Home » Spyware & Browser Hijacker Support Forum » 154Infizierungen von Trojan.TDSServ gefunden! » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1 2

Antworten

154Infizierungen von Trojan.TDSServ gefunden!

10.06.2009, 22:51

TinoF

Member

Beiträge: 13

#1 Hallo zusammen,
das ist mein erster post, also seid mir bitte nicht böse wenn ich etwas falsch mache

So, ich gehe jetzt mal genau vor, wie ich es in eurem Beitrag: Neue Beiträge erstellen(...) gelesen hab.

Problembeschreibung / Symptome ?
Symptome habe ich bis jetzt noch keine festgestellt, einzig und allein sagt mir der SpywareDoctor von pctools , dass auf meinem Computer der Trojaner Trojan.TDSServ (154 Infizierungen) ist.Avira Antivir ,Ad-aware und SpybotS&D finden alle nichts.
Bevor ich jetzt teures Geld ausgebe, hoffe ich, dass ihr mir helfen könnt.

Gerade habe ich die Temporären Dateien beseitigt, Malwarebytes upgedatet, den Haken bei“Beende Internet Explorer während des Löschvorgangs“in den Einstellungen gesetzt, einen Quickscan durchgeführt und dann alle Infizierungen entfernen lassen.Hier der Log:

Code

Malwarebytes' Anti-Malware 1.37
Datenbank Version: 2259
Windows 5.1.2600 Service Pack 3

10.06.2009 21:55:49
mbam-log-2009-06-10 (21-55-37).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 100599
Laufzeit: 3 minute(s), 47 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\WINDOWS\MOTA113.exe (Trojan.Agent) -> No action taken.

Dass da jetzt ->No action taken. steht verwirrt mich, ich hab nämlich eine Meldung bekommen, dass der Trojaner entfernt wurde.
Naja, weiter im Programm.

Jetzt habe ich alle Hintergrungwächter ausgeschaltet und Combofix laufen lassen.
Heraus kam dabei folgendes:

Code

ComboFix 09-06-09.06 - Tino 10.06.2009 22:03.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2046.1514 [GMT 2:00]
ausgeführt von:: d:\firefox-downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira Firewall *disabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programme\Avira\AntiVir Desktop\avsda.dll

.
(((((((((((((((((((((((   Dateien erstellt von 2009-05-10 bis 2009-06-10  ))))))))))))))))))))))))))))))
.

2009-06-10 11:05 . 2009-06-10 11:05    --------    d-sh--w-    c:\dokumente und einstellungen\Tino\PrivacIE
2009-06-08 12:40 . 2009-06-08 12:40    11264    ----a-r-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Microsoft\Installer\{98613C99-1399-416C-A07C-1EE1C585D872}\Icon98613C992.exe
2009-06-08 12:40 . 2009-06-08 12:40    --------    d-----w-    c:\programme\Seagate
2009-06-07 19:26 . 2009-06-07 10:30    15688    ----a-w-    c:\windows\system32\lsdelete.exe
2009-06-07 15:26 . 2009-06-07 15:26    --------    d-sh--w-    c:\dokumente und einstellungen\LocalService\IETldCache
2009-06-07 15:16 . 2009-06-07 15:16    --------    d-sh--w-    c:\dokumente und einstellungen\Tino\IETldCache
2009-06-07 15:13 . 2009-06-07 15:13    --------    d-----w-    c:\windows\ie8updates
2009-06-07 15:13 . 2009-05-12 05:11    102912    -c----w-    c:\windows\system32\dllcache\iecompat.dll
2009-06-07 15:12 . 2009-06-07 15:13    --------    dc-h--w-    c:\windows\ie8
2009-06-07 14:43 . 2009-06-07 14:43    2396    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_D70C1155C38ADA54296B24FD9927A9C3.dll
2009-06-07 14:43 . 2009-06-07 14:43    69    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_C4D3ABC415F806D42BE76F6B145C177E.dll
2009-06-07 14:43 . 2009-06-07 14:43    10    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_A887D9CCFB4211F46926498A691B5394.dll
2009-06-07 14:43 . 2009-06-07 14:43    25    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_9D5706BC219FEA04EB6A5E09AD421FB6.dll
2009-06-07 14:43 . 2009-06-07 14:43    169    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_6BD3432325A99C04784EE5C79797C178.dll
2009-06-07 14:43 . 2009-06-07 14:43    10    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_44D5DB5ED2CEFF744B15A6D60A8BCA06.dll
2009-06-07 13:10 . 2009-06-10 20:10    62752    --sha-w-    c:\windows\system32\drivers\fidbox2.dat
2009-06-07 13:10 . 2009-06-10 20:10    3345696    --sha-w-    c:\windows\system32\drivers\fidbox.dat
2009-06-07 12:41 . 2009-06-07 14:13    --------    d-----w-    c:\programme\Gemeinsame Dateien\ParetoLogic
2009-06-07 12:41 . 2009-06-07 14:13    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\ParetoLogic
2009-06-07 12:18 . 2009-06-07 12:25    --------    d-----w-    c:\programme\Registry System Wizard
2009-06-07 10:30 . 2009-06-07 10:29    64160    ----a-w-    c:\windows\system32\drivers\Lbd.sys
2009-06-07 10:30 . 2009-06-07 10:30    314200    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-07 10:30 . 2009-06-07 10:30    25440    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-07 10:30 . 2009-06-07 10:30    169312    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-07 10:30 . 2009-06-07 10:30    15688    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-07 10:30 . 2009-06-07 10:30    348496    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-07 10:30 . 2009-06-07 10:30    294240    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-07 10:29 . 2009-06-07 10:29    83808    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-07 10:29 . 2009-06-07 10:29    1630048    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-07 10:29 . 2009-06-07 10:29    212848    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-07 10:29 . 2009-06-07 10:29    64160    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-07 10:29 . 2009-06-07 10:29    40288    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-07 10:29 . 2009-06-07 10:29    640360    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-07 10:29 . 2009-06-07 10:29    540536    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-07 10:29 . 2009-06-07 10:29    559464    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-07 10:29 . 2009-06-07 10:29    2352456    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-07 10:29 . 2009-06-07 10:29    627536    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-07 10:29 . 2009-06-07 10:29    518488    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-07 10:29 . 2009-06-07 10:29    1005904    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-07 10:26 . 2009-06-07 10:26    --------    dc-h--w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-07 10:26 . 2009-03-12 08:17    2902048    -c--a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-07 09:33 . 2009-06-02 13:00    3007352    ----a-w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Simply Super Software\Trojan Remover\xhr1F.exe
2009-06-07 09:32 . 2006-06-19 11:01    69632    ----a-w-    c:\windows\system32\ztvcabinet.dll
2009-06-07 09:32 . 2006-05-25 13:52    162304    ----a-w-    c:\windows\system32\ztvunrar36.dll
2009-06-07 09:32 . 2005-08-25 23:50    77312    ----a-w-    c:\windows\system32\ztvunace26.dll
2009-06-07 09:32 . 2003-02-02 18:06    153088    ----a-w-    c:\windows\system32\UNRAR3.dll
2009-06-07 09:32 . 2002-03-05 23:00    75264    ----a-w-    c:\windows\system32\unacev2.dll
2009-06-07 09:32 . 2009-06-07 09:32    --------    d-----w-    c:\programme\Trojan Remover
2009-06-07 09:32 . 2009-06-07 09:32    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Simply Super Software
2009-06-07 09:32 . 2009-06-07 09:32    --------    d-----w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Simply Super Software
2009-06-06 21:13 . 2009-06-06 21:13    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files
2009-06-06 21:03 . 2009-06-06 21:03    152576    ----a-w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-06 11:38 . 2008-12-11 06:38    159600    ----a-w-    c:\windows\system32\drivers\pctgntdi.sys
2009-06-06 11:37 . 2009-04-03 09:18    130936    ----a-w-    c:\windows\system32\drivers\PCTCore.sys
2009-06-06 11:37 . 2008-12-18 10:16    73840    ----a-w-    c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-06 11:37 . 2008-12-10 09:36    64392    ----a-w-    c:\windows\system32\drivers\pctplsg.sys
2009-06-06 11:37 . 2009-06-10 18:45    --------    d-----w-    c:\programme\Spyware Doctor
2009-06-06 11:37 . 2009-06-10 18:32    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Tools
2009-06-06 11:37 . 2009-06-06 11:37    --------    d-----w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\PC Tools
2009-06-06 10:20 . 2009-06-06 10:20    --------    d-----w-    c:\programme\Webroot
2009-06-06 10:20 . 2009-06-06 10:20    164    ----a-w-    c:\windows\install.dat
2009-06-05 17:56 . 2009-06-05 17:56    --------    d-----w-    c:\windows\system32\MSDN
2009-06-03 20:19 . 2008-12-03 23:25    120832    ----a-w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Mozilla\Firefox\Profiles\8fxgodiu.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-06-01 20:14 . 2009-06-01 20:22    --------    d-----w-    c:\dokumente und einstellungen\Tino\Lokale Einstellungen\Anwendungsdaten\Zattoo
2009-05-30 15:36 . 2009-05-30 15:36    --------    d-----w-    c:\programme\Ubisoft
2009-05-30 13:39 . 2008-07-31 08:41    68616    ----a-w-    c:\windows\system32\XAPOFX1_1.dll
2009-05-30 13:39 . 2008-07-31 08:40    509448    ----a-w-    c:\windows\system32\XAudio2_2.dll
2009-05-30 13:39 . 2008-07-31 08:41    238088    ----a-w-    c:\windows\system32\xactengine3_2.dll
2009-05-30 13:39 . 2008-07-12 06:18    467984    ----a-w-    c:\windows\system32\d3dx10_39.dll
2009-05-30 13:39 . 2008-07-12 06:18    1493528    ----a-w-    c:\windows\system32\D3DCompiler_39.dll
2009-05-30 13:39 . 2008-07-12 06:18    3851784    ----a-w-    c:\windows\system32\D3DX9_39.dll
2009-05-27 13:52 . 2009-05-30 11:55    --------    d-----w-    c:\dokumente und einstellungen\Tino\.gigaflat
2009-05-22 16:29 . 2009-05-26 15:12    --------    d-----w-    c:\programme\LineRider
2009-05-21 09:42 . 2009-05-21 09:42    --------    d-----w-    C:\log
2009-05-21 09:31 . 2009-05-21 09:31    --------    d-----w-    c:\programme\Deep Silver
2009-05-20 16:11 . 2009-05-20 16:11    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\espionServerData
2009-05-20 16:04 . 2009-05-20 16:04    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\FLEXnet
2009-05-20 16:03 . 2009-05-20 16:03    --------    d-----w-    c:\programme\Gemeinsame Dateien\Macrovision Shared
2009-05-20 16:01 . 2009-05-20 16:00    118520    ------w-    c:\windows\system32\pxinsi64.exe
2009-05-20 16:01 . 2009-05-20 16:00    116472    ------w-    c:\windows\system32\pxcpyi64.exe
2009-05-19 15:49 . 2009-05-20 18:47    --------    d-----w-    C:\Terzio
2009-05-18 16:45 . 2009-05-18 16:46    --------    d-----w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\AgeOfBooty
2009-05-17 14:06 . 2009-05-17 14:06    --------    d-----w-    c:\programme\Cheatbook 05.2009
2009-05-14 19:33 . 2009-05-18 16:56    --------    d-----w-    c:\programme\Capcom
2009-05-14 11:38 . 2009-05-14 11:38    552    ----a-w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Splitscreen Studios\Pirate Galaxy\updates\update.bat
2009-05-14 11:38 . 2009-05-14 11:38    60628    ----a-w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Splitscreen Studios\Pirate Galaxy\uninstall.exe
2009-05-14 11:37 . 2009-05-14 11:37    --------    d-----w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Splitscreen Studios

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-10 20:08 . 2009-06-07 13:10    7904    --sha-w-    c:\windows\system32\drivers\fidbox2.idx
2009-06-10 20:08 . 2009-06-07 13:10    47828    --sha-w-    c:\windows\system32\drivers\fidbox.idx
2009-06-10 19:59 . 2008-07-04 11:40    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Google Updater
2009-06-10 19:54 . 2007-12-24 18:49    --------    d-----w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Skype
2009-06-10 19:50 . 2008-05-08 14:13    --------    d---a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2009-06-10 15:52 . 2007-12-24 18:50    --------    d-----w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\skypePM
2009-06-10 11:57 . 2009-04-18 08:17    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2009-06-09 20:57 . 2009-01-27 16:39    --------    d-----w-    c:\programme\Malwarebytes' Anti-Malware
2009-06-09 20:56 . 2009-04-18 07:41    3371383    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-09 18:12 . 2008-04-05 15:59    --------    d-----w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Hamachi
2009-06-09 14:13 . 2009-03-18 19:49    97608    ----a-w-    c:\windows\system32\drivers\avfwot.sys
2009-06-08 12:39 . 2008-04-27 12:15    --------    d-----w-    c:\programme\Gemeinsame Dateien\Wise Installation Wizard
2009-06-07 14:47 . 2008-10-19 13:55    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan
2009-06-07 10:26 . 2009-03-09 14:03    --------    d-----w-    c:\programme\Lavasoft
2009-06-07 10:26 . 2009-03-09 14:03    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft
2009-06-07 08:54 . 2009-04-01 14:03    --------    d-----w-    c:\programme\Gemeinsame Dateien\DVDVideoSoft
2009-06-06 21:04 . 2007-12-21 18:42    --------    d-----w-    c:\programme\Java
2009-06-06 14:34 . 2009-05-03 16:01    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\TrackMania
2009-06-06 11:41 . 2009-02-21 16:54    --------    d-----w-    c:\programme\Gemeinsame Dateien\PC Tools
2009-06-05 12:31 . 2007-12-21 17:31    --------    d--h--w-    c:\programme\InstallShield Installation Information
2009-05-26 11:20 . 2009-01-27 16:39    40160    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 11:19 . 2009-01-27 16:39    19096    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-05-24 14:19 . 2009-03-13 21:58    --------    d-----w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Microsoft Games
2009-05-22 12:55 . 2009-02-09 13:32    843    ----a-w-    c:\windows\eReg.dat
2009-05-21 21:36 . 2009-04-06 23:08    529536    ----a-w-    c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
2009-05-21 09:08 . 2009-04-06 15:10    --------    d-----w-    c:\programme\EA Games
2009-05-20 16:09 . 2007-12-21 18:43    86176    ----a-w-    c:\dokumente und einstellungen\Tino\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2009-05-20 16:03 . 2008-06-02 13:44    --------    d-----w-    c:\programme\Gemeinsame Dateien\Adobe
2009-05-20 16:01 . 2009-05-20 16:01    --------    d-----w-    c:\windows\Fonts\Fonts
2009-05-14 11:38 . 2009-04-07 18:04    844784    ----a-w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Splitscreen Studios\Pirate Galaxy\Launcher.exe
2009-05-09 08:53 . 2009-05-09 08:53    --------    d-----w-    c:\programme\Infogrames
2009-05-08 18:07 . 2009-05-08 18:07    --------    d-----w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\guitarstar
2009-05-08 16:16 . 2009-02-07 20:51    --------    d-----w-    c:\programme\Microsoft Games
2009-05-07 16:25 . 2009-05-07 16:25    --------    d-----w-    c:\programme\RAM Booster
2009-05-06 16:17 . 2009-05-06 16:17    --------    d-----w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Leadertech
2009-05-05 15:35 . 2009-05-05 14:13    --------    d-----w-    c:\programme\BeatGames
2009-05-05 14:12 . 2009-05-05 14:12    15086    ----a-r-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Microsoft\Installer\{38B065ED-3B5C-4CFC-B6FC-70527DC21789}\NewShortcut2_38B065ED3B5C4CFCB6FC70527DC21789.exe
2009-05-05 14:12 . 2009-05-05 14:12    15086    ----a-r-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Microsoft\Installer\{38B065ED-3B5C-4CFC-B6FC-70527DC21789}\NewShortcut1_38B065ED3B5C4CFCB6FC70527DC21789_1.exe
2009-05-05 14:12 . 2009-05-05 14:12    15086    ----a-r-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Microsoft\Installer\{38B065ED-3B5C-4CFC-B6FC-70527DC21789}\ARPPRODUCTICON.exe
2009-05-05 14:11 . 2009-05-05 14:11    --------    d-----w-    c:\programme\enjoy
2009-05-03 15:48 . 2009-03-27 22:14    --------    d-----w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Azureus
2009-05-02 06:40 . 2009-05-02 06:40    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\dbg
2009-05-01 14:27 . 2009-05-01 14:19    --------    d-----w-    c:\programme\Bluefish Games
2009-05-01 13:32 . 2009-05-01 13:32    --------    d-----w-    c:\programme\Terzio
2009-04-30 20:02 . 2008-06-21 12:33    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Pinnacle VideoSpin
2009-04-30 20:00 . 2009-04-30 20:00    --------    d-----w-    c:\programme\Pinnacle
2009-04-30 20:00 . 2009-04-30 20:00    --------    d-----w-    c:\programme\Gemeinsame Dateien\Yahoo!
2009-04-29 18:52 . 2009-04-29 18:52    --------    d-----w-    c:\programme\OnkoS
2009-04-28 18:24 . 2009-04-28 18:24    --------    d-----w-    c:\programme\ConvertHelper
2009-04-27 11:28 . 2009-03-18 19:49    96104    ----a-w-    c:\windows\system32\drivers\avipbb.sys
2009-04-27 11:28 . 2009-03-17 14:53    55640    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2009-04-23 19:05 . 2009-04-23 19:05    3366912    ----a-w-    c:\windows\system32\GPhotos.scr
2009-04-22 17:13 . 2009-04-24 11:44    98304    ----a-w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Mozilla\Firefox\Profiles\8fxgodiu.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
2009-04-22 17:13 . 2009-04-24 11:44    77824    ----a-w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Mozilla\Firefox\Profiles\8fxgodiu.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
2009-04-18 08:21 . 2009-04-18 08:20    --------    d-----w-    c:\programme\Windows Live
2009-04-18 08:21 . 2009-04-18 08:21    --------    d-----w-    c:\programme\Microsoft Sync Framework
2009-04-18 08:20 . 2009-02-23 09:17    --------    d-----w-    c:\programme\Microsoft
2009-04-18 08:20 . 2009-04-18 08:20    --------    d-----w-    c:\programme\Windows Live SkyDrive
2009-04-18 08:19 . 2009-04-18 08:19    --------    d-----w-    c:\programme\Microsoft SQL Server Compact Edition
2009-04-18 08:18 . 2009-04-18 08:17    --------    d-----w-    c:\programme\Spybot - Search & Destroy
2009-04-18 07:50 . 2009-04-18 07:50    --------    d-----w-    c:\programme\Gemeinsame Dateien\Windows Live
2009-04-18 07:38 . 2002-08-29 12:00    96478    ----a-w-    c:\windows\system32\perfc007.dat
2009-04-18 07:38 . 2002-08-29 12:00    490978    ----a-w-    c:\windows\system32\perfh007.dat
2009-04-15 23:11 . 2009-04-15 23:11    --------    d-----w-    c:\programme\GVShare
2009-04-15 23:05 . 2009-04-15 22:59    --------    d-----w-    c:\programme\WinAce
2009-04-15 13:45 . 2009-04-15 13:45    --------    d-----w-    c:\programme\MobMapUpdater
2009-04-12 17:54 . 2009-04-16 11:24    954368    ----a-w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Mozilla\Firefox\Profiles\8fxgodiu.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-04-12 17:54 . 2009-04-16 11:24    71652    ----a-w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Mozilla\Firefox\Profiles\8fxgodiu.default\extensions\piclens@cooliris.com\libs\avutil-49.dll
2009-04-12 17:54 . 2009-04-16 11:24    4534272    ----a-w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Mozilla\Firefox\Profiles\8fxgodiu.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-04-12 17:54 . 2009-04-16 11:24    344064    ----a-w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Mozilla\Firefox\Profiles\8fxgodiu.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-04-12 17:54 . 2009-04-16 11:24    131868    ----a-w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Mozilla\Firefox\Profiles\8fxgodiu.default\extensions\piclens@cooliris.com\libs\avformat-52.dll
2009-04-12 17:54 . 2009-04-16 11:24    103424    ----a-w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Mozilla\Firefox\Profiles\8fxgodiu.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-04-12 17:54 . 2009-04-16 11:24    1161626    ----a-w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Mozilla\Firefox\Profiles\8fxgodiu.default\extensions\piclens@cooliris.com\libs\avcodec-51.dll
2009-04-12 17:54 . 2009-04-16 11:24    65536    ----a-w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Mozilla\Firefox\Profiles\8fxgodiu.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-04-03 05:35 . 2009-04-03 05:35    664    ----a-w-    c:\windows\system32\d3d9caps.dat
2009-03-28 11:12 . 2009-03-28 11:11    67156336    ----a-w-    C:\Alarmrot3lanfürBasti.zip
2009-03-21 18:26 . 2008-07-27 12:47    106788    ----a-w-    c:\windows\War3Unin.dat
2009-03-18 19:44 . 2009-03-18 19:49    22360    ----a-w-    c:\windows\system32\drivers\avgntmgr.sys
2009-03-18 19:44 . 2009-03-18 19:49    69632    ----a-w-    c:\windows\system32\drivers\avfwim.sys
2009-03-18 19:44 . 2009-03-18 19:49    45416    ----a-w-    c:\windows\system32\drivers\avgntdd.sys
2009-03-15 18:48 . 2007-12-21 16:39    86327    ----a-w-    c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-03-14 14:35 . 2008-02-27 19:03    96    ---ha-w-    c:\windows\system32\HsInfo.dat
2008-02-09 21:09 . 2008-02-09 21:09    24    --sh--w-    c:\windows\SAE08470E.tmp
2006-05-03 10:06 . 2009-03-02 15:21    163328    --sh--r-    c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2009-03-02 15:21    31232    --sh--r-    c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-03-02 15:21    216064    --sh--r-    c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\programme\DAEMON Tools Lite\daemon.exe" [2008-03-21 486856]
"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Watch"="c:\programme\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-07 518488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"=c_340863.nls
"midi1"=c_340863.nls
"mixer1"=c_340863.nls
"aux1"=c_340863.nls
"wave2"=c_340863.nls
"midi2"=c_340863.nls
"mixer2"=c_340863.nls
"aux2"=c_340863.nls

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg8wd"=2 (0x2)
"Symantec Core LC"=3 (0x3)
"PnkBstrA"=2 (0x2)
"gusvc"=2 (0x2)
"gupdate1c9959d693b998c"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WSearch"=2 (0x2)
"UserAccess7"=3 (0x3)
"ServiceLayer"=3 (0x3)
"rpcapd"=3 (0x3)
"ose"=3 (0x3)
"NBService"=3 (0x3)
"idsvc"=3 (0x3)
"NMIndexingService"=3 (0x3)
"MDM"=2 (0x2)
"SeaPort"=2 (0x2)
"WRConsumerService"=2 (0x2)
"WebrootSpySweeperService"=2 (0x2)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"IDriverT"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"AdobeActiveFileMonitor7.0"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Programme\\Sega\\Gas Powered Games\\Space Siege Demo\\SpaceSiege.exe"=
"d:\\Programme\\Firefly Studios\\Stronghold Legends\\StrongholdLegends.exe"=
"d:\\Programme\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Programme\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programme\\Symantec\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\alaplaya\\S4League\\patcher_s4.exe"=
"c:\\Programme\\alaplaya\\S4League\\S4Client.exe"=
"c:\\Programme\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Programme\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Programme\\EA Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"d:\\Programme\\TmNationsForever\\TmForever.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programme\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Programme\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Programme\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"d:\\Programme\\Electronic Arts\\Alarmstufe Rot 3\\Data\\ra3_1.4.game"=
"c:\\Programme\\Capcom\\FLOCK! Demo\\Flock.exe"=
"d:\\Programme\\Ubisoft\\Tom Clancy's EndWar\\Binaries\\EndWar.exe"=
"d:\\Programme\\Ubisoft\\Tom Clancy's EndWar\\Tom Clancy's EndWar Launcher.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:WC3
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"3724:TCP"= 3724:TCP:WoW
"6881:TCP"= 6881:TCP:*:Disabled:WoW2
"28002:TCP"= 28002:TCP:s4port1
"28008:TCP"= 28008:TCP:s4port2
"28012:TCP"= 28012:TCP:s4port3
"28013:TCP"= 28013:TCP:s4port4

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [07.06.2009 12:30 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [06.06.2009 13:37 130936]
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [18.03.2009 21:49 97608]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [23.02.2009 19:22 11889]
R1 SSHDRV5C;SSHDRV5C;c:\windows\system32\drivers\SSHDRV5C.sys [10.01.2008 15:22 34816]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [30.07.2008 07:51 277736]
R2 AntiVirFirewallService;Avira Firewall;c:\programme\Avira\AntiVir Desktop\avfwsvc.exe [18.03.2009 21:49 388865]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [18.03.2009 21:49 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\programme\Avira\AntiVir Desktop\avwebgrd.exe [18.03.2009 21:49 434945]
R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [09.02.2008 06:58 941784]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [18.03.2009 21:49 69632]
S1 atitray;atitray;\??\c:\programme\Radeon Omega Drivers\v3.8.421\ATI Tray Tools\atitray.sys --> c:\programme\Radeon Omega Drivers\v3.8.421\ATI Tray Tools\atitray.sys [?]
S1 SASKUTIL;SASKUTIL;\??\c:\programme\SUPERAntiSpyware\SASKUTIL.sys --> c:\programme\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\programme\Avira\AntiVir Desktop\avmailc.exe [18.03.2009 21:49 194817]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programme\Lavasoft\Ad-Aware\AAWService.exe [09.03.2009 21:06 1005904]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys --> c:\windows\system32\Drivers\COH_Mon.sys [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 gAGP440p;gAGP440p;\??\c:\dokume~1\Tino\LOKALE~1\Temp\gAGP440p.sys --> c:\dokume~1\Tino\LOKALE~1\Temp\gAGP440p.sys [?]
S3 LGDDCDevice;LGDDCDevice;c:\programme\LG Soft India\forteManager\bin\I2CDriver.sys [03.01.2009 11:13 14336]
S3 LGII2CDevice;LGII2CDevice;c:\programme\LG Soft India\forteManager\bin\PII2CDriver.sys [03.01.2009 11:13 13312]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [02.08.2005 23:10 32512]
S3 scramby_out;Scramby Output;c:\windows\system32\drivers\scramby_out.sys [08.08.2007 08:31 23840]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programme\Spyware Doctor\pctsAuxs.exe [06.06.2009 13:37 348752]
S3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [30.01.2008 02:41 25216]
S3 XDva221;XDva221;\??\c:\windows\system32\XDva221.sys --> c:\windows\system32\XDva221.sys [?]
S3 XDva262;XDva262;\??\c:\windows\system32\XDva262.sys --> c:\windows\system32\XDva262.sys [?]
S3 zlportio;zlportio;\??\d:\programme\Ultrastar\zlportio.sys --> d:\programme\Ultrastar\zlportio.sys [?]
S4 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\programme\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16.09.2008 12:03 169312]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BFF8286A-A30E-E66F-202B-DF761707CC18}]
c:\dokumente und einstellungen\Tino\Anwendungsdaten\MSDN.exe s
.
Inhalt des "geplante Tasks" Ordners

2009-06-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 10:29]

2009-06-10 c:\windows\Tasks\Google Software Updater.job
- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-15 09:58]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

Notify-nnnnoml - (no file)


.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Suche - c:\programme\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
TCP: {9D1FD2F6-D814-4027-8A9D-53F73CF86CB1} = 192.168.2.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - ProfilePath - c:\dokumente und einstellungen\Tino\Anwendungsdaten\Mozilla\Firefox\Profiles\8fxgodiu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=
FF - prefs.js: browser.startup.homepage - hxxp://de.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=
FF - plugin: c:\programme\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll
FF - plugin: c:\programme\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\programme\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programme\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: d:\programme\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: d:\programme\Picasa2\npPicasa3.dll

---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-10 22:09
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-796845957-1292428093-682003330-1005\Software\Buhl Data Service\On4u2\nanoPEG-MPEG2\ExtData*]
"OfflineKey"="f2il02yz+PoZfjShe/bLtuIDuYUBXeXUSWODhqNUumuillSxrfUfT0bxarmfYtLp4zQvX/frLlkGRzjW8wFj1YIjNQTkcipaGHiRsqxfWeML3zNdlQAR2qpUclY4tqG7hrq0toHzSqNvyr03dnd293CDD57I+nETnlnnu4AKgI3ULnXKu/K2ZzeRLfLPDBgAPUy1D3ancm3tlUij0+XCew==XkW7KTUw4/ERXZYHib2UcoL0C2ZB96ivDmVp8Hxoud4WhbS+FPwy3zwTLhtuwow5VXDxMiadgorR9F/GSnOdBg=="
"InitTime"=dword:00009b85
"LastTime"=dword:00009b85
"Keyindex"=dword:00000000

[HKEY_USERS\S-1-5-21-796845957-1292428093-682003330-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-796845957-1292428093-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6FE2D66A-F1AA-EFA3-564B-868124AA02DD}*]
"hahciemkgdgkhihp"=hex:6b,61,69,64,6d,68,69,6c,6a,69,6f,64,68,61,64,67,63,6d,
   6c,6d,69,61,00,00
"iabdgleilaldgpnpdk"=hex:6b,61,69,64,6d,68,69,6c,6a,69,6f,64,68,61,64,67,63,6d,
   6c,6d,69,61,00,00

[HKEY_USERS\S-1-5-21-796845957-1292428093-682003330-1005\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-796845957-1292428093-682003330-1005)
@Allowed: (Read) (S-1-5-21-796845957-1292428093-682003330-1005)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-796845957-1292428093-682003330-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c8,40,8e,5d,8f,53,fa,5c,f9,51,65,c2,82,e7,14,7a,1f,9d,c1,9c,d9,bd,71,
   8c,1e,b3,d8,76,04,d5,73,25,c0,0c,75,61,d8,36,e9,ce,c2,84,28,a7,8f,c7,f1,40,\
"??"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

[HKEY_USERS\S-1-5-21-796845957-1292428093-682003330-1005\Software\SecuROM\License information*]
"datasecu"=hex:2d,96,2f,f7,10,74,99,74,11,a0,f5,d9,34,af,1e,d3,ee,98,62,29,55,
   1f,27,e3,2b,b7,92,13,08,10,24,cc,c7,cf,2c,7e,42,98,21,19,d6,30,f2,71,4a,b9,\
"rkeysecu"=hex:f2,85,07,84,ef,38,34,6c,32,c4,cd,22,c9,10,f3,d5

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,e6,37,b6,db,3b,
   f3,be,d2,2e,e8,e1,00,eb,16,2b,de,c8,fc,85,b4,b6,65,61,08,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,97,ba,2c,53,ac,
   80,e9,e6,46,47,15,b0,92,4b,c7,ef,7a,00,2d,8b,74,4b,29,ef,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,c1,9b,3d,68,4f,
   0c,e5,4e,7a,45,05,fd,91,e8,6f,31,34,54,5c,92,75,89,5a,26,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,44,97,23,d5,5d,
   13,77,51,6b,65,49,6a,7e,99,74,f7,ad,6a,0f,2c,53,af,78,ff,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,05,73,df,e6,b7,
   c2,9d,89,e9,02,6c,fa,fb,1d,47,57,ef,f6,7e,b4,4f,5f,b3,35,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,86,23,bf,f7,7c,
   f0,3c,0e,50,93,e5,ab,ec,6a,4e,ab,0d,eb,22,45,bd,b6,5c,33,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,db,34,71,52,41,
   0a,3d,c0,97,20,4e,9a,c7,f1,35,ee,a0,45,9d,28,07,f7,b2,c9,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,4b,ce,f7,27,fa,
   82,14,4c,aa,52,c6,00,84,3c,26,64,a9,d2,59,a6,66,e0,2f,d9,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,ad,3e,bd,c3,92,
   cb,4f,f4,b2,46,9a,e2,1b,fe,1b,94,fc,95,8c,60,c4,89,50,30,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,b3,33,f4,a8,f0,
   78,22,9e,37,a4,aa,c3,a6,15,56,0a,51,67,6a,50,6b,3f,e4,32,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,d0,1a,ca,44,0d,
   d9,9c,5f,f8,31,0f,a9,5f,a0,ec,fb,65,3d,60,a7,32,0b,c7,3f,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,4f,1f,81,8a,8a,
   34,45,18,05,73,21,dd,54,d8,4a,c5,46,2b,f7,72,bc,3c,77,9c,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]
"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f6,a5,d4,ca,06,68,d7,c3,c7,87,08,73,7b,12,42,d9,a4,bb,a2,7c,c7,e8,1d,
   1b,dd,02,d4,d4,6d,41,56,cb,7c,fa,9d,c1,53,1c,4a,bc,be,b4,3e,37,e6,05,82,25,\
"??"=hex:fd,c2,55,28,79,d9,af,7e,8d,9e,9f,2d,3c,96,e9,fe
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(1492)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1984)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programme\Nokia\Nokia PC Suite 7\phonebrowser.dll
c:\programme\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programme\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr
c:\programme\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-06-10 22:15 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2009-06-10 20:15
ComboFix2.txt  2009-06-06 16:58

Vor Suchlauf: 24 Verzeichnis(se), 14.635.200.512 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 14.607.241.216 Bytes frei

Current=16 Default=16 Failed=15 LastKnownGood=18 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18
500    --- E O F ---    2009-05-27 14:00

So weit, so gut.Jetzt sollte ich noch ein Hijackthis-Logfiles erstellen;hier ist es:

Code

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:17:12, on 10.06.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
D:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Ad-Watch] C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programme\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Programme\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Suche - res://C:\Programme\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programme\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230665720953
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} (Java Plug-in 1.6.0_12) - 
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D1FD2F6-D814-4027-8A9D-53F73CF86CB1}: NameServer = 192.168.2.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe

--
End of file - 7020 bytes

Zum Schluss kommt dann noch die Uninstall-List, bitteschön:

Code

7-Zip 4.65
Ad-Aware
Ad-Aware
Adobe ActiveShare 1.5
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 7.0
Adobe Reader 9 - Deutsch
Adobe Shockwave Player 11.5
AGEIA GAME System Software
Antares KeyBind 1.04
Arcanum
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Catalyst Registration
ATI Display Driver
ATI HydraVision
ATI Parental Control & Encoder
Audacity 1.2.6
Audiosurf Beta
Audition
Avira Premium Security Suite
AVIVO Codecs
Bounci
Bounci XDream 2
CA Yahoo! Anti-Spy (remove only)
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
CamAlert II
Catalyst Control Center - Branding
[url="http://www.ccleaner.de"]CCleaner[/url] (remove only)
Cheatbook 05.2009
Choice Guard
Clever
CloneCD
Cobra 11 - Burning Wheels (remove only)
Command & Conquer Generals
Command & Conquer™ Alarmstufe Rot 3
ConvertHelper 2.2
Corona Visualization Plug-in for WMP
Countdown Anytime
DER ERSTE KAISER: Aufstieg des Reichs der Mitte 1.0.1.0
EA Download Manager
EasyToolz
EVEREST Home Edition v2.20
flatster
FLOCK! Demo
FLOCK! Demo
forteManager
Free Disk Analyzer
Free Extended Task Manager
Free YouTube to Mp3 Converter version 3.1
Game Tycoon
Gigaflat
Google Earth
Google Toolbar for Firefox
Google Update Helper
Google Updater
Grand Theft Auto IV
Hamachi 1.0.3.0
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
hp deskjet 845c series (nur entfernen)
HP PrecisionScan LTX
ICQ6.5
Icy Tower v1.3
Icy Tower v1.3.1
iKnowPS
Impossible Creatures
Impossible Creatures 1.0.1
J2SE Runtime Environment 5.0 Update 13
Java(TM) 6 Update 13
Java(TM) 6 Update 3
KeyStat
Kindersicherung 2008
Kumoon
L&H TTS3000 British English
L&H TTS3000 Deutsch
LEGO LOCO
LEGO Rock Raiders
Lernout & Hauspie TruVoice American English TTS Engine
LesefixPRO
Line Rider
Little Fighter 2 version 2.0
Logitech SetPoint
Malwarebytes' Anti-Malware
Mashed
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Crimson Skies
Microsoft Game Voice Share
Microsoft Games for Windows - LIVE Redistributable
Microsoft Halo
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Live Add-in 1.3
Microsoft Office PowerPoint Viewer 2007 (German)
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows Journal Viewer
Microsoft-Basissmartcard-Kryptografiedienstanbieterpaket
Mirror's Edge™
MobMap 3.20
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
Mozilla Firefox (3.0.10)
Mozilla Thunderbird (2.0.0.19)
MSVC80_x86
MSVCRT
MSXML 6 Service Pack 2 (KB954459)
MultiRes (remove only)
MYLT Pro
Need for Speed™ Undercover
Nero 7 Premium
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
NVIDIA GAME System Software 2.8.1
NVIDIA PhysX v8.10.17
OnkoS 1.00
PC Connectivity Solution
Personal License Update Wizard for Windows Media Player
phase6_19
phase6_19_download
Picasa 3
Pinnacle VideoSpin
Pivot Stickfigure Animator
Power Tab Editor 1.7
PowerDVD
Prison Tycoon 3
ProtectDisc Driver, Version 11
QuickTime
RAM Booster 2.38
Raumschiffe bauen mit Willy Werkel
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
RealWorld Change Cursor
RealWorld Cursor Editor
Registry System Wizard
Rockstar Games Social Club
Rush for Berlin GOLD
S4 League_EU
Schiffe bauen mit Willy Werkel
School Tycoon
Screen Capturer
SeaTools for Windows
Security Task Manager 1.7g
Segoe UI
SimCity 4 Rush Hour
SimpleOCR 3.1
Skype™ 4.0
Sony Eyetoy Webcam
SpellForce 2 Patch
SPORE™
Spy Fox 1 - Das Milchkartell By Paywire
Spybot - Search & Destroy
Spyware Doctor 6.0
Star Wars Galactic Battlegrounds
Star Wars JK II Jedi Outcast
Stronghold Legends
SUPER © Version 2009.bld.35 (Jan 5, 2009)
SurfMusik 3.1a
TeamSpeak 2 RC2
The Matrix - Path of Neo
TmNationsForever
Tom Clancy's EndWar
Toribash 3.32
Trojan Remover 6.7.9
Tropico
Tropico 2: Die Pirateninsel
Unix Utilities for Yahoo! Widgets
Update für Windows Internet Explorer 8 (KB971180)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Vuze
WC3Banlist
WebcamMax
WhiteCap
Winamp
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Anmelde-Assistent
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Fotogalerie
Windows Live Sync
Windows Live Toolbar
Windows Live Writer
Windows Live-Uploadtool
Windows Media Bonus Pack for Windows XP
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows Search 4.0
Windows XP Creativity Fun Packs - Windows Media Player 9 Series
Windows XP Service Pack 3
Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)
Windows-Treiberpaket - Nokia Modem  (05/22/2008 7.00.0.1)
Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
WinPcap 3.1
World of Warcraft
XML Paper Specification Shared Components Language Pack 1.0
xp-AntiSpy 3.96-4
Yahoo! Install Manager
Yahoo! Toolbar mit Pop-Up-Blocker
Yahoo! Widgets
Yetisports Deluxe
Zattoo 3.3.4 Beta
Zoo Tycoon 2 - Marine Mania
Zune Desktop Theme

Hoffe, ihr könnt mir hier helfen,ich habe nämlich echt lange gebraucht, um das hier alles zusammenzubekommen, und bitte seid mir nicht böse, wenn ich etwas falsch gemacht habe.

Euer Tino

[Ergänzung]
Oh, ich sehe grade, das ich mich wohl verklickt habe und im falschen Forum gelandet bin, tut mir Leid, kann das bitte jemand verschieben?Dankeschöön!
Euer Tino[/Ergänzung]

Dieser Beitrag wurde am 10.06.2009 um 23:09 Uhr von TinoF editiert.

11.06.2009, 08:26

raman

Moderator

Beiträge: 7805

#2 Reiche bitte den Report von SpywareDoctor nach, damit wir sehen koennen, was er als TDSS identifiziert..
__________
MfG Ralf
SEO-Spam Hunter

11.06.2009, 10:14

TinoF

Member

Themenstarter

Beiträge: 13

#3 Guten morgen erstmal und danke, dass du dir die Mühe machst, mir zu helfen

Ich konnte jetzt leider nirgends etwas in der Art eines Reports oder Logs finden, deswegen hab ich einfach die gesamte Liste mit Funden in 4 Screenshots aufgezeichnet. Hoffe das hilft uns weiter.
LG Tino

[evtl.dummeBemerkung]Achso, ist das gefährlich die hier in den Anhang zu tun?Wenn ja, dann sag bitte bescheid, dann lade ich die hoch und binde hier die Img-Url ein.[/evtl.dummeBemerkung]

Anhang: Screenshots.zip

Dieser Beitrag wurde am 11.06.2009 um 10:18 Uhr von TinoF editiert.

11.06.2009, 10:40

raman

Moderator

Beiträge: 7805

#4 Das mit dem Upload ist kein Problem.

Lade dir bitte Gmer von hier herunter

http://www.gmer.net/#files (den Download EXE Button druecken)

starte die heruntergeladene EXE Datei und druecke dann im Reiter Rootkit "scan". Sobald der Scan beendet ist, druecke "copy" und fuege so den Report hier ein.
__________
MfG Ralf
SEO-Spam Hunter

11.06.2009, 11:36

TinoF

Member

Themenstarter

Beiträge: 13

#5 Hmm, GMER scannt immernoch, hat aber schon seit bestimmt 15Minuten
nichts Neues mehr aufgelistet; hab den Report(in der Code-Box) gerade aktualisiert, ich lasse GMER aber natürlich weiter laufen...vielleicht kannst du ja jetzt schon etwas erkennen.
LG Tino

Zitat

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-11 11:24:40
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwClose [0xAC76EA00]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xB9D95514]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB9D84282]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB9D84474]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSection [0xAC76F340]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xAC76EF90]
SSDT BA68DB34 ZwCreateThread
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xB9D95D00]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xB9D95FB8]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwDuplicateObject [0xAC76EB60]
SSDT spaz.sys ZwEnumerateKey [0xB9EC6CA2]
SSDT spaz.sys ZwEnumerateValueKey [0xB9EC7030]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadDriver [0xAC76CF80]
SSDT BA68DB52 ZwLoadKey
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xB9D943FA]
SSDT BA68DB20 ZwOpenProcess
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenSection [0xAC76F170]
SSDT BA68DB25 ZwOpenThread
SSDT spaz.sys ZwQueryKey [0xB9EC7108]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwQuerySystemInformation [0xAC76F910]
SSDT spaz.sys ZwQueryValueKey [0xB9EC6F88]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB9D96422]
SSDT BA68DB5C ZwReplaceKey
SSDT BA68DB57 ZwRestoreKey
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwResumeThread [0xAC76FC10]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetContextThread [0xAC76FF90]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetInformationFile [0xAC770560]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetSecurityObject [0xAC76BC40]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xB9D957D8]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSuspendThread [0xAC76FBC0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSystemDebugControl [0xAC76D2F0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xB9D83F32]
SSDT BA68DB2A ZwWriteVirtualMemory
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[284] [0xAC76AD40]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[285] [0xAC76AD50]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[286] [0xAC76AD60]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[287] [0xAC76AD80]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[288] [0xAC76ADA0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[289] [0xAC76ADD0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[290] [0xAC76ADE0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[291] [0xAC76AE00]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[292] [0xAC76AE10]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[293] [0xAC76AED0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[294] [0xAC76AFA0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[295] [0xAC76AFE0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[296] [0xAC76B020]

INT 0x62 ? 8AF52BF8
INT 0x73 ? 8ABAABF8
INT 0x73 ? 8ABAABF8
INT 0x82 ? 8AF52BF8
INT 0x83 ? 8AF52BF8
INT 0xA4 ? 8ABAABF8
INT 0xB4 ? 8ABAABF8

Code \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF84 5 Bytes JMP AC770980 \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF912 5 Bytes JMP AC770E80 \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)
? spaz.sys Das System kann die angegebene Datei nicht finden. !
.text USBPORT.SYS!DllUnload B917D8AC 5 Bytes JMP 8ABAA1D8
.text an8utu8p.SYS B90B5384 1 Byte [20]
.text an8utu8p.SYS B90B5384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
.text an8utu8p.SYS B90B53AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
.text an8utu8p.SYS B90B53C4 3 Bytes [00, 00, 00]
.text an8utu8p.SYS B90B53C9 1 Byte [00]
.text ...
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[176] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00ED0001
.text C:\WINDOWS\System32\svchost.exe[176] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[176] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[464] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 025C0001
.text C:\WINDOWS\System32\svchost.exe[464] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[464] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00640001
.text C:\WINDOWS\system32\svchost.exe[508] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[508] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F040F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[612] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02E30001
.text C:\Programme\Java\jre6\bin\jqs.exe[612] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[612] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[660] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C30001
.text C:\WINDOWS\System32\svchost.exe[660] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[660] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[840] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009C0001
.text C:\WINDOWS\System32\svchost.exe[840] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[840] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009F0001
.text C:\WINDOWS\system32\svchost.exe[1040] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1040] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\spoolsv.exe[1192] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F00001
.text C:\WINDOWS\system32\spoolsv.exe[1192] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1192] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\csrss.exe[1456] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01130001
.text C:\WINDOWS\system32\csrss.exe[1456] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\csrss.exe[1456] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\winlogon.exe[1488] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01110001
.text C:\WINDOWS\system32\winlogon.exe[1488] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\winlogon.exe[1488] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\services.exe[1532] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D00001
.text C:\WINDOWS\system32\services.exe[1532] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\services.exe[1532] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\lsass.exe[1544] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AB0001
.text C:\WINDOWS\system32\lsass.exe[1544] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\lsass.exe[1544] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FE0001
.text C:\WINDOWS\system32\svchost.exe[1764] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1764] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EE0001
.text C:\WINDOWS\system32\svchost.exe[1848] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1848] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\alg.exe[2108] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A20001
.text C:\WINDOWS\System32\alg.exe[2108] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\alg.exe[2108] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\Explorer.EXE[2272] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D40001
.text C:\WINDOWS\Explorer.EXE[2272] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[2272] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\wscntfy.exe[2288] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DD0001
.text C:\WINDOWS\system32\wscntfy.exe[2288] USER32.dll!ChangeDisplaySettingsExA 7E37384E 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\wscntfy.exe[2288] USER32.dll!SetForegroundWindow 7E3742ED 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\wscntfy.exe[2288] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\wscntfy.exe[2288] USER32.dll!SetWindowPos 7E3799F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[2288] USER32.dll!SetWindowPos + 4 7E3799F7 2 Bytes [12, 5F]
.text C:\WINDOWS\system32\wscntfy.exe[2288] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\wscntfy.exe[2288] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 6 Bytes JMP 5F170F5A
.text C:\Programme\Skype\Phone\Skype.exe[2316] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02510001
.text C:\Programme\Skype\Phone\Skype.exe[2316] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Programme\Skype\Phone\Skype.exe[2316] USER32.dll!ChangeDisplaySettingsExA 7E37384E 6 Bytes JMP 5F140F5A
.text C:\Programme\Skype\Phone\Skype.exe[2316] USER32.dll!SetForegroundWindow 7E3742ED 6 Bytes JMP 5F0D0F5A
.text C:\Programme\Skype\Phone\Skype.exe[2316] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Skype\Phone\Skype.exe[2316] USER32.dll!SetWindowPos 7E3799F3 3 Bytes [FF, 25, 1E]
.text C:\Programme\Skype\Phone\Skype.exe[2316] USER32.dll!SetWindowPos + 4 7E3799F7 2 Bytes [12, 5F]
.text C:\Programme\Skype\Phone\Skype.exe[2316] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F040F5A
.text C:\Programme\Skype\Phone\Skype.exe[2316] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 6 Bytes JMP 5F170F5A
.text C:\WINDOWS\system32\ctfmon.exe[2716] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AD0001
.text C:\WINDOWS\system32\ctfmon.exe[2716] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\ctfmon.exe[2716] USER32.dll!ChangeDisplaySettingsExA 7E37384E 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\ctfmon.exe[2716] USER32.dll!SetForegroundWindow 7E3742ED 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\ctfmon.exe[2716] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[2716] USER32.dll!SetWindowPos 7E3799F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[2716] USER32.dll!SetWindowPos + 4 7E3799F7 2 Bytes [12, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[2716] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\ctfmon.exe[2716] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 6 Bytes JMP 5F170F5A
.text C:\Programme\Spyware Doctor\pctsAuxs.exe[2784] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00770001
.text C:\Programme\Spyware Doctor\pctsAuxs.exe[2784] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Spyware Doctor\pctsAuxs.exe[2784] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F040F5A
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[2872] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 06080001
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[2872] USER32.dll!ChangeDisplaySettingsExA 7E37384E 6 Bytes JMP 5F140F5A
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[2872] USER32.dll!SetForegroundWindow 7E3742ED 6 Bytes JMP 5F0D0F5A
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[2872] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[2872] USER32.dll!SetWindowPos 7E3799F3 3 Bytes [FF, 25, 1E]
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[2872] USER32.dll!SetWindowPos + 4 7E3799F7 2 Bytes [12, 5F]
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[2872] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F040F5A
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[2872] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 6 Bytes JMP 5F170F5A
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[2904] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B00001
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[2904] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[2904] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F040F5A
.text C:\Programme\Spybot - Search & Destroy\SpybotSD.exe[3064] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 015D0001
.text C:\Programme\Spybot - Search & Destroy\SpybotSD.exe[3064] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Programme\Spybot - Search & Destroy\SpybotSD.exe[3064] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0325A939 C:\Programme\Spybot - Search & Destroy\Plugins\Chai.dll
.text C:\Programme\Spybot - Search & Destroy\SpybotSD.exe[3064] USER32.dll!ChangeDisplaySettingsExA 7E37384E 6 Bytes JMP 5F140F5A
.text C:\Programme\Spybot - Search & Destroy\SpybotSD.exe[3064] USER32.dll!SetForegroundWindow 7E3742ED 6 Bytes JMP 5F0D0F5A
.text C:\Programme\Spybot - Search & Destroy\SpybotSD.exe[3064] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Spybot - Search & Destroy\SpybotSD.exe[3064] USER32.dll!SetWindowPos 7E3799F3 3 Bytes [FF, 25, 1E]
.text C:\Programme\Spybot - Search & Destroy\SpybotSD.exe[3064] USER32.dll!SetWindowPos + 4 7E3799F7 2 Bytes [12, 5F]
.text C:\Programme\Spybot - Search & Destroy\SpybotSD.exe[3064] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F040F5A
.text C:\Programme\Spybot - Search & Destroy\SpybotSD.exe[3064] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 6 Bytes JMP 5F170F5A
.text C:\Programme\Skype\Plugin Manager\skypePM.exe[3220] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003C0001
.text C:\Programme\Skype\Plugin Manager\skypePM.exe[3220] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Programme\Skype\Plugin Manager\skypePM.exe[3220] user32.dll!ChangeDisplaySettingsExA 7E37384E 6 Bytes JMP 5F140F5A
.text C:\Programme\Skype\Plugin Manager\skypePM.exe[3220] user32.dll!SetForegroundWindow 7E3742ED 6 Bytes JMP 5F0D0F5A
.text C:\Programme\Skype\Plugin Manager\skypePM.exe[3220] user32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Skype\Plugin Manager\skypePM.exe[3220] user32.dll!SetWindowPos 7E3799F3 3 Bytes [FF, 25, 1E]
.text C:\Programme\Skype\Plugin Manager\skypePM.exe[3220] user32.dll!SetWindowPos + 4 7E3799F7 2 Bytes [12, 5F]
.text C:\Programme\Skype\Plugin Manager\skypePM.exe[3220] user32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F040F5A
.text C:\Programme\Skype\Plugin Manager\skypePM.exe[3220] user32.dll!ChangeDisplaySettingsExW 7E3A95BD 6 Bytes JMP 5F170F5A
.text C:\Programme\Spyware Doctor\pctsTray.exe[3364] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 04320001
.text C:\Programme\Spyware Doctor\pctsTray.exe[3364] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044AB89 C:\Programme\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
.text C:\Programme\Spyware Doctor\pctsTray.exe[3364] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Spyware Doctor\pctsTray.exe[3364] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F040F5A
.text D:\FIrefox-Downloads\46t98ql7.exe[3576] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003C0001
.text D:\FIrefox-Downloads\46t98ql7.exe[3576] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text D:\FIrefox-Downloads\46t98ql7.exe[3576] USER32.dll!ChangeDisplaySettingsExA 7E37384E 6 Bytes JMP 5F140F5A
.text D:\FIrefox-Downloads\46t98ql7.exe[3576] USER32.dll!SetForegroundWindow 7E3742ED 6 Bytes JMP 5F0D0F5A
.text D:\FIrefox-Downloads\46t98ql7.exe[3576] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F0A0F5A
.text D:\FIrefox-Downloads\46t98ql7.exe[3576] USER32.dll!SetWindowPos 7E3799F3 3 Bytes [FF, 25, 1E]
.text D:\FIrefox-Downloads\46t98ql7.exe[3576] USER32.dll!SetWindowPos + 4 7E3799F7 2 Bytes [12, 5F]
.text D:\FIrefox-Downloads\46t98ql7.exe[3576] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F040F5A
.text D:\FIrefox-Downloads\46t98ql7.exe[3576] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 6 Bytes JMP 5F170F5A
.text C:\Programme\Spyware Doctor\pctsSvc.exe[3792] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044AD11 C:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
.text D:\Programme\Mozilla Firefox\firefox.exe[3836] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 03E00001
.text D:\Programme\Mozilla Firefox\firefox.exe[3836] USER32.dll!ChangeDisplaySettingsExA 7E37384E 6 Bytes JMP 5F140F5A
.text D:\Programme\Mozilla Firefox\firefox.exe[3836] USER32.dll!SetForegroundWindow 7E3742ED 6 Bytes JMP 5F0D0F5A
.text D:\Programme\Mozilla Firefox\firefox.exe[3836] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F0A0F5A
.text D:\Programme\Mozilla Firefox\firefox.exe[3836] USER32.dll!SetWindowPos 7E3799F3 3 Bytes [FF, 25, 1E]
.text D:\Programme\Mozilla Firefox\firefox.exe[3836] USER32.dll!SetWindowPos + 4 7E3799F7 2 Bytes [12, 5F]
.text D:\Programme\Mozilla Firefox\firefox.exe[3836] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F040F5A
.text D:\Programme\Mozilla Firefox\firefox.exe[3836] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 6 Bytes JMP 5F170F5A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EA9040] spaz.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EA913C] spaz.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EA90BE] spaz.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EA97FC] spaz.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EA96D2] spaz.sys
IAT \SystemRoot\System32\Drivers\an8utu8p.SYS[HAL.dll!KfAcquireSpinLock] 000000AD
IAT \SystemRoot\System32\Drivers\an8utu8p.SYS[HAL.dll!READ_PORT_UCHAR] 000000D4
IAT \SystemRoot\System32\Drivers\an8utu8p.SYS[HAL.dll!KeGetCurrentIrql] 000000A2
IAT \SystemRoot\System32\Drivers\an8utu8p.SYS[HAL.dll!KfRaiseIrql] 000000AF
IAT \SystemRoot\System32\Drivers\an8utu8p.SYS[HAL.dll!KfLowerIrql] 0000009C
IAT \SystemRoot\System32\Drivers\an8utu8p.SYS[HAL.dll!HalGetInterruptVector] 000000A4
IAT \SystemRoot\System32\Drivers\an8utu8p.SYS[HAL.dll!HalTranslateBusAddress] 00000072
IAT \SystemRoot\System32\Drivers\an8utu8p.SYS[HAL.dll!KeStallExecutionProcessor] 000000C0
IAT \SystemRoot\System32\Drivers\an8utu8p.SYS[HAL.dll!KfReleaseSpinLock] 000000B7
IAT \SystemRoot\System32\Drivers\an8utu8p.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 000000FD
IAT \SystemRoot\System32\Drivers\an8utu8p.SYS[HAL.dll!READ_PORT_USHORT] 00000093
IAT \SystemRoot\System32\Drivers\an8utu8p.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000026
IAT \SystemRoot\System32\Drivers\an8utu8p.SYS[HAL.dll!WRITE_PORT_UCHAR] 00000036
IAT \SystemRoot\System32\Drivers\an8utu8p.SYS[WMILIB.SYS!WmiSystemControl] 000000F7
IAT \SystemRoot\System32\Drivers\an8utu8p.SYS[WMILIB.SYS!WmiCompleteRequest] 000000CC

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8AEDF1F8

AttachedDevice \FileSystem\Ntfs \Ntfs klif.sys (spuper-ptor/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Ip avfwot.sys (TDI filtering kernel driver/Avira GmbH)

Device \Driver\USBSTOR \Device\0000009d 8A6E2500
Device \Driver\USBSTOR \Device\0000009e 8A6E2500
Device \Driver\USBSTOR \Device\0000009f 8A6E2500
Device \Driver\usbohci \Device\USBPDO-0 8ABA81F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8AEE11F8
Device \Driver\dmio \Device\DmControl\DmConfig 8AEE11F8
Device \Driver\dmio \Device\DmControl\DmPnP 8AEE11F8
Device \Driver\dmio \Device\DmControl\DmInfo 8AEE11F8
Device \Driver\usbohci \Device\USBPDO-1 8ABA81F8
Device \Driver\usbohci \Device\USBPDO-2 8ABA81F8
Device \Driver\usbohci \Device\USBPDO-3 8ABA81F8
Device \Driver\USBSTOR \Device\000000a0 8A6E2500
Device \Driver\usbohci \Device\USBPDO-4 8ABA81F8

AttachedDevice \Driver\Tcpip \Device\Tcp avfwot.sys (TDI filtering kernel driver/Avira GmbH)

Device \Driver\usbehci \Device\USBPDO-5 8AB6A500
Device \Driver\Ftdisk \Device\HarddiskVolume1 8AF531F8
Device \Driver\Cdrom \Device\CdRom0 8AB591F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8AF531F8
Device \Driver\Cdrom \Device\CdRom1 8AB591F8
Device \Driver\PCI_PNP4340 \Device\00000066 spaz.sys
Device \Driver\Cdrom \Device\CdRom2 8AB591F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A775500
Device \Driver\NetBT \Device\NetBT_Tcpip_{4E375CBB-FD76-4309-993C-4E46DE2DA1CE} 8A775500
Device \Driver\NetBT \Device\NetbiosSmb 8A775500
Device \Driver\NetBT \Device\NetBT_Tcpip_{9D1FD2F6-D814-4027-8A9D-53F73CF86CB1} 8A775500

AttachedDevice \Driver\Tcpip \Device\Udp avfwot.sys (TDI filtering kernel driver/Avira GmbH)

Device \Driver\sptd \Device\1310419340 spaz.sys
Device \Driver\USBSTOR \Device\00000096 8A6E2500

AttachedDevice \Driver\Tcpip \Device\RawIp avfwot.sys (TDI filtering kernel driver/Avira GmbH)

Device \Driver\usbohci \Device\USBFDO-0 8ABA81F8
Device \Driver\usbohci \Device\USBFDO-1 8ABA81F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A6E5500
Device \Driver\usbohci \Device\USBFDO-2 8ABA81F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A6E5500
Device \Driver\usbohci \Device\USBFDO-3 8ABA81F8
Device \Driver\usbohci \Device\USBFDO-4 8ABA81F8
Device \Driver\Ftdisk \Device\FtControl 8AF531F8
Device \Driver\usbehci \Device\USBFDO-5 8AB6A500
Device \Driver\an8utu8p \Device\Scsi\an8utu8p1Port5Path0Target1Lun0 8AAC31F8
Device \Driver\imagedrv \Device\Scsi\imagedrv1 8AEE01F8
Device \Driver\an8utu8p \Device\Scsi\an8utu8p1 8AAC31F8
Device \Driver\an8utu8p \Device\Scsi\an8utu8p1Port5Path0Target0Lun0 8AAC31F8
Device \FileSystem\Cdfs \Cdfs 8A6E6500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA5 0xA4 0xB5 0x09 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x23 0xAE 0x96 0x5E ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x87 0x07 0xE6 0xED ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Programme\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xCC 0x4B 0x4F 0x97 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x78 0x3A 0x3B 0xD9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x5B 0x71 0x4A 0x58 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA8 0x81 0xE4 0x47 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x23 0xAE 0x96 0x5E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x87 0x07 0xE6 0xED ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x87 0x07 0xE6 0xED ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA5 0xA4 0xB5 0x09 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x23 0xAE 0x96 0x5E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x62 0x2A 0xB6 0x79 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x71 0x32 0x92 0xCA ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Programme\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xCC 0x4B 0x4F 0x97 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x78 0x3A 0x3B 0xD9 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x5B 0x71 0x4A 0x58 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE9 0xBD 0xCC 0xA1 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x23 0xAE 0x96 0x5E ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x71 0xBB 0x9E 0xAC ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x87 0x07 0xE6 0xED ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9F 0x5D 0x1C 0x76 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEC 0x22 0xB5 0x9B ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x6F 0x14 0x68 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x76 0x20 0x9E 0x10 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xE1 0xFE 0xD6 0x8D ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9F 0x5D 0x1C 0x76 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x28 0x1D 0x8B 0xFB ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x6F 0x14 0x68 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x80 0x4F 0x94 0x05 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x55 0xC0 0x6D 0xA1 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9F 0x5D 0x1C 0x76 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x28 0x1D 0x8B 0xFB ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x6F 0x14 0x68 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x39 0x4A 0x9F 0x4D ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x35 0xD7 0xB7 0x14 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9F 0x5D 0x1C 0x76 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x28 0x1D 0x8B 0xFB ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x6F 0x14 0x68 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEE 0x1E 0x58 0x92 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xB1 0x65 0x40 0xF9 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9F 0x5D 0x1C 0x76 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x28 0x1D 0x8B 0xFB ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x6F 0x14 0x68 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEE 0x1E 0x58 0x92 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xB1 0x65 0x40 0xF9 ...
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmhct.sys
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmhct.sys
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoeqh.dll
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSnrsr.dll
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSScfub.dll
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSfpmp.dll
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsbhc.dll
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdv.log
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9F 0x5D 0x1C 0x76 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x28 0x1D 0x8B 0xFB ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x6F 0x14 0x68 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEE 0x1E 0x58 0x92 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xB1 0x65 0x40 0xF9 ...
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmhct.sys
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmhct.sys
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoeqh.dll
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSnrsr.dll
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSScfub.dll
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSfpmp.dll
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsbhc.dll
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdv.log
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9F 0x5D 0x1C 0x76 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x28 0x1D 0x8B 0xFB ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x6F 0x14 0x68 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEE 0x1E 0x58 0x92 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xB1 0x65 0x40 0xF9 ...
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmhct.sys
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmhct.sys
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoeqh.dll
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSnrsr.dll
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSScfub.dll
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSfpmp.dll
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsbhc.dll
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdv.log
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9F 0x5D 0x1C 0x76 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x28 0x1D 0x8B 0xFB ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x6F 0x14 0x68 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEE 0x1E 0x58 0x92 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xB1 0x65 0x40 0xF9 ...
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmhct.sys
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmhct.sys
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoeqh.dll
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSnrsr.dll
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSScfub.dll
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSfpmp.dll
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsbhc.dll
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdv.log
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9F 0x5D 0x1C 0x76 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x28 0x1D 0x8B 0xFB ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x6F 0x14 0x68 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEE 0x1E 0x58 0x92 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xB1 0x65 0x40 0xF9 ...
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmhct.sys
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmhct.sys
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoeqh.dll
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSnrsr.dll
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSScfub.dll
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSfpmp.dll
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsbhc.dll
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdv.log
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9F 0x5D 0x1C 0x76 ...
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x28 0x1D 0x8B 0xFB ...
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x6F 0x14 0x68 ...
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE8 0x34 0x64 0xF3 ...
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x5E 0x6B 0x0A 0x37 ...
Reg HKLM\SYSTEM\ControlSet014\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet014\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet014\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmhct.sys
Reg HKLM\SYSTEM\ControlSet014\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet014\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet014\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmhct.sys
Reg HKLM\SYSTEM\ControlSet014\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoeqh.dll
Reg HKLM\SYSTEM\ControlSet014\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat
Reg HKLM\SYSTEM\ControlSet014\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSnrsr.dll
Reg HKLM\SYSTEM\ControlSet014\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
Reg HKLM\SYSTEM\ControlSet014\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSScfub.dll
Reg HKLM\SYSTEM\ControlSet014\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSfpmp.dll
Reg HKLM\SYSTEM\ControlSet014\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet014\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsbhc.dll
Reg HKLM\SYSTEM\ControlSet014\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log
Reg HKLM\SYSTEM\ControlSet014\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdv.log
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9F 0x5D 0x1C 0x76 ...
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x28 0x1D 0x8B 0xFB ...
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x6F 0x14 0x68 ...
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5E 0x6B 0x0A 0x37 ...
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x5E 0x6B 0x0A 0x37 ...
Reg HKLM\SYSTEM\ControlSet015\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet015\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet015\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmhct.sys
Reg HKLM\SYSTEM\ControlSet015\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet015\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet015\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmhct.sys
Reg HKLM\SYSTEM\ControlSet015\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoeqh.dll
Reg HKLM\SYSTEM\ControlSet015\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat
Reg HKLM\SYSTEM\ControlSet015\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSnrsr.dll
Reg HKLM\SYSTEM\ControlSet015\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
Reg HKLM\SYSTEM\ControlSet015\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSScfub.dll
Reg HKLM\SYSTEM\ControlSet015\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSfpmp.dll
Reg HKLM\SYSTEM\ControlSet015\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet015\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsbhc.dll
Reg HKLM\SYSTEM\ControlSet015\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log
Reg HKLM\SYSTEM\ControlSet015\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdv.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9F 0x5D 0x1C 0x76 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4C 0x30 0xD9 0xE9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x46 0x78 0x9D 0x5C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xBE 0xEB 0x01 0x3A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x51 0x71 0x13 0x8A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x75 0x3D 0xE3 0x9F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x2D 0x17 0xB2 0x86 ...
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9F 0x5D 0x1C 0x76 ...
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x62 0x57 0x7E 0x5D ...
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x6F 0x14 0x68 ...
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xFD 0x37 0xC0 0x01 ...
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xD7 0x90 0x73 0x6F ...
Reg HKLM\SYSTEM\ControlSet017\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet017\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet017\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmhct.sys
Reg HKLM\SYSTEM\ControlSet017\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet017\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet017\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmhct.sys
Reg HKLM\SYSTEM\ControlSet017\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoeqh.dll
Reg HKLM\SYSTEM\ControlSet017\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat
Reg HKLM\SYSTEM\ControlSet017\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSnrsr.dll
Reg HKLM\SYSTEM\ControlSet017\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
Reg HKLM\SYSTEM\ControlSet017\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSScfub.dll
Reg HKLM\SYSTEM\ControlSet017\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSfpmp.dll
Reg HKLM\SYSTEM\ControlSet017\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet017\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsbhc.dll
Reg HKLM\SYSTEM\ControlSet017\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log
Reg HKLM\SYSTEM\ControlSet017\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdv.log
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9F 0x5D 0x1C 0x76 ...
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4C 0x30 0xD9 0xE9 ...
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x46 0x78 0x9D 0x5C ...
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xBE 0xEB 0x01 0x3A ...
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x51 0x71 0x13 0x8A ...
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x75 0x3D 0xE3 0x9F ...
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x2D 0x17 0xB2 0x86 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6FE2D66A-F1AA-EFA3-564B-868124AA02DD}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6FE2D66A-F1AA-EFA3-564B-868124AA02DD}@hahciemkgdgkhihp 0x6B 0x61 0x69 0x64 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6FE2D66A-F1AA-EFA3-564B-868124AA02DD}@iabdgleilaldgpnpdk 0x6B 0x61 0x69 0x64 ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x1d1c06c0 size 0x1af
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR

11.06.2009, 12:13

raman

Moderator

Beiträge: 7805

#6 Wo sollen wir da denn anfangen und aufhoeren...

Du hast da einen nicht ganz so kleinen "Holzpferde-Zoo" auf deinem Rechner.

Welche Add-ons hast du bei Firefox installiert? SChau dazu bitte in Firefox unter extras/add-ons nach.

Das folgende wird dein Problem etwas eindaemmen, aber ich denke, da hilft nur neu aufsetzen. Das Script dient hauptsaechlich dazu, mir die DAteien anzusehen, wenn du sie hochlaedst...

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code

http://board.protecus.de/t37145.htm

driver::
TDSSserv.sys

collect::
c:\dokumente und einstellungen\Tino\Anwendungsdaten\MSDN.exe
c:\windows\system32\drivers\TDSSmhct.sys
c:\windows\system32\TDSSoeqh.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\TDSSnrsr.dll
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSScfub.dll
c:\windows\system32\TDSSfpmp.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSsbhc.dll
c:\windows\system32\TDSSrhym.log
c:\windows\system32\TDSStkdv.log

dirlook::
c:\windows\Fonts\Fonts
c:\windows\system32\MSDN

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer!)

5. Dann ziehe die CFScript.txt auf die ComboFix.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

6. Nach dem Neustart (falls du gefragt wirst, ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

7. Nachdem das Log im Notepad aufgegenagen ist, erscheint ein Popup

Folge den dort angegebenen Anweisungen.

Poste den neu erstellten Combofix Report

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann
__________
MfG Ralf
SEO-Spam Hunter

11.06.2009, 12:44

TinoF

Member

Themenstarter

Beiträge: 13

#7 Bis Schritt 5 hat bei mir alles super geklappt, als dann aber Combifix angezeigt hat ,das der Report unter C:\Combofix.txt zu finden sein wird, bekam ich einen Bluescreen an den Kopf geworfen, mit der Aussage Invalid_kernel_Handle.
Hab neu gestartet, die Combofix.txt ist da.
Hab sie jetzt einmal aufgeschrieben und die .txt-Datei in den Anhang getan.

Code

ComboFix 09-06-10.02 - Tino 11.06.2009 12:23.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2046.1394 [GMT 2:00]
ausgeführt von:: d:\firefox-downloads\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Tino\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira Firewall *disabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
.

(((((((((((((((((((((((   Dateien erstellt von 2009-05-11 bis 2009-06-11  ))))))))))))))))))))))))))))))
.

2009-06-10 11:05 . 2009-06-10 11:05    --------    d-sh--w-    c:\dokumente und einstellungen\Tino\PrivacIE
2009-06-08 12:40 . 2009-06-08 12:40    11264    ----a-r-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Microsoft\Installer\{98613C99-1399-416C-A07C-1EE1C585D872}\Icon98613C992.exe
2009-06-08 12:40 . 2009-06-08 12:40    --------    d-----w-    c:\programme\Seagate
2009-06-07 19:26 . 2009-06-07 10:30    15688    ----a-w-    c:\windows\system32\lsdelete.exe
2009-06-07 15:26 . 2009-06-07 15:26    --------    d-sh--w-    c:\dokumente und einstellungen\LocalService\IETldCache
2009-06-07 15:16 . 2009-06-07 15:16    --------    d-sh--w-    c:\dokumente und einstellungen\Tino\IETldCache
2009-06-07 15:13 . 2009-06-07 15:13    --------    d-----w-    c:\windows\ie8updates
2009-06-07 15:13 . 2009-05-12 05:11    102912    -c----w-    c:\windows\system32\dllcache\iecompat.dll
2009-06-07 15:12 . 2009-06-07 15:13    --------    dc-h--w-    c:\windows\ie8
2009-06-07 14:43 . 2009-06-07 14:43    2396    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_D70C1155C38ADA54296B24FD9927A9C3.dll
2009-06-07 14:43 . 2009-06-07 14:43    69    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_C4D3ABC415F806D42BE76F6B145C177E.dll
2009-06-07 14:43 . 2009-06-07 14:43    10    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_A887D9CCFB4211F46926498A691B5394.dll
2009-06-07 14:43 . 2009-06-07 14:43    25    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_9D5706BC219FEA04EB6A5E09AD421FB6.dll
2009-06-07 14:43 . 2009-06-07 14:43    169    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_6BD3432325A99C04784EE5C79797C178.dll
2009-06-07 14:43 . 2009-06-07 14:43    10    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_44D5DB5ED2CEFF744B15A6D60A8BCA06.dll
2009-06-07 13:10 . 2009-06-11 10:26    3487264    --sha-w-    c:\windows\system32\drivers\fidbox.dat
2009-06-07 13:10 . 2009-06-11 10:26    72736    --sha-w-    c:\windows\system32\drivers\fidbox2.dat
2009-06-07 12:41 . 2009-06-07 14:13    --------    d-----w-    c:\programme\Gemeinsame Dateien\ParetoLogic
2009-06-07 12:41 . 2009-06-07 14:13    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\ParetoLogic
2009-06-07 12:18 . 2009-06-07 12:25    --------    d-----w-    c:\programme\Registry System Wizard
2009-06-07 10:30 . 2009-06-07 10:29    64160    ----a-w-    c:\windows\system32\drivers\Lbd.sys
2009-06-07 10:30 . 2009-06-07 10:30    314200    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-07 10:30 . 2009-06-07 10:30    25440    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-07 10:30 . 2009-06-07 10:30    169312    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-07 10:30 . 2009-06-07 10:30    15688    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-07 10:30 . 2009-06-07 10:30    348496    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-07 10:30 . 2009-06-07 10:30    294240    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-07 10:29 . 2009-06-07 10:29    83808    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-07 10:29 . 2009-06-07 10:29    1630048    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-07 10:29 . 2009-06-07 10:29    212848    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-07 10:29 . 2009-06-07 10:29    64160    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-07 10:29 . 2009-06-07 10:29    40288    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-07 10:29 . 2009-06-07 10:29    640360    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-07 10:29 . 2009-06-07 10:29    540536    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-07 10:29 . 2009-06-07 10:29    559464    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-07 10:29 . 2009-06-07 10:29    2352456    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-07 10:29 . 2009-06-07 10:29    627536    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-07 10:29 . 2009-06-07 10:29    518488    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-07 10:29 . 2009-06-07 10:29    1005904    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-07 10:26 . 2009-06-07 10:26    --------    dc-h--w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-07 10:26 . 2009-03-12 08:17    2902048    -c--a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-07 09:33 . 2009-06-02 13:00    3007352    ----a-w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Simply Super Software\Trojan Remover\xhr1F.exe
2009-06-07 09:32 . 2006-06-19 11:01    69632    ----a-w-    c:\windows\system32\ztvcabinet.dll
2009-06-07 09:32 . 2006-05-25 13:52    162304    ----a-w-    c:\windows\system32\ztvunrar36.dll
2009-06-07 09:32 . 2005-08-25 23:50    77312    ----a-w-    c:\windows\system32\ztvunace26.dll
2009-06-07 09:32 . 2003-02-02 18:06    153088    ----a-w-    c:\windows\system32\UNRAR3.dll
2009-06-07 09:32 . 2002-03-05 23:00    75264    ----a-w-    c:\windows\system32\unacev2.dll
2009-06-07 09:32 . 2009-06-07 09:32    --------    d-----w-    c:\programme\Trojan Remover
2009-06-07 09:32 . 2009-06-07 09:32    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Simply Super Software
2009-06-07 09:32 . 2009-06-07 09:32    --------    d-----w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Simply Super Software
2009-06-06 21:13 . 2009-06-06 21:13    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files
2009-06-06 21:03 . 2009-06-06 21:03    152576    ----a-w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-06 11:38 . 2008-12-11 06:38    159600    ----a-w-    c:\windows\system32\drivers\pctgntdi.sys
2009-06-06 11:37 . 2009-04-03 09:18    130936    ----a-w-    c:\windows\system32\drivers\PCTCore.sys
2009-06-06 11:37 . 2008-12-18 10:16    73840    ----a-w-    c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-06 11:37 . 2008-12-10 09:36    64392    ----a-w-    c:\windows\system32\drivers\pctplsg.sys
2009-06-06 11:37 . 2009-06-11 07:59    --------    d-----w-    c:\programme\Spyware Doctor
2009-06-06 11:37 . 2009-06-10 18:32    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Tools
2009-06-06 11:37 . 2009-06-06 11:37    --------    d-----w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\PC Tools
2009-06-06 10:20 . 2009-06-06 10:20    --------    d-----w-    c:\programme\Webroot
2009-06-06 10:20 . 2009-06-06 10:20    164    ----a-w-    c:\windows\install.dat
2009-06-05 17:56 . 2009-06-05 17:56    --------    d-----w-    c:\windows\system32\MSDN
2009-06-03 20:19 . 2008-12-03 23:25    120832    ----a-w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Mozilla\Firefox\Profiles\8fxgodiu.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-06-01 20:14 . 2009-06-01 20:22    --------    d-----w-    c:\dokumente und einstellungen\Tino\Lokale Einstellungen\Anwendungsdaten\Zattoo
2009-05-30 15:36 . 2009-05-30 15:36    --------    d-----w-    c:\programme\Ubisoft
2009-05-30 13:39 . 2008-07-31 08:41    68616    ----a-w-    c:\windows\system32\XAPOFX1_1.dll
2009-05-30 13:39 . 2008-07-31 08:40    509448    ----a-w-    c:\windows\system32\XAudio2_2.dll
2009-05-30 13:39 . 2008-07-31 08:41    238088    ----a-w-    c:\windows\system32\xactengine3_2.dll
2009-05-30 13:39 . 2008-07-12 06:18    467984    ----a-w-    c:\windows\system32\d3dx10_39.dll
2009-05-30 13:39 . 2008-07-12 06:18    1493528    ----a-w-    c:\windows\system32\D3DCompiler_39.dll
2009-05-30 13:39 . 2008-07-12 06:18    3851784    ----a-w-    c:\windows\system32\D3DX9_39.dll
2009-05-27 13:52 . 2009-05-30 11:55    --------    d-----w-    c:\dokumente und einstellungen\Tino\.gigaflat
2009-05-22 16:29 . 2009-05-26 15:12    --------    d-----w-    c:\programme\LineRider
2009-05-21 09:42 . 2009-05-21 09:42    --------    d-----w-    C:\log
2009-05-21 09:31 . 2009-05-21 09:31    --------    d-----w-    c:\programme\Deep Silver
2009-05-20 16:11 . 2009-05-20 16:11    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\espionServerData
2009-05-20 16:04 . 2009-05-20 16:04    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\FLEXnet
2009-05-20 16:03 . 2009-05-20 16:03    --------    d-----w-    c:\programme\Gemeinsame Dateien\Macrovision Shared
2009-05-20 16:01 . 2009-05-20 16:00    118520    ------w-    c:\windows\system32\pxinsi64.exe
2009-05-20 16:01 . 2009-05-20 16:00    116472    ------w-    c:\windows\system32\pxcpyi64.exe
2009-05-19 15:49 . 2009-05-20 18:47    --------    d-----w-    C:\Terzio
2009-05-18 16:45 . 2009-05-18 16:46    --------    d-----w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\AgeOfBooty
2009-05-17 14:06 . 2009-05-17 14:06    --------    d-----w-    c:\programme\Cheatbook 05.2009
2009-05-14 19:33 . 2009-05-18 16:56    --------    d-----w-    c:\programme\Capcom
2009-05-14 11:38 . 2009-05-14 11:38    552    ----a-w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Splitscreen Studios\Pirate Galaxy\updates\update.bat
2009-05-14 11:38 . 2009-05-14 11:38    60628    ----a-w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Splitscreen Studios\Pirate Galaxy\uninstall.exe
2009-05-14 11:37 . 2009-05-14 11:37    --------    d-----w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Splitscreen Studios

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-11 10:26 . 2007-12-24 18:49    --------    d-----w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Skype
2009-06-11 10:17 . 2008-05-08 14:13    --------    d---a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2009-06-11 08:35 . 2007-12-24 18:50    --------    d-----w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\skypePM
2009-06-11 08:34 . 2009-04-18 08:17    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2009-06-10 21:18 . 2009-06-07 13:10    8120    --sha-w-    c:\windows\system32\drivers\fidbox2.idx
2009-06-10 21:18 . 2009-06-07 13:10    48428    --sha-w-    c:\windows\system32\drivers\fidbox.idx
2009-06-10 19:59 . 2008-07-04 11:40    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Google Updater
2009-06-09 20:57 . 2009-01-27 16:39    --------    d-----w-    c:\programme\Malwarebytes' Anti-Malware
2009-06-09 20:56 . 2009-04-18 07:41    3371383    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-09 18:12 . 2008-04-05 15:59    --------    d-----w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Hamachi
2009-06-09 14:13 . 2009-03-18 19:49    97608    ----a-w-    c:\windows\system32\drivers\avfwot.sys
2009-06-08 12:39 . 2008-04-27 12:15    --------    d-----w-    c:\programme\Gemeinsame Dateien\Wise Installation Wizard
2009-06-07 14:47 . 2008-10-19 13:55    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan
2009-06-07 10:26 . 2009-03-09 14:03    --------    d-----w-    c:\programme\Lavasoft
2009-06-07 10:26 . 2009-03-09 14:03    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft
2009-06-07 08:54 . 2009-04-01 14:03    --------    d-----w-    c:\programme\Gemeinsame Dateien\DVDVideoSoft
2009-06-06 21:04 . 2007-12-21 18:42    --------    d-----w-    c:\programme\Java
2009-06-06 14:34 . 2009-05-03 16:01    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\TrackMania
2009-06-06 11:41 . 2009-02-21 16:54    --------    d-----w-    c:\programme\Gemeinsame Dateien\PC Tools
2009-06-05 12:31 . 2007-12-21 17:31    --------    d--h--w-    c:\programme\InstallShield Installation Information
2009-05-26 11:20 . 2009-01-27 16:39    40160    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 11:19 . 2009-01-27 16:39    19096    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-05-24 14:19 . 2009-03-13 21:58    --------    d-----w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Microsoft Games
2009-05-22 12:55 . 2009-02-09 13:32    843    ----a-w-    c:\windows\eReg.dat
2009-05-21 21:36 . 2009-04-06 23:08    529536    ----a-w-    c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
2009-05-21 09:08 . 2009-04-06 15:10    --------    d-----w-    c:\programme\EA Games
2009-05-20 16:09 . 2007-12-21 18:43    86176    ----a-w-    c:\dokumente und einstellungen\Tino\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2009-05-20 16:03 . 2008-06-02 13:44    --------    d-----w-    c:\programme\Gemeinsame Dateien\Adobe
2009-05-20 16:01 . 2009-05-20 16:01    --------    d-----w-    c:\windows\Fonts\Fonts
2009-05-14 11:38 . 2009-04-07 18:04    844784    ----a-w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Splitscreen Studios\Pirate Galaxy\Launcher.exe
2009-05-09 08:53 . 2009-05-09 08:53    --------    d-----w-    c:\programme\Infogrames
2009-05-08 18:07 . 2009-05-08 18:07    --------    d-----w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\guitarstar
2009-05-08 16:16 . 2009-02-07 20:51    --------    d-----w-    c:\programme\Microsoft Games
2009-05-07 16:25 . 2009-05-07 16:25    --------    d-----w-    c:\programme\RAM Booster
2009-05-06 16:17 . 2009-05-06 16:17    --------    d-----w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Leadertech
2009-05-05 15:35 . 2009-05-05 14:13    --------    d-----w-    c:\programme\BeatGames
2009-05-05 14:12 . 2009-05-05 14:12    15086    ----a-r-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Microsoft\Installer\{38B065ED-3B5C-4CFC-B6FC-70527DC21789}\NewShortcut2_38B065ED3B5C4CFCB6FC70527DC21789.exe
2009-05-05 14:12 . 2009-05-05 14:12    15086    ----a-r-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Microsoft\Installer\{38B065ED-3B5C-4CFC-B6FC-70527DC21789}\NewShortcut1_38B065ED3B5C4CFCB6FC70527DC21789_1.exe
2009-05-05 14:12 . 2009-05-05 14:12    15086    ----a-r-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Microsoft\Installer\{38B065ED-3B5C-4CFC-B6FC-70527DC21789}\ARPPRODUCTICON.exe
2009-05-05 14:11 . 2009-05-05 14:11    --------    d-----w-    c:\programme\enjoy
2009-05-03 15:48 . 2009-03-27 22:14    --------    d-----w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Azureus
2009-05-02 06:40 . 2009-05-02 06:40    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\dbg
2009-05-01 18:30 . 2009-05-01 18:30    3366912    ----a-w-    c:\windows\system32\GPhotos.scr
2009-05-01 14:27 . 2009-05-01 14:19    --------    d-----w-    c:\programme\Bluefish Games
2009-05-01 13:32 . 2009-05-01 13:32    --------    d-----w-    c:\programme\Terzio
2009-04-30 20:02 . 2008-06-21 12:33    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Pinnacle VideoSpin
2009-04-30 20:00 . 2009-04-30 20:00    --------    d-----w-    c:\programme\Pinnacle
2009-04-30 20:00 . 2009-04-30 20:00    --------    d-----w-    c:\programme\Gemeinsame Dateien\Yahoo!
2009-04-29 18:52 . 2009-04-29 18:52    --------    d-----w-    c:\programme\OnkoS
2009-04-28 18:24 . 2009-04-28 18:24    --------    d-----w-    c:\programme\ConvertHelper
2009-04-27 11:28 . 2009-03-18 19:49    96104    ----a-w-    c:\windows\system32\drivers\avipbb.sys
2009-04-27 11:28 . 2009-03-17 14:53    55640    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2009-04-22 17:13 . 2009-04-24 11:44    98304    ----a-w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Mozilla\Firefox\Profiles\8fxgodiu.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
2009-04-22 17:13 . 2009-04-24 11:44    77824    ----a-w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Mozilla\Firefox\Profiles\8fxgodiu.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
2009-04-18 08:21 . 2009-04-18 08:20    --------    d-----w-    c:\programme\Windows Live
2009-04-18 08:21 . 2009-04-18 08:21    --------    d-----w-    c:\programme\Microsoft Sync Framework
2009-04-18 08:20 . 2009-02-23 09:17    --------    d-----w-    c:\programme\Microsoft
2009-04-18 08:20 . 2009-04-18 08:20    --------    d-----w-    c:\programme\Windows Live SkyDrive
2009-04-18 08:19 . 2009-04-18 08:19    --------    d-----w-    c:\programme\Microsoft SQL Server Compact Edition
2009-04-18 08:18 . 2009-04-18 08:17    --------    d-----w-    c:\programme\Spybot - Search & Destroy
2009-04-18 07:50 . 2009-04-18 07:50    --------    d-----w-    c:\programme\Gemeinsame Dateien\Windows Live
2009-04-18 07:38 . 2002-08-29 12:00    96478    ----a-w-    c:\windows\system32\perfc007.dat
2009-04-18 07:38 . 2002-08-29 12:00    490978    ----a-w-    c:\windows\system32\perfh007.dat
2009-04-15 23:11 . 2009-04-15 23:11    --------    d-----w-    c:\programme\GVShare
2009-04-15 23:05 . 2009-04-15 22:59    --------    d-----w-    c:\programme\WinAce
2009-04-15 13:45 . 2009-04-15 13:45    --------    d-----w-    c:\programme\MobMapUpdater
2009-04-12 17:54 . 2009-04-16 11:24    954368    ----a-w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Mozilla\Firefox\Profiles\8fxgodiu.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-04-12 17:54 . 2009-04-16 11:24    71652    ----a-w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Mozilla\Firefox\Profiles\8fxgodiu.default\extensions\piclens@cooliris.com\libs\avutil-49.dll
2009-04-12 17:54 . 2009-04-16 11:24    4534272    ----a-w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Mozilla\Firefox\Profiles\8fxgodiu.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-04-12 17:54 . 2009-04-16 11:24    344064    ----a-w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Mozilla\Firefox\Profiles\8fxgodiu.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-04-12 17:54 . 2009-04-16 11:24    131868    ----a-w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Mozilla\Firefox\Profiles\8fxgodiu.default\extensions\piclens@cooliris.com\libs\avformat-52.dll
2009-04-12 17:54 . 2009-04-16 11:24    103424    ----a-w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Mozilla\Firefox\Profiles\8fxgodiu.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-04-12 17:54 . 2009-04-16 11:24    1161626    ----a-w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Mozilla\Firefox\Profiles\8fxgodiu.default\extensions\piclens@cooliris.com\libs\avcodec-51.dll
2009-04-12 17:54 . 2009-04-16 11:24    65536    ----a-w-    c:\dokumente und einstellungen\Tino\Anwendungsdaten\Mozilla\Firefox\Profiles\8fxgodiu.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-04-03 05:35 . 2009-04-03 05:35    664    ----a-w-    c:\windows\system32\d3d9caps.dat
2009-03-28 11:12 . 2009-03-28 11:11    67156336    ----a-w-    C:\Alarmrot3lanfürBasti.zip
2009-03-21 18:26 . 2008-07-27 12:47    106788    ----a-w-    c:\windows\War3Unin.dat
2009-03-18 19:44 . 2009-03-18 19:49    22360    ----a-w-    c:\windows\system32\drivers\avgntmgr.sys
2009-03-18 19:44 . 2009-03-18 19:49    69632    ----a-w-    c:\windows\system32\drivers\avfwim.sys
2009-03-18 19:44 . 2009-03-18 19:49    45416    ----a-w-    c:\windows\system32\drivers\avgntdd.sys
2009-03-15 18:48 . 2007-12-21 16:39    86327    ----a-w-    c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-03-14 14:35 . 2008-02-27 19:03    96    ---ha-w-    c:\windows\system32\HsInfo.dat
2008-02-09 21:09 . 2008-02-09 21:09    24    --sh--w-    c:\windows\SAE08470E.tmp
2006-05-03 10:06 . 2009-03-02 15:21    163328    --sh--r-    c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2009-03-02 15:21    31232    --sh--r-    c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-03-02 15:21    216064    --sh--r-    c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\Fonts\Fonts ----

2008-09-16 10:02 . 2008-09-16 10:02    99356    ----a-w-    c:\windows\Fonts\Fonts\MyriadWebPro-Bold.ttf
2008-09-16 10:02 . 2008-09-16 10:02    96588    ----a-w-    c:\windows\Fonts\Fonts\MyriadWebPro-Condensed.ttf
2008-09-16 10:02 . 2008-09-16 10:02    101128    ----a-w-    c:\windows\Fonts\Fonts\MyriadWebPro-CondensedIt.ttf
2008-09-16 10:02 . 2008-09-16 10:02    93552    ----a-w-    c:\windows\Fonts\Fonts\MyriadWebPro-Italic.ttf
2008-09-16 10:02 . 2008-09-16 10:02    93432    ----a-w-    c:\windows\Fonts\Fonts\MyriadWebPro.ttf


(((((((((((((((((((((((((((((   SnapShot@2009-06-10_20.10.25   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-11 07:44 . 2009-06-11 07:44    16384              c:\windows\temp\Perflib_Perfdata_264.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\programme\DAEMON Tools Lite\daemon.exe" [2008-03-21 486856]
"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Watch"="c:\programme\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-07 518488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnoml]
 [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"=c_340863.nls
"midi1"=c_340863.nls
"mixer1"=c_340863.nls
"aux1"=c_340863.nls
"wave2"=c_340863.nls
"midi2"=c_340863.nls
"mixer2"=c_340863.nls
"aux2"=c_340863.nls

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg8wd"=2 (0x2)
"Symantec Core LC"=3 (0x3)
"PnkBstrA"=2 (0x2)
"gusvc"=2 (0x2)
"gupdate1c9959d693b998c"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WSearch"=2 (0x2)
"UserAccess7"=3 (0x3)
"ServiceLayer"=3 (0x3)
"rpcapd"=3 (0x3)
"ose"=3 (0x3)
"NBService"=3 (0x3)
"idsvc"=3 (0x3)
"NMIndexingService"=3 (0x3)
"MDM"=2 (0x2)
"SeaPort"=2 (0x2)
"WRConsumerService"=2 (0x2)
"WebrootSpySweeperService"=2 (0x2)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"IDriverT"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"AdobeActiveFileMonitor7.0"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Programme\\Sega\\Gas Powered Games\\Space Siege Demo\\SpaceSiege.exe"=
"d:\\Programme\\Firefly Studios\\Stronghold Legends\\StrongholdLegends.exe"=
"d:\\Programme\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Programme\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programme\\Symantec\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\alaplaya\\S4League\\patcher_s4.exe"=
"c:\\Programme\\alaplaya\\S4League\\S4Client.exe"=
"c:\\Programme\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Programme\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Programme\\EA Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"d:\\Programme\\TmNationsForever\\TmForever.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programme\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Programme\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Programme\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"d:\\Programme\\Electronic Arts\\Alarmstufe Rot 3\\Data\\ra3_1.4.game"=
"c:\\Programme\\Capcom\\FLOCK! Demo\\Flock.exe"=
"d:\\Programme\\Ubisoft\\Tom Clancy's EndWar\\Binaries\\EndWar.exe"=
"d:\\Programme\\Ubisoft\\Tom Clancy's EndWar\\Tom Clancy's EndWar Launcher.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:WC3
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"3724:TCP"= 3724:TCP:WoW
"6881:TCP"= 6881:TCP:*:Disabled:WoW2
"28002:TCP"= 28002:TCP:s4port1
"28008:TCP"= 28008:TCP:s4port2
"28012:TCP"= 28012:TCP:s4port3
"28013:TCP"= 28013:TCP:s4port4

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [07.06.2009 12:30 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [06.06.2009 13:37 130936]
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [18.03.2009 21:49 97608]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [23.02.2009 19:22 11889]
R1 SSHDRV5C;SSHDRV5C;c:\windows\system32\drivers\SSHDRV5C.sys [10.01.2008 15:22 34816]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [30.07.2008 07:51 277736]
R2 AntiVirFirewallService;Avira Firewall;c:\programme\Avira\AntiVir Desktop\avfwsvc.exe [18.03.2009 21:49 388865]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [18.03.2009 21:49 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\programme\Avira\AntiVir Desktop\avwebgrd.exe [18.03.2009 21:49 434945]
R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [09.02.2008 06:58 941784]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [18.03.2009 21:49 69632]
S1 atitray;atitray;\??\c:\programme\Radeon Omega Drivers\v3.8.421\ATI Tray Tools\atitray.sys --> c:\programme\Radeon Omega Drivers\v3.8.421\ATI Tray Tools\atitray.sys [?]
S1 SASKUTIL;SASKUTIL;\??\c:\programme\SUPERAntiSpyware\SASKUTIL.sys --> c:\programme\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\programme\Avira\AntiVir Desktop\avmailc.exe [18.03.2009 21:49 194817]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programme\Lavasoft\Ad-Aware\AAWService.exe [09.03.2009 21:06 1005904]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys --> c:\windows\system32\Drivers\COH_Mon.sys [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 gAGP440p;gAGP440p;\??\c:\dokume~1\Tino\LOKALE~1\Temp\gAGP440p.sys --> c:\dokume~1\Tino\LOKALE~1\Temp\gAGP440p.sys [?]
S3 LGDDCDevice;LGDDCDevice;c:\programme\LG Soft India\forteManager\bin\I2CDriver.sys [03.01.2009 11:13 14336]
S3 LGII2CDevice;LGII2CDevice;c:\programme\LG Soft India\forteManager\bin\PII2CDriver.sys [03.01.2009 11:13 13312]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [02.08.2005 23:10 32512]
S3 scramby_out;Scramby Output;c:\windows\system32\drivers\scramby_out.sys [08.08.2007 08:31 23840]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programme\Spyware Doctor\pctsAuxs.exe [06.06.2009 13:37 348752]
S3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [30.01.2008 02:41 25216]
S3 XDva221;XDva221;\??\c:\windows\system32\XDva221.sys --> c:\windows\system32\XDva221.sys [?]
S3 XDva262;XDva262;\??\c:\windows\system32\XDva262.sys --> c:\windows\system32\XDva262.sys [?]
S3 zlportio;zlportio;\??\d:\programme\Ultrastar\zlportio.sys --> d:\programme\Ultrastar\zlportio.sys [?]
S4 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\programme\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16.09.2008 12:03 169312]

--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - AUJASNKJ
*Deregistered* - aujasnkj
*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BFF8286A-A30E-E66F-202B-DF761707CC18}]
c:\dokumente und einstellungen\Tino\Anwendungsdaten\MSDN.exe s
.
Inhalt des "geplante Tasks" Ordners

2009-06-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 10:29]

2009-06-11 c:\windows\Tasks\Google Software Updater.job
- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-15 09:58]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Suche - c:\programme\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
TCP: {9D1FD2F6-D814-4027-8A9D-53F73CF86CB1} = 192.168.2.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - ProfilePath - 
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-11 12:26
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-796845957-1292428093-682003330-1005\Software\Buhl Data Service\On4u2\nanoPEG-MPEG2\ExtData*]
"OfflineKey"="f2il02yz+PoZfjShe/bLtuIDuYUBXeXUSWODhqNUumuillSxrfUfT0bxarmfYtLp4zQvX/frLlkGRzjW8wFj1YIjNQTkcipaGHiRsqxfWeML3zNdlQAR2qpUclY4tqG7hrq0toHzSqNvyr03dnd293CDD57I+nETnlnnu4AKgI3ULnXKu/K2ZzeRLfLPDBgAPUy1D3ancm3tlUij0+XCew==XkW7KTUw4/ERXZYHib2UcoL0C2ZB96ivDmVp8Hxoud4WhbS+FPwy3zwTLhtuwow5VXDxMiadgorR9F/GSnOdBg=="
"InitTime"=dword:00009b85
"LastTime"=dword:00009b85
"Keyindex"=dword:00000000

[HKEY_USERS\S-1-5-21-796845957-1292428093-682003330-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-796845957-1292428093-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6FE2D66A-F1AA-EFA3-564B-868124AA02DD}*]
"hahciemkgdgkhihp"=hex:6b,61,69,64,6d,68,69,6c,6a,69,6f,64,68,61,64,67,63,6d,
   6c,6d,69,61,00,00
"iabdgleilaldgpnpdk"=hex:6b,61,69,64,6d,68,69,6c,6a,69,6f,64,68,61,64,67,63,6d,
   6c,6d,69,61,00,00

[HKEY_USERS\S-1-5-21-796845957-1292428093-682003330-1005\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-796845957-1292428093-682003330-1005)
@Allowed: (Read) (S-1-5-21-796845957-1292428093-682003330-1005)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-796845957-1292428093-682003330-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c8,40,8e,5d,8f,53,fa,5c,f9,51,65,c2,82,e7,14,7a,1f,9d,c1,9c,d9,bd,71,
   8c,1e,b3,d8,76,04,d5,73,25,c0,0c,75,61,d8,36,e9,ce,c2,84,28,a7,8f,c7,f1,40,\
"??"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

[HKEY_USERS\S-1-5-21-796845957-1292428093-682003330-1005\Software\SecuROM\License information*]
"datasecu"=hex:2d,96,2f,f7,10,74,99,74,11,a0,f5,d9,34,af,1e,d3,ee,98,62,29,55,
   1f,27,e3,2b,b7,92,13,08,10,24,cc,c7,cf,2c,7e,42,98,21,19,d6,30,f2,71,4a,b9,\
"rkeysecu"=hex:f2,85,07,84,ef,38,34,6c,32,c4,cd,22,c9,10,f3,d5

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,e6,37,b6,db,3b,
   f3,be,d2,2e,e8,e1,00,eb,16,2b,de,c8,fc,85,b4,b6,65,61,08,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,97,ba,2c,53,ac,
   80,e9,e6,46,47,15,b0,92,4b,c7,ef,7a,00,2d,8b,74,4b,29,ef,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,c1,9b,3d,68,4f,
   0c,e5,4e,7a,45,05,fd,91,e8,6f,31,34,54,5c,92,75,89,5a,26,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,44,97,23,d5,5d,
   13,77,51,6b,65,49,6a,7e,99,74,f7,ad,6a,0f,2c,53,af,78,ff,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,05,73,df,e6,b7,
   c2,9d,89,e9,02,6c,fa,fb,1d,47,57,ef,f6,7e,b4,4f,5f,b3,35,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,86,23,bf,f7,7c,
   f0,3c,0e,50,93,e5,ab,ec,6a,4e,ab,0d,eb,22,45,bd,b6,5c,33,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,db,34,71,52,41,
   0a,3d,c0,97,20,4e,9a,c7,f1,35,ee,a0,45,9d,28,07,f7,b2,c9,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,4b,ce,f7,27,fa,
   82,14,4c,aa,52,c6,00,84,3c,26,64,a9,d2,59,a6,66,e0,2f,d9,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,ad,3e,bd,c3,92,
   cb,4f,f4,b2,46,9a,e2,1b,fe,1b,94,fc,95,8c,60,c4,89,50,30,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,b3,33,f4,a8,f0,
   78,22,9e,37,a4,aa,c3,a6,15,56,0a,51,67,6a,50,6b,3f,e4,32,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,d0,1a,ca,44,0d,
   d9,9c,5f,f8,31,0f,a9,5f,a0,ec,fb,65,3d,60,a7,32,0b,c7,3f,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,4f,1f,81,8a,8a,
   34,45,18,05,73,21,dd,54,d8,4a,c5,46,2b,f7,72,bc,3c,77,9c,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]
"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f6,a5,d4,ca,06,68,d7,c3,c7,87,08,73,7b,12,42,d9,a4,bb,a2,7c,c7,e8,1d,
   1b,dd,02,d4,d4,6d,41,56,cb,7c,fa,9d,c1,53,1c,4a,bc,be,b4,3e,37,e6,05,82,25,\
"??"=hex:fd,c2,55,28,79,d9,af,7e,8d,9e,9f,2d,3c,96,e9,fe
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(1488)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(476)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2009-06-11 12:28
ComboFix-quarantined-files.txt  2009-06-11 10:28
ComboFix2.txt  2009-06-10 20:15
ComboFix3.txt  2009-06-06 16:58

Vor Suchlauf: 20 Verzeichnis(se), 14.564.601.856 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 14.536.060.928 Bytes frei

Current=16 Default=16 Failed=15 LastKnownGood=18 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18
486    --- E O F ---    2009-05-27 14:00

Anhang: ComboFix.txt

11.06.2009, 13:41

raman

Moderator

Beiträge: 7805

#8 Dan versuchen wir einen leicht anderen Weg.

