| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Wahrscheinlich Virus! Werde bei google.de auf gondorsarmeederhoffnung.de umgeleitet!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.11.2010, 18:56
| #1 | |
| |  Wahrscheinlich Virus! Werde bei google.de auf gondorsarmeederhoffnung.de umgeleitet! Guten Abend, Ich habe das Problem das Ich bei aufrufen vonn google.de auf die Seite gondorsarmeederhoffnung.de verwiesen werde. In der Taskleiste steht trotzdem google.de Da Ich das gleiche Problem schon einmal hier gesehen habe, habe auch ich Logfiles mit OTL und Malwarebytes erstellt: Ich nutze Mozilla Firefox Zitat:
OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.11.2010 18:50:18 - Run 2 OTL by OldTimer - Version 3.2.17.3 Folder = c:\Users\***\Downloads Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.023,00 Mb Total Physical Memory | 235,00 Mb Available Physical Memory | 23,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 42,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148,10 Gb Total Space | 103,42 Gb Free Space | 69,83% Space Free | Partition Type: NTFS Drive D: | 73,07 Gb Total Space | 72,98 Gb Free Space | 99,88% Space Free | Partition Type: NTFS Computer Name: ROUVEN-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - c:\Users\***\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe (Microsoft) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) PRC - C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation) ========== Modules (SafeList) ========== MOD - c:\Users\Rouven\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (PostgreSQL) -- C:\Program Files\PostgreSQL\8.0-beta2-dev3\bin\pg_ctl.exe File not found SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe () SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) SRV - (lxcg_device) -- C:\Windows\System32\lxcgcoms.exe () ========== Driver Services (SafeList) ========== DRV - (TSMPacket) -- C:\Windows\System32\DRIVERS\tsmpkt.sys File not found DRV - (SCREAMINGBDRIVER) -- C:\Windows\System32\drivers\ScreamingBAudio.sys File not found DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek ) DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab) DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (AmdLLD) -- C:\Windows\System32\drivers\AmdLLD.sys (AMD, Inc.) DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV - (nvraid) NVIDIA nForce(tm) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvatabus) -- C:\Windows\system32\drivers\nvatabus.sys (NVIDIA Corporation) DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation) DRV - (JGOGO) -- C:\Windows\system32\drivers\jgogo.sys (JMicron ) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://alice.aol.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://searchbox.digsby.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "hxxp://www.partypatrol-events.de" FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.87 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.30 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: toolbar-ff@payback.de:1.0.3.71 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.partypatrol-events.de/" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.03.31 16:55:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.19 12:47:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.19 12:47:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\THBExt [2010.05.22 19:25:16 | 000,000,000 | ---D | M] [2008.09.04 16:00:11 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\mozilla\Extensions [2010.11.19 17:08:24 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\mozilla\Firefox\Profiles\37rddmmq.default\extensions [2010.11.16 21:38:16 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Rouven\AppData\Roaming\mozilla\Firefox\Profiles\37rddmmq.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2010.05.22 20:28:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Rouven\AppData\Roaming\mozilla\Firefox\Profiles\37rddmmq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.13 19:53:55 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Rouven\AppData\Roaming\mozilla\Firefox\Profiles\37rddmmq.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2010.07.23 11:18:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rouven\AppData\Roaming\mozilla\Firefox\Profiles\37rddmmq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.05.09 20:30:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rouven\AppData\Roaming\mozilla\Firefox\Profiles\37rddmmq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.11.16 21:37:56 | 000,000,000 | ---D | M] (COMPUTERBILD-Abzockschutz) -- C:\Users\Rouven\AppData\Roaming\mozilla\Firefox\Profiles\37rddmmq.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398} [2010.05.22 20:28:09 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Rouven\AppData\Roaming\mozilla\Firefox\Profiles\37rddmmq.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.07.23 11:18:33 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Rouven\AppData\Roaming\mozilla\Firefox\Profiles\37rddmmq.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2010.09.18 20:59:03 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\mozilla\Firefox\Profiles\37rddmmq.default\extensions\personas@christopher.beard [2010.11.19 17:08:12 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\mozilla\Firefox\Profiles\37rddmmq.default\extensions\toolbar-ff@payback.de [2010.11.16 21:38:16 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\mozilla\Firefox\Profiles\37rddmmq.default\extensions\webmynd@yourentirelife.com [2008.02.19 17:19:41 | 000,001,878 | ---- | M] () -- C:\Users\Rouven\AppData\Roaming\Mozilla\FireFox\Profiles\37rddmmq.default\searchplugins\aolsearch.xml [2008.07.30 08:35:38 | 000,002,220 | ---- | M] () -- C:\Users\Rouven\AppData\Roaming\Mozilla\FireFox\Profiles\37rddmmq.default\searchplugins\digsby.xml [2010.11.19 12:47:28 | 000,000,950 | ---- | M] () -- C:\Users\Rouven\AppData\Roaming\Mozilla\FireFox\Profiles\37rddmmq.default\searchplugins\icqplugin-1.xml [2008.02.08 21:45:39 | 000,000,949 | ---- | M] () -- C:\Users\Rouven\AppData\Roaming\Mozilla\FireFox\Profiles\37rddmmq.default\searchplugins\icqplugin-2.xml [2009.01.19 02:07:00 | 000,000,950 | ---- | M] () -- C:\Users\Rouven\AppData\Roaming\Mozilla\FireFox\Profiles\37rddmmq.default\searchplugins\icqplugin-3.xml [2009.02.06 11:57:13 | 000,000,950 | ---- | M] () -- C:\Users\Rouven\AppData\Roaming\Mozilla\FireFox\Profiles\37rddmmq.default\searchplugins\icqplugin-4.xml [2009.03.05 22:39:57 | 000,000,950 | ---- | M] () -- C:\Users\Rouven\AppData\Roaming\Mozilla\FireFox\Profiles\37rddmmq.default\searchplugins\icqplugin-5.xml [2009.03.30 12:16:17 | 000,000,950 | ---- | M] () -- C:\Users\Rouven\AppData\Roaming\Mozilla\FireFox\Profiles\37rddmmq.default\searchplugins\icqplugin-6.xml [2009.04.23 19:21:49 | 000,000,950 | ---- | M] () -- C:\Users\Rouven\AppData\Roaming\Mozilla\FireFox\Profiles\37rddmmq.default\searchplugins\icqplugin-7.xml [2009.04.30 06:58:29 | 000,000,950 | ---- | M] () -- C:\Users\Rouven\AppData\Roaming\Mozilla\FireFox\Profiles\37rddmmq.default\searchplugins\icqplugin-8.xml [2008.12.15 15:45:18 | 000,000,944 | ---- | M] () -- C:\Users\Rouven\AppData\Roaming\Mozilla\FireFox\Profiles\37rddmmq.default\searchplugins\icqplugin.xml [2009.01.12 11:45:40 | 000,003,915 | ---- | M] () -- C:\Users\Rouven\AppData\Roaming\Mozilla\FireFox\Profiles\37rddmmq.default\searchplugins\sweetim.xml [2010.11.12 11:23:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009.01.18 19:38:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.06.05 22:22:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.21 18:42:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.12 10:52:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.05.22 19:26:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2006.09.26 13:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll [2010.11.19 12:47:41 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.11.19 12:47:41 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.11.19 12:47:42 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.11.19 12:47:42 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.11.19 12:47:43 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.06.14 12:49:52 | 000,000,934 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 81.169.180.144 www.google.de O1 - Hosts: 81.169.180.144 google.de O1 - Hosts: 127.0.0.1 www.google-analytics.com O1 - Hosts: 127.0.0.1 google-analytics.com O2 - BHO: (CBAbzockschutz.InitToolbarBHO) - {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} - mscoree.dll (Microsoft Corporation) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\ievkbd.dll (Kaspersky Lab) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab) O3 - HKLM\..\Toolbar: (COMPUTERBILD-Abzockschutz) - {353e2a48-6254-4bd3-88f4-3b51a0ca7870} - mscoree.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation) O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [BrowserMask] C:\Program Files\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe (Microsoft) O4 - HKCU..\Run: [MBPlayer] C:\Program Files\MB application\MBPlayer.exe (MusicBrigade) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Rouven\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\ie_banner_deny.htm () O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab) O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://static.ak.schuelervz.net/photouploader/ImageUploader4.cab?nocache=20071128-1 (Image Uploader Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\mzvkbd3.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\kloehk.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab) O24 - Desktop WallPaper: C:\Users\Rouven\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Rouven\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{b72dc813-7be8-11dc-a081-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{b72dc813-7be8-11dc-a081-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.11.19 18:08:46 | 000,000,000 | ---D | C] -- C:\Users\Rouven\AppData\Roaming\Malwarebytes [2010.11.19 18:08:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.11.19 18:08:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.11.19 18:08:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.11.19 18:08:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.11.19 12:43:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2010.11.16 15:26:37 | 000,000,000 | ---D | C] -- C:\Users\Rouven\AppData\Local\Windows Live [2010.11.12 18:52:25 | 000,000,000 | ---D | C] -- C:\Users\Rouven\Desktop\Sarah [2010.11.12 11:21:27 | 000,000,000 | ---D | C] -- C:\Windows\pss [2010.11.11 20:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\T-DSL SpeedManager [2010.11.11 20:30:45 | 000,000,000 | ---D | C] -- C:\Users\Rouven\AppData\Roaming\T-DSL SpeedManager [2010.11.11 20:24:08 | 000,000,000 | ---D | C] -- C:\Users\Rouven\AppData\Roaming\COMPUTERBILD-Abzockschutz [6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.11.19 18:50:18 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F2332C4A-606F-42E8-AA2C-E74D32FCB104}.job [2010.11.19 18:16:12 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.11.19 18:16:12 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.11.19 18:08:24 | 000,000,784 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.19 18:00:02 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.11.19 12:33:21 | 000,115,465 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat [2010.11.19 12:33:21 | 000,097,545 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat [2010.11.12 19:57:23 | 000,000,842 | ---- | M] () -- C:\Users\Rouven\Desktop\AntiBrowserSpy.lnk [2010.11.12 13:19:41 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk [2010.11.12 12:22:08 | 000,674,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.11.12 12:22:08 | 000,634,202 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.11.12 12:22:08 | 000,145,834 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.11.12 12:22:08 | 000,119,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.11.12 12:15:02 | 000,334,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.11.11 22:52:27 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2010.10.28 18:46:51 | 000,041,984 | ---- | M] () -- C:\Users\Rouven\Documents\Finanzplanung Rouven Netbook2.xlt [2010.10.28 18:46:36 | 000,041,984 | ---- | M] () -- C:\Users\Rouven\Documents\Finanzplanung Rouven Netbook.xls [2010.10.24 20:29:02 | 000,012,038 | ---- | M] () -- C:\Users\Rouven\Desktop\Finanzplanung Ilona.ods [6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.11.19 18:08:24 | 000,000,784 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.19 12:40:07 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2010.11.19 12:40:07 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2010.11.19 12:40:06 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2010.11.12 13:19:41 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk [2010.11.11 22:52:21 | 000,000,770 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2010.11.11 22:50:28 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.11.11 22:50:24 | 000,001,092 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.10.28 18:46:49 | 000,041,984 | ---- | C] () -- C:\Users\Rouven\Documents\Finanzplanung Rouven Netbook2.xlt [2010.10.28 18:46:28 | 000,041,984 | ---- | C] () -- C:\Users\Rouven\Documents\Finanzplanung Rouven Netbook.xls [2010.09.23 22:28:23 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.09.23 22:28:23 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2009.12.03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.09.11 10:03:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.02.05 17:15:51 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll [2009.01.15 00:47:46 | 000,000,094 | ---- | C] () -- C:\Users\Rouven\AppData\Local\fusioncache.dat [2009.01.02 21:38:03 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2008.10.24 21:53:32 | 000,000,229 | ---- | C] () -- C:\Windows\ULEAD32.INI [2008.07.21 20:41:32 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2008.06.09 11:27:04 | 000,000,514 | ---- | C] () -- C:\Users\Rouven\AppData\Roaming\Wimpomat.ini [2008.04.03 13:10:41 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2008.03.27 20:15:01 | 000,408,576 | ---- | C] () -- C:\Windows\System32\Smab.dll [2008.03.27 20:15:01 | 000,070,656 | ---- | C] () -- C:\Windows\System32\yv12vfw.dll [2008.03.27 20:15:01 | 000,070,656 | ---- | C] () -- C:\Windows\System32\i420vfw.dll [2008.03.27 20:15:01 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2007.12.09 16:22:28 | 000,000,023 | ---- | C] () -- C:\Windows\ODBCINST.INI [2007.11.13 09:32:44 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2007.10.30 02:02:48 | 000,000,463 | ---- | C] () -- C:\Windows\cdplayer.ini [2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2007.10.20 16:38:57 | 000,000,988 | ---- | C] () -- C:\Users\Rouven\AppData\Roaming\wklnhst.dat [2007.10.16 20:27:08 | 000,012,800 | ---- | C] () -- C:\Users\Rouven\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.10.09 10:52:58 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007.10.09 07:36:10 | 000,135,168 | ---- | C] () -- C:\Windows\System32\property.dll [2007.08.16 14:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll [2006.11.02 09:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SP207.INI [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.08.11 08:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [2005.12.21 15:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll [2005.12.21 15:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll [2005.05.11 10:24:46 | 000,102,400 | ---- | C] () -- C:\Windows\System32\lxcginsr.dll [2005.05.11 10:24:42 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxcgcur.dll [2005.05.11 10:24:26 | 000,126,976 | ---- | C] () -- C:\Windows\System32\lxcgjswr.dll [2005.04.15 22:24:38 | 001,191,936 | ---- | C] () -- C:\Windows\System32\lxcgserv.dll [2005.04.15 22:18:30 | 000,483,328 | ---- | C] () -- C:\Windows\System32\lxcglmpm.dll [2005.04.15 22:18:00 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxcgcomm.dll [2005.04.15 22:15:42 | 000,114,688 | ---- | C] () -- C:\Windows\System32\lxcgpplc.dll [2005.04.15 22:14:42 | 000,708,608 | ---- | C] () -- C:\Windows\System32\lxcgcomc.dll [2005.04.15 22:13:56 | 000,155,648 | ---- | C] () -- C:\Windows\System32\lxcgprox.dll [2005.04.15 22:06:40 | 001,134,592 | ---- | C] () -- C:\Windows\System32\lxcgusb1.dll [2005.03.14 10:45:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxcgvs.dll [2005.01.25 15:15:42 | 000,010,240 | ---- | C] () -- C:\Windows\System32\PA207USD.DLL [2004.09.28 05:38:30 | 000,114,688 | ---- | C] () -- C:\Windows\System32\wmatimer.dll ========== LOP Check ========== [2008.03.27 18:01:05 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\AceBIT [2009.07.25 00:25:26 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\AntiBrowserSpy 2009 [2010.06.14 12:04:01 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Ashampoo [2010.05.09 20:59:21 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Atari [2007.11.17 12:55:50 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\BayHunter [2009.03.23 15:38:34 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\BeachPartyCraze [2010.04.13 18:20:15 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Blumentals [2010.03.26 18:37:29 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\BOM [2007.12.09 17:05:37 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\BonkEnc [2010.11.11 22:49:59 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\COMPUTERBILD-Abzockschutz [2008.01.21 12:42:54 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\DA-HtAccess [2010.05.09 20:30:03 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\DVDVideoSoftIEHelpers [2009.08.10 11:04:48 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\FireShot [2010.05.18 19:24:57 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\gtk-2.0 [2010.11.16 21:42:21 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\ICQ [2007.10.17 17:09:19 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\ICQ Toolbar [2009.01.02 21:29:25 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Leadertech [2008.10.07 17:05:55 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Metaversum [2009.11.09 21:29:05 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\NCH Swift Sound [2008.12.23 11:10:35 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Nimbuzz [2008.01.03 22:35:43 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Nokia [2010.03.26 20:23:11 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\OpenOffice.org [2007.12.27 12:27:06 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\PC Suite [2008.11.04 16:57:15 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\PlayFirst [2008.03.07 20:42:45 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\S.A.D [2010.11.12 11:45:14 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Samsung [2007.11.27 23:34:20 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Screaming Bee [2008.02.06 19:29:17 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\SecondLife [2009.07.25 00:07:43 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Steganos [2010.11.11 20:30:45 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\T-DSL SpeedManager [2008.04.16 16:08:07 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\TeamViewer [2010.11.12 11:45:59 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Temp [2007.10.20 16:41:55 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Template [2008.08.20 20:19:04 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\WEB.DE [2010.09.12 17:31:56 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Wimpomat2 [2008.11.04 17:09:20 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Zylom [2010.07.25 11:01:12 | 000,000,402 | ---- | M] () -- C:\Windows\Tasks\EasyShare Registration Task.job [2010.11.17 19:17:42 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.11.19 18:50:18 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F2332C4A-606F-42E8-AA2C-E74D32FCB104}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 91 bytes -> C:\Windows\System32:lol < End of report > |
|
19.11.2010, 19:14
| #2 |
| /// Malware-holic   | Wahrscheinlich Virus! Werde bei google.de auf gondorsarmeederhoffnung.de umgeleitet! bitte erstelle und poste ein combofix log.
__________________Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ |
|
19.11.2010, 20:04
| #3 |
| | Wahrscheinlich Virus! Werde bei google.de auf gondorsarmeederhoffnung.de umgeleitet! Habe ich gemacht:
__________________Combofix Logfile: Code:
ATTFilter ComboFix 10-11-18.05 - *** 19.11.2010 19:25:56.1.2 - x86
ausgeführt von:: c:\users\***\Downloads\ComboFix.exe
SP: Windows-Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
ADS - system32: deleted 91 bytes in 1 streams.
PEV Error: AppFile
((((((((((((((((((((((( Dateien erstellt von 2010-10-19 bis 2010-11-19 ))))))))))))))))))))))))))))))
.
2010-11-19 18:42 . 2010-11-19 18:42 -------- d-----w- c:\users\userpostgres\AppData\Local\temp
2010-11-19 18:42 . 2010-11-19 18:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-19 17:08 . 2010-11-19 17:08 -------- d-----w- c:\users\Rouven\AppData\Roaming\Malwarebytes
2010-11-19 17:08 . 2010-04-29 11:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-19 17:08 . 2010-11-19 17:08 -------- d-----w- c:\programdata\Malwarebytes
2010-11-19 17:08 . 2010-11-19 17:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-19 17:08 . 2010-04-29 11:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-19 11:41 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2010-11-19 11:40 . 2009-10-09 21:56 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2010-11-19 11:40 . 2009-10-09 21:56 20480 ----a-w- c:\windows\system32\winrshost.exe
2010-11-19 11:40 . 2009-10-09 21:56 40448 ----a-w- c:\windows\system32\winrs.exe
2010-11-19 11:40 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2010-11-19 11:40 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\winrssrv.dll
2010-11-19 11:40 . 2009-10-09 21:55 79872 ----a-w- c:\windows\system32\wecutil.exe
2010-11-19 11:40 . 2009-10-09 21:55 56320 ----a-w- c:\windows\system32\wecapi.dll
2010-11-19 11:40 . 2009-10-09 21:56 41472 ----a-w- c:\windows\system32\pwrshplugin.dll
2010-11-19 11:40 . 2009-10-09 21:55 54272 ----a-w- c:\windows\system32\WsmRes.dll
2010-11-19 11:40 . 2009-10-09 21:55 146944 ----a-w- c:\windows\system32\wecsvc.dll
2010-11-19 11:40 . 2009-10-09 21:55 81408 ----a-w- c:\windows\system32\wevtfwd.dll
2010-11-19 11:40 . 2009-08-01 06:27 201184 ----a-w- c:\windows\system32\winrm.vbs
2010-11-19 11:39 . 2009-10-09 21:56 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2010-11-19 11:39 . 2009-10-09 21:56 241152 ----a-w- c:\windows\system32\winrscmd.dll
2010-11-19 11:39 . 2009-10-09 21:56 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2010-11-19 11:39 . 2009-10-09 21:56 145408 ----a-w- c:\windows\system32\WsmAuto.dll
2010-11-19 11:39 . 2009-10-09 21:55 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2010-11-19 11:39 . 2009-10-09 21:56 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2010-11-16 14:30 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2010-11-16 14:28 . 2010-11-16 14:28 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\93e1667b1cb859a05\InstallManager_WLE_WLE.exe
2010-11-16 14:27 . 2010-11-16 14:27 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\76a4cfcb1cb859a04\MeshBetaRemover.exe
2010-11-16 14:27 . 2010-11-16 14:27 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\720a872b1cb859a03\DSETUP.dll
2010-11-16 14:27 . 2010-11-16 14:27 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\720a872b1cb859a03\DXSETUP.exe
2010-11-16 14:27 . 2010-11-16 14:27 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\720a872b1cb859a03\dsetup32.dll
2010-11-16 14:27 . 2010-11-16 14:27 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\69af8d0b1cb859a02\DSETUP.dll
2010-11-16 14:27 . 2010-11-16 14:27 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\69af8d0b1cb859a02\DXSETUP.exe
2010-11-16 14:27 . 2010-11-16 14:27 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\69af8d0b1cb859a02\dsetup32.dll
2010-11-16 14:26 . 2010-11-16 14:26 -------- d-----w- c:\users\Rouven\AppData\Local\Windows Live
2010-11-12 10:50 . 2010-11-12 10:50 -------- d-----w- c:\windows\system32\config\systemprofile\{46b72b8b-6258-46c4-8a5e-fd897190f017}
2010-11-12 09:55 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-11-12 09:55 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-11-12 09:55 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-11-12 09:55 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-11-12 09:54 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-11-12 09:54 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-11-12 09:54 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-11-12 09:54 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-11-12 09:46 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-11-12 09:42 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-11-12 09:42 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-11-12 09:40 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-11-12 09:40 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-11-12 09:40 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-11-12 09:39 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-11-12 09:39 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-11-11 19:30 . 2010-11-11 19:30 -------- d-----w- c:\programdata\T-DSL SpeedManager
2010-11-11 19:30 . 2010-11-11 19:30 -------- d-----w- c:\users\Rouven\AppData\Roaming\T-DSL SpeedManager
2010-11-11 19:24 . 2010-11-11 21:49 -------- d-----w- c:\users\Rouven\AppData\Roaming\COMPUTERBILD-Abzockschutz
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 03:50 . 2010-06-05 21:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-26 16:33 . 2010-11-12 09:55 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-11-12 09:55 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-26 16:33 . 2010-11-12 09:55 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-11-12 09:55 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"MBPlayer"="c:\program files\MB application\MBPlayer.exe" [2006-12-19 48640]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"BrowserMask"="c:\program files\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe" [2010-10-29 101280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-31 202256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe" [2010-05-06 361120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~2\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~2\kloehk.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare Software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare Software.lnk
backup=c:\windows\pss\Kodak EasyShare Software.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-02-26 18:46 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-11 136176]
R2 PostgreSQL;PostgreSQL Database Server;c:\program files\PostgreSQL\8.0-beta2-dev3\bin\pg_ctl.exe [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-12-14 36608]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [x]
