Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Wahrscheinlich Virus! Werde bei google.de auf gondorsarmeederhoffnung.de umgeleitet!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.11.2010, 18:56   #1
CheGuevara91
 
Wahrscheinlich Virus! Werde bei google.de auf gondorsarmeederhoffnung.de umgeleitet! - Standard

Wahrscheinlich Virus! Werde bei google.de auf gondorsarmeederhoffnung.de umgeleitet!



Guten Abend,

Ich habe das Problem das Ich bei aufrufen vonn google.de auf die Seite gondorsarmeederhoffnung.de verwiesen werde. In der Taskleiste steht trotzdem google.de

Da Ich das gleiche Problem schon einmal hier gesehen habe, habe auch ich Logfiles mit OTL und Malwarebytes erstellt:

Ich nutze Mozilla Firefox

Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5153

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

19.11.2010 18:23:14
mbam-log-2010-11-19 (18-23-14).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 152555
Laufzeit: 9 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
OTL:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 19.11.2010 18:50:18 - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = c:\Users\***\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 235,00 Mb Available Physical Memory | 23,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 42,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,10 Gb Total Space | 103,42 Gb Free Space | 69,83% Space Free | Partition Type: NTFS
Drive D: | 73,07 Gb Total Space | 72,98 Gb Free Space | 99,88% Space Free | Partition Type: NTFS
 
Computer Name: ROUVEN-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - c:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe (Microsoft)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
PRC - C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
 
 
========== Modules (SafeList) ==========
 
MOD - c:\Users\Rouven\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (PostgreSQL) -- C:\Program Files\PostgreSQL\8.0-beta2-dev3\bin\pg_ctl.exe File not found
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
SRV - (lxcg_device) -- C:\Windows\System32\lxcgcoms.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (TSMPacket) -- C:\Windows\System32\DRIVERS\tsmpkt.sys File not found
DRV - (SCREAMINGBDRIVER) -- C:\Windows\System32\drivers\ScreamingBAudio.sys File not found
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (AmdLLD) -- C:\Windows\System32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (nvraid) NVIDIA nForce(tm) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvatabus) -- C:\Windows\system32\drivers\nvatabus.sys (NVIDIA Corporation)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (JGOGO) -- C:\Windows\system32\drivers\jgogo.sys (JMicron )
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://alice.aol.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://searchbox.digsby.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.partypatrol-events.de"
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.87
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.30
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: toolbar-ff@payback.de:1.0.3.71
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.partypatrol-events.de/"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.03.31 16:55:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.19 12:47:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.19 12:47:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\THBExt [2010.05.22 19:25:16 | 000,000,000 | ---D | M]
 
