OTL Log OTL logfile created on: 18.07.2010 22:22:20 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Thomas\Desktop\MFTools Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 170,15 Gb Total Space | 52,38 Gb Free Space | 30,79% Space Free | Partition Type: NTFS Drive D: | 165,20 Gb Total Space | 49,31 Gb Free Space | 29,85% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 330,79 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: THOMAS-PC Current User Name: Thomas Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010.07.18 21:24:03 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\MFTools\OTL.exe PRC - [2010.07.18 18:59:00 | 001,935,120 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe PRC - [2010.06.25 11:53:34 | 002,398,856 | ---- | M] (mobile concepts GmbH) -- C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe PRC - [2010.05.06 09:10:22 | 000,361,120 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe PRC - [2010.04.16 09:18:34 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe PRC - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.10.22 05:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe PRC - [2009.10.22 04:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe PRC - [2009.10.22 04:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe PRC - [2009.10.22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe PRC - [2009.07.14 03:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\program files\windows defender\MpCmdRun.exe PRC - [2009.04.23 02:02:00 | 001,904,640 | ---- | M] (AVM Berlin) -- C:\Program Files\avmwlanstick\WLanGUI.exe PRC - [2009.04.23 02:02:00 | 000,368,640 | ---- | M] (AVM Berlin) -- C:\Program Files\avmwlanstick\WlanNetService.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010.07.18 21:24:03 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\MFTools\OTL.exe MOD - [2010.05.06 14:41:49 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieproxy.dll MOD - [2009.07.14 03:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll MOD - [2009.07.14 03:16:18 | 001,011,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll MOD - [2009.07.14 03:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll MOD - [2009.07.14 03:16:16 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll MOD - [2009.07.14 03:16:15 | 000,363,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll MOD - [2009.07.14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll MOD - [2009.07.14 03:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srvcli.dll MOD - [2009.07.14 03:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slc.dll MOD - [2009.07.14 03:16:13 | 000,643,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFolder.dll MOD - [2009.07.14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll MOD - [2009.07.14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll MOD - [2009.07.14 03:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcRtRemote.dll MOD - [2009.07.14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll MOD - [2009.07.14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll MOD - [2009.07.14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll MOD - [2009.07.14 03:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll MOD - [2009.07.14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll MOD - [2009.07.14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll MOD - [2009.07.14 03:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptsp.dll MOD - [2009.07.14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll MOD - [2009.07.14 03:15:07 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll MOD - [2009.07.14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll MOD - [2009.07.14 03:14:52 | 000,309,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010.07.18 18:59:00 | 001,935,120 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware) SRV - [2010.06.25 11:53:34 | 002,398,856 | ---- | M] (mobile concepts GmbH) [Auto | Running] -- C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc) SRV - [2010.06.20 17:41:00 | 003,813,096 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2010.05.06 09:10:22 | 000,361,120 | ---- | M] (Kaspersky Lab) [On_Demand | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe -- (AVP) SRV - [2010.04.16 09:18:34 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2009.10.22 05:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service) SRV - [2009.10.22 04:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService) SRV - [2009.10.22 04:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2009.10.22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService) SRV - [2009.10.12 14:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60) SRV - [2009.07.14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc) SRV - [2009.07.14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc) SRV - [2009.07.14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power) SRV - [2009.07.14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes) SRV - [2009.07.14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify) SRV - [2009.07.14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc) SRV - [2009.07.14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider) SRV - [2009.07.14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2009.07.14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener) SRV - [2009.07.14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009.07.14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp) SRV - [2009.07.14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc) SRV - [2009.07.14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC) SRV - [2009.07.14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV) SRV - [2009.07.14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc) SRV - [2009.07.14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc) SRV - [2009.04.23 02:02:00 | 000,368,640 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Games-Masters.com\CABAL Online (Europe)\GameGuard\dump_wmimmc.sys -- (dump_wmimmc) DRV - [2010.07.18 18:55:04 | 000,071,008 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys -- (a2acc) DRV - [2010.07.17 16:16:37 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2010.04.03 22:55:32 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.02.25 17:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2009.12.11 09:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg) DRV - [2009.10.22 05:00:46 | 000,853,936 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86) DRV - [2009.10.22 05:00:44 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci) DRV - [2009.10.22 05:00:44 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif) DRV - [2009.10.22 05:00:44 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd) DRV - [2009.10.22 03:47:52 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon) DRV - [2009.10.22 00:13:32 | 000,036,400 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge) DRV - [2009.10.22 00:13:32 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV - [2009.10.14 21:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\klbg.sys -- (klbg) DRV - [2009.10.12 14:31:52 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60) DRV - [2009.10.02 19:39:36 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt) DRV - [2009.09.14 14:46:36 | 000,021,520 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6) DRV - [2009.09.01 15:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1) DRV - [2009.07.23 04:44:30 | 000,045,568 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FETN62.sys -- (FETNDIS) DRV - [2009.07.14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide) DRV - [2009.07.14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci) DRV - [2009.07.14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx) DRV - [2009.07.14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs) DRV - [2009.07.14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320) DRV - [2009.07.14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas) DRV - [2009.07.14 03:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata) DRV - [2009.07.14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc) DRV - [2009.07.14 03:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata) DRV - [2009.07.14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide) DRV - [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor) DRV - [2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid) DRV - [2009.07.14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960) DRV - [2009.07.14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS) DRV - [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV) DRV - [2009.07.14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR) DRV - [2009.07.14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI) DRV - [2009.07.14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC) DRV - [2009.07.14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2) DRV - [2009.07.14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp) DRV - [2009.07.14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas) DRV - [2009.07.14 03:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy) DRV - [2009.07.14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor) DRV - [2009.07.14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx) DRV - [2009.07.14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD) DRV - [2009.07.14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends) DRV - [2009.07.14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid) DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009.07.14 03:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp) DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009.07.14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot) DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide) DRV - [2009.07.14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300) DRV - [2009.07.14 03:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost) DRV - [2009.07.14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx) DRV - [2009.07.14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4) DRV - [2009.07.14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw) DRV - [2009.07.14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2) DRV - [2009.07.14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor) DRV - [2009.07.14 03:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG) DRV - [2009.07.14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2009.07.14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus) DRV - [2009.07.14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP) DRV - [2009.07.14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV - [2009.07.14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf) DRV - [2009.07.14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap) DRV - [2009.07.14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus) DRV - [2009.07.14 01:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci) DRV - [2009.07.14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass) DRV - [2009.07.14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf) DRV - [2009.07.14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig) DRV - [2009.07.14 01:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus) DRV - [2009.07.14 01:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID) DRV - [2009.07.14 01:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter) DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009.07.14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache) DRV - [2009.07.14 01:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt) DRV - [2009.07.14 01:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi) DRV - [2009.07.14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM) DRV - [2009.07.14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) DRV - [2009.07.14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) DRV - [2009.07.14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) DRV - [2009.07.14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo) DRV - [2009.07.14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp) DRV - [2009.07.14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2009.07.14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv) DRV - [2009.07.14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv) DRV - [2009.04.23 02:02:00 | 000,440,832 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fwlanusbn.sys -- (fwlanusbn) DRV - [2009.04.23 02:02:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject) DRV - [2008.07.22 07:42:58 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2007.10.11 12:24:00 | 000,079,104 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt ) [Driver] [Kernel | System | Running] -- C:\Windows\System32\drivers\sleen16.sys -- (SLEE_16_DRIVER) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "http://www.google.de/" FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117 FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.29 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.4 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.747 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503 FF - prefs.js..extensions.enabledItems: info@youtube-mp3.org:1.0.1 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.17 15:44:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.17 17:03:34 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\THBExt [2010.07.17 16:17:01 | 000,000,000 | ---D | M] [2010.07.17 15:42:22 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions [2010.07.18 17:08:27 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\d5s286xd.default\extensions [2010.07.17 16:11:52 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\d5s286xd.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2010.07.17 16:11:52 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\d5s286xd.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.07.18 16:49:48 | 000,000,000 | ---D | M] (COMPUTERBILD-Abzockschutz) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\d5s286xd.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398} [2010.07.17 16:11:52 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\d5s286xd.default\extensions\info@youtube-mp3.org [2010.07.18 22:08:08 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\d5s286xd.default\extensions\toolbar@ask.com [2008.07.10 13:07:28 | 000,000,944 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\d5s286xd.default\searchplugins\icqplugin.xml [2010.07.17 16:38:06 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2010.07.17 16:17:40 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\linkfilter@kaspersky.ru [2009.07.31 00:59:14 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2009.07.31 00:59:14 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2009.07.31 00:59:14 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2009.07.31 00:59:14 | 000,000,986 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2009.07.31 00:59:14 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\ievkbd.dll (Kaspersky Lab) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EPSON Stylus D68 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [SAFE2009 File Redirection Starter] C:\Program Files\Steganos Safe 11\fredirstarter.exe () O4 - HKLM..\Run: [SAFE2009 HotKeys] C:\Program Files\Steganos Safe 11\SteganosHotKeyService.exe () O4 - HKLM..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\ie_banner_deny.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006.10.28 14:27:39 | 000,000,175 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{452358e8-91a5-11df-945e-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{452358e8-91a5-11df-945e-806e6f6e6963}\Shell\AutoRun\command - "" = F:\SETUP.EXE -- [2006.10.28 14:27:39 | 000,463,152 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{452358e8-91a5-11df-945e-806e6f6e6963}\Shell\configure\command - "" = F:\SETUP.EXE -- [2006.10.28 14:27:39 | 000,463,152 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{452358e8-91a5-11df-945e-806e6f6e6963}\Shell\install\command - "" = F:\SETUP.EXE -- [2006.10.28 14:27:39 | 000,463,152 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{861a5983-91a7-11df-9517-000cf6487957}\Shell - "" = AutoRun O33 - MountPoints2\{861a5983-91a7-11df-9517-000cf6487957}\Shell\AutoRun\command - "" = L:\pushinst.