddress]                        [75975E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Forum Verlag\AESimple\ForumUpdater.exe[2732] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                        [75975E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Forum Verlag\AESimple\ForumUpdater.exe[2732] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetProcAddress]                        [75975E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Forum Verlag\AESimple\ForumUpdater.exe[2732] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]                        [75975E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap]              00510240
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap]                    005102B0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap]                00510320
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap]                    00510390
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap]                      00510A90
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap]                00510B00
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap]                  00510B70
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap]                      00510BE0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW]              77090D30
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                77090DA0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread]                  00510C50
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW]                77090E10
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA]            77090E80
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA]              77090EF0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA]                77090F60
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    015A0010
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary]                    015A0080
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                015A00F0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW]                  015A0160
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW]            015A01D0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap]                    00510CC0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap]                        00510D30
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    015A0240
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW]                  015A02B0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]                    015A0320
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW]                    015A0390
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary]                    015A0400
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                  015A0470
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetModuleHandleA]                015A04E0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap]                    00510F60
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap]                77B305C0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap]              77B30630
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree]                  77B30710
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW]          015A07F0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW]              015A0860
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode]                015A08D0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]              015A0940
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA]                015A09B0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary]                  015A0A20
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW]                015A0A90
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree]                    77B308D0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA]              015A0B00
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  015A0B70
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW]            015A0BE0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap]                      77B30A90
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap]                  77B30B00
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap]                      005200F0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                  015B0470
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW]                  015B04E0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW]                  015B0550
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread]                  00520160
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree]                      00520240
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA]            015B05C0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW]            015B0630
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW]              015B06A0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA]              015B0710
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]                  015B0780
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW]                015B07F0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                015B0860
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary]                  015B08D0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA]                015B0940
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode]                  015B09B0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  015B0A20
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap]                      00520A20
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap]                  00520A90
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree]                      00520BE0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW]              015C0940
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!VirtualAlloc]                  00520C50
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  015C09B0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW]                015C0A20
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW]            015C0A90
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA]                015C0B00
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA]                  015C0B70
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]                015C0BE0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary]                  015C0C50
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap]                      00540780
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap]                  005407F0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\IPHLPAPI.DLL [ntdll.dll!RtlFreeHeap]                    00E50240
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\IPHLPAPI.DLL [ntdll.dll!RtlAllocateHeap]                00E502B0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap]                        00E50710
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap]                    00E50780
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap]                  00E507F0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW]                    01640E10
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]                    01640E80
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryExA]                77090400
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary]                  770900F0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW]              770902B0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress]                77090320
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  770905C0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!CreateThread]                  77B301D0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetModuleHandleA]              77090240
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!SetErrorMode]                  77090550
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!LoadLibraryW]                  770904E0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!HeapFree]                      77B302B0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  770905C0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!LoadLibraryExW]                77090470
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetProcAddress]                77090320
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!LoadLibraryA]                  77090390
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!FreeLibrary]                  770900F0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetModuleFileNameW]            770901D0
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetModuleFileNameA]            77090160
IAT            C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3052] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetModuleHandleW]              770902B0

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                                              kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                                rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                                rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004d                                                                                                                    halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Udp                                                                                                                              kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                                                                            kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                     
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                  0
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                0x4E 0xA2 0xFD 0x80 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                  C:\Program Files\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                           
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                      0x88 0xCE 0xEA 0x76 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                          0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                                       
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                  0x79 0x16 0xDB 0x0A ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                                 
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                      0
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                    0x4E 0xA2 0xFD 0x80 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                      C:\Program Files\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                                       
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                          0x88 0xCE 0xEA 0x76 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                              0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                                   
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                      0x79 0x16 0xDB 0x0A ...
Reg            HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{F77A3523-3469-11DF-8600-806E6F6E6963}                                1182065408

---- EOF - GMER 1.0.15 ----
OSAM Log:

Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 16:25:36 on 16.08.2010

OS: Windows 7 Ultimate Edition (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.8