[2008.09.04 16:00:11 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\mozilla\Extensions
[2010.11.19 17:08:24 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\mozilla\Firefox\Profiles\37rddmmq.default\extensions
[2010.11.16 21:38:16 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Rouven\AppData\Roaming\mozilla\Firefox\Profiles\37rddmmq.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010.05.22 20:28:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Rouven\AppData\Roaming\mozilla\Firefox\Profiles\37rddmmq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.13 19:53:55 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Rouven\AppData\Roaming\mozilla\Firefox\Profiles\37rddmmq.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010.07.23 11:18:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rouven\AppData\Roaming\mozilla\Firefox\Profiles\37rddmmq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.05.09 20:30:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rouven\AppData\Roaming\mozilla\Firefox\Profiles\37rddmmq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.11.16 21:37:56 | 000,000,000 | ---D | M] (COMPUTERBILD-Abzockschutz) -- C:\Users\Rouven\AppData\Roaming\mozilla\Firefox\Profiles\37rddmmq.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}
[2010.05.22 20:28:09 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Rouven\AppData\Roaming\mozilla\Firefox\Profiles\37rddmmq.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.07.23 11:18:33 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Rouven\AppData\Roaming\mozilla\Firefox\Profiles\37rddmmq.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010.09.18 20:59:03 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\mozilla\Firefox\Profiles\37rddmmq.default\extensions\personas@christopher.beard
[2010.11.19 17:08:12 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\mozilla\Firefox\Profiles\37rddmmq.default\extensions\toolbar-ff@payback.de
[2010.11.16 21:38:16 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\mozilla\Firefox\Profiles\37rddmmq.default\extensions\webmynd@yourentirelife.com
[2008.02.19 17:19:41 | 000,001,878 | ---- | M] () -- C:\Users\Rouven\AppData\Roaming\Mozilla\FireFox\Profiles\37rddmmq.default\searchplugins\aolsearch.xml
[2008.07.30 08:35:38 | 000,002,220 | ---- | M] () -- C:\Users\Rouven\AppData\Roaming\Mozilla\FireFox\Profiles\37rddmmq.default\searchplugins\digsby.xml
[2010.11.19 12:47:28 | 000,000,950 | ---- | M] () -- C:\Users\Rouven\AppData\Roaming\Mozilla\FireFox\Profiles\37rddmmq.default\searchplugins\icqplugin-1.xml
[2008.02.08 21:45:39 | 000,000,949 | ---- | M] () -- C:\Users\Rouven\AppData\Roaming\Mozilla\FireFox\Profiles\37rddmmq.default\searchplugins\icqplugin-2.xml
[2009.01.19 02:07:00 | 000,000,950 | ---- | M] () -- C:\Users\Rouven\AppData\Roaming\Mozilla\FireFox\Profiles\37rddmmq.default\searchplugins\icqplugin-3.xml
[2009.02.06 11:57:13 | 000,000,950 | ---- | M] () -- C:\Users\Rouven\AppData\Roaming\Mozilla\FireFox\Profiles\37rddmmq.default\searchplugins\icqplugin-4.xml
[2009.03.05 22:39:57 | 000,000,950 | ---- | M] () -- C:\Users\Rouven\AppData\Roaming\Mozilla\FireFox\Profiles\37rddmmq.default\searchplugins\icqplugin-5.xml
[2009.03.30 12:16:17 | 000,000,950 | ---- | M] () -- C:\Users\Rouven\AppData\Roaming\Mozilla\FireFox\Profiles\37rddmmq.default\searchplugins\icqplugin-6.xml
[2009.04.23 19:21:49 | 000,000,950 | ---- | M] () -- C:\Users\Rouven\AppData\Roaming\Mozilla\FireFox\Profiles\37rddmmq.default\searchplugins\icqplugin-7.xml
[2009.04.30 06:58:29 | 000,000,950 | ---- | M] () -- C:\Users\Rouven\AppData\Roaming\Mozilla\FireFox\Profiles\37rddmmq.default\searchplugins\icqplugin-8.xml
[2008.12.15 15:45:18 | 000,000,944 | ---- | M] () -- C:\Users\Rouven\AppData\Roaming\Mozilla\FireFox\Profiles\37rddmmq.default\searchplugins\icqplugin.xml
[2009.01.12 11:45:40 | 000,003,915 | ---- | M] () -- C:\Users\Rouven\AppData\Roaming\Mozilla\FireFox\Profiles\37rddmmq.default\searchplugins\sweetim.xml
[2010.11.12 11:23:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.01.18 19:38:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.05 22:22:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.21 18:42:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.12 10:52:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.05.22 19:26:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006.09.26 13:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2010.11.19 12:47:41 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.11.19 12:47:41 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.11.19 12:47:42 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.11.19 12:47:42 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.11.19 12:47:43 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.06.14 12:49:52 | 000,000,934 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 81.169.180.144 www.google.de
O1 - Hosts: 81.169.180.144 google.de
O1 - Hosts: 127.0.0.1 www.google-analytics.com
O1 - Hosts: 127.0.0.1 google-analytics.com
O2 - BHO: (CBAbzockschutz.InitToolbarBHO) - {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} - mscoree.dll (Microsoft Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (COMPUTERBILD-Abzockschutz) - {353e2a48-6254-4bd3-88f4-3b51a0ca7870} - mscoree.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BrowserMask] C:\Program Files\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe (Microsoft)
O4 - HKCU..\Run: [MBPlayer] C:\Program Files\MB application\MBPlayer.exe (MusicBrigade)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Rouven\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\ie_banner_deny.htm ()
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://static.ak.schuelervz.net/photouploader/ImageUploader4.cab?nocache=20071128-1 (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Users\Rouven\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Rouven\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b72dc813-7be8-11dc-a081-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b72dc813-7be8-11dc-a081-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.19 18:08:46 | 000,000,000 | ---D | C] -- C:\Users\Rouven\AppData\Roaming\Malwarebytes
[2010.11.19 18:08:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.11.19 18:08:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.11.19 18:08:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.11.19 18:08:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.11.19 12:43:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2010.11.16 15:26:37 | 000,000,000 | ---D | C] -- C:\Users\Rouven\AppData\Local\Windows Live
[2010.11.12 18:52:25 | 000,000,000 | ---D | C] -- C:\Users\Rouven\Desktop\Sarah
[2010.11.12 11:21:27 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010.11.11 20:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\T-DSL SpeedManager
[2010.11.11 20:30:45 | 000,000,000 | ---D | C] -- C:\Users\Rouven\AppData\Roaming\T-DSL SpeedManager
[2010.11.11 20:24:08 | 000,000,000 | ---D | C] -- C:\Users\Rouven\AppData\Roaming\COMPUTERBILD-Abzockschutz
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.19 18:50:18 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F2332C4A-606F-42E8-AA2C-E74D32FCB104}.job
[2010.11.19 18:16:12 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.19 18:16:12 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.19 18:08:24 | 000,000,784 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.19 18:00:02 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.11.19 12:33:21 | 000,115,465 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2010.11.19 12:33:21 | 000,097,545 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2010.11.12 19:57:23 | 000,000,842 | ---- | M] () -- C:\Users\Rouven\Desktop\AntiBrowserSpy.lnk
[2010.11.12 13:19:41 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2010.11.12 12:22:08 | 000,674,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.11.12 12:22:08 | 000,634,202 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.11.12 12:22:08 | 000,145,834 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.11.12 12:22:08 | 000,119,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.11.12 12:15:02 | 000,334,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.11.11 22:52:27 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010.10.28 18:46:51 | 000,041,984 | ---- | M] () -- C:\Users\Rouven\Documents\Finanzplanung Rouven Netbook2.xlt
[2010.10.28 18:46:36 | 000,041,984 | ---- | M] () -- C:\Users\Rouven\Documents\Finanzplanung Rouven Netbook.xls
[2010.10.24 20:29:02 | 000,012,038 | ---- | M] () -- C:\Users\Rouven\Desktop\Finanzplanung Ilona.ods
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.11.19 18:08:24 | 000,000,784 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.19 12:40:07 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2010.11.19 12:40:07 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2010.11.19 12:40:06 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2010.11.12 13:19:41 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2010.11.11 22:52:21 | 000,000,770 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010.11.11 22:50:28 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.11.11 22:50:24 | 000,001,092 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.10.28 18:46:49 | 000,041,984 | ---- | C] () -- C:\Users\Rouven\Documents\Finanzplanung Rouven Netbook2.xlt
[2010.10.28 18:46:28 | 000,041,984 | ---- | C] () -- C:\Users\Rouven\Documents\Finanzplanung Rouven Netbook.xls
[2010.09.23 22:28:23 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.09.23 22:28:23 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.12.03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.09.11 10:03:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.02.05 17:15:51 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2009.01.15 00:47:46 | 000,000,094 | ---- | C] () -- C:\Users\Rouven\AppData\Local\fusioncache.dat
[2009.01.02 21:38:03 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.10.24 21:53:32 | 000,000,229 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2008.07.21 20:41:32 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.06.09 11:27:04 | 000,000,514 | ---- | C] () -- C:\Users\Rouven\AppData\Roaming\Wimpomat.ini
[2008.04.03 13:10:41 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.03.27 20:15:01 | 000,408,576 | ---- | C] () -- C:\Windows\System32\Smab.dll
[2008.03.27 20:15:01 | 000,070,656 | ---- | C] () -- C:\Windows\System32\yv12vfw.dll
[2008.03.27 20:15:01 | 000,070,656 | ---- | C] () -- C:\Windows\System32\i420vfw.dll
[2008.03.27 20:15:01 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2007.12.09 16:22:28 | 000,000,023 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2007.11.13 09:32:44 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007.10.30 02:02:48 | 000,000,463 | ---- | C] () -- C:\Windows\cdplayer.ini
[2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.10.20 16:38:57 | 000,000,988 | ---- | C] () -- C:\Users\Rouven\AppData\Roaming\wklnhst.dat
[2007.10.16 20:27:08 | 000,012,800 | ---- | C] () -- C:\Users\Rouven\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.10.09 10:52:58 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.10.09 07:36:10 | 000,135,168 | ---- | C] () -- C:\Windows\System32\property.dll
[2007.08.16 14:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2006.11.02 09:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SP207.INI
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.08.11 08:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2005.12.21 15:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2005.12.21 15:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
[2005.05.11 10:24:46 | 000,102,400 | ---- | C] () -- C:\Windows\System32\lxcginsr.dll
[2005.05.11 10:24:42 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxcgcur.dll
[2005.05.11 10:24:26 | 000,126,976 | ---- | C] () -- C:\Windows\System32\lxcgjswr.dll
[2005.04.15 22:24:38 | 001,191,936 | ---- | C] () -- C:\Windows\System32\lxcgserv.dll
[2005.04.15 22:18:30 | 000,483,328 | ---- | C] () -- C:\Windows\System32\lxcglmpm.dll
[2005.04.15 22:18:00 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxcgcomm.dll
[2005.04.15 22:15:42 | 000,114,688 | ---- | C] () -- C:\Windows\System32\lxcgpplc.dll
[2005.04.15 22:14:42 | 000,708,608 | ---- | C] () -- C:\Windows\System32\lxcgcomc.dll
[2005.04.15 22:13:56 | 000,155,648 | ---- | C] () -- C:\Windows\System32\lxcgprox.dll
[2005.04.15 22:06:40 | 001,134,592 | ---- | C] () -- C:\Windows\System32\lxcgusb1.dll
[2005.03.14 10:45:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxcgvs.dll
[2005.01.25 15:15:42 | 000,010,240 | ---- | C] () -- C:\Windows\System32\PA207USD.DLL
[2004.09.28 05:38:30 | 000,114,688 | ---- | C] () -- C:\Windows\System32\wmatimer.dll
 
========== LOP Check ==========
 
[2008.03.27 18:01:05 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\AceBIT
[2009.07.25 00:25:26 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\AntiBrowserSpy 2009
[2010.06.14 12:04:01 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Ashampoo
[2010.05.09 20:59:21 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Atari
[2007.11.17 12:55:50 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\BayHunter
[2009.03.23 15:38:34 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\BeachPartyCraze
[2010.04.13 18:20:15 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Blumentals
[2010.03.26 18:37:29 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\BOM
[2007.12.09 17:05:37 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\BonkEnc
[2010.11.11 22:49:59 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\COMPUTERBILD-Abzockschutz
[2008.01.21 12:42:54 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\DA-HtAccess
[2010.05.09 20:30:03 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.08.10 11:04:48 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\FireShot
[2010.05.18 19:24:57 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\gtk-2.0
[2010.11.16 21:42:21 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\ICQ
[2007.10.17 17:09:19 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\ICQ Toolbar
[2009.01.02 21:29:25 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Leadertech
[2008.10.07 17:05:55 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Metaversum
[2009.11.09 21:29:05 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\NCH Swift Sound
[2008.12.23 11:10:35 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Nimbuzz
[2008.01.03 22:35:43 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Nokia
[2010.03.26 20:23:11 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\OpenOffice.org
[2007.12.27 12:27:06 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\PC Suite
[2008.11.04 16:57:15 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\PlayFirst
[2008.03.07 20:42:45 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\S.A.D
[2010.11.12 11:45:14 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Samsung
[2007.11.27 23:34:20 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Screaming Bee
[2008.02.06 19:29:17 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\SecondLife
[2009.07.25 00:07:43 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Steganos
[2010.11.11 20:30:45 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\T-DSL SpeedManager
[2008.04.16 16:08:07 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\TeamViewer
[2010.11.12 11:45:59 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Temp
[2007.10.20 16:41:55 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Template
[2008.08.20 20:19:04 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\WEB.DE
[2010.09.12 17:31:56 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Wimpomat2
[2008.11.04 17:09:20 | 000,000,000 | ---D | M] -- C:\Users\Rouven\AppData\Roaming\Zylom
[2010.07.25 11:01:12 | 000,000,402 | ---- | M] () -- C:\Windows\Tasks\EasyShare Registration Task.job
[2010.11.17 19:17:42 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.11.19 18:50:18 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F2332C4A-606F-42E8-AA2C-E74D32FCB104}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 91 bytes -> C:\Windows\System32:lol
 
< End of report >
         
--- --- ---

Alt 19.11.2010, 19:14   #2
markusg
/// Malware-holic
 
Wahrscheinlich Virus! Werde bei google.de auf gondorsarmeederhoffnung.de umgeleitet! - Standard

Wahrscheinlich Virus! Werde bei google.de auf gondorsarmeederhoffnung.de umgeleitet!



bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________

__________________

Alt 19.11.2010, 20:04   #3
CheGuevara91
 
Wahrscheinlich Virus! Werde bei google.de auf gondorsarmeederhoffnung.de umgeleitet! - Standard

Wahrscheinlich Virus! Werde bei google.de auf gondorsarmeederhoffnung.de umgeleitet!



Habe ich gemacht:

Combofix Logfile:
Code:
ATTFilter
ComboFix 10-11-18.05 - *** 19.11.2010  19:25:56.1.2 - x86
ausgeführt von:: c:\users\***\Downloads\ComboFix.exe
SP: Windows-Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
 ADS - system32: deleted 91 bytes in 1 streams. 
PEV Error: AppFile

(((((((((((((((((((((((   Dateien erstellt von 2010-10-19 bis 2010-11-19  ))))))))))))))))))))))))))))))
.

2010-11-19 18:42 . 2010-11-19 18:42	--------	d-----w-	c:\users\userpostgres\AppData\Local\temp
2010-11-19 18:42 . 2010-11-19 18:42	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-11-19 17:08 . 2010-11-19 17:08	--------	d-----w-	c:\users\Rouven\AppData\Roaming\Malwarebytes
2010-11-19 17:08 . 2010-04-29 11:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-19 17:08 . 2010-11-19 17:08	--------	d-----w-	c:\programdata\Malwarebytes
2010-11-19 17:08 . 2010-11-19 17:08	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-11-19 17:08 . 2010-04-29 11:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-11-19 11:41 . 2009-10-09 21:56	2048	----a-w-	c:\windows\system32\winrsmgr.dll
2010-11-19 11:40 . 2009-10-09 21:56	12800	----a-w-	c:\windows\system32\wsmprovhost.exe
2010-11-19 11:40 . 2009-10-09 21:56	20480	----a-w-	c:\windows\system32\winrshost.exe
2010-11-19 11:40 . 2009-10-09 21:56	40448	----a-w-	c:\windows\system32\winrs.exe
2010-11-19 11:40 . 2009-10-09 21:56	10240	----a-w-	c:\windows\system32\wsmplpxy.dll
2010-11-19 11:40 . 2009-10-09 21:56	10240	----a-w-	c:\windows\system32\winrssrv.dll
2010-11-19 11:40 . 2009-10-09 21:55	79872	----a-w-	c:\windows\system32\wecutil.exe
2010-11-19 11:40 . 2009-10-09 21:55	56320	----a-w-	c:\windows\system32\wecapi.dll
2010-11-19 11:40 . 2009-10-09 21:56	41472	----a-w-	c:\windows\system32\pwrshplugin.dll
2010-11-19 11:40 . 2009-10-09 21:55	54272	----a-w-	c:\windows\system32\WsmRes.dll
2010-11-19 11:40 . 2009-10-09 21:55	146944	----a-w-	c:\windows\system32\wecsvc.dll
2010-11-19 11:40 . 2009-10-09 21:55	81408	----a-w-	c:\windows\system32\wevtfwd.dll
2010-11-19 11:40 . 2009-08-01 06:27	201184	----a-w-	c:\windows\system32\winrm.vbs
2010-11-19 11:39 . 2009-10-09 21:56	214016	----a-w-	c:\windows\system32\WsmWmiPl.dll
2010-11-19 11:39 . 2009-10-09 21:56	241152	----a-w-	c:\windows\system32\winrscmd.dll
2010-11-19 11:39 . 2009-10-09 21:56	246272	----a-w-	c:\windows\system32\WSManHTTPConfig.exe
2010-11-19 11:39 . 2009-10-09 21:56	145408	----a-w-	c:\windows\system32\WsmAuto.dll
2010-11-19 11:39 . 2009-10-09 21:55	252416	----a-w-	c:\windows\system32\WSManMigrationPlugin.dll
2010-11-19 11:39 . 2009-10-09 21:56	1181696	----a-w-	c:\windows\system32\WsmSvc.dll
2010-11-16 14:30 . 2009-08-04 08:02	754688	----a-w-	c:\windows\system32\webservices.dll
2010-11-16 14:28 . 2010-11-16 14:28	469256	----a-w-	c:\program files\Common Files\Windows Live\.cache\93e1667b1cb859a05\InstallManager_WLE_WLE.exe
2010-11-16 14:27 . 2010-11-16 14:27	15712	----a-w-	c:\program files\Common Files\Windows Live\.cache\76a4cfcb1cb859a04\MeshBetaRemover.exe
2010-11-16 14:27 . 2010-11-16 14:27	94040	----a-w-	c:\program files\Common Files\Windows Live\.cache\720a872b1cb859a03\DSETUP.dll
2010-11-16 14:27 . 2010-11-16 14:27	525656	----a-w-	c:\program files\Common Files\Windows Live\.cache\720a872b1cb859a03\DXSETUP.exe
2010-11-16 14:27 . 2010-11-16 14:27	1691480	----a-w-	c:\program files\Common Files\Windows Live\.cache\720a872b1cb859a03\dsetup32.dll
2010-11-16 14:27 . 2010-11-16 14:27	94040	----a-w-	c:\program files\Common Files\Windows Live\.cache\69af8d0b1cb859a02\DSETUP.dll
2010-11-16 14:27 . 2010-11-16 14:27	525656	----a-w-	c:\program files\Common Files\Windows Live\.cache\69af8d0b1cb859a02\DXSETUP.exe
2010-11-16 14:27 . 2010-11-16 14:27	1691480	----a-w-	c:\program files\Common Files\Windows Live\.cache\69af8d0b1cb859a02\dsetup32.dll
2010-11-16 14:26 . 2010-11-16 14:26	--------	d-----w-	c:\users\Rouven\AppData\Local\Windows Live
2010-11-12 10:50 . 2010-11-12 10:50	--------	d-----w-	c:\windows\system32\config\systemprofile\{46b72b8b-6258-46c4-8a5e-fd897190f017}
2010-11-12 09:55 . 2010-10-07 11:37	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2010-11-12 09:55 . 2010-08-26 16:34	1696256	----a-w-	c:\windows\system32\gameux.dll
2010-11-12 09:55 . 2010-08-26 16:33	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2010-11-12 09:55 . 2010-08-26 14:23	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2010-11-12 09:54 . 2010-08-31 15:46	954752	----a-w-	c:\windows\system32\mfc40.dll
2010-11-12 09:54 . 2010-08-31 15:46	954288	----a-w-	c:\windows\system32\mfc40u.dll
2010-11-12 09:54 . 2010-08-31 13:27	2038272	----a-w-	c:\windows\system32\win32k.sys
2010-11-12 09:54 . 2010-05-04 19:13	231424	----a-w-	c:\windows\system32\msshsq.dll
2010-11-12 09:46 . 2010-08-20 16:05	867328	----a-w-	c:\windows\system32\wmpmde.dll
2010-11-12 09:42 . 2010-09-13 13:56	168960	----a-w-	c:\program files\Windows Media Player\wmplayer.exe
2010-11-12 09:42 . 2010-09-13 13:56	8147456	----a-w-	c:\windows\system32\wmploc.DLL
2010-11-12 09:40 . 2010-06-28 17:00	1316864	----a-w-	c:\windows\system32\ole32.dll
2010-11-12 09:40 . 2010-06-28 14:54	339968	----a-w-	c:\program files\Windows NT\Accessories\wordpad.exe
2010-11-12 09:40 . 2010-08-10 15:53	274944	----a-w-	c:\windows\system32\schannel.dll
2010-11-12 09:39 . 2010-08-26 16:37	157184	----a-w-	c:\windows\system32\t2embed.dll
2010-11-12 09:39 . 2010-08-31 15:44	531968	----a-w-	c:\windows\system32\comctl32.dll
2010-11-11 19:30 . 2010-11-11 19:30	--------	d-----w-	c:\programdata\T-DSL SpeedManager
2010-11-11 19:30 . 2010-11-11 19:30	--------	d-----w-	c:\users\Rouven\AppData\Roaming\T-DSL SpeedManager
2010-11-11 19:24 . 2010-11-11 21:49	--------	d-----w-	c:\users\Rouven\AppData\Roaming\COMPUTERBILD-Abzockschutz

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 03:50 . 2010-06-05 21:22	472808	----a-w-	c:\windows\system32\deployJava1.dll
2010-08-26 16:33 . 2010-11-12 09:55	173056	----a-w-	c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-11-12 09:55	2159616	----a-w-	c:\windows\apppatch\AcGenral.dll
2010-08-26 16:33 . 2010-11-12 09:55	458752	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-11-12 09:55	542720	----a-w-	c:\windows\apppatch\AcLayers.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"MBPlayer"="c:\program files\MB application\MBPlayer.exe" [2006-12-19 48640]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"BrowserMask"="c:\program files\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe" [2010-10-29 101280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-31 202256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe" [2010-05-06 361120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~2\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~2\kloehk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare Software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare Software.lnk
backup=c:\windows\pss\Kodak EasyShare Software.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-02-26 18:46	153136	----a-w-	c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-11 136176]
R2 PostgreSQL;PostgreSQL Database Server;c:\program files\PostgreSQL\8.0-beta2-dev3\bin\pg_ctl.exe [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-12-14 36608]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [x]
R3 TSMPacket;T-DSL SpeedManager Service;c:\windows\system32\DRIVERS\tsmpkt.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners

2010-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-11 21:49]

2010-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-11 21:49]

2010-11-19 c:\windows\Tasks\User_Feed_Synchronization-{F2332C4A-606F-42E8-AA2C-E74D32FCB104}.job
- c:\windows\system32\msfeedssync.exe [2010-11-12 04:25]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://searchbox.digsby.com/search?q=%s
IE: Free YouTube to Mp3 Converter - c:\users\Rouven\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Hinzufügen zu Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Security Suite CBE 10\ie_banner_deny.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
TCP: {AC966E69-E92E-4D6F-A116-9839BA7125EC} = 213.191.74.19 62.109.123.6
FF - ProfilePath - c:\users\Rouven\AppData\Roaming\Mozilla\Firefox\Profiles\37rddmmq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.partypatrol-events.de
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\users\Rouven\AppData\Roaming\Mozilla\Firefox\Profiles\37rddmmq.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\users\Rouven\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
user_pref('capability.policy.policynames', 'localfilelinks');user_pref('capability.policy.localfilelinks.sites', 'hxxp://www.webmynd.com hxxp://www.bing.com hxxp://search.yahoo.com hxxp://www.google.com');user_pref('capability.policy.localfilelinks.checkloaduri.enabled', 'allAccess');
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true);  // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true);  // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- Dateityp-Verknüpfung -------
.
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=c:\windows\System32\CScript.exe "%1" %*
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM-Run-NPSStartup - (no file)
HKU-Default-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-11-19 19:42
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-3971118493-1576588475-4294741623-1000\Software\SecuROM\License information*]
"datasecu"=hex:2c,5f,cf,0c,a2,c1,42,24,c9,00,27,57,4a,07,b6,ba,83,19,d6,b7,48,
   4a,c5,1e,04,7a,e1,77,ca,6f,8b,ea,f2,0a,30,3f,8e,67,fc,c2,22,9b,ec,f5,3b,e9,\
"rkeysecu"=hex:4d,0f,f9,e1,a4,95,00,37,9b,03,04,85,e7,c5,0c,c2

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-11-19  19:51:01
ComboFix-quarantined-files.txt  2010-11-19 18:50

Vor Suchlauf: 21 Verzeichnis(se), 110.851.796.992 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 110.719.533.056 Bytes frei

- - End Of File - - 191F26EB60FAE64FAA74F9172CD715D7
         
--- --- ---
__________________

Alt 19.11.2010, 20:25   #4
markusg
/// Malware-holic
 
Wahrscheinlich Virus! Werde bei google.de auf gondorsarmeederhoffnung.de umgeleitet! - Standard

Wahrscheinlich Virus! Werde bei google.de auf gondorsarmeederhoffnung.de umgeleitet!



poste bitte einmal einen GMER report
http://www.trojaner-board.de/74908-a...t-scanner.html
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 19.11.2010, 21:03   #5
CheGuevara91
 
Wahrscheinlich Virus! Werde bei google.de auf gondorsarmeederhoffnung.de umgeleitet! - Standard

Wahrscheinlich Virus! Werde bei google.de auf gondorsarmeederhoffnung.de umgeleitet!



Puhhhh das ist Ja komplizierter als Ich dachte :-) Zum Glück habe Ich alles hinbekommen!

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-11-19 20:59:30
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500JS-55NCB1 rev.10.02E01
Running: vt2e2fk0.exe; Driver: C:\Users\Rouven\AppData\Local\Temp\ugryqpob.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwAdjustPrivilegesToken [0x8FF1FBD0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwAlpcConnectPort [0x8FF2152C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwAlpcCreatePort [0x8FF21782]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwAlpcSendWaitReceivePort [0x8FF219FC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwClose [0x8FF20450]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwConnectPort [0x8FF20B32]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwCreateEvent [0x8FF20F3C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwCreateFile [0x8FF205F8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwCreateMutant [0x8FF20E14]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwCreateNamedPipeFile [0x8FF1F7D6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwCreatePort [0x8FF20CD0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwCreateSection [0x8FF1F992]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwCreateSemaphore [0x8FF2106E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwCreateSymbolicLinkObject [0x8FF22CB0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwCreateThread [0x8FF200EE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwCreateWaitablePort [0x8FF20D72]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwDebugActiveProcess [0x8FF226A2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwDuplicateObject [0x8FF23672]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwFsControlFile [0x8FF20752]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwLoadDriver [0x8FF22734]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwMapViewOfSection [0x8FF22D64]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwOpenEvent [0x8FF20FDE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwOpenFile [0x8FF204D2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwOpenMutant [0x8FF20EAC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwOpenProcess [0x8FF1FDD6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwOpenSection [0x8FF22CDA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwOpenSemaphore [0x8FF21110]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwOpenThread [0x8FF1FCFA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwQueryDirectoryObject [0x8FF21C3E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwQuerySection [0x8FF2307C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwQueueApcThread [0x8FF229CA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwReplyPort [0x8FF2149A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwReplyWaitReceivePort [0x8FF21360]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwRequestWaitReplyPort [0x8FF22442]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwResumeThread [0x8FF23554]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwSecureConnectPort [0x8FF2086C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwSetContextThread [0x8FF2030C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwSetInformationToken [0x8FF21CF2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwSetSecurityObject [0x8FF2282E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwSetSystemInformation [0x8FF231BC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwSuspendProcess [0x8FF232A0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwSuspendThread [0x8FF233C8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwSystemDebugControl [0x8FF225CE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwTerminateProcess [0x8FF1FF4E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwTerminateThread [0x8FF1FEA4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwUnmapViewOfSection [0x8FF22F32]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwWriteVirtualMemory [0x8FF2002E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                                        ZwCreateThreadEx [0x8FF201EE]

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 119                                                                                                                               84CEA87C 4 Bytes  [D0, FB, F1, 8F]
.text           ntkrnlpa.exe!KeSetEvent + 13D                                                                                                                               84CEA8A0 8 Bytes  [2C, 15, F2, 8F, 82, 17, F2, ...]
.text           ntkrnlpa.exe!KeSetEvent + 181                                                                                                                               84CEA8E4 4 Bytes  [FC, 19, F2, 8F]
.text           ntkrnlpa.exe!KeSetEvent + 1A9                                                                                                                               84CEA90C 4 Bytes  [50, 04, F2, 8F]
.text           ntkrnlpa.exe!KeSetEvent + 1C1                                                                                                                               84CEA924 4 Bytes  JMP 76D9DBAD 
.text           ...                                                                                                                                                         

---- User code sections - GMER 1.0.15 ----

?               C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] C:\Windows\system32\ntdll.dll                                                   time/date stamp mismatch; 
?               C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] C:\Windows\system32\kernel32.dll                                                time/date stamp mismatch; 
.text           C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] USER32.dll!SetScrollInfo + 7A8                                                  76EF7980 4 Bytes  [70, 11, 33, 6C]
?               C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] C:\Windows\system32\ntdll.dll                                                  time/date stamp mismatch; 
?               C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] C:\Windows\system32\kernel32.dll                                               time/date stamp mismatch; 
.text           C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] USER32.dll!SetScrollInfo + 7A8                                                 76EF7980 4 Bytes  [70, 11, 33, 6C]

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap]                  00170240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap]                      001702B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap]                      00170320
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap]                00170390
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap]                        00170550
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap]                    001705C0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     00B60860
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA]              00B608D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress]                  00B60940
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary]                     00B609B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA]                    00B60A20
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW]                    00B60A90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!VirtualFree]                     001706A0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!VirtualAlloc]                    00170710
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!HeapFree]                        001707F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateThread]                    00170860
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap]                      001708D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap]                  00170940
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                00B60B00
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA]                  00B60B70
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree]                      001709B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary]                   00B60BE0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW]                00B60C50
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW]            00B60CC0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode]                  00B60D30
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree]                   00170B00
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread]                  00170BE0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   00B60DA0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW]                  00B60E10
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap]                        00170C50
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap]                  00170CC0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap]                    00170D30
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap]                        00170DA0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                  00B60E80
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread]                    00170E10
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW]                  00B60EF0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA]              00B60F60
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA]                    76960550
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     769605C0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW]              76960630
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW]                    769606A0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                  76960710
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary]                     76960780
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap]                     00170E80
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap]                         00170EF0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]      769607F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW]                   76960860
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]                     769608D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary]                      76960940
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                   769609B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW]                     76960A20
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode]                    76960F60
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress]                  00B70010
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA]                    00B70080
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary]                     00B700F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA]                  00B70160
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW]                  00B701D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy]                     77890780
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!VirtualFree]                     778907F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!HeapFree]                        77890860
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!VirtualAlloc]                    77890940
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameA]              00B70240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameW]              00B702B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     00B70320
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW]                    00B70390
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateThread]                    77890A20
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!VirtualFree]                    77890BE0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!VirtualAlloc]                   77890C50
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    00B704E0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW]                 00B70550
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy]                    77890CC0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateThread]                   77890D30
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW]                 00B705C0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameA]             00B70630
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode]                   00B706A0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]                 00B70710
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameW]             00B70780
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW]                   00B707F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary]                    00B70860
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!HeapFree]                       77890DA0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                   00B708D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap]                       77890EF0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW]                   00B70940
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW]             00B709B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree]                       77890F60
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread]                   00180080
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA]             00B70A20
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    00B70A90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW]                 00B70B00
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode]                   00B70B70
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]                   00B70BE0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary]                    00B70C50
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                 00B70CC0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!HeapFree]                         00180160
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateThread]                     001802B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW]                   00B70D30
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!HeapDestroy]                      00180320
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW]                   00B70DA0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!VirtualAlloc]                     00180390
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]      00B70E10
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW]                     00B70E80
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameW]               00B70EF0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]                     00B70F60
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FreeLibrary]                      00B80010
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress]                   00B80080
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameA]               00B800F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap]                         00180400
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap]                     00180470
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap]                   001804E0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap]                   77890010
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlFreeHeap]                       77890080
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    00B80E80
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA]                   00B80EF0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW]                   00B80F60
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetModuleFileNameW]             00B90010
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress]                 00B90080
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary]                    00B900F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter]      00B90710
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\userenv.dll [ntdll.dll!RtlFreeHeap]                       77890080
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!HeapFree]                       778902B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!CreateThread]                   778901D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!SetErrorMode]                   00B90B00
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!GetProcAddress]                 00B90B70
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!FreeLibrary]                    00B90BE0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!LoadLibraryA]                   00B90C50
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    00B90CC0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!GetModuleFileNameW]             00B90D30
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap]                  77890010
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap]                      77890080
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW]                  76960400
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA]                  769602B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary]                   769600F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress]                76960240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   769604E0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetModuleFileNameA]            76960160
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!HeapFree]                      778902B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!CreateThread]                  778901D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameA]              76960160
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     769604E0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary]                     769600F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!CreateThread]                    778901D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress]                  76960240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA]                    769602B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW]                  76960390
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy]                     77890240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameW]              769601D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW]                    76960400
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[728] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!HeapFree]                        778902B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap]                 00170240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap]                     001702B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap]                     00170320
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap]               00170390
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap]                       00170550
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap]                   001705C0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    00CF0860
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA]             00CF08D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress]                 00CF0940
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary]                    00CF09B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA]                   00CF0A20
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW]                   00CF0A90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!VirtualFree]                    001706A0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!VirtualAlloc]                   00170710
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!HeapFree]                       001707F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateThread]                   00170860
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap]                     001708D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap]                 00170940
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]               00CF0B00
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA]                 00CF0B70
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree]                     001709B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary]                  00CF0BE0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW]               00CF0C50
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW]           00CF0CC0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode]                 00CF0D30
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree]                  00170B00
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread]                 00170BE0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  00CF0DA0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW]                 00CF0E10
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap]                       00170C50
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap]                 00170CC0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap]                   00170D30
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap]                       00170DA0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                 00CF0E80
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread]                   00170E10
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW]                 00CF0EF0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA]             00CF0F60
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA]                   76960550
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    769605C0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW]             76960630
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW]                   769606A0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                 76960710
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary]                    76960780
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap]                    00170E80
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap]                        00170EF0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     769607F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW]                  76960860
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]                    769608D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary]                     76960940
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                  769609B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW]                    76960A20
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode]                   76960F60
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress]                 00D00010
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA]                   00D00080
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary]                    00D000F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA]                 00D00160
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW]                 00D001D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy]                    77890780
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!VirtualFree]                    778907F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!HeapFree]                       77890860
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!VirtualAlloc]                   77890940
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameA]             00D00240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameW]             00D002B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    00D00320
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW]                   00D00390
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateThread]                   77890A20
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!VirtualFree]                   77890BE0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!VirtualAlloc]                  77890C50
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   00D004E0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW]                00D00550
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy]                   77890CC0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateThread]                  77890D30
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW]                00D005C0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameA]            00D00630
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode]                  00D006A0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]                00D00710
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameW]            00D00780
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW]                  00D007F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary]                   00D00860
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!HeapFree]                      77890DA0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                  00D008D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap]                      77890EF0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW]                  00D00940
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW]            00D009B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree]                      77890F60
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread]                  00280080
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA]            00D00A20
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   00D00A90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW]                00D00B00
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode]                  00D00B70
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]                  00D00BE0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary]                   00D00C50
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                00D00CC0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!HeapFree]                        00280160
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateThread]                    002802B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW]                  00D00D30
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!HeapDestroy]                     00280320
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW]                  00D00DA0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!VirtualAlloc]                    00280390
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     00D00E10
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW]                    00D00E80
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameW]              00D00EF0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]                    00D00F60
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FreeLibrary]                     00D10010
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress]                  00D10080
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameA]              00D100F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap]                        00280400
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap]                    00280470
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap]                  002804E0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap]                  77890010
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlFreeHeap]                      77890080
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   00D10E80
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA]                  00D10EF0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW]                  00D10F60
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetModuleFileNameW]            00D20010
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress]                00D20080
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary]                   00D200F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter]     00D20400
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\userenv.dll [ntdll.dll!RtlFreeHeap]                      77890080
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!HeapFree]                      778902B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!CreateThread]                  778901D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!SetErrorMode]                  00D207F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!GetProcAddress]                00D20860
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!FreeLibrary]                   00D208D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!LoadLibraryA]                  00D20940
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   00D209B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!GetModuleFileNameW]            00D20A20
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap]                     77890080
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap]                 77890010
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!HeapFree]                     778902B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  769604E0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA]                 769602B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary]                  769600F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress]               76960240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameA]             76960160
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    769604E0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary]                    769600F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!CreateThread]                   778901D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress]                 76960240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA]                   769602B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW]                 76960390
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy]                    77890240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameW]             769601D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW]                   76960400
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!HeapFree]                       778902B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   769604E0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!VirtualAlloc]                  77890320
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary]                   769600F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]                76960240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA]                  769602B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!CreateThread]                  778901D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW]                76960390
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW]            769601D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap]                      77890080
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap]                  77890010
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SAMLIB.dll [ntdll.dll!RtlFreeHeap]                       77890080
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA]                   769602B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!FreeLibrary]                    769600F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress]                 76960240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    769604E0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap]                 77890010
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap]                     77890080
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW]                 76960400
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA]                 769602B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary]                  769600F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress]               76960240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  769604E0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetModuleFileNameA]           76960160
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!HeapFree]                     778902B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!CreateThread]                 778901D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!LoadLibraryW]                  76960400
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!CreateThread]                  778901D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!SetErrorMode]                  76960470
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetModuleFileNameA]            76960160
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!HeapFree]                      778902B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   769604E0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!LoadLibraryExW]                76960390
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetProcAddress]                76960240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!LoadLibraryA]                  769602B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!FreeLibrary]                   769600F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2668] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetModuleFileNameW]            769601D0

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                                                     kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                                                                     kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                                                                                   kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- EOF - GMER 1.0.15 ----
         
--- --- ---


Alt 19.11.2010, 21:20   #6
markusg
/// Malware-holic
 
Wahrscheinlich Virus! Werde bei google.de auf gondorsarmeederhoffnung.de umgeleitet! - Standard

Wahrscheinlich Virus! Werde bei google.de auf gondorsarmeederhoffnung.de umgeleitet!



dann mal nach kaspersky update nen komplett scan.
__________________
--> Wahrscheinlich Virus! Werde bei google.de auf gondorsarmeederhoffnung.de umgeleitet!

Alt 19.11.2010, 21:28   #7
CheGuevara91
 
Wahrscheinlich Virus! Werde bei google.de auf gondorsarmeederhoffnung.de umgeleitet! - Standard

Wahrscheinlich Virus! Werde bei google.de auf gondorsarmeederhoffnung.de umgeleitet!