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation) NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation) [color=#E56717]========== Files/Folders - Created Within 90 Days ==========[/color] [2010.07.18 21:42:14 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.07.18 21:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2010.07.18 21:28:48 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Malwarebytes [2010.07.18 21:28:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.07.18 21:28:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.07.18 21:28:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.07.18 21:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.07.18 21:19:36 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\MFTools [2010.07.18 18:07:43 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware [2010.07.18 18:07:43 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Documents\Anti-Malware [2010.07.18 18:07:21 | 000,000,000 | ---D | C] -- C:\Users\Thomas\dwhelper [2010.07.18 16:50:54 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\AskToolbar [2010.07.18 01:13:59 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2010.07.18 01:05:39 | 000,000,000 | ---D | C] -- C:\Windows.old.000 [2010.07.18 00:19:23 | 000,000,000 | ---D | C] -- C:\Windows.old [2010.07.17 22:53:52 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\VMware [2010.07.17 22:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\Boot-US [2010.07.17 19:19:39 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2010.07.17 19:18:42 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2010.07.17 19:16:37 | 000,000,000 | ---D | C] -- C:\Windows\de-DE [2010.07.17 19:16:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\XPSViewer [2010.07.17 19:16:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\0407 [2010.07.17 19:16:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\de-DE [2010.07.17 19:16:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\de [2010.07.17 19:11:00 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\System32\drivers\de-DE\pscr.sys.mui [2010.07.17 19:10:53 | 000,033,280 | ---- | C] (Marvell) -- C:\Windows\System32\drivers\de-DE\yk62x86.sys.mui [2010.07.17 19:09:37 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\de-DE\BrSerIb.sys.mui [2010.07.17 19:09:36 | 000,010,752 | ---- | C] (Agere Systems) -- C:\Windows\System32\drivers\de-DE\ltmdmnt.sys.mui [2010.07.17 19:09:32 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\de-DE\BrSerId.sys.mui [2010.07.17 19:09:32 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\de-DE\BrParwdm.sys.mui [2010.07.17 17:03:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works [2010.07.17 17:03:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2010.07.17 17:02:59 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2010.07.17 17:02:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2010.07.17 17:01:03 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\Microsoft Help [2010.07.17 17:00:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2010.07.17 17:00:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2010.07.17 16:49:57 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON [2010.07.17 16:42:37 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\vlc [2010.07.17 16:38:30 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\COMPUTERBILD-Abzockschutz [2010.07.17 16:37:15 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ6Toolbar [2010.07.17 16:37:07 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ [2010.07.17 16:31:35 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\ICQ [2010.07.17 16:31:35 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\AOL [2010.07.17 16:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2010.07.17 16:31:11 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\BitTorrent [2010.07.17 16:31:06 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.0 [2010.07.17 16:30:57 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent [2010.07.17 16:30:36 | 003,813,096 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\System32\GameMon.des [2010.07.17 16:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2010.07.17 16:26:37 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\System32\npptNT2.sys [2010.07.17 16:26:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared [2010.07.17 16:20:41 | 000,025,216 | ---- | C] (The OpenVPN Project) -- C:\Windows\System32\drivers\tap0901.sys [2010.07.17 16:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\S.A.D [2010.07.17 16:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2010.07.17 16:18:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2010.07.17 16:18:52 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2010.07.17 16:17:00 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\Adobe [2010.07.17 16:16:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2010.07.17 16:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab [2010.07.17 16:16:37 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2010.07.17 16:13:58 | 000,000,000 | ---D | C] -- C:\Program Files\COMPUTERBILD-Abzockschutz [2010.07.17 16:04:18 | 000,000,000 | ---D | C] -- C:\Program Files\TrackMania Nations ESWC [2010.07.17 16:00:46 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Macromedia [2010.07.17 16:00:44 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Adobe [2010.07.17 15:56:27 | 000,059,952 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vnetinst.dll [2010.07.17 15:56:27 | 000,016,560 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnetadapter.sys [2010.07.17 15:56:23 | 000,334,384 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe [2010.07.17 15:56:19 | 000,395,824 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe [2010.07.17 15:56:19 | 000,026,288 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnetuserif.sys [2010.07.17 15:56:16 | 000,051,248 | R--- | C] (VMware, Inc.) -- C:\Windows\System32\vmnetbridge.dll [2010.07.17 15:56:16 | 000,036,400 | R--- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnetbridge.sys [2010.07.17 15:56:16 | 000,018,736 | R--- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnet.sys [2010.07.17 15:56:14 | 000,760,368 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vnetlib.dll [2010.07.17 15:55:25 | 000,023,216 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\VMkbd.sys [2010.07.17 15:54:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware [2010.07.17 15:54:06 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware [2010.07.17 15:53:50 | 000,000,000 | ---D | C] -- C:\Program Files\VMware [2010.07.17 15:52:25 | 000,000,000 | ---D | C] -- C:\Program Files\Osborn Software [2010.07.17 15:50:58 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Apple Computer [2010.07.17 15:47:40 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\TeamViewer [2010.07.17 15:46:58 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer [2010.07.17 15:46:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010.07.17 15:45:35 | 000,000,000 | ---D | C] -- C:\Program Files\Games-Masters.com [2010.07.17 15:45:05 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information [2010.07.17 15:45:01 | 000,000,000 | ---D | C] -- C:\Program Files\avmwlanstick [2010.07.17 15:44:34 | 000,440,832 | ---- | C] (AVM GmbH) -- C:\Windows\System32\drivers\fwlanusbn.sys [2010.07.17 15:44:34 | 000,077,824 | ---- | C] (AVM Berlin) -- C:\Windows\System32\fwusbnci.dll [2010.07.17 15:44:34 | 000,004,352 | ---- | C] (AVM Berlin) -- C:\Windows\System32\drivers\avmeject.sys [2010.07.17 15:44:34 | 000,000,000 | ---D | C] -- C:\Windows\AVM_Driver [2010.07.17 15:44:32 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AVM_Driver [2010.07.17 15:44:09 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2010.07.17 15:43:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2010.07.17 15:43:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield [2010.07.17 15:42:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed [2010.07.17 15:42:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe [2010.07.17 15:42:16 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Mozilla [2010.07.17 15:42:16 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\Mozilla [2010.07.17 15:42:12 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Notepad++ [2010.07.17 15:42:12 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++ [2010.07.17 15:41:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2010.07.17 15:41:19 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\WinRAR [2010.07.17 15:40:03 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Steganos [2010.07.17 15:37:46 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\DivX [2010.07.17 15:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine [2010.07.17 15:37:40 | 000,000,000 | ---D | C] -- C:\Program Files\Steganos Safe 11 [2010.07.17 15:37:24 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2010.07.17 15:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared [2010.07.17 15:37:19 | 000,000,000 | ---D | C] -- C:\Program Files\DivX [2010.07.17 15:37:15 