Trojaner-Board - MSN von Freund gehackt

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - MSN von Freund gehackt (https://www.trojaner-board.de/92131-msn-freund-gehackt.html)

MSN von Freund gehackt

Hallo,

ich habe folgendes Problem zu dem ich leider im Forum und auf Google nichts explizites finden konnte.

Das MSN Konto eines Freundes von mir wurde scheinbar gehackt.
Ich habe von ihm zuerst eine ganz harmlose nachricht bekommen aber auf englisch.
Daraufhin habe ich nur gefragt ob er betrunken sei.. daraufhin hat mein gegenüber reagiert aber wiederum auf englisch was mich dann bereits stutzig gemacht hat, schließlich kam dann auch noch folgender Link dazu:
h**p://iqscoremeplease.com/?invitecode=3c7az11c5
ich wollte den ganzen Chat eigentlich nur kopieren um das Gespräch festzuhalten, da der Gesprächsverlauf bei mir nicht automatisch gespeichert wird aber daraufhin hat sich leider der Link geöffnet! :schrei:

Habe daraufhin sofort alle meine Passwörter von MSN, Skype, facebook etc geändert

Im Hintergrund läuft gerade mein AntiVir der aber bisher nichts gefunden hat...
kann mir jetz noch irgendwas passieren, bzw. was könnt ihr mir raten um ein eigenes Hacking zu vermeiden??

Bin für jeden Rat dankbar!

Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4920

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

23.10.2010 03:20:23
mbam-log-2010-10-23 (03-20-23).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 260798
Laufzeit: 59 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten!

OTL Logfile:

Code:

OTL logfile created on: 23.10.2010 23:18:32 - Run 1

OTL by OldTimer - Version 3.2.17.0     Folder = C:\Users\*\Downloads

 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 232,79 Gb Total Space | 195,36 Gb Free Space | 83,92% Space Free | Partition Type: NTFS

Drive D: | 3,76 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

 

Computer Name: *-PC | User Name: *| Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\*\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)

PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)

PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe (Kaspersky Lab ZAO)

PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

PRC - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)

PRC - C:\Program Files\Eraser\Eraser.exe (The Eraser Project)

PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()

PRC - C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe (Skype Technologies S.A.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)

PRC - C:\Windows\System32\atieclxx.exe (AMD)

PRC - C:\Windows\System32\atiesrxx.exe (AMD)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE ()

PRC - C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Users\*\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)

MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)

MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)

MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)

MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)

MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)

MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)

SRV - (Akamai) -- c:\program files\common files\akamai\netsession_win_062a651.dll ()

SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)

SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)

SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)

SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)

SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)

SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)

SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)

SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)

SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)

SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)

SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)

SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)

SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)

SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)

SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)

SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE ()

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)

DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)

DRV - (kl1) -- C:\Windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO)

DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)

DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (ITE Tech. Inc. )

DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)

DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)

DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)

DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)

DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)

DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)

DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)

DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)

DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)

DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)

DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)

DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)

DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)

DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)

DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)

DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)

DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)

DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)

DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)

DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)

DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)

DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)

DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)

DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)

DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)

DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)

DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)

DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)

DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)

DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)

DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)

DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)

DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)

DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)

DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)

DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)

DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)

DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)

DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)

DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)

DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)

DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)

DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)

DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)

DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)

DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)

DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)

DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)

DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)

DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)

DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)

DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)

DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation                                            )

DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)

DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)

DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)

DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FA 70 42 94 11 EA CA 01  [binary data]

IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/"

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.2.556

FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.556

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.20 23:30:59 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.20 23:30:59 | 000,000,000 | ---D | M]

 

[2010.05.03 16:46:44 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\mozilla\Extensions

[2010.05.05 16:22:41 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\g02azyi2.default\extensions

[2010.10.23 03:34:46 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2010.05.03 18:47:28 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2010.05.03 22:53:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010.10.23 03:34:46 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\KavAntiBanner@Kaspersky.ru

[2010.10.23 03:34:44 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\linkfilter@kaspersky.ru

[2010.05.03 22:53:27 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)

O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe File not found

O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)

O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)

O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)

O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab ZAO)

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky Lab ZAO)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2010.10.23 03:33:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab

[2010.10.23 03:33:36 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab

[2010.10.23 03:27:23 | 000,488,536 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys

[2010.10.23 02:53:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files

[2010.10.23 02:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010.10.23 02:19:36 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Malwarebytes

[2010.10.23 02:19:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010.10.23 02:19:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010.10.23 02:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010.10.23 02:19:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010.10.18 18:23:36 | 000,000,000 | ---D | C] -- C:\Program Files\Diaper Dash

[2010.10.14 11:37:17 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2010.10.14 11:37:17 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2010.10.14 11:37:16 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2010.10.14 11:37:16 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2010.10.14 11:37:16 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2010.10.14 11:37:16 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2010.10.14 11:37:16 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2010.10.14 11:37:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2010.10.14 11:37:16 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2010.10.14 11:37:16 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2010.10.14 11:37:16 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2010.10.14 11:37:14 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll

[2010.10.14 11:37:12 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll

[2010.10.14 11:37:12 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll

[2010.10.14 11:37:07 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL

[2010.10.14 11:37:05 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2010.10.14 11:37:03 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll

[2010.10.14 11:37:03 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll

[2010.10.09 14:03:46 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Ashtons Family Resort

[2010.10.09 14:03:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Ashtons Family Resort

[2010.10.09 12:15:24 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Oberon

[2010.10.09 12:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Oberon

[2010.10.05 21:27:04 | 000,228,024 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\klogon.dll

[2010.09.30 13:58:29 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys

[2010.09.29 17:23:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

 
 ========== Files - Modified Within 30 Days ==========

 

[2010.10.23 23:27:06 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010.10.23 21:41:05 | 000,000,474 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for *.job

[2010.10.23 19:41:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010.10.23 14:53:53 | 000,652,006 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2010.10.23 14:53:53 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010.10.23 14:53:53 | 000,129,674 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2010.10.23 14:53:53 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010.10.23 13:27:02 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010.10.23 03:36:41 | 000,020,352 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010.10.23 03:36:41 | 000,020,352 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010.10.23 03:34:35 | 000,113,933 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat

[2010.10.23 03:34:35 | 000,097,549 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat

[2010.10.23 03:33:22 | 000,488,536 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys

[2010.10.23 03:29:17 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys

[2010.10.23 02:48:39 | 000,000,036 | ---- | M] () -- C:\Users\*\AppData\Local\housecall.guid.cache

[2010.10.23 02:36:04 | 000,002,039 | ---- | M] () -- C:\Users\*\Desktop\HijackThis.lnk

[2010.10.23 02:19:29 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.10.23 00:56:58 | 000,011,100 | ---- | M] () -- C:\Users\*\Documents\xysagte.docx

[2010.10.15 12:10:13 | 000,413,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010.10.11 08:24:57 | 000,001,413 | ---- | M] () -- C:\Users\*\Desktop\Internet Explorer.lnk

[2010.10.05 21:27:04 | 000,228,024 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\klogon.dll

 
 ========== Files Created - No Company Name ==========

 

[2010.10.23 03:34:35 | 000,113,933 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat

[2010.10.23 03:34:35 | 000,097,549 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat

[2010.10.23 02:48:39 | 000,000,036 | ---- | C] () -- C:\Users\*\AppData\Local\housecall.guid.cache

[2010.10.23 02:36:04 | 000,002,039 | ---- | C] () -- C:\Users\*\Desktop\HijackThis.lnk

[2010.10.23 02:19:29 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.10.23 00:56:57 | 000,011,100 | ---- | C] () -- C:\Users\*\Documents\xy sagte.docx

[2010.10.11 08:24:57 | 000,001,413 | ---- | C] () -- C:\Users\*\Desktop\Internet Explorer.lnk

[2010.09.15 19:05:56 | 000,000,008 | ---- | C] () -- C:\Users\*\AppData\Roaming\DofusAppId0_1

[2010.09.15 18:33:24 | 000,000,173 | ---- | C] () -- C:\Users\*\AppData\Roaming\D2Info0

[2010.09.15 18:33:24 | 000,000,008 | ---- | C] () -- C:\Users\*\AppData\Roaming\DofusAppId0_2

[2010.08.29 22:27:32 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IPPCPUID.DLL

[2010.08.29 22:27:26 | 000,000,179 | ---- | C] () -- C:\Windows\System32\PMDrvStr.ini

[2010.08.29 22:27:25 | 000,110,592 | ---- | C] () -- C:\Windows\System32\NSPdf32.dll

[2010.08.29 22:27:25 | 000,037,552 | ---- | C] () -- C:\Windows\System32\Newsoft.drv

[2010.08.29 22:27:25 | 000,001,024 | ---- | C] () -- C:\Windows\System32\NSPDF16.DLL

[2010.08.29 22:27:20 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll

[2010.08.29 22:25:20 | 000,000,419 | ---- | C] () -- C:\Windows\MAXLINK.INI

[2010.08.07 15:38:52 | 000,000,020 | ---- | C] () -- C:\Users\*\AppData\Roaming\NevoSoft Gameslog.txt

[2010.05.03 18:48:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 237 bytes -> C:\ProgramData\TEMP:178093AE

@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:5199C971

@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:1D9ED8F7

@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:E6A96BE9

@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:9D5BB34A

@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:10CFA7D4

@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:908A1B53

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:A243178D

@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:DE6EED8B

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:EA7D76BE

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:29DA7FEE
 

< End of report >

--- --- ---

OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 23.10.2010 23:18:32 - Run 1

OTL by OldTimer - Version 3.2.17.0     Folder = C:\Users\*\Downloads

 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 232,79 Gb Total Space | 195,36 Gb Free Space | 83,92% Space Free | Partition Type: NTFS

Drive D: | 3,76 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

 

Computer Name: *-PC | User Name: *| Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" File not found

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411" = CanoScan LiDE 70

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20

"{29D851C2-048C-4B5E-8D1F-25D473342BB5}" = ScanSoft OmniPage SE 4.0

"{307B9D04-A1F4-48EA-809C-DF7FA9C4BB6D}" = Presto! PageManager 7.15.13

"{38BA2875-D7AD-4611-ABA3-C385051ADF42}" = Eraser 6.0.7.1893

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call

"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011

"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118720163}" = Mall-A-Palooza

"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007

"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007

"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007

"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch

"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR

"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Akamai" = Akamai NetSession Interface

"Artist Colony" = Artist Colony

"BFG-Artist Colony" = Artist Colony

"BFGC" = Big Fish Games: Game Manager

"BFG-Diaper Dash" = Diaper Dash

"Canon MP550 series Benutzerregistrierung" = Canon MP550 series Benutzerregistrierung

"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program

"CanonMyPrinter" = Canon Utilities My Printer

"CanonSolutionMenu" = Canon Utilities Solution Menu

"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0

"DivX Setup.divx.com" = DivX-Setup

"DSGPlayer" = SAT1 GAME CENTER

"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX

"Easy-WebPrint EX" = Canon Easy-WebPrint EX

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Google Chrome" = Google Chrome

"HijackThis" = HijackThis 2.0.2

"ICQToolbar" = ICQ Toolbar

"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)

"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0

"NSS" = Norton Security Scan

"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch

"WinGimp-2.0_is1" = GIMP 2.6.8

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 19.10.2010 09:06:56 | Computer Name = *-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: A required certificate is not within its validity period when verifying

 against the current system clock or the timestamp in the signed file.  .

 

Error - 22.10.2010 21:27:37 | Computer Name = *-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: A required certificate is not within its validity period when verifying

 against the current system clock or the timestamp in the signed file.  .

 

Error - 22.10.2010 21:27:37 | Computer Name = *-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: A required certificate is not within its validity period when verifying

 against the current system clock or the timestamp in the signed file.  .

 

Error - 22.10.2010 21:27:57 | Computer Name = *-PC | Source = MsiInstaller | ID = 11719

Description = 

 

Error - 22.10.2010 21:34:48 | Computer Name = *-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: A required certificate is not within its validity period when verifying

 against the current system clock or the timestamp in the signed file.  .

 

Error - 22.10.2010 21:34:48 | Computer Name = *-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: A required certificate is not within its validity period when verifying

 against the current system clock or the timestamp in the signed file.  .

 

Error - 22.10.2010 21:35:50 | Computer Name = *-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: A required certificate is not within its validity period when verifying

 against the current system clock or the timestamp in the signed file.  .

 

Error - 22.10.2010 21:35:50 | Computer Name = *-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: A required certificate is not within its validity period when verifying

 against the current system clock or the timestamp in the signed file.  .

 

Error - 23.10.2010 07:16:05 | Computer Name = *-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: A required certificate is not within its validity period when verifying

 against the current system clock or the timestamp in the signed file.  .

 

Error - 23.10.2010 07:16:05 | Computer Name = *-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: A required certificate is not within its validity period when verifying

 against the current system clock or the timestamp in the signed file.  .

 

[ OSession Events ]

Error - 20.06.2010 06:10:59 | Computer Name = *-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 39

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 05.09.2010 08:49:13 | Computer Name = *-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 2

 seconds with 0 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 21.10.2010 07:39:57 | Computer Name = *-PC | Source = atikmdag | ID = 43029

Description = Display is not active

 

Error - 21.10.2010 09:18:02 | Computer Name = *-PC | Source = atikmdag | ID = 43029

Description = Display is not active

 

Error - 21.10.2010 13:21:55 | Computer Name = *-PC | Source = atikmdag | ID = 43029

Description = Display is not active

 

Error - 22.10.2010 02:03:38 | Computer Name = *-PC | Source = atikmdag | ID = 43029

Description = Display is not active

 

Error - 22.10.2010 10:28:36 | Computer Name = *-PC | Source = atikmdag | ID = 43029

Description = Display is not active

 

Error - 22.10.2010 19:09:18 | Computer Name = *-PC | Source = atikmdag | ID = 43029

Description = Display is not active

 

Error - 22.10.2010 21:29:22 | Computer Name = *-PC | Source = atikmdag | ID = 52236

Description = CPLIB :: General - Invalid Parameter

 

Error - 22.10.2010 21:29:22 | Computer Name = *-PC | Source = atikmdag | ID = 43029

Description = Display is not active

 

Error - 23.10.2010 06:41:39 | Computer Name = *-PC | Source = atikmdag | ID = 43029

Description = Display is not active

 

Error - 23.10.2010 13:41:03 | Computer Name = *-PC | Source = atikmdag | ID = 43029

Description = Display is not active

 

 

< End of report >

--- --- ---

mehr malware Bytes reports gibts net

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

@Alternate Data Stream - 237 bytes -> C:\ProgramData\TEMP:178093AE

@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:5199C971

@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:1D9ED8F7

@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:E6A96BE9

@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:9D5BB34A

@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:10CFA7D4

@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:908A1B53

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:A243178D

@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:DE6EED8B

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:EA7D76BE

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:29DA7FEE

:Commands

[purity]

[resethosts]

[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

wie lang darf das denn dauern?
Es kam ne Fehlermeldung und seitdem tut sich nix mehr...