R3 TSMPacket;T-DSL SpeedManager Service;c:\windows\system32\DRIVERS\tsmpkt.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
2010-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-11 21:49]
2010-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-11 21:49]
2010-11-19 c:\windows\Tasks\User_Feed_Synchronization-{F2332C4A-606F-42E8-AA2C-E74D32FCB104}.job
- c:\windows\system32\msfeedssync.exe [2010-11-12 04:25]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://searchbox.digsby.com/search?q=%s
IE: Free YouTube to Mp3 Converter - c:\users\Rouven\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Hinzufügen zu Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Security Suite CBE 10\ie_banner_deny.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
TCP: {AC966E69-E92E-4D6F-A116-9839BA7125EC} = 213.191.74.19 62.109.123.6
FF - ProfilePath - c:\users\Rouven\AppData\Roaming\Mozilla\Firefox\Profiles\37rddmmq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.partypatrol-events.de
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\users\Rouven\AppData\Roaming\Mozilla\Firefox\Profiles\37rddmmq.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\users\Rouven\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
user_pref('capability.policy.policynames', 'localfilelinks');user_pref('capability.policy.localfilelinks.sites', 'hxxp://www.webmynd.com hxxp://www.bing.com hxxp://search.yahoo.com hxxp://www.google.com');user_pref('capability.policy.localfilelinks.checkloaduri.enabled', 'allAccess');
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- Dateityp-Verknüpfung -------
.
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=c:\windows\System32\CScript.exe "%1" %*
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM-Run-NPSStartup - (no file)
HKU-Default-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-11-19 19:42
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-3971118493-1576588475-4294741623-1000\Software\SecuROM\License information*]
"datasecu"=hex:2c,5f,cf,0c,a2,c1,42,24,c9,00,27,57,4a,07,b6,ba,83,19,d6,b7,48,
4a,c5,1e,04,7a,e1,77,ca,6f,8b,ea,f2,0a,30,3f,8e,67,fc,c2,22,9b,ec,f5,3b,e9,\
"rkeysecu"=hex:4d,0f,f9,e1,a4,95,00,37,9b,03,04,85,e7,c5,0c,c2
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-11-19 19:51:01
ComboFix-quarantined-files.txt 2010-11-19 18:50
Vor Suchlauf: 21 Verzeichnis(se), 110.851.796.992 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 110.719.533.056 Bytes frei
- - End Of File - - 191F26EB60FAE64FAA74F9172CD715D7
|
|
19.11.2010, 20:25
| #4 |
| /// Malware-holic | Wahrscheinlich Virus! Werde bei google.de auf gondorsarmeederhoffnung.de umgeleitet!
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.11.2010, 21:03
| #5 |
| | Wahrscheinlich Virus! Werde bei google.de auf gondorsarmeederhoffnung.de umgeleitet! Puhhhh das ist Ja komplizierter als Ich dachte :-) Zum Glück habe Ich alles hinbekommen! GMER Logfile: Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-11-19 20:59:30
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500JS-55NCB1 rev.10.02E01
Running: vt2e2fk0.exe; Driver: C:\Users\Rouven\AppData\Local\Temp\ugryqpob.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x8FF1FBD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x8FF2152C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x8FF21782]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x8FF219FC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x8FF20450]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x8FF20B32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x8FF20F3C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x8FF205F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x8FF20E14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x8FF1F7D6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x8FF20CD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x8FF1F992]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x8FF2106E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0x8FF22CB0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x8FF200EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x8FF20D72]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x8FF226A2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x8FF23672]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x8FF20752]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x8FF22734]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x8FF22D64]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x8FF20FDE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x8FF204D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x8FF20EAC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x8FF1FDD6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x8FF22CDA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x8FF21110]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x8FF1FCFA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x8FF21C3E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x8FF2307C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x8FF229CA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x8FF2149A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x8FF21360]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x8FF22442]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x8FF23554]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x8FF2086C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x8FF2030C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x8FF21CF2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x8FF2282E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x8FF231BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x8FF232A0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x8FF233C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x8FF225CE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x8FF1FF4E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x8FF1FEA4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x8FF22F32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x8FF2002E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x8FF201EE]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 119 84CEA87C 4 Bytes [D0, FB, F1, 8F]
.text ntkrnlpa.exe!KeSetEvent + 13D 84CEA8A0 8 Bytes [2C, 15, F2, 8F, 82, 17, F2, ...]
.text ntkrnlpa.exe!KeSetEvent + 181 84CEA8E4 4 Bytes [FC, 19, F2, 8F]
.text ntkrnlpa.exe!KeSetEvent + 1A9 84CEA90C 4 Bytes [50, 04, F2, 8F]
.text ntkrnlpa.exe!KeSetEvent + 1C1 84CEA924 4 Bytes JMP 76D9DBAD
.text ...
---- User code sections - GMER 1.0.15 ----
? C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] C:\Windows\system32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] USER32.dll!SetScrollInfo + 7A8 76EF7980 4 Bytes [70, 11, 33, 6C]
? C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] C:\Windows\system32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] USER32.dll!SetScrollInfo + 7A8 76EF7980 4 Bytes [70, 11, 33, 6C]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 00170240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 001702B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 00170320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 00170390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 00170550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 001705C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B60860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA] 00B608D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 00B60940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 00B609B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 00B60A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 00B60A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!VirtualFree] 001706A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!VirtualAlloc] 00170710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!HeapFree] 001707F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 00170860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 001708D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 00170940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 00B60B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 00B60B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 001709B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 00B60BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 00B60C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 00B60CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 00B60D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 00170B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 00170BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B60DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 00B60E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 00170C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 00170CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 00170D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 00170DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 00B60E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 00170E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 00B60EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 00B60F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 76960550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 769605C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 76960630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 769606A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 76960710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 76960780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 00170E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 00170EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 769607F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 76960860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 769608D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 76960940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 769609B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 76960A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 76960F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 00B70010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 00B70080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 00B700F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 00B70160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 00B701D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 77890780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!VirtualFree] 778907F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!HeapFree] 77890860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!VirtualAlloc] 77890940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameA] 00B70240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameW] 00B702B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B70320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] 00B70390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 77890A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!VirtualFree] 77890BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!VirtualAlloc] 77890C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B704E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 00B70550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 77890CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 77890D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 00B705C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameA] 00B70630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 00B706A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 00B70710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameW] 00B70780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 00B707F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 00B70860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!HeapFree] 77890DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 00B708D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 77890EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 00B70940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 00B709B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 77890F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 00180080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 00B70A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B70A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 00B70B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 00B70B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 00B70BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 00B70C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 00B70CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!HeapFree] 00180160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateThread] 001802B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00B70D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!HeapDestroy] 00180320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 00B70DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!VirtualAlloc] 00180390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B70E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00B70E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameW] 00B70EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00B70F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00B80010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00B80080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameA] 00B800F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 00180400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 00180470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 001804E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 77890010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 77890080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B80E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 00B80EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 00B80F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetModuleFileNameW] 00B90010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 00B90080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 00B900F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 00B90710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\userenv.dll [ntdll.dll!RtlFreeHeap] 77890080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!HeapFree] 778902B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!CreateThread] 778901D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 00B90B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 00B90B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 00B90BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] 00B90C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B90CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!GetModuleFileNameW] 00B90D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 77890010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 77890080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 76960400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 769602B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 769600F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 76960240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 769604E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetModuleFileNameA] 76960160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!HeapFree] 778902B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] 778901D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameA] 76960160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 769604E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 769600F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!CreateThread] 778901D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 76960240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 769602B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] 76960390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 77890240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameW] 769601D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] 76960400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!HeapFree] 778902B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 00170240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 001702B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 00170320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 00170390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 00170550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 001705C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00CF0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA] 00CF08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 00CF0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 00CF09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 00CF0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 00CF0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!VirtualFree] 001706A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!VirtualAlloc] 00170710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!HeapFree] 001707F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 00170860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 001708D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 00170940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 00CF0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 00CF0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 001709B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 00CF0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 00CF0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 00CF0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 00CF0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 00170B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 00170BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00CF0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 00CF0E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 00170C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 00170CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 00170D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 00170DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 00CF0E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 00170E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 00CF0EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 00CF0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 76960550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 769605C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 76960630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 769606A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 76960710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 76960780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 00170E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 00170EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 769607F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 76960860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 769608D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 76960940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 769609B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 76960A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 76960F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 00D00010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 00D00080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 00D000F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 00D00160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 00D001D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 77890780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!VirtualFree] 778907F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!HeapFree] 77890860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!VirtualAlloc] 77890940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameA] 00D00240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameW] 00D002B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00D00320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] 00D00390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 77890A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!VirtualFree] 77890BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!VirtualAlloc] 77890C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00D004E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 00D00550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 77890CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 77890D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 00D005C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameA] 00D00630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 00D006A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 00D00710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameW] 00D00780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 00D007F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 00D00860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!HeapFree] 77890DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 00D008D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 77890EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 00D00940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 00D009B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 77890F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 00280080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 00D00A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00D00A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 00D00B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 00D00B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 00D00BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 00D00C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 00D00CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!HeapFree] 00280160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateThread] 002802B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00D00D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!HeapDestroy] 00280320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 00D00DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!VirtualAlloc] 00280390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00D00E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00D00E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameW] 00D00EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00D00F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00D10010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00D10080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameA] 00D100F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 00280400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 00280470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 002804E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 77890010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 77890080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00D10E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 00D10EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 00D10F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetModuleFileNameW] 00D20010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 00D20080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 00D200F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 00D20400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\userenv.dll [ntdll.dll!RtlFreeHeap] 77890080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!HeapFree] 778902B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!CreateThread] 778901D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 00D207F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 00D20860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 00D208D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] 00D20940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00D209B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!GetModuleFileNameW] 00D20A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap] 77890080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap] 77890010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!HeapFree] 778902B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 769604E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 769602B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] 769600F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 76960240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameA] 76960160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 769604E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 769600F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!CreateThread] 778901D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 76960240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 769602B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] 76960390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 77890240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameW] 769601D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] 76960400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!HeapFree] 778902B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 769604E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!VirtualAlloc] 77890320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 769600F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 76960240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 769602B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] 778901D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 76960390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW] 769601D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] 77890080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] 77890010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SAMLIB.dll [ntdll.dll!RtlFreeHeap] 77890080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] 769602B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!FreeLibrary] 769600F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] 76960240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 769604E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 77890010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 77890080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 76960400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 769602B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 769600F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 76960240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 769604E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetModuleFileNameA] 76960160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!HeapFree] 778902B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] 778901D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!LoadLibraryW] 76960400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!CreateThread] 778901D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!SetErrorMode] 76960470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetModuleFileNameA] 76960160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!HeapFree] 778902B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 769604E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!LoadLibraryExW] 76960390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetProcAddress] 76960240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!LoadLibraryA] 769602B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!FreeLibrary] 769600F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetModuleFileNameW] 769601D0
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
---- EOF - GMER 1.0.15 ----
|
|
19.11.2010, 21:20
| #6 |
| /// Malware-holic | Wahrscheinlich Virus! Werde bei google.de auf gondorsarmeederhoffnung.de umgeleitet! dann mal nach kaspersky update nen komplett scan.
__________________ --> Wahrscheinlich Virus! Werde bei google.de auf gondorsarmeederhoffnung.de umgeleitet! |
|
19.11.2010, 21:28
| #7 |
| | Wahrscheinlich Virus! Werde bei google.de auf gondorsarmeederhoffnung.de umgeleitet! Sollte das was bringen? Es wurde nämlich heute ein Update runtergeladen und heute habe ich erst einen Komplettscan durchgeführt! Das mit der gondorsarmee seite geht auch schon seit ca. 2 Monaten. Danke übrigens für die Hilfe! Gut das es solche Leute wie dich gibt. Denn manchmal denke ich mir: Mann müsste ein Studium ablegen um einen PC zu verstehen  Gruß Che |
|
19.11.2010, 21:33
| #8 |
| /// Malware-holic | Wahrscheinlich Virus! Werde bei google.de auf gondorsarmeederhoffnung.de umgeleitet! na das kann ich doch net wissen :-) • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. :OTL :Files :Commands [purity] [EMPTYFLASH] [resethosts] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.11.2010, 21:45
| #9 | |
| | Wahrscheinlich Virus! Werde bei google.de auf gondorsarmeederhoffnung.de umgeleitet! Ich glaube das hat nicht funktioniert! Zitat:
|
|
20.11.2010, 11:22
| #10 |
| | Wahrscheinlich Virus! Werde bei google.de auf gondorsarmeederhoffnung.de umgeleitet! Hallo markusg! Danke für deine Hilfe! Google funktioniert wieder ;-)  Lieben Gruß Che |
|
20.11.2010, 12:28
| #11 |
| /// Malware-holic | Wahrscheinlich Virus! Werde bei google.de auf gondorsarmeederhoffnung.de umgeleitet! lade den CCleaner slim: Piriform - Builds instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Wahrscheinlich Virus! Werde bei google.de auf gondorsarmeederhoffnung.de umgeleitet! |
| alternate, aufrufe, avira, avp.exe, bho, converter, corp./icp, defender, desktop, error, explorer, firefox.exe, format, home, iastor.sys, kaspersky, location, monitor.exe, mozilla, mp3, nvstor.sys, object, oldtimer, otl.exe, plug-in, port, problem, programdata, realtek, registry, searchplugins, security, software, symantec, taskleiste, tastatur, virus, vista, wma |
Linear-Darstellung