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2010.07.17 15:37:03 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2010.07.17 15:32:01 | 000,000,000 | R--D | C] -- C:\Users\Thomas\Searches [2010.07.17 15:32:00 | 000,000,000 | -H-D | C] -- C:\Users\Thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned [2010.07.17 15:31:51 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Identities [2010.07.17 15:31:49 | 000,000,000 | R--D | C] -- C:\Users\Thomas\Contacts [2010.07.17 15:31:40 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\VirtualStore [2010.07.17 15:31:31 | 000,000,000 | -HSD | C] -- C:\Users\Thomas\AppData\Local\Temporary Internet Files [2010.07.17 15:31:31 | 000,000,000 | -HSD | C] -- C:\Users\Thomas\Templates [2010.07.17 15:31:31 | 000,000,000 | -HSD | C] -- C:\Users\Thomas\Start Menu [2010.07.17 15:31:31 | 000,000,000 | -HSD | C] -- C:\Users\Thomas\SendTo [2010.07.17 15:31:31 | 000,000,000 | -HSD | C] -- C:\Users\Thomas\Recent [2010.07.17 15:31:31 | 000,000,000 | -HSD | C] -- C:\Users\Thomas\PrintHood [2010.07.17 15:31:31 | 000,000,000 | -HSD | C] -- C:\Users\Thomas\NetHood [2010.07.17 15:31:31 | 000,000,000 | -HSD | C] -- C:\Users\Thomas\Documents\My Videos [2010.07.17 15:31:31 | 000,000,000 | -HSD | C] -- C:\Users\Thomas\Documents\My Pictures [2010.07.17 15:31:31 | 000,000,000 | -HSD | C] -- C:\Users\Thomas\Documents\My Music [2010.07.17 15:31:31 | 000,000,000 | -HSD | C] -- C:\Users\Thomas\My Documents [2010.07.17 15:31:31 | 000,000,000 | -HSD | C] -- C:\Users\Thomas\Local Settings [2010.07.17 15:31:31 | 000,000,000 | -HSD | C] -- C:\Users\Thomas\AppData\Local\History [2010.07.17 15:31:31 | 000,000,000 | -HSD | C] -- C:\Users\Thomas\Cookies [2010.07.17 15:31:31 | 000,000,000 | -HSD | C] -- C:\Users\Thomas\Application Data [2010.07.17 15:31:31 | 000,000,000 | -HSD | C] -- C:\Users\Thomas\AppData\Local\Application Data [2010.07.17 15:31:29 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\Temp [2010.07.17 15:31:29 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\Microsoft [2010.07.17 15:31:29 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Media Center Programs [2010.07.17 15:31:28 | 000,000,000 | --SD | C] -- C:\Users\Thomas\AppData\Roaming\Microsoft [2010.07.17 15:31:28 | 000,000,000 | R--D | C] -- C:\Users\Thomas\Videos [2010.07.17 15:31:28 | 000,000,000 | R--D | C] -- C:\Users\Thomas\Saved Games [2010.07.17 15:31:28 | 000,000,000 | R--D | C] -- C:\Users\Thomas\Pictures [2010.07.17 15:31:28 | 000,000,000 | R--D | C] -- C:\Users\Thomas\Music [2010.07.17 15:31:28 | 000,000,000 | R--D | C] -- C:\Users\Thomas\Links [2010.07.17 15:31:28 | 000,000,000 | R--D | C] -- C:\Users\Thomas\Favorites [2010.07.17 15:31:28 | 000,000,000 | R--D | C] -- C:\Users\Thomas\Downloads [2010.07.17 15:31:28 | 000,000,000 | R--D | C] -- C:\Users\Thomas\Documents [2010.07.17 15:31:28 | 000,000,000 | R--D | C] -- C:\Users\Thomas\Desktop [2010.07.17 15:31:28 | 000,000,000 | -H-D | C] -- C:\Users\Thomas\AppData [2010.07.17 15:17:57 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2010.07.17 15:15:29 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2010.07.17 10:04:55 | 000,000,000 | ---D | C] -- C:\Virtuelle Maschinen [2010.07.17 09:58:40 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010.07.16 20:59:41 | 000,000,000 | RH-D | C] -- C:\MSOCache [2010.07.16 18:50:26 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Documents\LimeWire [2010.07.15 23:49:37 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Documents\Steganos Safe [2010.07.04 20:44:13 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Documents\ICQ [2010.07.02 22:50:52 | 000,000,000 | -HSD | C] -- C:\Boot [2010.07.02 15:11:18 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Documents\TM_Dedicated [2010.07.02 15:11:06 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Documents\Roger's [2010.07.02 15:11:02 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Documents\Bewerbungsseminar [2010.07.02 15:10:55 | 000,000,000 | R--D | C] -- C:\Users\Thomas\Documents\Bescheinigungen [2010.07.02 15:10:55 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Documents\Bewerbungen [2010.07.02 12:58:21 | 000,000,000 | -HSD | C] -- C:\Recovery [2010.07.02 12:51:59 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2010.05.06 09:08:38 | 000,219,736 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\klogon.dll [color=#E56717]========== Files - Modified Within 90 Days ==========[/color] [2010.07.18 22:22:45 | 001,048,576 | -HS- | M] () -- C:\Users\Thomas\NTUSER.DAT [2010.07.18 21:41:04 | 000,000,916 | ---- | M] () -- C:\Users\Thomas\Desktop\NTREGOPT.lnk [2010.07.18 21:41:04 | 000,000,897 | ---- | M] () -- C:\Users\Thomas\Desktop\ERUNT.lnk [2010.07.18 21:35:05 | 000,012,290 | ---- | M] () -- C:\Users\Thomas\Desktop\Verrückt.docx [2010.07.18 21:28:16 | 000,001,001 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.18 21:21:06 | 000,284,915 | ---- | M] () -- C:\Users\Thomas\Desktop\Gmer.zip [2010.07.18 20:59:25 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.07.18 20:59:24 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.07.18 20:58:28 | 001,506,624 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.07.18 20:58:28 | 000,654,452 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.07.18 20:58:28 | 000,618,494 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.07.18 20:58:28 | 000,130,678 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.07.18 20:58:28 | 000,107,400 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.07.18 20:53:33 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.07.18 20:53:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.07.18 20:53:15 | 2414,731,264 | -HS- | M] () -- C:\hiberfil.sys [2010.07.18 20:51:20 | 002,032,535 | -H-- | M] () -- C:\Users\Thomas\AppData\Local\IconCache.db [2010.07.18 18:08:01 | 000,001,017 | ---- | M] () -- C:\Users\Thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk [2010.07.18 18:08:01 | 000,000,993 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2010.07.18 12:59:12 | 000,068,240 | ---- | M] () -- C:\Users\Thomas\AppData\Local\GDIPFONTCACHEV1.DAT [2010.07.18 10:00:00 | 000,311,312 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.07.18 01:13:47 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2010.07.17 22:04:41 | 000,000,000 | ---- | M] () -- C:\Windows\Bootus.INI [2010.07.17 19:15:45 | 000,295,922 | ---- | M] () -- C:\Windows\System32\perfi007.dat [2010.07.17 19:15:45 | 000,038,104 | ---- | M] () -- C:\Windows\System32\perfd007.dat [2010.07.17 17:15:55 | 000,014,647 | ---- | M] () -- C:\Users\Thomas\Desktop\Christophe Maé.docx [2010.07.17 16:49:53 | 000,008,284 | ---- | M] () -- C:\Windows\System32\eps_icon.avi [2010.07.17 16:45:22 | 000,524,288 | -HS- | M] () -- C:\Users\Thomas\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2010.07.17 16:45:22 | 000,524,288 | -HS- | M] () -- C:\Users\Thomas\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010.07.17 16:45:22 | 000,065,536 | -HS- | M] () -- C:\Users\Thomas\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2010.07.17 16:37:51 | 000,001,429 | ---- | M] () -- C:\Users\Thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2010.07.17 16:37:27 | 000,001,816 | ---- | M] () -- C:\Users\Thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\ICQ7.lnk [2010.07.17 16:37:27 | 000,001,792 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.lnk [2010.07.17 16:31:12 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk [2010.07.17 16:30:49 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2010.07.17 16:20:42 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\CyberGhost VPN.lnk [2010.07.17 16:18:57 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.07.17 16:17:32 | 000,113,933 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat [2010.07.17 16:17:31 | 000,097,549 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat [2010.07.17 16:16:37 | 000,311,312 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2010.07.17 16:06:51 | 000,001,446 | ---- | M] () -- C:\Users\Thomas\Desktop\Expressburn.lnk [2010.07.17 16:04:56 | 000,001,157 | ---- | M] () -- C:\Users\Thomas\Desktop\TmNations.lnk [2010.07.17 15:56:54 | 000,001,016 | ---- | M] () -- C:\Users\Thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Workstation.lnk [2010.07.17 15:55:14 | 000,001,024 | ---- | M] () -- C:\.rnd [2010.07.17 15:55:10 | 000,002,018 | ---- | M] () -- C:\Users\Public\Desktop\VMware Workstation.lnk [2010.07.17 15:52:26 | 000,002,393 | ---- | M] () -- C:\Users\Thomas\Desktop\Advanced File Security 3.1.5 Basic.lnk [2010.07.17 15:51:13 | 000,001,319 | ---- | M] () -- C:\Users\Thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Cabal.lnk [2010.07.17 15:51:13 | 000,001,295 | ---- | M] () -- C:\Users\Public\Desktop\Cabal.lnk [2010.07.17 15:47:05 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk [2010.07.17 15:46:19 | 000,001,853 | ---- | M] () -- C:\Users\Thomas\Desktop\CCleaner.lnk [2010.07.17 15:44:21 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn [2010.07.17 15:44:21 | 000,001,409 | ---- | M] () -- C:\Windows\QTFont.for [2010.07.17 15:44:13 | 000,001,879 | ---- | M] () -- C:\Users\Thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk [2010.07.17 15:44:13 | 000,001,855 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.07.17 15:42:13 | 000,001,025 | ---- | M] () -- C:\Users\Public\Desktop\Notepad++.lnk [2010.07.17 15:41:53 | 000,001,931 | ---- | M] () -- C:\Users\Thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2010.07.17 15:41:53 | 000,001,907 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.07.17 15:37:57 | 000,001,570 | ---- | M] () -- C:\Users\Thomas\Desktop\DivX Movies.lnk [2010.07.17 15:37:44 | 000,001,104 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010.07.17 15:37:43 | 000,001,019 | ---- | M] () -- C:\Users\Public\Desktop\Safe.lnk [2010.07.17 15:37:38 | 000,001,144 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2010.07.17 15:31:31 | 000,000,020 | -HS- | M] () -- C:\Users\Thomas\ntuser.ini [2010.07.17 15:18:45 | 000,042,045 | ---- | M] () -- C:\Windows\System32\license.rtf [2010.07.17 15:17:11 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010.07.17 15:01:18 | 000,001,149 | ---- | M] () -- C:\Users\Thomas\Desktop\XMedia Recode.lnk [2010.07.14 19:45:16 | 001,282,560 | ---- | M] () -- C:\Users\Thomas\Desktop\antistress.exe [2010.07.03 13:08:40 | 996,147,200 | ---- | M] () -- C:\Users\Thomas\Documents\NeuPrivat.sle [2010.07.02 15:21:29 | 000,000,000 | -H-- | M] () -- C:\Users\Thomas\Documents\Default.rdp [2010.06.20 17:41:00 | 003,813,096 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\System32\GameMon.des [2010.06.02 17:34:50 | 037,070,489 | ---- | M] () -- C:\Users\Thomas\Documents\ABZ 10d.rar [2010.05.30 18:31:04 | 037,864,644 | ---- | M] () -- C:\Users\Thomas\Documents\10d_teil_2010_bunt.pdf [2010.05.19 22:07:56 | 000,017,038 | ---- | M] () -- C:\Users\Thomas\Documents\Cabal_Attack_Rechner.exe [2010.05.06 09:08:38 | 000,219,736 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\klogon.dll [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010.07.18 21:54:45 | 000,293,376 | ---- | C] () -- C:\Users\Thomas\Desktop\gmer.exe [2010.07.18 21:41:04 | 000,000,916 | ---- | C] () -- C:\Users\Thomas\Desktop\NTREGOPT.lnk [2010.07.18 21:41:04 | 000,000,897 | ---- | C] () -- C:\Users\Thomas\Desktop\ERUNT.lnk [2010.07.18 21:35:04 | 000,012,290 | ---- | C] () -- C:\Users\Thomas\Desktop\Verrückt.docx [2010.07.18 21:28:16 | 000,001,001 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.18 21:20:55 | 000,284,915 | ---- | C] () -- C:\Users\Thomas\Desktop\Gmer.zip [2010.07.18 18:08:01 | 000,001,017 | ---- | C] () -- C:\Users\Thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk [2010.07.18 18:08:01 | 000,000,993 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2010.07.17 22:04:41 | 000,000,000 | ---- | C] () -- C:\Windows\Bootus.INI [2010.07.17 22:01:41 | 000,081,920 | ---- | C] () -- C:\Windows\System32\GkSui20.EXE [2010.07.17 19:17:28 | 000,654,452 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2010.07.17 19:17:28 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2010.07.17 19:17:28 | 000,130,678 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2010.07.17 19:17:28 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2010.07.17 17:15:54 | 000,014,647 | ---- | C] () -- C:\Users\Thomas\Desktop\Christophe Maé.docx [2010.07.17 16:49:53 | 000,008,284 | ---- | C] () -- C:\Windows\System32\eps_icon.avi [2010.07.17 16:37:51 | 000,001,429 | ---- | C] () -- C:\Users\Thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2010.07.17 16:37:27 | 000,001,816 | ---- | C] () -- C:\Users\Thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\ICQ7.lnk [2010.07.17 16:37:27 | 000,001,792 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.lnk [2010.07.17 16:31:12 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk [2010.07.17 16:30:49 | 000,001,046 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2010.07.17 16:26:37 | 000,005,174 | ---- | C] () -- C:\Windows\System32\nppt9x.vxd [2010.07.17 16:20:42 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\CyberGhost VPN.lnk [2010.07.17 16:18:57 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.07.17 16:17:32 | 000,113,933 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2010.07.17 16:17:31 | 000,097,549 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2010.07.17 15:56:54 | 000,001,016 | ---- | C] () -- C:\Users\Thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Workstation.lnk [2010.07.17 15:55:10 | 000,002,018 | ---- | C] () -- C:\Users\Public\Desktop\VMware Workstation.lnk [2010.07.17 15:51:13 | 000,001,319 | ---- | C] () -- C:\Users\Thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Cabal.lnk [2010.07.17 15:51:13 | 000,001,295 | ---- | C] () -- C:\Users\Public\Desktop\Cabal.lnk [2010.07.17 15:48:53 | 000,001,446 | ---- | C] () -- C:\Users\Thomas\Desktop\Expressburn.lnk [2010.07.17 15:47:05 | 000,001,142 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk [2010.07.17 15:46:19 | 000,001,853 | ---- | C] () -- C:\Users\Thomas\Desktop\CCleaner.lnk [2010.07.17 15:44:38 | 000,013,112 | ---- | C] () -- C:\Windows\instwcli.inf [2010.07.17 15:44:34 | 000,016,037 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusbn.bin [2010.07.17 15:44:17 | 000,054,156 | -H-- | C] () -- C:\Windows\QTFont.qfn [2010.07.17 15:44:17 | 000,001,409 | ---- | C] () -- C:\Windows\QTFont.for [2010.07.17 15:44:13 | 000,001,879 | ---- | C] () -- C:\Users\Thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk [2010.07.17 15:44:13 | 000,001,855 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.07.17 15:42:13 | 000,001,025 | ---- | C] () -- C:\Users\Public\Desktop\Notepad++.lnk [2010.07.17 15:41:53 | 000,001,931 | ---- | C] () -- C:\Users\Thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2010.07.17 15:41:53 | 000,001,907 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.07.17 15:37:44 | 000,001,104 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010.07.17 15:37:43 | 000,001,019 | ---- | C] () -- C:\Users\Public\Desktop\Safe.lnk [2010.07.17 15:37:38 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2010.07.17 15:31:31 | 000,000,020 | -HS- | C] () -- C:\Users\Thomas\ntuser.ini [2010.07.17 15:31:30 | 000,524,288 | -HS- | C] () -- C:\Users\Thomas\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2010.07.17 15:31:30 | 000,524,288 | -HS- | C] () -- C:\Users\Thomas\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010.07.17 15:31:29 | 000,262,144 | -HS- | C] () -- C:\Users\Thomas\ntuser.dat.LOG1 [2010.07.17 15:31:29 | 000,065,536 | -HS- | C] () -- C:\Users\Thomas\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2010.07.17 15:31:29 | 000,000,290 | ---- | C] () -- C:\Users\Thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk [2010.07.17 15:31:29 | 000,000,272 | ---- | C] () -- C:\Users\Thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk [2010.07.17 15:31:29 | 000,000,000 | -HS- | C] () -- C:\Users\Thomas\ntuser.dat.LOG2 [2010.07.17 15:31:28 | 001,048,576 | -HS- | C] () -- C:\Users\Thomas\NTUSER.DAT [2010.07.17 15:17:11 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010.07.17 14:48:34 | 000,001,570 | ---- | C] () -- C:\Users\Thomas\Desktop\DivX Movies.lnk [2010.07.16 19:17:53 | 000,002,393 | ---- | C] () -- C:\Users\Thomas\Desktop\Advanced File Security 3.1.5 Basic.lnk [2010.07.16 11:59:20 | 001,282,560 | ---- | C] () -- C:\Users\Thomas\Desktop\antistress.exe [2010.07.03 14:18:39 | 000,001,149 | ---- | C] () -- C:\Users\Thomas\Desktop\XMedia Recode.lnk [2010.07.03 13:41:28 | 000,001,157 | ---- | C] () -- C:\Users\Thomas\Desktop\TmNations.lnk [2010.07.02 22:50:54 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK [2010.07.02 22:50:53 | 000,383,562 | RHS- | C] () -- C:\bootmgr [2010.07.02 21:52:43 | 000,001,266 | ---- | C] () -- C:\Users\Thomas\Desktop\Windows Update.lnk [2010.07.02 15:42:17 | 000,001,024 | ---- | C] () -- C:\.rnd [2010.07.02 15:21:29 | 000,000,000 | -H-- | C] () -- C:\Users\Thomas\Documents\Default.rdp [2010.07.02 15:11:36 | 001,869,824 | ---- | C] () -- C:\Users\Thomas\Documents\Der Bundestag pp2003.ppt [2010.07.02 15:11:36 | 000,380,496 | ---- | C] () -- C:\Users\Thomas\Documents\Der Bundestag pp2007.pptx [2010.07.02 15:11:36 | 000,102,912 | ---- | C] () -- C:\Users\Thomas\Documents\Berufswahlkunde.ppt [2010.07.02 15:11:36 | 000,017,038 | ---- | C] () -- C:\Users\Thomas\Documents\Cabal_Attack_Rechner.exe [2010.07.02 15:11:36 | 000,015,455 | ---- | C] () -- C:\Users\Thomas\Documents\Lebenslauf.docx [2010.07.02 15:11:36 | 000,015,178 | ---- | C] () -- C:\Users\Thomas\Documents\Buchvorstellung.docx [2010.07.02 15:11:36 | 000,012,614 | ---- | C] () -- C:\Users\Thomas\Documents\Die Welle.docx [2010.07.02 15:11:36 | 000,001,629 | ---- | C] () -- C:\Users\Thomas\Documents\blutdruck.rtf [2010.07.02 15:11:35 | 005,179,350 | ---- | C] () -- C:\Users\Thomas\Documents\Achmed the Dead Terrorist - Deutsche Untertitel (Updated).mp3 [2010.07.02 15:11:34 | 037,070,489 | ---- | C] () -- C:\Users\Thomas\Documents\ABZ 10d.rar [2010.07.02 15:11:34 | 000,043,315 | ---- | C] () -- C:\Users\Thomas\Documents\8161.doc [2010.07.02 15:11:34 | 000,015,128 | ---- | C] () -- C:\Users\Thomas\Documents\70148.pdf [2010.07.02 15:11:34 | 000,015,128 | ---- | C] () -- C:\Users\Thomas\Documents\70148(2).pdf [2010.07.02 15:11:34 | 000,014,811 | ---- | C] () -- C:\Users\Thomas\Documents\8161.pdf [2010.07.02 15:11:34 | 000,014,610 | ---- | C] () -- C:\Users\Thomas\Documents\8271.pdf [2010.07.02 15:11:34 | 000,014,553 | ---- | C] () -- C:\Users\Thomas\Documents\14954.pdf [2010.07.02 15:11:34 | 000,014,341 | ---- | C] () -- C:\Users\Thomas\Documents\59151A.rtf [2010.07.02 15:11:34 | 000,013,657 | ---- | C] () -- C:\Users\Thomas\Documents\59141A.rtf [2010.07.02 15:11:33 | 037,864,644 | ---- | C] () -- C:\Users\Thomas\Documents\10d_teil_2010_bunt.pdf [2010.07.02 15:11:33 | 000,202,822 | ---- | C] () -- C:\Users\Thomas\Documents\2.JPG [2010.07.02 15:11:33 | 000,198,336 | ---- | C] () -- C:\Users\Thomas\Documents\3.JPG [2010.07.02 15:11:33 | 000,168,211 | ---- | C] () -- C:\Users\Thomas\Documents\1.JPG [2010.07.02 15:10:37 | 600,932,352 | ---- | C] () -- C:\Users\Thomas\Documents\Windows XP Home.ISO [2010.07.02 15:10:37 | 000,793,600 | ---- | C] () -- C:\Users\Thomas\Documents\Sozialkunde Powerpoint.pptx [2010.07.02 15:10:37 | 000,151,971 | ---- | C] () -- C:\Users\Thomas\Documents\Steganos Code.JPG [2010.07.02 15:10:37 | 000,074,655 | ---- | C] () -- C:\Users\Thomas\Documents\Stalin und der „Stalinismus.pptx [2010.07.02 12:59:02 | 000,171,136 | RHS- | C] () -- C:\grldr [2010.07.02 12:51:59 | 2414,731,264 | -HS- | C] () -- C:\hiberfil.sys [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2005.02.25 06:15:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\EPSPTDV.DLL [color=#E56717]========== LOP Check ==========[/color] [2010.07.17 16:45:19 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\BitTorrent [2010.07.17 16:38:30 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\COMPUTERBILD-Abzockschutz [2010.07.18 20:32:54 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\ICQ [2010.07.17 15:42:19 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Notepad++ [2010.07.17 15:40:03 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Steganos [2010.07.17 15:47:40 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\TeamViewer [2009.07.14 06:53:46 | 000,002,844 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color] [2010.07.17 15:55:14 | 000,001,024 | ---- | M] () -- C:\.rnd [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009.07.14 03:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr [2010.07.18 01:13:47 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2009.06.10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys [2009.08.02 10:59:51 | 000,171,136 | RHS- | M] () -- C:\grldr [2010.07.18 20:53:15 | 2414,731,264 | -HS- | M] () -- C:\hiberfil.sys [2008.04.14 14:00:00 | 000,047,564 | ---- | M] () -- C:\ntdetect.com [2008.04.14 14:00:00 | 000,251,712 | ---- | M] () -- C:\ntldr [2010.07.18 20:53:18 | 3219,644,416 | -HS- | M] () -- C:\pagefile.sys [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [2009.07.14 03:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\msvbvm60.dll [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color] [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /90 >[/color] [2010.07.17 16:16:37 | 000,311,312 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [color=#A23BEC]< %systemroot%\system32\user32.dll /md5 >[/color] [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [color=#A23BEC]< %systemroot%\system32\ws2_32.dll /md5 >[/color] [2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll [color=#A23BEC]< %systemroot%\system32\ws2help.dll /md5 >[/color] [2009.07.14 03:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\System32\ws2help.dll [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color] [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-18 07:42:13 [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 88 bytes -> C:\Users\Thomas\Documents\Cabal_Attack_Rechner.exe:SummaryInformation < End of report > Extras Log OTL Extras logfile created on: 18.07.2010 22:22:20 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Thomas\Desktop\MFTools Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 170,15 Gb Total Space | 52,38 Gb Free Space | 30,79% Space Free | Partition Type: NTFS Drive D: | 165,20 Gb Total Space | 49,31 Gb Free Space | 29,85% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 330,79 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: THOMAS-PC Current User Name: Thomas Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" File not found Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 "" = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd "{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware "{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7 "{896B238F-7CFE-4952-82EB-96E63E8E67B6}" = COMPUTERBILD-Abzockschutz "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Security Suite CBE 10 "{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation "{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris "{AC5CEC91-F421-4D5F-86EA-5D51E815B8EC}" = Steganos Safe 11 "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch "{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k "{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux "{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin Gmer Log GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-07-18 22:19:30 Windows 6.1.7600 Running: gmer.exe; Driver: C:\Users\Thomas\AppData\Local\Temp\kxryipob.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x8F849BD0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x8F84B52C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x8F84B782] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x8F84B9FC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x8F84A450] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x8F84AB32] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x8F84AF3C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x8F84A5F8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x8F84AE14] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x8F8497D6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x8F84ACD0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x8F849992] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x8F84B06E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0x8F84CCB0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x8F84A0EE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x8F84A1EE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x8F84AD72] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x8F84C6A2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x8F84D672] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x8F84A752] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x8F84C734] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x8F84CD64] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x8F84AFDE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x8F84A4D2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x8F84AEAC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x8F849DD6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x8F84CCDA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x8F84B110] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x8F849CFA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x8F84BC3E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x8F84D07C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x8F84C9CA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x8F84B49A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x8F84B360] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x8F84C442] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x8F84D554] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x8F84A86C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x8F84A30C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x8F84BCF2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x8F84C82E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x8F84D1BC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x8F84D2A0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x8F84D3C8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x8F84C5CE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x8F849F4E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x8F849EA4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x8F84CF32] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x8F84A02E] INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E41AF8 INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E41104 INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E413F4 INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2A2D8 INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E411DC INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E41958 INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E416F8 INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E41F2C INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E421A8 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A5A599 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A7EF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 220 82A86730 4 Bytes [D0, 9B, 84, 8F] .text ntkrnlpa.exe!RtlSidHashLookup + 248 82A86758 8 Bytes [2C, B5, 84, 8F, 82, B7, 84, ...] {SUB AL, 0xb5; TEST [EDI-0x707b487e], CL} .text ntkrnlpa.exe!RtlSidHashLookup + 28C 82A8679C 4 Bytes [FC, B9, 84, 8F] .text ntkrnlpa.exe!RtlSidHashLookup + 2B8 82A867C8 4 Bytes [50, A4, 84, 8F] .text ntkrnlpa.exe!RtlSidHashLookup + 2DC 82A867EC 4 Bytes [32, AB, 84, 8F] .text ... .text peauth.sys 98D03C9D 28 Bytes [C4, 7C, 96, 25, 41, 80, A5, ...] .text peauth.sys 98D03CC1 28 Bytes [C4, 7C, 96, 25, 41, 80, A5, ...] PAGE peauth.sys 98D09B9B 72 Bytes [09, 69, C4, 25, 16, 18, 68, ...] PAGE peauth.sys 98D09BEC 111 Bytes [D9, 84, 53, FF, 08, 9E, CE, ...] PAGE peauth.sys 98D0A02C 102 Bytes [50, 14, 14, 71, 74, B5, 96, ...] .text autochk.exe 004211D1 21 Bytes [51, 8B, 57, 04, 23, 55, F8, ...] .text autochk.exe 004211E7 3 Bytes CALL 00423B00 \Windows\System32\autochk.exe (Auto Check Utility/Microsoft Corporation) .text autochk.exe 004211EC 3 Bytes [66, 3D, 08] .text autochk.exe 004211F0 18 Bytes [76, 31, 8D, 46, FF, 8A, 08, ...] .text autochk.exe 00421203 60 Bytes [30, 48, EB, EE, 3B, 45, 0C, ...] .text ... ---- User code sections - GMER 1.0.15 ---- ? C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch; ? C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] USER32.dll!NotifyWinEvent + 48B 758EF724 4 Bytes [70, 11, 33, 6C] ? C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch; ? C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] USER32.dll!NotifyWinEvent + 48B 758EF724 4 Bytes [70, 11, 33, 6C] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 001F0240 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 001F02B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 001F0320 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 001F0390 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 001F07F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 001F0860 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 001F0B00 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 001F0B70 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 001F0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 001F0C50 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 00C70DA0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 001F0CC0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 00C70E10 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 00C70E80 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] 00C70EF0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00C70F60 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 77220860 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 772208D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 77220940 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 772209B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 001F0D30 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 001F0DA0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 77220A20 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 77220A90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 77220B00 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 77220B70 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 77220BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 77220C50 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 77210940 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 772109B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 77210A20 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 77210B00 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 00C80400 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 00C80470 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 00C804E0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 00C80550 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 00C805C0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 00C80630 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 00C806A0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 77210CC0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] 00C80710 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00C80780 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 003006A0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 00C902B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 00C90320 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 00C90390 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 00300710 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 003007F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 00C90400 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 00C90470 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 00C904E0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 00C90550 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 00C905C0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 00C90630 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 00C906A0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 00C90710 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00C90780 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 00300860 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 003008D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 00300940 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00C90B70 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00C90BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap] 77210080 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap] 77210010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] 77210080 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] 77210010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] 77210080 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] 77210010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree] 772102B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!VirtualAlloc] 77210320 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 772204E0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 77220390 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW] 772201D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] 77220320 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 772202B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 77220240 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 772200F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 77210010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 77210080 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryExA] 77220320 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 772200F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 77220240 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 772204E0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!CreateThread] 