Probiers bitte nochmal. Ein paar Minuten könnte es u.U. schon dauern.

nachdem Taskleiste und alle Programme vom Desktop verschwunden waren hab ich ihn einfach ma ausgedrückt und beim neuen hochfahren kam das hier:

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

ist das richtig so??

Ja ist ok. Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Combofix Logfile:

Code:

ComboFix 10-10-23.01 - * 24.10.2010  15:02:03.1.2 - x86

Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1033.18.2046.1348 [GMT 2:00]

ausgeführt von:: c:\users\*\Desktop\cofi.exe

.
 

(((((((((((((((((((((((   Dateien erstellt von 2010-09-24 bis 2010-10-24  ))))))))))))))))))))))))))))))

.
 

2010-10-24 13:08 . 2010-10-24 13:08        --------        d-----w-        c:\users\Default\AppData\Local\temp

2010-10-24 12:54 . 2010-10-24 12:54        --------        d-----w-        c:\program files\CCleaner

2010-10-23 22:54 . 2010-10-23 22:54        --------        d-----w-        C:\_OTL

2010-10-23 01:34 . 2010-10-05 19:26        109240        ----a-w-        c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll

2010-10-23 01:34 . 2010-10-05 19:27        150200        ----a-w-        c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll

2010-10-23 01:34 . 2010-10-23 01:34        97549        ----a-w-        c:\windows\system32\drivers\klick.dat

2010-10-23 01:34 . 2010-10-23 01:34        113933        ----a-w-        c:\windows\system32\drivers\klin.dat

2010-10-23 01:33 . 2010-10-24 11:40        --------        d-----w-        c:\programdata\Kaspersky Lab

2010-10-23 01:33 . 2010-10-23 01:33        --------        d-----w-        c:\program files\Kaspersky Lab

2010-10-23 00:53 . 2010-10-23 00:53        --------        d-----w-        c:\programdata\Kaspersky Lab Setup Files

2010-10-23 00:36 . 2010-10-23 00:36        --------        d-----w-        c:\program files\Trend Micro

2010-10-23 00:19 . 2010-10-23 00:19        --------        d-----w-        c:\users\*\AppData\Roaming\Malwarebytes

2010-10-23 00:19 . 2010-04-29 10:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-23 00:19 . 2010-10-23 00:19        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2010-10-23 00:19 . 2010-10-23 00:19        --------        d-----w-        c:\programdata\Malwarebytes

2010-10-23 00:19 . 2010-04-29 10:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2010-10-18 16:23 . 2010-10-18 16:23        --------        d-----w-        c:\program files\Diaper Dash

2010-10-09 12:03 . 2010-10-09 12:03        --------        d-----w-        c:\programdata\Ashtons Family Resort

2010-10-09 12:03 . 2010-10-09 12:03        --------        d-----w-        c:\users\*\AppData\Roaming\Ashtons Family Resort

2010-10-09 10:15 . 2010-10-09 10:15        --------        d-----w-        c:\users\*\AppData\Roaming\Oberon

2010-10-09 10:15 . 2010-10-09 10:15        --------        d-----w-        c:\programdata\Oberon

2010-10-05 19:27 . 2010-10-05 19:27        228024        ----a-w-        c:\windows\system32\klogon.dll

2010-09-30 11:58 . 2010-03-04 04:04        146304        ----a-w-        c:\windows\system32\drivers\usbvideo.sys

2010-09-30 11:58 . 2010-03-04 03:57        190976        ----a-w-        c:\windows\system32\drivers\ks.sys

2010-09-29 15:23 . 2010-06-19 06:15        2048        ----a-w-        c:\windows\system32\tzres.dll

2010-09-29 15:23 . 2010-08-27 05:30        13312        ----a-w-        c:\program files\Internet Explorer\iecompat.dll
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-21 05:32 . 2010-09-15 08:49        316928        ----a-w-        c:\windows\system32\spoolsv.exe

2010-07-29 06:30 . 2010-08-12 14:08        197632        ----a-w-        c:\windows\system32\ir32_32.dll

2010-07-29 06:30 . 2010-08-12 14:08        82944        ----a-w-        c:\windows\system32\iccvid.dll

.
 

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

"ICQ"="c:\program files\ICQ7.1\ICQ.exe" [2010-08-22 133432]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-04-10 979344]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]

"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-10-05 361216]
 

c:\users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001
 

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate1caeae055991017;Google Update Service (gupdate1caeae055991017);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-03 133104]

S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11352]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]

S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]

S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-02-24 64032]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]

S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
 
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai        REG_MULTI_SZ           Akamai

.