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Kaspersky Lab ZAO" - C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskUserS-1-5-21-3200165665-2754296958-3640837520-1001Core.job" - "Google Inc." - C:\Users\MeinPC\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-3200165665-2754296958-3640837520-1001UA.job" - "Google Inc." - C:\Users\MeinPC\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"camcpl.cpl" - "Logitech Inc." - C:\Windows\system32\camcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"adfs" (adfs) - "Adobe Systems, Inc." - C:\Windows\system32\drivers\adfs.sys
"catchme" (catchme) - ? - C:\Users\MeinPC\AppData\Local\Temp\catchme.sys  (File not found)
"FsUsbExDisk" (FsUsbExDisk) - ? - C:\Windows\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)
"Nsynas32" (Nsynas32) - "Syncrosoft Hard- und Software GmbH" - C:\Windows\system32\drivers\Nsynas32.sys
"SynasUSB" (SynasUSB) - "Syncrosoft GmbH" - C:\Windows\System32\drivers\SynasUSB.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA32A~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3} "My Logitech Pictures" - "Logitech Inc." - C:\Program Files\Logitech\Video\Namespc2.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
<binary data> "Winload Toolbar" - "Conduit Ltd." - C:\Program Files\Winload\tbWinl.dll
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" - "Conduit Ltd." - C:\Program Files\Winload\tbWinl.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{4248FE82-7FCB-46AC-B270-339F08212110} "&Virtuelle Tastatur" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
{0B4350D1-055F-47A3-B112-5F2F2B0D6F08} "ClsidExtension" - "Google Inc." - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
{CCF151D8-D089-449F-A5A4-D9909053F20F} "Li&nks untersuchen" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" - "Conduit Ltd." - C:\Program Files\Winload\tbWinl.dll
<binary data> "Yahoo! Toolbar" - "Yahoo! Inc." - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{02478D38-C3F9-4efb-9B51-7695ECA05670} "&Yahoo! Toolbar Helper" - "Yahoo! Inc." - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{E33CF602-D945-461A-83F0-819F76A199F8} "FilterBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} "Google Gears Helper" - "Google Inc." - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} "SingleInstance Class" - "Yahoo! Inc" - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" - "Conduit Ltd." - C:\Program Files\Winload\tbWinl.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -  (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\MeinPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Forum-Updater.lnk" - "Forum Verlag Herkert GmbH" - C:\Program Files\Forum Verlag\AESimple\ForumUpdater.exe  (Shortcut exists | File exists)
"Lexmark X125 Einstellungsdienstprogramm.lnk" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lexmark X125 Einstellungsdienstprogramm.lnk  (Shortcut exists | File not found)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Aim" - "AOL Inc." - "C:\Program Files\AIM\aim.exe" /d locale=de-DE
"AutoStartNPSAgent" - "Samsung Electronics Co., Ltd." - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
"Google Update" - "Google Inc." - "C:\Users\MeinPC\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"LogitechSoftwareUpdate" - "Logitech Inc." - "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
"Messenger (Yahoo!)" - "Yahoo! Inc." - "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
"TomTomHOME.exe" - "TomTom" - "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AdobeCS4ServiceManager" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"AVP" - "Kaspersky Lab ZAO" - "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"LogitechVideoRepair" - "Logitech Inc." - C:\Program Files\Logitech\Video\ISStart.exe
"LogitechVideoTray" - "Logitech Inc." - C:\Program Files\Logitech\Video\LogiTray.exe
"Malwarebytes Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Adobe Drive CS4 Network" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"FsUsbExService" (FsUsbExService) - "Teruten" - C:\Windows\system32\FsUsbExService.Exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Kaspersky Anti-Virus Service" (AVP) - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"NIHardwareService" (NIHardwareService) - "Native Instruments GmbH" - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"ServiceLayer" (ServiceLayer) - "Nokia." - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
"TomTomHOMEService" (TomTomHOMEService) - "TomTom" - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
"TVersityMediaServer" (TVersityMediaServer) - ? - C:\Users\MeinPC\AppData\Local\TVersity\Media Server\MediaServer.exe  (File found, but it contains no detailed information)
"Yahoo! Updater" (YahooAUService) - "Yahoo! Inc." - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"klogon" - "Kaspersky Lab ZAO" - C:\Windows\system32\klogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
remover:

http://yfrog.com/meunbenanntjzj

cosinus 16.08.2010 17:08
Beim remover seh ich nichts, kein Log, die anderen beiden sehen IMO ok aus.

oakk 17.08.2010 18:23
ya hab ein link gepostet. ist irgendwie nicht angekommen. aber hier ist es noch mal.

http://img24.imageshack.us/img24/8981/unbenanntfcg.jpg

cosinus 17.08.2010 19:47
Auch das ist ok (siehe grüne Schrift :daumenhoc)
Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

oakk 18.08.2010 16:06
Malbytes log:

Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4363

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

18.08.2010 14:29:14
mbam-log-2010-08-18 (14-29-14).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 295447
Laufzeit: 53 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.77 85.255.112.6 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f358f42d-deb9-4bf8-8d6d-52d283c26ed4}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.77 85.255.112.6 -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Super log:

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 08/18/2010 at 04:06 PM

Application Version : 4.41.1000

Core Rules Database Version : 5242
Trace Rules Database Version: 3054

Scan type      : Complete Scan
Total Scan Time : 01:29:35

Memory items scanned      : 480
Memory threats detected  : 0
Registry items scanned    : 9275
Registry threats detected : 0
File items scanned        : 158131
File threats detected    : 89

Adware.Tracking Cookie
        C:\Users\MeinPC\AppData\Roaming\Microsoft\Windows\Cookies\meinpc@tacoda[2].txt
        C:\Users\MeinPC\AppData\Roaming\Microsoft\Windows\Cookies\meinpc@cdn.at.atwola[2].txt
        C:\Users\MeinPC\AppData\Roaming\Microsoft\Windows\Cookies\meinpc@atdmt[2].txt
        C:\Users\MeinPC\AppData\Roaming\Microsoft\Windows\Cookies\meinpc@at.atwola[1].txt
        C:\Users\MeinPC\AppData\Roaming\Microsoft\Windows\Cookies\meinpc@ar.atwola[1].txt
        C:\Users\MeinPC\AppData\Roaming\Microsoft\Windows\Cookies\meinpc@bs.serving-sys[1].txt
        C:\Users\MeinPC\AppData\Roaming\Microsoft\Windows\Cookies\meinpc@serving-sys[1].txt
        C:\Users\MeinPC\AppData\Roaming\Microsoft\Windows\Cookies\meinpc@tradedoubler[2].txt
        C:\Users\MeinPC\AppData\Roaming\Microsoft\Windows\Cookies\meinpc@adtech[1].txt
        C:\Users\MeinPC\AppData\Roaming\Microsoft\Windows\Cookies\meinpc@apmebf[1].txt
        C:\Users\MeinPC\AppData\Roaming\Microsoft\Windows\Cookies\meinpc@atwola[2].txt
        C:\Users\MeinPC\AppData\Roaming\Microsoft\Windows\Cookies\meinpc@advertising[2].txt
        C:\Users\MeinPC\AppData\Roaming\Microsoft\Windows\Cookies\meinpc@mediaplex[2].txt
        C:\Users\MeinPC\AppData\Roaming\Microsoft\Windows\Cookies\meinpc@weborama[2].txt
        ia.media-imdb.com [ C:\Users\MeinPC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABX6SS65 ]
        www.naiadsystems.com [ C:\Users\MeinPC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABX6SS65 ]
        www.pornkeeper.com [ C:\Users\MeinPC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABX6SS65 ]
        toplisted.us [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .imrworldwide.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .imrworldwide.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        ad.yieldmanager.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        ad.yieldmanager.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .bs.serving-sys.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .serving-sys.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .serving-sys.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .serving-sys.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .serving-sys.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .serving-sys.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .serving-sys.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .serving-sys.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .adfarm1.adition.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .adfarm1.adition.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .webmasterplan.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .webmasterplan.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .doubleclick.net [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        ad.yieldmanager.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .content.yieldmanager.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        ad.yieldmanager.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        ad.yieldmanager.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .smartadserver.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        ww251.smartadserver.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .smartadserver.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .smartadserver.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .smartadserver.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .smartadserver.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .adtech.de [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        de.sitestat.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        de.sitestat.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .statcounter.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .2o7.net [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .content.yieldmanager.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        ad.yieldmanager.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .myroitracking.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .clicksor.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .clicksor.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .clicksor.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .clicksor.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .clicksor.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        bridge2.admarketplace.net [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .admarketplace.net [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        ad.zanox.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .zanox.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .zanox-affiliate.de [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .traffictrack.de [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .bizzclick.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        xml.happytofind.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .zedo.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .zedo.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .zedo.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .zedo.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .zedo.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .zedo.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        ad.yieldmanager.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        ad.yieldmanager.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .apmebf.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .fastclick.net [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .fastclick.net [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .fastclick.net [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .casalemedia.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .casalemedia.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .casalemedia.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .casalemedia.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .casalemedia.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .casalemedia.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        ad.yieldmanager.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        .tracking.mindshare.de [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]
        ad.yieldmanager.com [ C:\Users\MeinPC\AppData\Roaming\Mozilla\Firefox\Profiles\yprpyq5u.default\cookies.sqlite ]

Adware.Flash Tracking Cookie
        C:\Users\MeinPC\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ABX6SS65\IA.MEDIA-IMDB.COM

Rogue.Agent/Gen-Nullo[DLL]
        C:\WINDOWS\SYSTEM32\MFC1O.DLL

cosinus 18.08.2010 18:33
Zitat:
Datenbank Version: 4363
Du hast Malwarebytes vorher nicht aktualisiert. Bitte updaten und einen Vollscan machen.

oakk 18.08.2010 20:47
wie schon zuvor gesagt, ich kann nichts updaten auch nicht manuell. ich weiß nicht warum.:confused:

cosinus 18.08.2010 20:56
Immer noch nicht? :confused:
Deinstallier es mal komplett. Dann installierst Du es wieder aber diesen Installer verwenden, der ist zufällig benannt => http://malwarebytes.org/mbam-download-exe-random.php

Sofort im Anschluss aktualisieren lassen!

oakk 19.08.2010 10:18
es geht noch immer nicht. die seite kann nicht bei mir angezeigt werden:confused::(

cosinus 19.08.2010 10:30
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

oakk 19.08.2010 12:44
hier ist der OTL log:

Code:
OTL logfile created on: 19.08.2010 11:59:47 - Run 2
OTL by OldTimer - Version 3.2.9.1    Folder = C:\Users\MeinPC\Downloads
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
959,00 Mb Total Physical Memory | 131,00 Mb Available Physical Memory | 14,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 38,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78,13 Gb Total Space | 40,14 Gb Free Space | 51,38% Space Free | Partition Type: NTFS
Drive D: | 70,91 Gb Total Space | 63,61 Gb Free Space | 89,70% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MEINPC-PC
Current User Name: MeinPC
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\MeinPC\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\MeinPC\AppData\Local\TVersity\Media Server\MediaServer.exe ()
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\Video\FxSvr2.exe (Logitech Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\MeinPC\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TVersityMediaServer) -- C:\Users\MeinPC\AppData\Local\TVersity\Media Server\MediaServer.exe ()
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (NIHardwareService) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\MeinPC\AppData\Local\Temp\catchme.sys File not found
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC-Seriellschnittstellentreiber (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) Brother MFC-nur-Fax-Modem (USB) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) Brother MFC-WDM-Treiber (USB,seriell) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) Brother WDM-Treiber (seriell) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (SynasUSB) -- C:\Windows\System32\drivers\synasUSB.sys (Syncrosoft GmbH)
DRV - (Nsynas32) -- C:\Windows\System32\drivers\NSynas32.sys (Syncrosoft Hard- und Software GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9C 20 35 68 BE 24 CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Winload Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.5331
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:1.0.2
FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.0.232
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.07.15 13:40:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.28 11:18:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.16 12:11:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt [2010.08.12 11:16:14 | 000,000,000 | ---D | M]
 
[2010.07.17 15:02:31 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\mozilla\Extensions
[2010.07.17 15:02:31 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010.08.18 19:33:25 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\mozilla\Firefox\Profiles\yprpyq5u.default\extensions
[2010.07.21 22:25:13 | 000,000,000 | ---D | M] (Winload Toolbar) -- C:\Users\MeinPC\AppData\Roaming\mozilla\Firefox\Profiles\yprpyq5u.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2010.05.02 18:30:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\MeinPC\AppData\Roaming\mozilla\Firefox\Profiles\yprpyq5u.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.07.09 17:59:35 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\MeinPC\AppData\Roaming\mozilla\Firefox\Profiles\yprpyq5u.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.04.26 17:07:48 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Users\MeinPC\AppData\Roaming\mozilla\Firefox\Profiles\yprpyq5u.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010.07.21 22:25:09 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\mozilla\Firefox\Profiles\yprpyq5u.default\extensions\finder@meingutscheincode.de
[2010.03.21 16:01:07 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\mozilla\Firefox\Profiles\yprpyq5u.default\extensions\firefox@tvunetworks.com
[2010.06.22 14:42:32 | 000,002,267 | ---- | M] () -- C:\Users\MeinPC\AppData\Roaming\Mozilla\FireFox\Profiles\yprpyq5u.default\searchplugins\aim-search.xml
[2010.03.24 16:13:02 | 000,000,917 | ---- | M] () -- C:\Users\MeinPC\AppData\Roaming\Mozilla\FireFox\Profiles\yprpyq5u.default\searchplugins\conduit.xml
[2010.08.12 11:17:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.08.12 11:17:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010.07.26 19:47:24 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.26 19:47:24 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.26 19:47:24 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.26 19:47:25 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.26 19:47:25 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.16 13:24:45 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Users\MeinPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.255.112.77 85.255.112.6
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {58BEB942-8EFC-3F01-F747-5929BDD4370A} - Internet Explorer
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8DBE3535-8ABF-82EA-F524-2C69A81BDE1D} - Internet Explorer
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {DF96EFF3-A4DF-294E-4DFB-88F65825DBA1} - Microsoft Windows Media Player
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.08.18 00:26:20 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.08.18 00:26:19 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Roaming\SUPERAntiSpyware.com
[2010.08.18 00:26:05 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010.08.16 13:27:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.08.16 13:27:48 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010.08.16 13:27:48 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Local\temp
[2010.08.16 13:15:02 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.08.16 13:15:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.08.16 13:15:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.08.16 13:14:53 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.08.16 13:12:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.08.16 13:12:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.08.16 12:02:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.08.13 18:18:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.13 18:18:09 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.13 00:34:59 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2010.08.12 23:23:44 | 000,000,000 | ---D | C] -- C:\Program Files\TVersity Codec Pack
[2010.08.12 23:23:21 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Local\TVersity
[2010.08.12 11:15:58 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2010.08.12 11:15:49 | 000,475,224 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010.08.11 20:44:19 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.08.11 20:44:19 | 000,000,000 | ---D | C] -- C:\rsit
[2010.08.11 18:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010.08.11 18:43:00 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\Desktop\Virus Removal Tool
[2010.08.11 18:19:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010.08.11 18:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.08.11 18:08:05 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010.08.11 18:06:29 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\Documents\avira_antivir_personal_de1000567
[2010.08.11 14:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SITEguard
[2010.08.11 14:29:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010.08.11 14:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2010.08.10 23:00:30 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010.08.10 12:01:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010.08.10 01:01:42 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\Desktop\Neuer Ordner (3)
[2010.08.06 13:57:00 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\Desktop\photoshop sachn
[2010.08.06 13:18:17 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Roaming\Malwarebytes
[2010.08.06 13:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.06 13:17:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.08.06 13:04:58 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.08.05 12:56:31 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\Documents\My Webcam Recordings
[2010.08.04 17:32:02 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Roaming\MessengerDiscovery 2
[2010.08.04 17:31:49 | 000,000,000 | ---D | C] -- C:\ProgramData\MessengerDiscovery 2
[2010.08.04 17:31:49 | 000,000,000 | ---D | C] -- C:\Program Files\MessengerDiscovery 2
[2010.07.31 00:45:35 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Local\Xilisoft
[2010.07.31 00:45:02 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\Documents\Xilisoft
[2010.07.31 00:44:55 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Roaming\Xilisoft
[2010.07.31 00:34:32 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010.07.31 00:33:20 | 000,000,000 | ---D | C] -- C:\Program Files\Xilisoft
[2010.07.28 22:51:24 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\Desktop\Neuer Ordner (2)
[2010.07.28 22:43:21 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\Documents\My Art
[2010.07.28 22:29:11 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\Desktop\Neuer Ordner
[2010.07.28 22:19:40 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2010.07.28 22:19:38 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Roaming\PC Suite
[2010.07.28 22:13:01 | 000,090,624 | ---- | C] (Nokia) -- C:\Windows\System32\nmwcdcls.dll
[2010.07.28 22:12:55 | 000,021,632 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2010.07.28 22:12:16 | 000,121,856 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bmdm.sys
[2010.07.28 22:12:16 | 000,090,112 | ---- | C] (MCCI) -- C:\Windows\System32\drivers\ss_bbus.sys
[2010.07.28 22:12:16 | 000,014,976 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bmdfl.sys
[2010.07.28 22:12:16 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bwhnt.sys
[2010.07.28 22:12:16 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bwh.sys
[2010.07.28 22:12:16 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bcmnt.sys
[2010.07.28 22:12:16 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bcm.sys
[2010.07.28 22:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2010.07.28 22:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010.07.28 11:21:03 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Roaming\Apple Computer
[2010.07.28 11:21:03 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Local\Apple Computer
[2010.07.28 11:20:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010.07.28 11:19:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010.07.28 11:19:40 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010.07.28 11:19:40 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.07.28 11:18:18 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010.07.28 11:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010.07.28 11:18:00 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Local\Apple
[2010.07.28 11:17:55 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010.07.28 11:17:06 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010.07.28 11:16:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010.07.28 11:16:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010.07.21 22:26:23 | 000,362,200 | ---- | C] (ComponentOne) -- C:\Windows\System32\vsprint7.ocx
[2010.07.21 22:26:23 | 000,173,784 | ---- | C] (ComponentOne ) -- C:\Windows\System32\vspdf.ocx
[2010.07.21 22:26:23 | 000,128,728 | ---- | C] (ComponentOne) -- C:\Windows\System32\vsppgvp7.dll
[2010.07.21 22:26:23 | 000,036,864 | ---- | C] (KSR EDV Ing. Buero GmbH) -- C:\Windows\System32\udaNEXTNUMBER_ActiveX.dll
[2010.07.21 22:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\KSR
[2010.07.21 22:26:22 | 002,379,776 | ---- | C] (KSR EDV Ing. Buero GmbH) -- C:\Windows\System32\udaFUNCTIONS_ActiveX.dll
[2010.07.21 22:26:22 | 000,352,256 | ---- | C] (KSR EDV Ing. Buero GmbH) -- C:\Windows\System32\UDA_ActiveX.dll
[2010.07.21 22:26:22 | 000,294,912 | ---- | C] (KSR EDV Ing. Buero GmbH) -- C:\Windows\System32\KSR_LizenzReg_ActiveX.dll
[2010.07.21 22:26:22 | 000,245,760 | ---- | C] (KSR EDV Ing. Buero GmbH) -- C:\Windows\System32\KSR_PrintEngine_ActiveX.ocx
[2010.07.21 22:26:22 | 000,094,275 | ---- | C] (KSR EDV Ing.büro GmbH) -- C:\Windows\System32\KSR_RegistryAccess_ActiveX.dll
[2010.07.21 22:26:22 | 000,057,344 | ---- | C] (KSR EDV Ing. Büro GmbH) -- C:\Windows\System32\KSR_Error.dll
[2010.07.21 22:26:22 | 000,057,344 | ---- | C] (INNO-TECH Software) -- C:\Windows\System32\inPOPUPMenu_ActiveX.ocx
[2010.07.21 22:26:22 | 000,053,248 | ---- | C] (Creative Software GmbH) -- C:\Windows\System32\ksrTtoolText.dll
[2010.07.21 22:26:22 | 000,049,152 | ---- | C] (KSR EDV Ing.büro GmbH) -- C:\Windows\System32\KSR_Ttool_ActiveX.dll
[2010.07.21 22:26:22 | 000,032,768 | ---- | C] (ksr) -- C:\Windows\System32\KSR_RegAccessAdmin.exe
[2010.07.21 22:25:42 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Roaming\InstallShield
[2010.07.21 22:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010.07.21 22:25:15 | 000,000,000 | ---D | C] -- C:\Program Files\Winload
[2010.07.21 22:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\Forum Verlag
[2010.07.21 22:18:52 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Roaming\ATLAS_Ausfuhr
[2010.07.21 22:18:49 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Local\Apps
[2010.07.21 22:18:47 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Roaming\AusfuhrPortal
[2010.07.21 22:10:31 | 000,000,000 | ---D | C] -- C:\Program Files\SmartForm
[2010.07.17 15:03:25 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\Documents\TomTom
[2010.07.17 15:03:22 | 000,000,000 | ---D | C] -- C:\ProgramData\TomTom
[2010.07.17 15:02:30 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Roaming\TomTom
[2010.07.17 15:02:30 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Local\TomTom
[2010.07.17 15:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V
[2010.07.17 15:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom HOME 2
[2010.07.17 01:54:09 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.07.15 13:40:15 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010.07.15 13:40:07 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Local\Google
[2010.07.11 15:37:52 | 002,785,792 | ---- | C] (AiR) -- C:\Windows\System32\GuaD.dll
[2010.07.09 18:00:35 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\dwhelper
[2010.06.29 23:41:25 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\Documents\Verlauf
[2010.06.22 14:42:01 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Roaming\F-Secure
[2010.06.07 16:21:39 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Roaming\4Media
[2010.06.07 16:20:23 | 000,000,000 | ---D | C] -- C:\Program Files\4Media
[2010.06.05 21:03:16 | 000,000,000 | ---D | C] -- C:\ProgramData\AppData
[2010.05.27 16:27:47 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Roaming\Yspa
[2010.05.26 23:08:39 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\Neuer Ordner
[2010.05.26 22:55:57 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Roaming\Facebook
 
========== Files - Modified Within 90 Days ==========
 
[2010.08.19 12:02:11 | 003,145,728 | -HS- | M] () -- C:\Users\MeinPC\ntuser.dat
[2010.08.19 11:45:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.19 11:18:20 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.19 11:18:20 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.19 11:12:52 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.19 11:12:47 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.19 11:12:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.19 11:12:41 | 753,836,032 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.18 21:05:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3200165665-2754296958-3640837520-1001UA.job
[2010.08.18 21:05:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3200165665-2754296958-3640837520-1001Core.job
[2010.08.18 16:10:02 | 002,788,422 | -H-- | M] () -- C:\Users\MeinPC\AppData\Local\IconCache.db
[2010.08.18 00:26:08 | 000,001,925 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.08.16 16:30:27 | 000,071,235 | ---- | M] () -- C:\Users\MeinPC\Desktop\Unbenannt.jpg
[2010.08.16 15:16:37 | 000,002,028 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Forum-Updater.lnk
[2010.08.16 13:24:53 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.08.16 13:24:45 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.08.16 13:11:26 | 000,000,969 | ---- | M] () -- C:\Users\MeinPC\Desktop\CCleaner.lnk
[2010.08.16 13:08:19 | 003,817,889 | R--- | M] () -- C:\Users\MeinPC\Desktop\cofi.exe
[2010.08.16 12:11:59 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.08.15 21:03:17 | 000,002,322 | ---- | M] () -- C:\Users\MeinPC\Desktop\Google Chrome.lnk
[2010.08.13 23:11:07 | 002,741,419 | ---- | M] () -- C:\Users\MeinPC\Desktop\Quo - Complicated (written by Jack Knight).mp3
[2010.08.13 18:18:16 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.12 23:23:46 | 000,002,435 | ---- | M] () -- C:\Users\MeinPC\Desktop\TVersity.lnk
[2010.08.12 11:16:52 | 000,113,933 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2010.08.12 11:16:51 | 000,097,549 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2010.08.12 11:15:49 | 000,475,224 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010.08.12 11:12:34 | 000,646,244 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.12 11:12:34 | 000,609,608 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.12 11:12:34 | 000,127,402 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.12 11:12:34 | 000,104,584 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.11 22:50:19 | 000,524,288 | -HS- | M] () -- C:\Users\MeinPC\ntuser.dat{0806124e-a581-11df-8194-00e04d5e418e}.TMContainer00000000000000000002.regtrans-ms
[2010.08.11 22:50:19 | 000,524,288 | -HS- | M] () -- C:\Users\MeinPC\ntuser.dat{0806124e-a581-11df-8194-00e04d5e418e}.TMContainer00000000000000000001.regtrans-ms
[2010.08.11 22:50:19 | 000,065,536 | -HS- | M] () -- C:\Users\MeinPC\ntuser.dat{0806124e-a581-11df-8194-00e04d5e418e}.TM.blf
[2010.08.11 21:52:55 | 000,113,944 | ---- | M] () -- C:\Users\MeinPC\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.09 23:54:56 | 003,353,355 | ---- | M] () -- C:\Users\MeinPC\Desktop\JBarbz - HardCore (final).mp3
[2010.07.30 23:08:32 | 004,747,026 | ---- | M] () -- C:\Users\MeinPC\Desktop\Gambler Pop Mix 3.mp3
[2010.07.28 22:28:09 | 000,000,619 | ---- | M] () -- C:\Users\MeinPC\Desktop\Track03 - Verknüpfung.lnk
[2010.07.28 22:23:46 | 001,493,750 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.28 22:08:27 | 000,002,116 | ---- | M] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk
[2010.07.21 22:26:32 | 000,001,873 | ---- | M] () -- C:\Users\Public\Desktop\Export Formular Manager.lnk
[2010.07.21 22:18:52 | 000,002,497 | ---- | M] () -- C:\Users\MeinPC\Desktop\AESimple & SanScreen & eForm Zoll.lnk
[2010.07.17 01:54:25 | 002,350,384 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.07.16 14:09:33 | 000,720,896 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002ev.exe
[2010.07.09 11:50:12 | 000,000,016 | ---- | M] () -- C:\Windows\System32\w3data.vss
[2010.07.09 11:50:12 | 000,000,016 | ---- | M] () -- C:\Windows\msocreg32.dat
[2010.06.30 13:01:35 | 000,021,744 | ---- | M] () -- C:\Users\MeinPC\Desktop\28280_131673653532013_100000681378212_204346_3656952_n.jpg
[2010.06.22 21:32:27 | 000,012,016 | ---- | M] () -- C:\Users\MeinPC\Desktop\Vergleich Felix Krull und Simplicissimus.docx
[2010.06.14 00:44:51 | 003,796,086 | ---- | M] () -- C:\Users\MeinPC\Desktop\01 California Girls (Master).mp3
[2010.06.07 00:36:56 | 000,015,945 | ---- | M] () -- C:\Users\MeinPC\Desktop\110847997.jpg
[2010.06.06 23:37:12 | 002,785,792 | ---- | M] (AiR) -- C:\Windows\System32\GuaD.dll
[2010.05.30 15:46:40 | 000,010,378 | ---- | M] () -- C:\Users\MeinPC\Desktop\rechnung.xlsx
[2010.05.24 17:22:13 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010.05.24 17:22:13 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
 