Sollte das was bringen? Es wurde nämlich heute ein Update runtergeladen und heute habe ich erst einen Komplettscan durchgeführt! Das mit der gondorsarmee seite geht auch schon seit ca. 2 Monaten.

Danke übrigens für die Hilfe! Gut das es solche Leute wie dich gibt. Denn manchmal denke ich mir: Mann müsste ein Studium ablegen um einen PC zu verstehen

Gruß
Che

Alt 19.11.2010, 21:33   #8
markusg
/// Malware-holic
 
Wahrscheinlich Virus! Werde bei google.de auf gondorsarmeederhoffnung.de umgeleitet! - Standard

Wahrscheinlich Virus! Werde bei google.de auf gondorsarmeederhoffnung.de umgeleitet!



na das kann ich doch net wissen :-)

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

:OTL
:Files
:Commands
[purity]
[EMPTYFLASH]
[resethosts]
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 19.11.2010, 21:45   #9
CheGuevara91
 
Wahrscheinlich Virus! Werde bei google.de auf gondorsarmeederhoffnung.de umgeleitet! - Standard

Wahrscheinlich Virus! Werde bei google.de auf gondorsarmeederhoffnung.de umgeleitet!



Ich glaube das hat nicht funktioniert!

Zitat:
All processes killed
Error: Unable to interpret <[resethosts]> in the current context!
Error: Unable to interpret <[emptytemp]> in the current context!
Error: Unable to interpret <[Reboot]> in the current context!

OTL by OldTimer - Version 3.2.17.3 log created on 11192010_213956

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Alt 20.11.2010, 11:22   #10
CheGuevara91
 
Wahrscheinlich Virus! Werde bei google.de auf gondorsarmeederhoffnung.de umgeleitet! - Standard

Wahrscheinlich Virus! Werde bei google.de auf gondorsarmeederhoffnung.de umgeleitet!



Hallo markusg! Danke für deine Hilfe! Google funktioniert wieder ;-)


Lieben Gruß
Che

Alt 20.11.2010, 12:28   #11
markusg
/// Malware-holic
 
Wahrscheinlich Virus! Werde bei google.de auf gondorsarmeederhoffnung.de umgeleitet! - Standard

Wahrscheinlich Virus! Werde bei google.de auf gondorsarmeederhoffnung.de umgeleitet!



lade den CCleaner slim:
Piriform - Builds
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Wahrscheinlich Virus! Werde bei google.de auf gondorsarmeederhoffnung.de umgeleitet!
alternate, aufrufe, avira, avp.exe, bho, converter, corp./icp, defender, desktop, error, explorer, firefox.exe, format, home, iastor.sys, kaspersky, location, monitor.exe, mozilla, mp3, nvstor.sys, object, oldtimer, otl.exe, port, problem, programdata, realtek, registry, searchplugins, security, software, symantec, taskleiste, tastatur, virus, vista, wma



Ähnliche Themen: Wahrscheinlich Virus! Werde bei google.de auf gondorsarmeederhoffnung.de umgeleitet!


  1. http://img.virus-analytics.com/js/adr... ständig Warnung von Avast sobald ich eine Seite lade. Werde anscheinend umgeleitet
    Log-Analyse und Auswertung - 30.01.2015 (21)
  2. Wie werde ich Servieca los? Windows funktioniert (wahrscheinlich deshalb) nicht richtig.
    Plagegeister aller Art und deren Bekämpfung - 11.01.2014 (3)
  3. fbdownloader auf dem PC und wahrscheinlich noch anders Zeug. Werde ihn nicht los!
    Plagegeister aller Art und deren Bekämpfung - 23.12.2013 (9)
  4. In Firefox werde ich bei Anklicken der Links von Google-Suchen auf falsche Seiten umgeleitet
    Log-Analyse und Auswertung - 15.10.2013 (22)
  5. Werde bei Google-Suchergebnissen auf falsche Seiten umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 10.03.2013 (7)
  6. Werde ständig umgeleitet zu dubiosen Seiten bei Google-Suche
    Log-Analyse und Auswertung - 19.02.2013 (45)
  7. Google redirect Virus, werde bei den Suchergebnissen immer auf rocketnews.com weitergeleitet
    Plagegeister aller Art und deren Bekämpfung - 27.05.2012 (6)
  8. Abnow-Virus (Google-Link wird umgeleitet)
    Plagegeister aller Art und deren Bekämpfung - 11.03.2012 (30)
  9. Google Redirect-Virus - ich werde auf falsche seiten weitergeleitet
    Plagegeister aller Art und deren Bekämpfung - 27.02.2012 (20)
  10. Goingonearth Virus !! Werde immer auf Werbeseiten umgeleitet, Sicherheitscenter und Win Defender fäl
    Log-Analyse und Auswertung - 18.08.2011 (12)
  11. Google redirect virus, ich werde verrueckt!
    Log-Analyse und Auswertung - 15.05.2011 (12)
  12. Werde umgeleitet von Google auf nicht ausgewählte Seiten
    Plagegeister aller Art und deren Bekämpfung - 13.12.2010 (25)
  13. Werde auf Werbeseiten umgeleitet Trojaner Virus? HILFE
    Log-Analyse und Auswertung - 08.04.2010 (1)
  14. Werde auf Google "umgeleitet"
    Log-Analyse und Auswertung - 16.02.2010 (7)
  15. Ich werde immer von google umgeleitet auf abcjump oder go.google usw.
    Mülltonne - 27.11.2008 (0)
  16. Werde immer Umgeleitet
    Log-Analyse und Auswertung - 22.08.2007 (2)
  17. Werde andauernd zu google.com umgeleitet!!
    Log-Analyse und Auswertung - 26.12.2005 (5)

Zum Thema Wahrscheinlich Virus! Werde bei google.de auf gondorsarmeederhoffnung.de umgeleitet! - Guten Abend, Ich habe das Problem das Ich bei aufrufen vonn google.de auf die Seite gondorsarmeederhoffnung.de verwiesen werde. In der Taskleiste steht trotzdem google.de Da Ich das gleiche Problem schon - Wahrscheinlich Virus! Werde bei google.de auf gondorsarmeederhoffnung.de umgeleitet!...
Archiv
Du betrachtest: Wahrscheinlich Virus! Werde bei google.de auf gondorsarmeederhoffnung.de umgeleitet! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.