772101D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!SetErrorMode] 77220470 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!LoadLibraryW] 77220400 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!HeapFree] 772102B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 772204E0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!LoadLibraryExW] 77220390 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetProcAddress] 77220240 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!LoadLibraryA] 772202B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!FreeLibrary] 772200F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetModuleFileNameW] 772201D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1620] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetModuleFileNameA] 77220160 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 001F0240 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 001F02B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 001F0320 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 001F0390 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 001F07F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 001F0860 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 001F0B00 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 001F0B70 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 001F0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 001F0C50 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 003C0DA0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 001F0CC0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 003C0E10 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 003C0E80 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] 003C0EF0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 003C0F60 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 77220860 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 772208D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 77220940 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 772209B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 001F0D30 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 001F0DA0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 77220A20 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 77220A90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 77220B00 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 77220B70 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 77220BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 77220C50 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 77210940 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 772109B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 77210A20 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 77210B00 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 003D0400 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 003D0470 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 003D04E0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 003D0550 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 003D05C0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 003D0630 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 003D06A0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 77210CC0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] 003D0710 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 003D0780 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 002006A0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 003E02B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 003E0320 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 003E0390 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 00200710 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 002007F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 003E0400 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 003E0470 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 003E04E0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 003E0550 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 003E05C0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 003E0630 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 003E06A0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 003E0710 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 003E0780 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 00200860 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 002008D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 00200940 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 003E0B70 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 003E0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 77210010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 77210080 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] 77210080 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2316] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] 77210010 IAT C:\Program Files\Emsisoft Anti-Malware\a2service.exe[4668] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] [004554DC] C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft Anti-Malware Service/Emsi Software GmbH) IAT C:\Program Files\Emsisoft Anti-Malware\a2service.exe[4668] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [004556E0] C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft Anti-Malware Service/Emsi Software GmbH) IAT C:\Program Files\Emsisoft Anti-Malware\a2service.exe[4668] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [004554DC] C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft Anti-Malware Service/Emsi Software GmbH) IAT C:\Program Files\Emsisoft Anti-Malware\a2service.exe[4668] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [004556E0] C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft Anti-Malware Service/Emsi Software GmbH) IAT C:\Windows\System32\rundll32.exe[5416] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75145E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Windows\System32\rundll32.exe[5416] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75145E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Windows\System32\rundll32.exe[5416] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75145E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Windows\System32\rundll32.exe[5416] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75145E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \Driver\usbuhci \Device\USBPDO-0 hcmon.sys Device \Driver\usbuhci \Device\USBPDO-1 hcmon.sys Device \Driver\usbuhci \Device\USBPDO-2 hcmon.sys Device \Driver\usbuhci \Device\USBPDO-3 hcmon.sys Device \Driver\ACPI_HAL \Device\00000054 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) Device \Driver\usbehci \Device\USBPDO-4 hcmon.sys AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) Device \Driver\usbuhci \Device\USBPDO-5 hcmon.sys Device \Driver\usbuhci \Device\USBPDO-6 hcmon.sys Device \Driver\usbhub \Device\00000070 hcmon.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\usbehci \Device\USBPDO-7 hcmon.sys Device \Driver\usbhub \Device\00000071 hcmon.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\usbhub \Device\USBPDO-8 hcmon.sys Device \Driver\usbhub \Device\00000072 hcmon.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\usbhub \Device\USBPDO-9 hcmon.sys Device \Driver\usbhub \Device\00000073 hcmon.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\usbhub \Device\USBPDO-11 hcmon.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys Device \Driver\usbhub \Device\0000006c hcmon.sys Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys Device \Driver\usbhub \Device\0000006d hcmon.sys Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys Device \Driver\usbhub \Device\0000006e hcmon.sys Device \Driver\usbuhci \Device\USBFDO-3 hcmon.sys Device \Driver\usbhub \Device\0000006f hcmon.sys Device \Driver\usbehci \Device\USBFDO-4 hcmon.sys Device \Driver\usbuhci \Device\USBFDO-5 hcmon.sys Device \Driver\usbuhci \Device\USBFDO-6 hcmon.sys Device \Driver\usbehci \Device\USBFDO-7 hcmon.sys AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 sector 01: copy of MBR ---- EOF - GMER 1.0.15 ---- MBAM Log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4324 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 18.07.2010 21:50:42 mbam-log-2010-07-18 (21-50-42).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 127901 Laufzeit: 5 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden)