Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Antimalware Doctor entfernen (https://www.trojaner-board.de/86637-antimalware-doctor-entfernen.html)

Matze710 31.05.2010 23:19
Antimalware Doctor entfernen
 
Hallo Leute
mich hat der Trojaner von Antimalware Doctor überfallen.
ich bin auf eure Seite gestossen. Danke für die super Anleitung für die ersten Schritte.

Nach dem zweiten Durchlauf von malware hab ich folgendes Ergebnis:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4159

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

01.06.2010 00:03:47
mbam-log-2010-06-01 (00-03-47).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 122633
Laufzeit: 4 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


aber es ist leider noch nicht weg. Es öffnet sich immer wieder.
was kann ich jetzt tun????
Hatte zum Glück vorher noch nie probleme mit viren, trojaner o.ä.
Aber dieser "Doctor" scheint mir ein harter Brocken zu sein.

Wäre super wenn ihr mir weiter helfen könntet.

Vielen Dank schon mal.
Gruß Matze

cosinus 01.06.2010 13:32
Hallo und :hallo:

Poste bitte alle Logs von Malwarebytes. Ein Log mit Null Funden danach ist schön und gut, aber manb muss schon wissen was vorher gefunden und entfernt wurde.

Matze710 01.06.2010 17:48
leider hab ich den ersten log von malbware nicht mehr.
Nun der dritte Lauf:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4159

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

01.06.2010 18:45:15
mbam-log-2010-06-01 (18-45-15).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 277668
Laufzeit: 40 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

könnt ihr damit was anfangen?

lg matze

Wisdoom 01.06.2010 18:31
Mach ein Datenbankupdate auf 4161 und er wird gleichmal ein bisschen mehr finden.

cosinus 01.06.2010 19:37
Zitat:
leider hab ich den ersten log von malbware nicht mehr.
Wieso?? Du findest alle Logs im Programm unter Scan-Berichte...

Matze710 03.06.2010 17:09
ja habe ich gerade gesehen.
aber seis drum.
ich bin den "Doctor" alleine losgeworden, aber trotzdem danke.

Gruß
Matze

almir_de 03.06.2010 18:07
Hi Leude !
Also ich habe auch den Ärger mit dem Antimalware Doctor.
Habe nach mehreren Versuchen endlich den Doc gelöschgt bekommen und hoffe dass er sich nicht mehr meldet.Jetzt habe ich aber das Problem daß mein Internet-Explorer nicht mehr funzt.Er will keine Website aufrufen auch nicht Google, meldet stattdessen Verbidnungsfehler, der bekannte weiße Bildschirm wenn IE nicht online kommt.
Kann mir da jemand weiterhelfen ??
Mfg
ALMIR

Wisdoom 03.06.2010 21:27
hallo,

versuche prevx auf deinem computer laufen zu lassen und alle funde mit avira in quarantäne zu stellen (sowie an avira senden).
mach noch einen HJT und poste ihn dann hier.

almir_de 05.06.2010 08:57
Hier mal das Logfile von HJT :
HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:53:55, on 05.06.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Prevx\prevx.exe
C:\Windows\System32\notepad.exe
G:\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PXCIEaddin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\S.A.D\PDF-XChange 4\PXCIEAddin4.dll
O2 - BHO: SafeOnline BHO - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\Windows\system32\PxSecure.dll
O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\S.A.D\PDF Viewer\PDFXCviewIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: PDFXChange 4.0 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\S.A.D\PDF-XChange 4\PXCIEAddin4.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 3325 bytes
--- --- ---
Habe auch schon mit Prevx gescannt und er findet mir 4 bad files.
habe immer noch das robelm daß ich nicht online komme, Verbindung zum Router ist da, aber online ne Seite aufrufen ist nicht.

almir_de 05.06.2010 11:18
P.S. Ich kann nicht einmal auf meinen Router zugreifen, eine Fritzbix 7170.
Unter Netzwerkverbindung-Eigenschaften steht drin bei IPv& keine Internet-Konnektivität, obwohl eine Verbindung zur Fritzbox besteht, ich dreh bal durch !
HAbe mir jetzt mal einen Laptop von nem Kumpel geliehen, dieser funzt absolut problemlos in meinem WLAN-Netz, aber mein PC stellt sich seit dem Trojaner quer ohne Ende.
Kann mir bitte jemand da dringend weiterhelfen ? Ansonsten muß das Win7 neu installieren.
DANKE
Mfg
ALMIR

Wisdoom 05.06.2010 12:27
die 4 Bad files von prevx mit zb Avira Antivir in Quarantäne stellen.
und die anleitung von hier befolgen:
http://www.trojaner-board.de/83172-a...entfernen.html

dein HJT Log ist noch nicht sauber.

almir_de 05.06.2010 13:40
Zitat:
Zitat von Wisdoom (Beitrag 530577)
die 4 Bad files von prevx mit zb Avira Antivir in Quarantäne stellen.
und die anleitung von hier befolgen:
http://www.trojaner-board.de/83172-a...entfernen.html

dein HJT Log ist noch nicht sauber.
Der Anleitung folge ich schon die ganze Zeit, habe ja alle dort genannten Progamme ausgeführt.
Habe jetzt mal versucht die Badfiles zu finden mit Avira, aber unter dem vom prevx genannten Pfad sind diese Dateien/Ordner nicht zu finden, unter c: users/appdata/... den appdata ordner habe ich gar nicht.
Mfg
ALMIR

Larusso 05.06.2010 13:47
Starte mal HJT --> markiere folgenden EIntrag

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555

Schließe alle laufenden Programme --> Klicke auf fix checked --> rechner neu starten.

Berichte ob Du wieder ins Internet kannst.

almir_de 05.06.2010 14:17
Zitat:
Zitat von Larusso (Beitrag 530596)
Starte mal HJT --> markiere folgenden EIntrag

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555

Schließe alle laufenden Programme --> Klicke auf fix checked --> rechner neu starten.

Berichte ob Du wieder ins Internet kannst.
Hallelujah ! Mein Internet gehjt wieder ! DANKE Larusso !
Ich scanne gerade nochmal mit Prevx den PC und er hat schon wieder bzw. noch immer etwas gefunden, zwei Dateien die nennen sich avm.exe und jdownloader.exe habe die jetzt in die Quarantäne verschoben.
Kann es sein daß dieser Trojaner immer hin udn herwandert ind andere Verzeichnisse und Ordner und sich dann in andere Anwendungen einnistet ??
Daß Jdownloader kein Trojaner ist ist uns ja wohl allen klar.
Mfg
ALMIR

Larusso 05.06.2010 14:27
Brich PrevX mal ab.

Bitte die Logfiles nicht in CodeTags posten, danke

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90

almir_de 05.06.2010 14:52
OTL Logfile:
Code:
OTL logfile created on: 05.06.2010 15:48:19 - Run 1
OTL by OldTimer - Version 3.2.5.3    Folder = C:\Users\almir\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 67,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78,13 Gb Total Space | 53,60 Gb Free Space | 68,61% Space Free | Partition Type: NTFS
Drive D: | 294,47 Gb Total Space | 293,52 Gb Free Space | 99,68% Space Free | Partition Type: NTFS
Drive E: | 141,84 Gb Total Space | 120,43 Gb Free Space | 84,91% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 15,02 Gb Total Space | 14,89 Gb Free Space | 99,11% Space Free | Partition Type: NTFS
Drive J: | 1,87 Gb Total Space | 0,41 Gb Free Space | 22,06% Space Free | Partition Type: NTFS
 
Computer Name: ALMIR-PC
Current User Name: almir
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.06.05 15:38:38 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\almir\Desktop\OTL.exe
PRC - [2010.06.05 15:24:15 | 042,341,360 | ---- | M] () -- C:\Users\almir\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\09210X9N\avira_antivir_personal_de[1].exe
PRC - [2010.03.02 10:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.02.22 16:17:50 | 001,226,024 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero 10\Nero BackItUp\NBAgent.exe
PRC - [2010.02.18 14:01:06 | 000,462,632 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe
PRC - [2010.01.27 02:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe
PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.10.30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\DTLite.exe
PRC - [2009.10.20 19:34:38 | 000,207,376 | ---- | M] (Kaspersky Lab) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
PRC - [2009.07.14 03:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.06.05 15:38:38 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\almir\Desktop\OTL.exe
MOD - [2009.07.14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009.07.14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009.07.14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009.07.14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009.07.14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009.07.14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009.07.14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009.07.14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009.07.14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009.07.14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.03.16 15:36:29 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.02.18 14:01:06 | 000,462,632 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009.10.20 19:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)
SRV - [2009.07.14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009.07.14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009.07.14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009.07.14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009.07.14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009.07.14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009.07.14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009.07.14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009.07.14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.07.14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009.07.14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009.07.14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV)
SRV - [2009.07.14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009.07.14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Boot | Running] --  -- (pxscan)
DRV - File not found [File_System | Auto | Running] --  -- (pxrts)
DRV - File not found [Kernel | On_Demand | Running] --  -- (pxkbf)
DRV - [2010.06.05 10:21:40 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2010.05.30 09:40:38 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.03.01 09:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.01.12 13:03:34 | 011,586,280 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.11.04 20:13:10 | 000,294,912 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2009.11.04 20:13:10 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2009.11.04 20:13:10 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2009.11.04 20:13:09 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2009.11.03 16:33:40 | 000,021,520 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009.10.14 20:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\klbg.sys -- (klbg)
DRV - [2009.10.02 18:39:36 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.09.01 14:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2009.07.14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009.07.14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009.07.14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009.07.14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009.07.14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009.07.14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009.07.14 03:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009.07.14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009.07.14 03:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009.07.14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009.07.14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009.07.14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009.07.14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009.07.14 03:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009.07.14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009.07.14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009.07.14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009.07.14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009.07.14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009.07.14 03:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009.07.14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009.07.14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009.07.14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009.07.14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009.07.14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009.07.14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009.07.14 03:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009.07.14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009.07.14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009.07.14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009.07.14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009.07.14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009.07.14 03:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009.07.14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009.07.14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009.07.14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009.07.14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009.07.14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009.07.14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009.07.14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009.07.14 01:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009.07.14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009.07.14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009.07.14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009.07.14 01:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009.07.14 01:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009.07.14 01:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009.07.14 01:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009.07.14 01:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009.07.14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009.07.14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009.07.14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009.07.14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009.07.14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009.07.14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009.07.14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009.07.14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009.07.14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009.07.14 00:02:47 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.05.22 12:31:16 | 000,115,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PciSPorts.sys -- (PciSPorts)
DRV - [2006.12.12 15:38:00 | 000,286,208 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr61.sys -- (rt61x86)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FC 42 6A 71 EB A8 CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010.06.05 10:22:05 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (PDFXChange 4.0) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Programme\S.A.D\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Programme\S.A.D\PDF Viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (PDFXChange 4.0) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Programme\S.A.D\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.03.20 17:42:25 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5eca40ee-5730-11df-bb5e-0022155305f7}\Shell - "" = AutoRun
O33 - MountPoints2\{5eca40ee-5730-11df-bb5e-0022155305f7}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009.07.14 04:37:08 | 000,000,000 | ---D | M]
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.06.05 15:39:25 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\almir\Desktop\OTL.exe
[2010.06.05 15:33:39 | 000,000,000 | ---D | C] -- C:\Users\almir\AppData\Roaming\Avira
[2010.06.05 15:26:37 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.06.05 15:26:37 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.06.05 10:21:48 | 000,000,000 | ---D | C] -- C:\Programme\Kaspersky Lab
[2010.06.05 10:21:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010.06.05 10:21:40 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010.06.05 10:01:19 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.06.05 10:01:19 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.06.05 10:01:19 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.06.05 10:01:19 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.06.05 10:01:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.06.05 09:37:02 | 000,061,952 | ---- | C] (Prevx) -- C:\Windows\System32\PxSecure.dll-914711
[2010.06.03 17:02:38 | 000,000,000 | ---D | C] -- C:\Users\almir\AppData\Roaming\Malwarebytes
[2010.06.03 17:02:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.06.03 17:02:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.06.03 17:02:34 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.06.03 17:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.06.03 16:47:51 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.06.03 16:37:14 | 000,000,000 | ---D | C] -- C:\Users\almir\AppData\Local\hgqvavkiy
[2010.06.03 16:36:47 | 000,000,000 | ---D | C] -- C:\Users\almir\AppData\Roaming\FBF315FB3B49E033C000DDCC591C50FA
[2010.05.30 22:01:53 | 000,000,000 | ---D | C] -- C:\Users\almir\AppData\Roaming\vlc
[2010.05.30 22:01:29 | 000,000,000 | ---D | C] -- C:\Programme\VideoLAN
[2010.05.30 12:56:00 | 000,000,000 | ---D | C] -- C:\Users\almir\AppData\Roaming\WinRAR
[2010.05.30 10:19:38 | 000,000,000 | ---D | C] -- C:\Users\almir\AppData\Local\GHISLER
[2010.05.30 10:16:13 | 000,000,000 | ---D | C] -- C:\Programme\JDownloader
[2010.05.30 10:16:03 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2010.05.30 10:15:04 | 000,000,000 | ---D | C] -- C:\totalcmd
[2010.05.30 10:15:04 | 000,000,000 | ---D | C] -- C:\Users\almir\AppData\Roaming\GHISLER
[2010.05.30 09:51:20 | 000,000,000 | ---D | C] -- C:\Users\almir\AppData\Roaming\bizarre creations
[2010.05.30 09:49:25 | 000,000,000 | ---D | C] -- C:\Programme\InstallShield Installation Information
[2010.05.30 09:43:55 | 000,000,000 | ---D | C] -- C:\Programme\Activision
[2010.05.30 09:40:55 | 000,000,000 | ---D | C] -- C:\Programme\DAEMON Tools Toolbar
[2010.05.30 09:40:26 | 000,000,000 | ---D | C] -- C:\Programme\DAEMON Tools Lite
[2010.05.30 09:40:15 | 000,000,000 | ---D | C] -- C:\Users\almir\AppData\Roaming\DAEMON Tools Lite
[2010.05.30 09:40:13 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010.05.24 15:24:22 | 000,000,000 | ---D | C] -- C:\Programme\Franzis
[2010.05.24 15:24:12 | 000,000,000 | ---D | C] -- C:\Windows\uninstall
[2010.05.24 15:06:46 | 000,053,016 | ---- | C] (Tracker Software Products Ltd.) -- C:\Windows\System32\pxc40pm.dll
[2010.05.24 15:06:33 | 000,000,000 | ---D | C] -- C:\Programme\S.A.D
[2010.05.13 14:10:36 | 000,000,000 | ---D | C] -- C:\Users\almir\Documents\NeroVision
[2010.05.13 14:10:24 | 000,000,000 | ---D | C] -- C:\Users\almir\AppData\Local\Nero_AG
[2010.05.13 14:10:09 | 000,000,000 | ---D | C] -- C:\Users\almir\AppData\Local\Nero
[2010.05.13 14:08:22 | 000,000,000 | ---D | C] -- C:\Users\almir\AppData\Roaming\Nero
[2010.05.13 13:53:48 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET
[2010.05.13 13:44:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010.05.13 13:43:56 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Nero
[2010.05.13 13:43:50 | 000,000,000 | ---D | C] -- C:\Programme\Nero
[2010.04.18 20:53:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010.04.18 20:53:08 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe
[2010.04.18 20:53:08 | 000,000,000 | ---D | C] -- C:\Programme\Adobe
[2010.04.18 20:52:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\Installationsprogramm für Adobe Reader 9
[2010.04.18 20:51:01 | 000,000,000 | ---D | C] -- C:\Users\almir\AppData\Local\Adobe
[2010.04.18 20:50:51 | 000,000,000 | ---D | C] -- C:\Users\almir\AppData\Roaming\Macromedia
[2010.04.18 20:50:51 | 000,000,000 | ---D | C] -- C:\Users\almir\AppData\Roaming\Adobe
[2010.04.18 20:50:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
 
========== Files - Modified Within 90 Days ==========
 
[2010.06.05 15:48:20 | 002,097,152 | -HS- | M] () -- C:\Users\almir\NTUSER.DAT
[2010.06.05 15:38:38 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\almir\Desktop\OTL.exe
[2010.06.05 15:29:15 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.05 15:29:15 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.05 15:27:15 | 001,472,002 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.06.05 15:27:15 | 000,645,502 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.06.05 15:27:15 | 000,607,530 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.06.05 15:27:15 | 000,126,822 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.06.05 15:27:15 | 000,103,908 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.06.05 15:21:28 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.05 15:21:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.05 15:21:20 | 1609,834,496 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.05 15:19:55 | 001,378,652 | -H-- | M] () -- C:\Users\almir\AppData\Local\IconCache.db
[2010.06.05 15:12:40 | 000,113,933 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2010.06.05 15:12:40 | 000,097,549 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2010.06.05 10:21:40 | 000,311,312 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010.06.05 10:01:28 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.06.05 09:37:02 | 000,061,952 | ---- | M] (Prevx) -- C:\Windows\System32\PxSecure.dll-914711
[2010.06.03 17:02:37 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.03 16:47:51 | 000,001,831 | ---- | M] () -- C:\Users\almir\Desktop\CCleaner.lnk
[2010.05.30 22:01:35 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010.05.30 10:16:19 | 000,000,989 | ---- | M] () -- C:\Users\almir\Desktop\JDownloader.lnk
[2010.05.30 10:15:05 | 000,000,632 | ---- | M] () -- C:\Users\almir\Desktop\Total Commander.lnk
[2010.05.30 09:49:50 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\Blur(TM).lnk
[2010.05.30 09:42:55 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.05.30 09:40:49 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2010.05.30 09:40:38 | 000,691,696 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys
[2010.05.24 15:25:04 | 000,002,210 | ---- | M] () -- C:\Users\Public\Desktop\Windows 7 Games.lnk
[2010.05.24 15:06:40 | 000,001,028 | ---- | M] () -- C:\Users\almir\Desktop\PDF-Viewer.lnk
[2010.05.24 15:06:39 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\Office2PDF.lnk
[2010.05.24 15:06:39 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\PDF-Tools 4.lnk
[2010.05.13 14:15:31 | 000,000,000 | -H-- | M] () -- C:\Users\almir\Documents\Default.rdp
[2010.05.13 13:46:31 | 000,002,923 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart 10.lnk
[2010.05.13 13:46:03 | 000,002,901 | ---- | M] () -- C:\Users\Public\Desktop\Nero Vision 10.lnk
[2010.05.13 13:45:33 | 000,002,895 | ---- | M] () -- C:\Users\Public\Desktop\Nero MediaHub 10.lnk
[2010.05.13 13:44:44 | 000,003,013 | ---- | M] () -- C:\Users\Public\Desktop\Nero BackItUp 10.lnk
[2010.05.13 13:44:30 | 000,002,915 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.28 21:01:32 | 000,524,288 | -HS- | M] () -- C:\Users\almir\NTUSER.DAT{efb613d2-52df-11df-a6d1-0022155305f7}.TMContainer00000000000000000002.regtrans-ms
[2010.04.28 21:01:32 | 000,524,288 | -HS- | M] () -- C:\Users\almir\NTUSER.DAT{efb613d2-52df-11df-a6d1-0022155305f7}.TMContainer00000000000000000001.regtrans-ms
[2010.04.28 21:01:32 | 000,065,536 | -HS- | M] () -- C:\Users\almir\NTUSER.DAT{efb613d2-52df-11df-a6d1-0022155305f7}.TM.blf
[2010.04.28 16:22:03 | 000,057,560 | ---- | M] () -- C:\Users\almir\AppData\Local\GDIPFONTCACHEV1.DAT
 
========== Files Created - No Company Name ==========
 
[2010.06.05 10:22:30 | 000,113,933 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010.06.05 10:22:30 | 000,097,549 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010.06.05 10:01:28 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.06.03 17:02:37 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.03 16:47:51 | 000,001,831 | ---- | C] () -- C:\Users\almir\Desktop\CCleaner.lnk
[2010.05.30 22:01:35 | 000,001,024 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010.05.30 10:16:19 | 000,000,989 | ---- | C] () -- C:\Users\almir\Desktop\JDownloader.lnk
[2010.05.30 10:15:05 | 000,000,632 | ---- | C] () -- C:\Users\almir\Desktop\Total Commander.lnk
[2010.05.30 10:15:04 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF
[2010.05.30 10:15:04 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF
[2010.05.30 10:15:04 | 000,000,545 | ---- | C] () -- C:\Windows\PKZIP.PIF
[2010.05.30 10:15:04 | 000,000,545 | ---- | C] () -- C:\Windows\PKUNZIP.PIF
[2010.05.30 10:15:04 | 000,000,545 | ---- | C] () -- C:\Windows\NOCLOSE.PIF
[2010.05.30 10:15:04 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF
[2010.05.30 10:15:04 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF
[2010.05.30 09:49:50 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\Blur(TM).lnk
[2010.05.30 09:40:49 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2010.05.30 09:40:38 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010.05.24 15:25:04 | 000,002,210 | ---- | C] () -- C:\Users\Public\Desktop\Windows 7 Games.lnk
[2010.05.24 15:06:40 | 000,001,028 | ---- | C] () -- C:\Users\almir\Desktop\PDF-Viewer.lnk
[2010.05.24 15:06:39 | 000,001,048 | ---- | C] () -- C:\Users\Public\Desktop\Office2PDF.lnk
[2010.05.24 15:06:39 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\PDF-Tools 4.lnk
[2010.05.13 14:15:31 | 000,000,000 | -H-- | C] () -- C:\Users\almir\Documents\Default.rdp
[2010.05.13 13:46:31 | 000,002,923 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart 10.lnk
[2010.05.13 13:46:03 | 000,002,901 | ---- | C] () -- C:\Users\Public\Desktop\Nero Vision 10.lnk
[2010.05.13 13:45:33 | 000,002,895 | ---- | C] () -- C:\Users\Public\Desktop\Nero MediaHub 10.lnk
[2010.05.13 13:44:44 | 000,003,013 | ---- | C] () -- C:\Users\Public\Desktop\Nero BackItUp 10.lnk
[2010.05.13 13:44:30 | 000,002,915 | ---- | C] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
[2010.04.28 18:06:11 | 000,524,288 | -HS- | C] () -- C:\Users\almir\NTUSER.DAT{efb613d2-52df-11df-a6d1-0022155305f7}.TMContainer00000000000000000002.regtrans-ms
[2010.04.28 18:06:11 | 000,524,288 | -HS- | C] () -- C:\Users\almir\NTUSER.DAT{efb613d2-52df-11df-a6d1-0022155305f7}.TMContainer00000000000000000001.regtrans-ms
[2010.04.28 18:06:11 | 000,065,536 | -HS- | C] () -- C:\Users\almir\NTUSER.DAT{efb613d2-52df-11df-a6d1-0022155305f7}.TM.blf
[2010.04.28 16:28:19 | 000,115,712 | ---- | C] () -- C:\Windows\System32\drivers\PciSPorts.sys
[2010.04.28 16:28:19 | 000,081,920 | ---- | C] () -- C:\Windows\System32\drivers\PciPPorts.sys
[2010.04.18 20:53:12 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009.07.14 02:55:09 | 001,332,736 | ---- | C] () -- C:\Windows\System32\hpotiop1.dll
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
 
========== LOP Check ==========
 
[2009.07.14 06:53:46 | 000,011,212 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2009.06.10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009.06.10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010.06.05 15:21:20 | 1609,834,496 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.05 15:21:22 | 2146,447,360 | -HS- | M] () -- C:\pagefile.sys
[2010.06.03 17:15:35 | 000,000,268 | ---- | M] () -- C:\rkill.log
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009.07.14 03:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\drivers\*.sys /90 >
[2010.06.05 10:21:40 | 000,311,312 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.05.30 09:40:38 | 000,691,696 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys

< End of report >
--- --- ---

Larusso 06.06.2010 20:08
Sorry
Code:
:OTL
DRV - File not found [Kernel | Boot | Running] --  -- (pxscan)
DRV - File not found [File_System | Auto | Running] --  -- (pxrts)
DRV - File not found [Kernel | On_Demand | Running] --  -- (pxkbf)
[2010.06.03 16:37:14 | 000,000,000 | ---D | C] -- C:\Users\almir\AppData\Local\hgqvavkiy
[2010.06.03 16:36:47 | 000,000,000 | ---D | C] -- C:\Users\almir\AppData\Roaming\FBF315FB3B49E033C000DDCC591C50FA

:services
:files
:reg
:Commands
[purity]
[emptytemp]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Schritt 2
  • Bitte
  • alle anderen Scanner gegen Viren, Spyware, usw. deaktiviert sein,
  • keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
  • nichts am Rechner getan werden,
  • nach jedem Scan der Rechner neu gestartet werden.
Gmer scannen lassen
  • Lade Dir Gmer von dieser Seite herunter
    (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
  • Gmer ist geeignet für => NT/W2K/XP/VISTA.
  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
  • Vista-User mit Rechtsklick und als Administrator starten.
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf "Save" und speichere das Log als "Gmer.txt" auf dem Desktop, Mit "Ok" wird Gmer beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Bitte poste in Deiner nächsten Antwort
Gmer.txt

almir_de 07.06.2010 17:46
All processes killed
========== OTL ==========
Error: No service named pxscan was found to stop!
Service\Driver key pxscan not found.
Error: No service named pxrts was found to stop!
Service\Driver key pxrts not found.
Error: No service named pxkbf was found to stop!
Service\Driver key pxkbf not found.
C:\Users\almir\AppData\Local\hgqvavkiy folder moved successfully.
C:\Users\almir\AppData\Roaming\FBF315FB3B49E033C000DDCC591C50FA folder moved successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: almir
->Temp folder emptied: 24019170 bytes
->Temporary Internet Files folder emptied: 50426509 bytes
->Java cache emptied: 10709299 bytes
->Flash cache emptied: 1503 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 116013 bytes
RecycleBin emptied: 8731 bytes

Total Files Cleaned = 81,00 mb


OTL by OldTimer - Version 3.2.5.3 log created on 06072010_184341

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

almir_de 07.06.2010 18:12
GMER Logfile:
Code:
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-06-07 19:09:00
Windows 6.1.7600
Running: zgg6yz96.exe; Driver: C:\Users\almir\AppData\Local\Temp\kglcrpod.sys


---- System - GMER 1.0.15 ----

INT 0x1F        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                              82E35AF8
INT 0x37        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                              82E35104
INT 0xC1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                              82E353F4
INT 0xD1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                              82E1D634
INT 0xD2        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                              82E1D898
INT 0xDF        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                              82E351DC
INT 0xE1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                              82E35958
INT 0xE3        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                              82E356F8
INT 0xFD        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                              82E35F2C
INT 0xFE        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                              82E361A8

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                                                        82A4E579 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                82A72F52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
?              System32\Drivers\spip.sys                                                                                                              Das System kann den angegebenen Pfad nicht finden. !
.text          USBPORT.SYS!DllUnload                                                                                                                  8E975CA0 5 Bytes  JMP 867851D8
.text          adajgpno.SYS                                                                                                                          8E9C6000 12 Bytes  [44, 08, E2, 82, EE, 06, E2, ...]
.text          adajgpno.SYS                                                                                                                          8E9C600D 9 Bytes  [E7, E1, 82, 48, 0B, E2, 82, ...] {OUT 0xe1, EAX; OR BYTE [EAX+0xb], -0x1e; ADD BYTE [EAX], 0x0}
.text          adajgpno.SYS                                                                                                                          8E9C6017 170 Bytes  [00, DE, 27, B9, 88, E6, 25, ...]
.text          adajgpno.SYS                                                                                                                          8E9C60C3 8 Bytes  [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text          adajgpno.SYS                                                                                                                          8E9C60CE 4 Bytes  [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text          ...                                                                                                                                   
.text          peauth.sys                                                                                                                            98415C9E 27 Bytes  [30, 0E, 02, 0F, 1C, D6, 91, ...]
.text          peauth.sys                                                                                                                            98415CC2 27 Bytes  [30, 0E, 02, 0F, 1C, D6, 91, ...]

---- User code sections - GMER 1.0.15 ----

.text          C:\Program Files\Internet Explorer\iexplore.exe[3068] USER32.dll!CreateWindowExW                                                      760D0E51 5 Bytes  JMP 6D73801F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3068] USER32.dll!DialogBoxIndirectParamW                                              760F4AA7 5 Bytes  JMP 6D85EDC0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3068] USER32.dll!DialogBoxParamW                                                      760F564A 5 Bytes  JMP 6D654D5B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3068] USER32.dll!DialogBoxParamA                                                      7610CF6A 5 Bytes  JMP 6D85ED5D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3068] USER32.dll!DialogBoxIndirectParamA                                              7610D29C 5 Bytes  JMP 6D85EE23 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3068] USER32.dll!MessageBoxIndirectA                                                  7611E8C9 5 Bytes  JMP 6D85ECF2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3068] USER32.dll!MessageBoxIndirectW                                                  7611E9C3 5 Bytes  JMP 6D85EC87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3068] USER32.dll!MessageBoxExA                                                        7611EA29 5 Bytes  JMP 6D85EC25 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3068] USER32.dll!MessageBoxExW                                                        7611EA4D 5 Bytes  JMP 6D85EBC3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!CreateDialogParamW                                                    760C9BFF 5 Bytes  JMP 6D68C720 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!EnableWindow                                                          760CA72E 5 Bytes  JMP 6D68C69B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!GetAsyncKeyState                                                      760CC09A 5 Bytes  JMP 6D64D8A9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!UnhookWindowsHookEx                                                  760CCC7B 5 Bytes  JMP 6D7481D8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!CallNextHookEx                                                        760CCC8F 5 Bytes  JMP 6D729A6C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!CreateWindowExW                                                      760D0E51 5 Bytes  JMP 6D73801F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!SetWindowsHookExW                                                    760D210A 5 Bytes  JMP 6D6E46DB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!GetKeyState                                                          760D4FDA 5 Bytes  JMP 6D68D8F2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!IsDialogMessageW                                                      760D6F06 5 Bytes  JMP 6D654438 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!CreateDialogParamA                                                    760E3E79 5 Bytes  JMP 6D85F9DA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!IsDialogMessage                                                      760E407A 5 Bytes  JMP 6D85F27B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!CreateDialogIndirectParamA                                            760E9110 5 Bytes  JMP 6D85FA11 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!CreateDialogIndirectParamW                                            760F08AD 5 Bytes  JMP 6D85FA48 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!DialogBoxIndirectParamW                                              760F4AA7 5 Bytes  JMP 6D85EDC0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!EndDialog                                                            760F555C 5 Bytes  JMP 6D655C9D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!DialogBoxParamW                                                      760F564A 5 Bytes  JMP 6D654D5B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!SetKeyboardState                                                      760F6B52 5 Bytes  JMP 6D85F5E0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!SendInput                                                            760F7055 5 Bytes  JMP 6D8601A8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!SetCursorPos                                                          7610C1D8 5 Bytes  JMP 6D860200 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!DialogBoxParamA                                                      7610CF6A 5 Bytes  JMP 6D85ED5D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!DialogBoxIndirectParamA                                              7610D29C 5 Bytes  JMP 6D85EE23 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!MessageBoxIndirectA                                                  7611E8C9 5 Bytes  JMP 6D85ECF2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!MessageBoxIndirectW                                                  7611E9C3 5 Bytes  JMP 6D85EC87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!MessageBoxExA                                                        7611EA29 5 Bytes  JMP 6D85EC25 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!MessageBoxExW                                                        7611EA4D 5 Bytes  JMP 6D85EBC3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!keybd_event                                                          7611EC9B 5 Bytes  JMP 6D860533 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3184] SHELL32.dll!SHChangeNotification_Lock + 45BE                                    76A4B3D8 4 Bytes  [11, 36, 38, 72]
.text          C:\Program Files\Internet Explorer\iexplore.exe[3184] SHELL32.dll!SHChangeNotification_Lock + 45C6                                    76A4B3E0 8 Bytes  [5F, 35, 38, 72, D0, 73, 37, ...]
.text          C:\Program Files\Internet Explorer\iexplore.exe[3184] ole32.dll!OleLoadFromStream                                                      766D5B88 5 Bytes  JMP 6D85F137 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3184] ole32.dll!CoCreateInstance                                                      767257FC 5 Bytes  JMP 6D738B0D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT            \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                                              [88A96042] \SystemRoot\System32\Drivers\spip.sys
IAT            \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                                              [88A966D6] \SystemRoot\System32\Drivers\spip.sys
IAT            \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                                      [88A96800] \SystemRoot\System32\Drivers\spip.sys
IAT            \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                                        [88A9613E] \SystemRoot\System32\Drivers\spip.sys
IAT            \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortNotification]                                                            00147880
IAT            \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortQuerySystemTime]                                                          78800C75
IAT            \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortReadPortUchar]                                                            06750015
IAT            \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortStallExecution]                                                          C25DC033
IAT            \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortWritePortUchar]                                                          458B0008
IAT            \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortWritePortUlong]                                                          6A006A08
IAT            \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortGetPhysicalAddress]                                                      50056A24
IAT            \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong]                                            005AB7E8
IAT            \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortGetScatterGatherList]                                                    0001B800
IAT            \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortGetParentBusType]                                                        C25D0000
IAT            \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortRequestCallback]                                                          CCCC0008
IAT            \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortWritePortBufferUshort]                                                    CCCCCCCC
IAT            \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortGetUnCachedExtension]                                                    CCCCCCCC
IAT            \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortCompleteRequest]                                                          CCCCCCCC
IAT            \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortCopyMemory]                                                              53EC8B55
IAT            \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortEtwTraceLog]                                                              800C5D8B
IAT            \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests]                                                7500117B
IAT            \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb]                                                  127B806A
IAT            \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb]                                                    80647500
IAT            \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortReadPortBufferUshort]                                                    7500137B
IAT            \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortInitialize]                                                              157B805E
IAT            \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortGetDeviceBase]                                                            56587500
IAT            \SystemRoot\System32\Drivers\adajgpno.SYS[ataport.SYS!AtaPortDeviceStateChange]                                                        8008758B