Inhalt des "geplante Tasks" Ordners
 

2010-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-03 16:47]
 

2010-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-03 16:47]
 

2010-10-23 c:\windows\Tasks\Norton Security Scan for *.job

- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-06-06 07:48]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.facebook.com/

IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe

FF - ProfilePath - c:\users\*\AppData\Roaming\Mozilla\Firefox\Profiles\g02azyi2.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/

FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll

FF - component: c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll

FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll

FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
 

---- FIREFOX Richtlinien ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true);  // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true);  // Simplified

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------
 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5
 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
 

- - - - - - - > 'Explorer.exe'(3320)

c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll

.

Zeit der Fertigstellung: 2010-10-24  15:10:56

ComboFix-quarantined-files.txt  2010-10-24 13:10
 

Vor Suchlauf: 8 Verzeichnis(se), 210.827.177.984 Bytes frei

Nach Suchlauf: 12 Verzeichnis(se), 210.503.610.368 Bytes frei
 

- - End Of File - - 918BF04BCB5B768D376CBE257DF1F2AA

--- --- ---

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur eine Sekunde.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

GMER Logfile:

Code:

GMER 1.0.15.15477 - hxxp://www.gmer.net

Rootkit scan 2010-10-24 16:36:03

Windows 6.1.7600 

Running: sy6t0gr0.exe; Driver: C:\Users\*\AppData\Local\Temp\uglcypow.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwAdjustPrivilegesToken [0x89193DAA]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwAlpcConnectPort [0x89195FE8]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwAlpcCreatePort [0x89196262]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwAlpcSendWaitReceivePort [0x891964D8]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwClose [0x891946BE]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwConnectPort [0x891954F2]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwCreateEvent [0x89195A3C]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwCreateFile [0x8919499A]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwCreateMutant [0x89195922]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwCreateNamedPipeFile [0x89193998]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwCreatePort [0x891957F6]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwCreateSection [0x89193B40]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwCreateSemaphore [0x89195B5C]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwCreateThread [0x89194344]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwCreateThreadEx [0x89194442]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwCreateUserProcess [0x89196722]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwCreateWaitablePort [0x8919588C]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwDebugActiveProcess [0x8919724A]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwDeviceIoControlFile [0x89194E1C]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwDuplicateObject [0x89198458]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwFsControlFile [0x89194C2A]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwLoadDriver [0x8919733C]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwMapViewOfSection [0x89197AA4]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwOpenEvent [0x89195AD2]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwOpenFile [0x89194740]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwOpenMutant [0x891959B2]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwOpenProcess [0x89193FE8]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwOpenSection [0x8919783E]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwOpenSemaphore [0x89195BF2]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwOpenThread [0x89193ED8]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwQueryDirectoryObject [0x891967DC]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwQuerySection [0x89197DDE]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwQueueApcThread [0x891976D0]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwReplaceKey [0x89192652]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwReplyPort [0x89195F56]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwReplyWaitReceivePort [0x89195E1C]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwRequestWaitReplyPort [0x89196FE4]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwRestoreKey [0x891929CA]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwResumeThread [0x891982FA]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwSaveKey [0x891925EA]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwSecureConnectPort [0x89195238]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwSetContextThread [0x89194560]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwSetInformationToken [0x8919687E]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwSetSecurityObject [0x891974DA]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwSetSystemInformation [0x89197F2E]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwSuspendProcess [0x89198020]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwSuspendThread [0x8919815A]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwSystemDebugControl [0x8919716E]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwTerminateProcess [0x8919418E]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwTerminateThread [0x891940E4]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwUnmapViewOfSection [0x89197C82]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)               ZwWriteVirtualMemory [0x8919427A]
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                    82A8F599 1 Byte  [06]

.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                             82AB3F52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text           ntkrnlpa.exe!RtlSidHashLookup + 220                                                                82ABB730 4 Bytes  [AA, 3D, 19, 89]

.text           ntkrnlpa.exe!RtlSidHashLookup + 248                                                                82ABB758 8 Bytes  CALL E534D0BC 

.text           ntkrnlpa.exe!RtlSidHashLookup + 28C                                                                82ABB79C 4 Bytes  [D8, 64, 19, 89] {FSUB DWORD [ECX+EBX-0x77]}

.text           ntkrnlpa.exe!RtlSidHashLookup + 2B8                                                                82ABB7C8 4 Bytes  [BE, 46, 19, 89]

.text           ntkrnlpa.exe!RtlSidHashLookup + 2DC                                                                82ABB7EC 4 Bytes  [F2, 54, 19, 89]

.text           ...                                                                                                

.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                           section is writeable [0x8F01B000, 0x2D5378, 0xE8000020]
 

---- User IAT/EAT - GMER 1.0.15 ----
 

IAT             C:\Windows\Explorer.EXE[2972] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                    [73932494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[2972] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]               [73915624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[2972] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]              [739156E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[2972] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                     [7393250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[2972] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]           [73928573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[2972] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]             [73924D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[2972] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]            [739250CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[2972] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]           [739251A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[2972] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]  [739266D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[2972] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]            [739282CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[2972] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]       [73928819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[2972] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]     [7392907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[2972] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]           [7392E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[2972] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]               [73924C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
 