========== Files Created - No Company Name ==========
 
[2010.08.18 00:26:08 | 000,001,925 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.08.16 16:30:27 | 000,071,235 | ---- | C] () -- C:\Users\MeinPC\Desktop\Unbenannt.jpg
[2010.08.16 13:15:02 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.08.16 13:15:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.08.16 13:15:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.08.16 13:15:02 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.08.16 13:15:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.08.16 13:11:26 | 000,000,969 | ---- | C] () -- C:\Users\MeinPC\Desktop\CCleaner.lnk
[2010.08.16 13:07:21 | 003,817,889 | R--- | C] () -- C:\Users\MeinPC\Desktop\cofi.exe
[2010.08.15 21:03:17 | 000,002,322 | ---- | C] () -- C:\Users\MeinPC\Desktop\Google Chrome.lnk
[2010.08.15 21:00:59 | 000,001,122 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3200165665-2754296958-3640837520-1001UA.job
[2010.08.15 21:00:57 | 000,001,070 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3200165665-2754296958-3640837520-1001Core.job
[2010.08.13 23:10:48 | 002,741,419 | ---- | C] () -- C:\Users\MeinPC\Desktop\Quo - Complicated (written by Jack Knight).mp3
[2010.08.13 18:18:16 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.13 00:35:00 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.08.12 23:23:46 | 000,002,435 | ---- | C] () -- C:\Users\MeinPC\Desktop\TVersity.lnk
[2010.08.12 11:16:52 | 000,113,933 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010.08.12 11:16:51 | 000,097,549 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010.08.11 21:52:21 | 000,524,288 | -HS- | C] () -- C:\Users\MeinPC\ntuser.dat{0806124e-a581-11df-8194-00e04d5e418e}.TMContainer00000000000000000002.regtrans-ms
[2010.08.11 21:52:21 | 000,524,288 | -HS- | C] () -- C:\Users\MeinPC\ntuser.dat{0806124e-a581-11df-8194-00e04d5e418e}.TMContainer00000000000000000001.regtrans-ms
[2010.08.11 21:52:21 | 000,065,536 | -HS- | C] () -- C:\Users\MeinPC\ntuser.dat{0806124e-a581-11df-8194-00e04d5e418e}.TM.blf
[2010.08.11 13:39:27 | 000,002,028 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Forum-Updater.lnk
[2010.08.11 13:39:27 | 000,001,889 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lexmark X125 Einstellungsdienstprogramm.lnk
[2010.08.10 00:27:30 | 003,353,355 | ---- | C] () -- C:\Users\MeinPC\Desktop\JBarbz - HardCore (final).mp3
[2010.08.07 20:19:24 | 004,747,026 | ---- | C] () -- C:\Users\MeinPC\Desktop\Gambler Pop Mix 3.mp3
[2010.07.28 22:28:09 | 000,000,619 | ---- | C] () -- C:\Users\MeinPC\Desktop\Track03 - Verknüpfung.lnk
[2010.07.28 22:08:27 | 000,002,116 | ---- | C] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk
[2010.07.21 22:26:32 | 000,001,873 | ---- | C] () -- C:\Users\Public\Desktop\Export Formular Manager.lnk
[2010.07.21 22:26:23 | 000,139,264 | ---- | C] () -- C:\Windows\System32\vsppg7.dll
[2010.07.21 22:26:22 | 000,000,601 | ---- | C] () -- C:\Windows\System32\KSR_RegAccessAdmin.exe.manifest
[2010.07.21 22:18:52 | 000,002,497 | ---- | C] () -- C:\Users\MeinPC\Desktop\AESimple & SanScreen & eForm Zoll.lnk
[2010.07.15 13:40:21 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.07.15 13:40:19 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.07.09 11:50:12 | 000,000,016 | ---- | C] () -- C:\Windows\System32\w3data.vss
[2010.07.09 11:50:12 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
[2010.06.30 13:01:32 | 000,021,744 | ---- | C] () -- C:\Users\MeinPC\Desktop\28280_131673653532013_100000681378212_204346_3656952_n.jpg
[2010.06.22 21:32:26 | 000,012,016 | ---- | C] () -- C:\Users\MeinPC\Desktop\Vergleich Felix Krull und Simplicissimus.docx
[2010.06.14 00:42:48 | 003,796,086 | ---- | C] () -- C:\Users\MeinPC\Desktop\01 California Girls (Master).mp3
[2010.06.07 00:36:48 | 000,015,945 | ---- | C] () -- C:\Users\MeinPC\Desktop\110847997.jpg
[2010.05.30 15:42:00 | 000,010,378 | ---- | C] () -- C:\Users\MeinPC\Desktop\rechnung.xlsx
[2010.05.24 17:21:50 | 000,002,562 | ---- | C] () -- C:\Windows\diagwrn.xml
[2010.05.24 17:21:50 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2010.04.23 11:08:04 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.04.23 11:08:04 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
 
========== LOP Check ==========
 
[2010.06.07 16:21:39 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\4Media
[2010.04.26 17:08:13 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\acccore
[2010.07.21 22:18:52 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\ATLAS_Ausfuhr
[2010.07.21 22:26:53 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\AusfuhrPortal
[2010.03.23 13:12:26 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\DAEMON Tools Lite
[2010.06.22 14:42:01 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\F-Secure
[2010.05.26 22:56:00 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\Facebook
[2010.08.14 19:17:51 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\MessengerDiscovery 2
[2010.03.24 19:51:20 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\Music Recognition
[2010.07.28 22:19:38 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\PC Suite
[2010.04.03 20:16:30 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\Propellerhead Software
[2010.04.23 11:07:30 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\Samsung
[2010.04.12 17:37:16 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\Steinberg
[2010.07.17 15:02:30 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\TomTom
[2010.07.31 00:44:55 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\Xilisoft
[2010.08.11 12:58:00 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\Yspa
[2010.06.17 20:03:42 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.06.07 16:21:39 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\4Media
[2010.03.27 14:51:26 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\ABBYY
[2010.04.26 17:08:13 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\acccore
[2010.03.26 10:50:07 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\Adobe
[2010.08.15 18:42:30 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\Apple Computer
[2010.07.21 22:18:52 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\ATLAS_Ausfuhr
[2010.07.21 22:26:53 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\AusfuhrPortal
[2010.03.23 13:12:26 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\DAEMON Tools Lite
[2010.06.22 14:42:01 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\F-Secure
[2010.05.26 22:56:00 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\Facebook
[2010.03.20 23:53:07 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\Identities
[2010.07.21 22:25:42 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\InstallShield
[2010.03.20 23:58:23 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\Macromedia
[2010.08.06 13:18:17 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\Media Center Programs
[2010.08.14 19:17:51 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\MessengerDiscovery 2
[2010.07.21 22:27:09 | 000,000,000 | --SD | M] -- C:\Users\MeinPC\AppData\Roaming\Microsoft
[2010.03.20 23:58:57 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\Mozilla
[2010.03.24 19:51:20 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\Music Recognition
[2010.07.28 22:19:38 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\PC Suite
[2010.04.03 20:16:30 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\Propellerhead Software
[2010.04.23 11:07:30 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\Samsung
[2010.04.12 17:37:16 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\Steinberg
[2010.08.18 00:26:20 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\SUPERAntiSpyware.com
[2010.07.17 15:02:30 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\TomTom
[2010.03.21 00:09:28 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\WinRAR
[2010.07.31 00:44:55 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\Xilisoft
[2010.05.02 18:31:19 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\Yahoo!
[2010.08.11 12:58:00 | 000,000,000 | ---D | M] -- C:\Users\MeinPC\AppData\Roaming\Yspa
 
< %APPDATA%\*.exe /s >
[2010.07.21 22:18:49 | 000,473,600 | ---- | M] () -- C:\Users\MeinPC\AppData\Roaming\AusfuhrPortal\Uninstall\uninstall.exe
[2010.05.26 22:56:00 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Users\MeinPC\AppData\Roaming\Facebook\uninstall.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\ERDNT\cache\user32.dll
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.05.07 00:19:02 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\System32\drivers\kl1.sys
[2010.05.07 00:19:06 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\System32\drivers\kl2.sys
[2010.08.12 11:15:49 | 000,475,224 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\System32\drivers\klif.sys
[2010.04.22 19:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\System32\drivers\klim6.sys
[2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\System32\drivers\klmouflt.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2010.05.07 12:37:58 | 000,228,024 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\System32\klogon.dll
[2009.07.14 03:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msvbvm60.dll

< End of report >

cosinus 19.08.2010 17:23
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2010.05.27 16:27:47 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Roaming\Yspa
[2010.07.21 22:26:23 | 000,139,264 | ---- | C] () -- C:\Windows\System32\vsppg7.dll
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

oakk 19.08.2010 20:14
ok hier ists:

Code:
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Users\MeinPC\AppData\Roaming\Yspa folder moved successfully.
C:\Windows\System32\vsppg7.dll moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
->Temp folder emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Mcx1-MEINPC-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: MeinPC
->Temp folder emptied: 781853 bytes
->Temporary Internet Files folder emptied: 1880390 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 112499025 bytes
->Google Chrome cache emptied: 6181635 bytes
->Flash cache emptied: 16032 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 599775 bytes
RecycleBin emptied: 375479 bytes
 
Total Files Cleaned = 117,00 mb
 
 
OTL by OldTimer - Version 3.2.9.1 log created on 08192010_210931

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\kls36C3.tmp not found!

Registry entries deleted on Reboot...

cosinus 19.08.2010 20:17
Ok - geht das Update von Malwarebytes jetzt?
Wenn nicht - irgendwas, was MBAM aufhalten könnte? Firewall?? Kaspersky-AV hat AFAIR auch eine Blockingkomponente, am besten KAV mal komplett deaktivieren und Malwarebytes-Update probieren.

oakk 19.08.2010 20:28
ne es geht noch immer nicht. das problem hab ich schon lange. habe nie eine lösung gefunden auch nicht nach dem ich meinen pc formatiert habe und neu instlaliert habe.

cosinus 19.08.2010 21:20
Zitat:
habe nie eine lösung gefunden auch nicht nach dem ich meinen pc formatiert habe und neu instlaliert habe.
Dann muss da was anderes sperren. Routersettings überprüft?

oakk 20.08.2010 11:17
es kann sein das es am router liegt. aber was soll ich da einstellen?

cosinus 20.08.2010 11:28
Das weiß ich doch nicht! :balla:
Setz notfalls den Router in seine Werkseinstellungen zurück. Dann musst Du aber auch das Passwort neu defininieren und auch die Zugangsdaten neu eingeben!


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:03 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55