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                [72369F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW]                      [72373932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                  [72371ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW]                  [7236C028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW]            [72373B9B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose]                        [7237595C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW]                    [723747A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW]                  [72374EB8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA]                  [72371D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW]        [7236F312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                  [72369F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW]                    [72371BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW]                      [723706BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW]      [7236FAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW]                    [72371ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]                      [72371A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW]                        [72370043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW]                      [72370CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW]                      [72373932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW]                      [72371BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                    [72369F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW]                      [723706BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW]                    [72371BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW]                    [72370CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW]                    [72372ADB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA]        [7236F1BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW]        [7236F312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW]      [7236FAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]                    [72371A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW]                  [72371ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW]                  [72374EB8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW]                  [723747A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW]              [7236DF55] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW]                    [723706BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW]                    [72373932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW]              [7236DCFA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA]              [7236DE25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA]                    [72370571] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                  [72369F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA]                  [72371D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA]              [7236DBCF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA]                    [723741F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose]                      [7237595C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA]                  [72374735] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA]                  [72374B56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA]                      [7237823A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW]                [723789C0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW]                      [72378584] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW]                  [72377E55] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW]            [72378CD4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W]                [723790D9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW]                    [72377C72] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA]                    [72378D26] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW]                [72377F8E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW]          [7237794A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW]              [72377D19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW]                    [72378898] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW]              [723786C0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW]                  [72378760] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsContentTypeW]              [72377EF3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegQueryUSValueW]              [72379B99] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegEnumUSKeyW]                  [7237958E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyA]                  [723799D2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW]            [72378026] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA]                [72377F42] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA]                  [72377AE4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW]                    [723797FC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCanonicalizeW]                [72377BD1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW]                    [72379C52] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW]                [723798B5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW]                  [723777ED] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW]            [723796FD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW]                  [723781EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW]              [723780BE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW]                      [72378286] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW]                    [72378D75] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW]                  [72377DBA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW]                    [72378F70] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW]                  [7237892C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyW]                  [72379A2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW]                  [723792E3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW]                      [72379E71] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW]                  [72378E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW]                  [72377B33] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW]                      [72379029] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW]                [7237789A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW]                      [723783BC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW]            [7237861C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW]          [72378A5E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW]                [72378454] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW]            [723784EC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW]                  [72379974] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW]                    [72378EBD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile]              [7236D9AD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW]                        [72370F2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW]                          [72371904] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW]              [7237141F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                    [72371A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW]                [723709C2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW]      [7236FAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW]    [7236F834] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW]  [7236F084] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW]                    [723727FF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW]                    [72371BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW]        [7236F312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW]          [7236EB7A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA]              [7236E563] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW]                    [72372ADB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW]                      [723727DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW]                  [7236E901] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW]                      [72370043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW]      [7236EE02] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW]                      [72371BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]                      [72371A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]                  [72369F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW]                  [72379974] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA]                  [72379916] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA]          [72378A0C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA]                    [72378D26] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW]                  [72378E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW]              [72377D19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA]                      [72378FCE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA]                      [72379E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW]                      [72379029] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW]                      [72379E71] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW]                    [72377C72] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]                  [72369F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                                84A7A1F8
Device          \FileSystem\fastfat \FatCdrom                                                                                                          87665500
Device          \Driver\volmgr \Device\VolMgrControl                                                                                                  84A751F8
Device          \Driver\PCI_PNP1862 \Device\00000051                                                                                                  spip.sys
Device          \Driver\usbuhci \Device\USBPDO-0                                                                                                      867861F8
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                                      867861F8
Device          \Driver\usbuhci \Device\USBPDO-2                                                                                                      867861F8
Device          \Driver\usbehci \Device\USBPDO-3                                                                                                      86792500
Device          \Driver\usbuhci \Device\USBPDO-4                                                                                                      867861F8
Device          \Driver\ACPI_HAL \Device\00000049                                                                                                      halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device          \Driver\usbuhci \Device\USBPDO-5                                                                                                      867861F8
Device          \Driver\usbuhci \Device\USBPDO-6                                                                                                      867861F8
Device          \Driver\usbehci \Device\USBPDO-7                                                                                                      86792500
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                                                84A751F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\volmgr \Device\HarddiskVolume2                                                                                                84A751F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\cdrom \Device\CdRom0                                                                                                          8654F1F8
Device          \Driver\volmgr \Device\HarddiskVolume3                                                                                                84A751F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                                                            84A781F8
Device          \Driver\iaStorV \Device\Ide\iaStor0                                                                                                    84A771F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                                    84A781F8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                                    84A781F8
Device          \Driver\iaStorV \Device\Ide\IAAStorageDevice-0                                                                                        84A771F8
Device          \Driver\iaStorV \Device\Ide\IAAStorageDevice-1                                                                                        84A771F8
Device          \Driver\cdrom \Device\CdRom1                                                                                                          8654F1F8
Device          \Driver\volmgr \Device\HarddiskVolume4                                                                                                84A751F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\volmgr \Device\HarddiskVolume5                                                                                                84A751F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\USBSTOR \Device\00000076                                                                                                      865881F8
Device          \Driver\volmgr \Device\HarddiskVolume6                                                                                                84A751F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\USBSTOR \Device\00000077                                                                                                      865881F8
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                                                865731F8
Device          \Driver\volmgr \Device\HarddiskVolume7                                                                                                84A751F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7                                                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\USBSTOR \Device\00000078                                                                                                      865881F8
Device          \Driver\USBSTOR \Device\00000079                                                                                                      865881F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{B087707E-5BFC-490C-8F7D-B9B5BE28546C}                                                              865731F8
Device          \Driver\sptd \Device\3440801863                                                                                                        spip.sys
Device          \Driver\usbuhci \Device\USBFDO-0                                                                                                      867861F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{33EF70D9-E774-4B65-8E5B-331714413EFF}                                                              865731F8
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                                      867861F8
Device          \Driver\USBSTOR \Device\0000007a                                                                                                      865881F8
Device          \Driver\usbuhci \Device\USBFDO-2                                                                                                      867861F8
Device          \Driver\USBSTOR \Device\0000007b                                                                                                      865881F8
Device          \Driver\usbehci \Device\USBFDO-3                                                                                                      86792500
Device          \Driver\usbuhci \Device\USBFDO-4                                                                                                      867861F8
Device          \Driver\usbuhci \Device\USBFDO-5                                                                                                      867861F8
Device          \Driver\usbuhci \Device\USBFDO-6                                                                                                      867861F8
Device          \Driver\usbehci \Device\USBFDO-7                                                                                                      86792500
Device          \Driver\adajgpno \Device\Scsi\adajgpno1Port3Path0Target0Lun0                                                                          867831F8
Device          \Driver\adajgpno \Device\Scsi\adajgpno1                                                                                                867831F8
Device          \FileSystem\fastfat \Fat                                                                                                              87665500