---- Devices - GMER 1.0.15 ----
 

Device          \Driver\ACPI_HAL \Device\00000048                                                                  halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
 

AttachedDevice  \Driver\tdx \Device\Tcp                                                                            kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                             fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                             rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                             fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                             rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Udp                                                                            kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

AttachedDevice  \Driver\tdx \Device\RawIp                                                                          kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
 

---- EOF - GMER 1.0.15 ----

--- --- ---

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 16:43:59 on 24.10.2010
 

OS: Windows 7 Ultimate Edition (Build 7600), 32-bit

Default Browser: Mozilla Corporation Firefox 3.6.11
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[AppInit DLLs]

-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----

"AppInit_DLLs" - "Kaspersky Lab ZAO" - C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll

"AppInit_DLLs" - "Kaspersky Lab ZAO" - C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"Norton Security Scan for *.job" - "Symantec Corporation" - C:\Program Files\Norton Security Scan\Engine\2.7.3.34\Nss.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"catchme" (catchme) - ? - C:\Users\*\AppData\Local\Temp\catchme.sys  (File not found)

"uglcypow" (uglcypow) - ? - C:\Users\*\AppData\Local\Temp\uglcypow.sys  (Hidden registry entry, rootkit activity | File not found)
 

[Explorer]

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL

{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL

{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll

{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll

{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL

{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

Eraser Shell Extension "{BC9B776A-90D7-4476-A791-79D835F30650}" - ? -   (File not found | COM-object registry key not found)
 

[Internet Explorer]

-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----

{21347690-EC41-4F9A-8887-1F4AEE672439} "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" - ? -   (File not found | COM-object registry key not found)

-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----

{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{4248FE82-7FCB-46AC-B270-339F08212110} "&Virtuelle Tastatur" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll

"ICQ7.1" - "ICQ, LLC." - C:\Program Files\ICQ7.1\ICQ.exe

{CCF151D8-D089-449F-A5A4-D9909053F20F} "Li&nks untersuchen" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

{48E73304-E1D6-4330-914C-F5F514E3486C} "Send to OneNote" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll

{855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{3785D0AD-BFFF-47F6-BF5B-A587C162FED9} "Canon Easy-WebPrint EX BHO" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll

{E33CF602-D945-461A-83F0-819F76A199F8} "FilterBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE  (Shortcut exists | File exists)

"desktop.ini" - ? - C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4

"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"AVP" - "Kaspersky Lab ZAO" - "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"

"CanonMyPrinter" - "CANON INC." - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

"CanonSolutionMenu" - "CANON INC." - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

"Eraser" - "The Eraser Project" - "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart

"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

"OpwareSE4" - "ScanSoft, Inc." - "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

"SSBkgdUpdate" - "Scansoft, Inc." - "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"Akamai NetSession Interface" (Akamai) - ? - c:\program files\common files\akamai\netsession_win_062a651.dll  (File found, but it contains no detailed information)

"Canon Inkjet Printer/Scanner/Fax Extended Survey Program" (IJPLMSVC) - ? - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

"Google Update Service (gupdate1caeae055991017)" (gupdate1caeae055991017) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe

"Kaspersky Anti-Virus 7.0" (AVP) - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
 

[Winlogon]

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"klogon" - "Kaspersky Lab ZAO" - C:\Windows\system32\klogon.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: FUJITSU SIEMENS
BIOS Manufacturer: Phoenix
System Manufacturer: FUJITSU SIEMENS
System Product Name: AMILO Pi 2550
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 193):
0x82A4C000 \SystemRoot\system32\ntkrnlpa.exe
0x82A15000 \SystemRoot\system32\halmacpi.dll
0x80BCF000 \SystemRoot\system32\kdcom.dll
0x88A1C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x88A94000 \SystemRoot\system32\PSHED.dll
0x88AA5000 \SystemRoot\system32\BOOTVID.dll
0x88AAD000 \SystemRoot\system32\CLFS.SYS
0x88AEF000 \SystemRoot\system32\CI.dll
0x88C32000 \SystemRoot\system32\drivers\Wdf01000.sys
0x88CA3000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x88CB1000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x88CF9000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x88D02000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x88D0A000 \SystemRoot\system32\DRIVERS\pci.sys
0x88D34000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x88D3F000 \SystemRoot\System32\drivers\partmgr.sys
0x88D50000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x88D58000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x88D63000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x88D73000 \SystemRoot\System32\drivers\volmgrx.sys
0x88DBE000 \SystemRoot\system32\DRIVERS\intelide.sys
0x88DC5000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x88DD3000 \SystemRoot\System32\drivers\mountmgr.sys
0x88DE9000 \SystemRoot\system32\DRIVERS\atapi.sys
0x88C00000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x88C23000 \SystemRoot\system32\DRIVERS\msahci.sys
0x88DF2000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x88B9A000 \SystemRoot\system32\drivers\fltmgr.sys
0x88BCE000 \SystemRoot\system32\drivers\fileinfo.sys
0x88E27000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88F56000 \SystemRoot\System32\Drivers\msrpc.sys
0x88F81000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88F94000 \SystemRoot\System32\Drivers\cng.sys
0x88FF1000 \SystemRoot\System32\drivers\pcw.sys
0x88E00000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x89020000 \SystemRoot\system32\drivers\ndis.sys
0x890D7000 \SystemRoot\system32\drivers\NETIO.SYS
0x89115000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8921B000 \SystemRoot\System32\drivers\tcpip.sys
0x89364000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x89395000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8939E000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x893DD000 \SystemRoot\System32\Drivers\spldr.sys
0x8913A000 \SystemRoot\System32\drivers\rdyboost.sys
0x893E5000 \SystemRoot\System32\Drivers\mup.sys
0x8943B000 \SystemRoot\system32\DRIVERS\kl1.sys
0x8995D000 \SystemRoot\System32\drivers\hwpolicy.sys
0x89965000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x89997000 \SystemRoot\system32\DRIVERS\disk.sys
0x899A8000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x89400000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x89167000 \SystemRoot\system32\DRIVERS\klif.sys
0x8941F000 \SystemRoot\System32\Drivers\Null.SYS
0x89426000 \SystemRoot\System32\Drivers\Beep.SYS
0x8942D000 \SystemRoot\System32\drivers\vga.sys
0x88BDF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x89200000 \SystemRoot\System32\drivers\watchdog.sys
0x8920D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x893F5000 \SystemRoot\system32\drivers\rdpencdd.sys
0x891EA000 \SystemRoot\system32\drivers\rdprefmp.sys
0x891F2000 \SystemRoot\System32\Drivers\Msfs.SYS
0x89000000 \SystemRoot\System32\Drivers\Npfs.SYS
0x88E09000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8900E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x89215000 \SystemRoot\system32\DRIVERS\kl2.sys
0x8CA17000 \SystemRoot\system32\drivers\afd.sys
0x8CA71000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8CAA3000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8CAAA000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8CAC9000 \SystemRoot\system32\DRIVERS\klim6.sys
0x8CAD1000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8CADF000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8CAF2000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8CB02000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8CB43000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8CB4D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8CB57000 \SystemRoot\System32\drivers\discache.sys
0x8CB63000 \SystemRoot\system32\drivers\csc.sys
0x8CBC7000 \SystemRoot\System32\Drivers\dfsc.sys
0x8CBDF000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8EA18000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8EA39000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8EA4B000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8F01A000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8F52F000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8EA4F000 \SystemRoot\System32\drivers\dxgmms1.sys
0x8F5E6000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8EA88000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8F5F1000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8EAD3000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8FA23000 \SystemRoot\system32\DRIVERS\netw5v32.sys
0x8FE36000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x8FE5B000 \SystemRoot\system32\DRIVERS\itecir.sys
0x8FEB4000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8FECC000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8FED9000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0x8FEE2000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8FEEF000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x8FEFC000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x8FF0E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8FF26000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8FF31000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8FF53000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8FF6B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8FF82000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8FF99000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x8FFA3000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8FFA5000 \SystemRoot\system32\DRIVERS\ks.sys
0x8FFD9000 \SystemRoot\system32\DRIVERS\circlass.sys
0x8FFE7000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8FFF5000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8EAF2000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8FA00000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x94E1A000 \SystemRoot\system32\DRIVERS\smserial.sys
0x94F2E000 \SystemRoot\system32\drivers\modem.sys
0x94F3B000 \SystemRoot\system32\drivers\HdAudio.sys
0x94F8B000 \SystemRoot\system32\drivers\portcls.sys
0x94FBA000 \SystemRoot\system32\drivers\drmk.sys
0x94FD3000 \SystemRoot\system32\DRIVERS\hidir.sys
0x94FE2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x94FF5000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x94E00000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x94E0C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x95F30000 \SystemRoot\System32\win32k.sys
0x8FA11000 \SystemRoot\System32\drivers\Dxapi.sys
0x8EB36000 \SystemRoot\system32\DRIVERS\udfs.sys
0x8F000000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8F00D000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8EB76000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x8EB80000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x8EB91000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x94E17000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8EB9C000 \SystemRoot\system32\DRIVERS\monitor.sys
0x96190000 \SystemRoot\System32\TSDDD.dll
0x961C0000 \SystemRoot\System32\cdd.dll
0x8EBA7000 \SystemRoot\system32\drivers\luafv.sys
0x8EBC2000 \SystemRoot\system32\drivers\WudfPf.sys
0x8EBDC000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x93C2D000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x93C73000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x93C83000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x93C96000 \SystemRoot\system32\drivers\HTTP.sys
0x93D1B000 \SystemRoot\system32\DRIVERS\bowser.sys
0x93D34000 \SystemRoot\System32\drivers\mpsdrv.sys
0x93D46000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x93D69000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x93DA4000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x99E1F000 \SystemRoot\system32\drivers\peauth.sys
0x99EB6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x99EC0000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x99EE1000 \SystemRoot\System32\drivers\tcpipreg.sys
0x99EEE000 \SystemRoot\System32\DRIVERS\srv2.sys
0x99F3D000 \SystemRoot\System32\DRIVERS\srv.sys
0x99E00000 \??\C:\Users\*\AppData\Local\Temp\uglcypow.sys
0x76E30000 \Windows\System32\ntdll.dll
0x48440000 \Windows\System32\smss.exe
0x77070000 \Windows\System32\apisetschema.dll
0x00990000 \Windows\System32\autochk.exe
0x77050000 \Windows\System32\lpk.dll
0x76F80000 \Windows\System32\msctf.dll
0x76D90000 \Windows\System32\advapi32.dll
0x76B90000 \Windows\System32\iertutil.dll
0x76B40000 \Windows\System32\gdi32.dll
0x76B10000 \Windows\System32\imagehlp.dll
0x76AB0000 \Windows\System32\shlwapi.dll
0x76A00000 \Windows\System32\rpcrt4.dll
0x76920000 \Windows\System32\kernel32.dll
0x76F70000 \Windows\System32\psapi.dll
0x76900000 \Windows\System32\imm32.dll
0x768C0000 \Windows\System32\ws2_32.dll
0x767C0000 \Windows\System32\wininet.dll
0x76660000 \Windows\System32\ole32.dll
0x75A10000 \Windows\System32\shell32.dll
0x75980000 \Windows\System32\oleaut32.dll
0x75970000 \Windows\System32\nsi.dll
0x757D0000 \Windows\System32\setupapi.dll
0x75720000 \Windows\System32\msvcrt.dll
0x75680000 \Windows\System32\usp10.dll
0x75600000 \Windows\System32\comdlg32.dll
0x755A0000 \Windows\System32\difxapi.dll
0x75590000 \Windows\System32\normaliz.dll
0x75540000 \Windows\System32\Wldap32.dll
0x75520000 \Windows\System32\sechost.dll
0x75490000 \Windows\System32\clbcatq.dll
0x75350000 \Windows\System32\urlmon.dll

Das Log von mbrcheck ist unvollständig.

oh sorry mein fehler

hier der rest:

0x75280000 \Windows\System32\user32.dll
0x75160000 \Windows\System32\crypt32.dll
0x75130000 \Windows\System32\wintrust.dll
0x750E0000 \Windows\System32\KernelBase.dll
0x75050000 \Windows\System32\comctl32.dll
0x75030000 \Windows\System32\devobj.dll
0x75000000 \Windows\System32\cfgmgr32.dll
0x74FF0000 \Windows\System32\msasn1.dll

Processes (total 54):
0 System Idle Process
4 System
312 C:\Windows\System32\smss.exe
396 csrss.exe
468 C:\Windows\System32\wininit.exe
476 csrss.exe
524 C:\Windows\System32\services.exe
540 C:\Windows\System32\lsass.exe
548 C:\Windows\System32\lsm.exe
580 C:\Windows\System32\winlogon.exe
700 C:\Windows\System32\svchost.exe
780 C:\Windows\System32\svchost.exe
828 C:\Windows\System32\atiesrxx.exe
904 C:\Windows\System32\svchost.exe
944 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
1128 C:\Windows\System32\svchost.exe
1272 C:\Windows\System32\atieclxx.exe
1292 C:\Windows\System32\svchost.exe
1516 C:\Windows\System32\spoolsv.exe
1544 C:\Windows\System32\svchost.exe
1644 C:\Windows\System32\svchost.exe
1740 C:\Windows\System32\svchost.exe
1772 C:\Program Files\ICQ6Toolbar\ICQ Service.exe
1812 C:\Program Files\Canon\IJPLM\ijplmsvc.exe
1888 C:\Windows\System32\svchost.exe
1416 C:\Windows\System32\taskhost.exe
2600 C:\Windows\System32\svchost.exe
2792 C:\Windows\System32\dwm.exe
2972 C:\Windows\explorer.exe
3228 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3244 C:\Program Files\Eraser\Eraser.exe
3292 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3368 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
3384 C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
3392 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
3488 C:\Program Files\Windows Sidebar\sidebar.exe
3624 C:\Windows\System32\SearchIndexer.exe
3804 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
2820 C:\Program Files\Windows Media Player\wmpnetwk.exe
4816 C:\Windows\System32\wuauclt.exe
5388 C:\Windows\System32\taskhost.exe
4720 C:\Windows\System32\audiodg.exe
1200 C:\Program Files\Mozilla Firefox\firefox.exe
2992 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
1168 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
5580 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
2380 C:\Users\*\Downloads\OSAM\osam.exe
4792 C:\Windows\System32\SearchProtocolHost.exe
5224 C:\Windows\System32\SearchFilterHost.exe
1256 C:\Users\*\Desktop\MBRCheck.exe
1052 C:\Windows\System32\conhost.exe
4880 C:\Windows\System32\dllhost.exe
4472 C:\Windows\System32\notepad.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500BEVS-22UST0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4938

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

24.10.2010 23:14:04
mbam-log-2010-10-24 (23-14-04).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 249935
Laufzeit: 1 Stunde(n), 25 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Kommt das andere Log auch noch?