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                              fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                                    771343423
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                                    285507792
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                                    1
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                     
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                    C:\Program Files\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                    0xD4 0xC3 0x97 0x02 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                    0
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                0x5A 0x34 0x94 0x29 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                             
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                          0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                        0x0A 0x6A 0x93 0x0D ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                       
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                  0xAD 0x30 0xD3 0x08 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                 
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                        C:\Program Files\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                        0xD4 0xC3 0x97 0x02 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                        0
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                    0x5A 0x34 0x94 0x29 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                         
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                              0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                            0x0A 0x6A 0x93 0x0D ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                   
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                      0xAD 0x30 0xD3 0x08 ...

---- EOF - GMER 1.0.15 ----
--- --- ---

Larusso 07.06.2010 18:22
Ist AntiMalware Doctor noch präsent ?

almir_de 07.06.2010 19:00
Keine Ahnung ob das Dingens noch da ist.
Werde das mal beobachten und mich ggf wieder hier melden.
Danke für die Unterstützung !
Mfg
ALMIR

Larusso 07.06.2010 19:05
Aktiv sehe ich nämlich nicht in den Logs :)

Schritt 1

Bereinigung mit Malwarebytes' Anti-Malware (Quick-Scan)

Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
  • Denke daran, bei Vista das Programm als Admin zu starten, ansonsten per Doppelklick starten.
  • Lasse es online updaten (Reiter Updates), sofern sich das Programm bereits auf dem Rechner befand.
  • Aktiviere "Quick-Scan durchführen" => Scan.
  • Wenn der Scan beendet ist, klicke auf "Ergebnisse anzeigen".
  • Bei Funden in C:\System Volume Information den Haken entfernen.
    Ansonsten wird dieser Systemwiederherstellungspunkt nicht mehr funktionieren.
    Er könnte jedoch trotz Malware noch gebraucht werden.
  • Versichere Dich, dass ansonsten alle Funde markiert sind und drücke "Entferne Auswahl".
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Scan-Berichte" finden.
  • Berichte, wie der Rechner nun läuft.
Hier findest Du eine ausführliche und bebilderte Anleitung.


Schritt 2
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Unterstützte Betriebssysteme: Microsoft Windows 98/ME/NT 4.0/2000/XP und Windows Vista
  • Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
  • Dein Anti-Virus-Programm während des Scans deaktivieren.
  • Button "ESET Online Scanner" drücken.
  • Firefox-User müssen ein zusätzliches Addon (esetsmartinstaller_enu.exe) installieren.
  • Das Firefox-Addon auf dem Desktop speichern und dann installieren.
  • IE-User müssen das Installieren eines ActiveX Elements erlauben.
  • Einen Haken bei "Remove found threads" und "Scan archives" machen.
  • Start drücken.
  • Signaturen werden heruntergeladen.
  • Der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
  • IE-User zusätzlich: mit HJT folgenden Eintrag fixen:
  • O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control)


Schritt 3

Starte bitte OTL, Wähle unter Extra- Registrierung Benutze Safe List und klicke auf den Scan Button.


Bitte poste in Deiner nächsten Antwort
Log von Malwarebytes
Log von ESET
OTL.txt
Extras.txt
Berichte wie der Rechner läuft


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:08 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131