Lade bitte Avenger auf deinen PC, entpacke und starte es.
http://swandog46.geekstogo.com/avenger2/download.php

Hake "automatically disable any rootkits" an, gebe dann folgendes Script in das weisse "input your script here" Fenster von Avenger ein...

Code

files to delete:
c:\dokumente und einstellungen\Tino\Anwendungsdaten\MSDN.exe
c:\windows\system32\drivers\TDSSmhct.sys
c:\windows\system32\TDSSoeqh.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\TDSSnrsr.dll
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSScfub.dll
c:\windows\system32\TDSSfpmp.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSsbhc.dll
c:\windows\system32\TDSSrhym.log
c:\windows\system32\TDSStkdv.log
c:\windows\system32\c_340863.nls

Drivers to disable:
TDSSserv.sys

druecke execute und lasse den Rechner neu starten. Nach dem Neustart wird dir von Avenger ein Report angezeigt, diesen bitte hier posten...
__________
MfG Ralf
SEO-Spam Hunter

11.06.2009, 14:05

TinoF

Member

Themenstarter

Beiträge: 13

#9 Hab alles genau gemacht wie beschrieben, beim rebooten allerdings erneut ein Bluescreen:Systemprozess WindowsLogon wurde unerwartet beendet.

Computer wieder hochgefahren; es kommt folgender Reoprt zum Vorschein:

Code

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error:  file "c:\dokumente und einstellungen\Tino\Anwendungsdaten\MSDN.exe" not found!
Deletion of file "c:\dokumente und einstellungen\Tino\Anwendungsdaten\MSDN.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "c:\windows\system32\drivers\TDSSmhct.sys" not found!
Deletion of file "c:\windows\system32\drivers\TDSSmhct.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "c:\windows\system32\TDSSoeqh.dll" not found!
Deletion of file "c:\windows\system32\TDSSoeqh.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "c:\windows\system32\TDSSosvd.dat" not found!
Deletion of file "c:\windows\system32\TDSSosvd.dat" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "c:\windows\system32\TDSSnrsr.dll" not found!
Deletion of file "c:\windows\system32\TDSSnrsr.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "c:\windows\system32\TDSSriqp.dll" not found!
Deletion of file "c:\windows\system32\TDSSriqp.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "c:\windows\system32\TDSScfub.dll" not found!
Deletion of file "c:\windows\system32\TDSScfub.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "c:\windows\system32\TDSSfpmp.dll" not found!
Deletion of file "c:\windows\system32\TDSSfpmp.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "c:\windows\system32\TDSSnmxh.log" not found!
Deletion of file "c:\windows\system32\TDSSnmxh.log" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "c:\windows\system32\TDSSsbhc.dll" not found!
Deletion of file "c:\windows\system32\TDSSsbhc.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "c:\windows\system32\TDSSrhym.log" not found!
Deletion of file "c:\windows\system32\TDSSrhym.log" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "c:\windows\system32\TDSStkdv.log" not found!
Deletion of file "c:\windows\system32\TDSStkdv.log" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "c:\windows\system32\c_340863.nls" deleted successfully.

Error:  could not open driver "TDSSserv.sys"
Disablement of driver "TDSSserv.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Completed script processing.

*******************

Finished!  Terminate.

LG Tino

11.06.2009, 14:12

raman

Moderator

Beiträge: 7805

#10 DAnn lege bitte noch ein neues Gmer Log nach. Da ist immer noch eine Menge Malware...

Du hast einen Ordner c:\avenger, indem befindet sich eine Backup.exe lade diese bitte hier hoch:

http://www.bleepingcomputer.com/submit-malware.php?channel=49

Sollte sich in c:\qoobox\quarantaine ein Zip Archiv befinden, lade es dort bitte auch hoch...
__________
MfG Ralf
SEO-Spam Hunter

11.06.2009, 14:29

TinoF

Member

Themenstarter

Beiträge: 13

#11

Zitat

Du hast einen Ordner c:\avenger, indem befindet sich eine Backup.exe lade diese bitte hier hoch:

http://www.bleepingcomputer.com/submit-malware.php?channel=49

Sollte sich in c:\qoobox\quarantaine ein Zip Archiv befinden, lade es dort bitte auch hoch...

Bei mir ist eine Backup.zip im c:\avenger
und unter C:\qoobox\quarantine sieht es so aus(im Anhang(wow, sogar mit einem Viertel meines Desktops

!))

Ich lade jetzt die .zip aus \avenger mit dem Link dieses Treats hoch ,wenn ich noch mehr hochladen soll ,sag bitte bescheid.

Achso, und hier kommt der neue GMER Report. bis jetzt sieht er so aus:

Zitat

GMER
Zitat
ReportGMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-11 14:39:51
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwClose [0xAC3B0A00]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xB9D95514]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB9D84282]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB9D84474]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSection [0xAC3B1340]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xAC3B0F90]
SSDT BA6D08F4 ZwCreateThread
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xB9D95D00]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xB9D95FB8]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwDuplicateObject [0xAC3B0B60]
SSDT spxt.sys ZwEnumerateKey [0xB9EC6CA2]
SSDT spxt.sys ZwEnumerateValueKey [0xB9EC7030]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadDriver [0xAC3AEF80]
SSDT BA6D0912 ZwLoadKey
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xB9D943FA]
SSDT BA6D08E0 ZwOpenProcess
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenSection [0xAC3B1170]
SSDT BA6D08E5 ZwOpenThread
SSDT spxt.sys ZwQueryKey [0xB9EC7108]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwQuerySystemInformation [0xAC3B1910]
SSDT spxt.sys ZwQueryValueKey [0xB9EC6F88]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB9D96422]
SSDT BA6D091C ZwReplaceKey
SSDT BA6D0917 ZwRestoreKey
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwResumeThread [0xAC3B1C10]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetContextThread [0xAC3B1F90]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetInformationFile [0xAC3B2560]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetSecurityObject [0xAC3ADC40]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xB9D957D8]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSuspendThread [0xAC3B1BC0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSystemDebugControl [0xAC3AF2F0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xB9D83F32]
SSDT BA6D08EA ZwWriteVirtualMemory
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[284] [0xAC3ACD40]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[285] [0xAC3ACD50]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[286] [0xAC3ACD60]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[287] [0xAC3ACD80]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[288] [0xAC3ACDA0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[289] [0xAC3ACDD0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[290] [0xAC3ACDE0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[291] [0xAC3ACE00]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[292] [0xAC3ACE10]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[293] [0xAC3ACED0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[294] [0xAC3ACFA0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[295] [0xAC3ACFE0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[296] [0xAC3AD020]

INT 0x62 ? 8AEE1BF8
INT 0x73 ? 8ABAABF8
INT 0x73 ? 8ABAABF8
INT 0x82 ? 8AEE1BF8
INT 0x83 ? 8AEE1BF8
INT 0xA4 ? 8ABAABF8
INT 0xB4 ? 8ABAABF8

Code \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF84 5 Bytes JMP AC3B2980 \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF912 5 Bytes JMP AC3B2E80 \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)
? angwvc.sys Das System kann die angegebene Datei nicht finden. !
? spxt.sys Das System kann die angegebene Datei nicht finden. !
.text USBPORT.SYS!DllUnload B8E5F8AC 5 Bytes JMP 8ABAA1D8
.text a321kkz1.SYS B8D97384 1 Byte [20]
.text a321kkz1.SYS B8D97384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
.text a321kkz1.SYS B8D973AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
.text a321kkz1.SYS B8D973C4 3 Bytes [00, 00, 00]
.text a321kkz1.SYS B8D973C9 1 Byte [00]
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EA9040] spxt.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EA913C] spxt.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EA90BE] spxt.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EA97FC] spxt.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EA96D2] spxt.sys
IAT \SystemRoot\System32\Drivers\a321kkz1.SYS[HAL.dll!KfAcquireSpinLock] 000000AD
IAT \SystemRoot\System32\Drivers\a321kkz1.SYS[HAL.dll!READ_PORT_UCHAR] 000000D4
IAT \SystemRoot\System32\Drivers\a321kkz1.SYS[HAL.dll!KeGetCurrentIrql] 000000A2
IAT \SystemRoot\System32\Drivers\a321kkz1.SYS[HAL.dll!KfRaiseIrql] 000000AF
IAT \SystemRoot\System32\Drivers\a321kkz1.SYS[HAL.dll!KfLowerIrql] 0000009C
IAT \SystemRoot\System32\Drivers\a321kkz1.SYS[HAL.dll!HalGetInterruptVector] 000000A4
IAT \SystemRoot\System32\Drivers\a321kkz1.SYS[HAL.dll!HalTranslateBusAddress] 00000072
IAT \SystemRoot\System32\Drivers\a321kkz1.SYS[HAL.dll!KeStallExecutionProcessor] 000000C0
IAT \SystemRoot\System32\Drivers\a321kkz1.SYS[HAL.dll!KfReleaseSpinLock] 000000B7
IAT \SystemRoot\System32\Drivers\a321kkz1.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 000000FD
IAT \SystemRoot\System32\Drivers\a321kkz1.SYS[HAL.dll!READ_PORT_USHORT] 00000093
IAT \SystemRoot\System32\Drivers\a321kkz1.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000026
IAT \SystemRoot\System32\Drivers\a321kkz1.SYS[HAL.dll!WRITE_PORT_UCHAR] 00000036
IAT \SystemRoot\System32\Drivers\a321kkz1.SYS[WMILIB.SYS!WmiSystemControl] 000000F7
IAT \SystemRoot\System32\Drivers\a321kkz1.SYS[WMILIB.SYS!WmiCompleteRequest] 000000CC

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [67A6E780] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [67A6E0A0] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] [67A6E7C0] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [67A6E700] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [67A6E6C0] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [67A6E850] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [67A6E6C0] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [67A6E700] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [67A6E850] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [67A6E0A0] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [67A6E6C0] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [67A6E700] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [67A6E850] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!DeleteObject] [67A6D820] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] [67A6E7C0] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [67A6E6C0] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [67A6E700] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [67A6E850] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] [67A6E0A0] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [67A6E780] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [67A6E740] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AdjustWindowRectEx] [67A6E4E0] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SystemParametersInfoA] [67A6E3D0] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [67A6DC00] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSystemMetrics] [67A6E2B0] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [67A6D7D0] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [67A6DC90] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!RegisterClassW] [67A6E1F0] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [67A6D860] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!FillRect] [67A6E5F0] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DrawFrameControl] [67A6E660] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DrawEdge] [67A6E640] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetScrollInfo] [67A6DA50] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!CallWindowProcW] [67A6DAC0] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetScrollInfo] [67A6D940] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [67A6E850] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [67A6E6C0] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] [67A6E7C0] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] [67A6E0A0] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!DeleteObject] [67A6D820] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] [67A6E7C0] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [67A6E740] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [67A6E780] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [67A6E700] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [67A6E0A0] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [67A6E6C0] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [67A6E850] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [67A6DC00] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [67A6DC90] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SystemParametersInfoA] [67A6E3D0] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [67A6D7D0] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!RegisterClassA] [67A6E130] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!RegisterClassW] [67A6E1F0] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcW] [67A6DAC0] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcA] [67A6DB60] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSystemMetrics] [67A6E2B0] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\ole32.dll [GDI32.dll!DeleteObject] [67A6D820] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [67A6E850] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [67A6E6C0] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [67A6E700] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [67A6E0A0] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [67A6E780] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [67A6E740] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetSystemMetrics] [67A6E2B0] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetSysColor] [67A6D7D0] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CallWindowProcW] [67A6DAC0] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!RegisterClassW] [67A6E1F0] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] [67A6DC90] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [67A6E700] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [67A6E6C0] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [67A6E850] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] [67A6E0A0] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [67A6E700] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [67A6E740] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateThread] [67A6E0A0] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [67A6E850] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [67A6E6C0] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!GetSystemMetrics] [67A6E2B0] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [67A6E850] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [67A6E6C0] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [67A6E850] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [67A6E6C0] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [67A6E0A0] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] [67A6E7C0] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [67A6E6C0] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] [67A6E0A0] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [67A6E850] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [67A6E6C0] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)
IAT C:\Programme\Screen Capturer\ScreenCapturer.exe[3840] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [67A6E850] C:\WINDOWS\system32\ToolkitPro1202vc80.dll (Xtreme Toolkit Pro™ Library/Codejock Software)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8AF4F1F8

AttachedDevice \FileSystem\Ntfs \Ntfs klif.sys (spuper-ptor/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Ip avfwot.sys (TDI filtering kernel driver/Avira GmbH)

Device \Driver\USBSTOR \Device\0000009e 8A675500
Device \Driver\USBSTOR \Device\0000009f 8A675500
Device \Driver\usbohci \Device\USBPDO-0 8ABA91F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8AF511F8
Device \Driver\dmio \Device\DmControl\DmConfig 8AF511F8
Device \Driver\dmio \Device\DmControl\DmPnP 8AF511F8
Device \Driver\dmio \Device\DmControl\DmInfo 8AF511F8
Device \Driver\usbohci \Device\USBPDO-1 8ABA91F8
Device \Driver\usbohci \Device\USBPDO-2 8ABA91F8
Device \Driver\usbohci \Device\USBPDO-3 8ABA91F8
Device \Driver\USBSTOR \Device\000000a0 8A675500
Device \Driver\usbohci \Device\USBPDO-4 8ABA91F8

AttachedDevice \Driver\Tcpip \Device\Tcp avfwot.sys (TDI filtering kernel driver/Avira GmbH)

Device \Driver\USBSTOR \Device\000000a1 8A675500
Device \Driver\usbehci \Device\USBPDO-5 8AB6A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8AEE21F8
Device \Driver\Cdrom \Device\CdRom0 8AB5B1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8AEE21F8
Device \Driver\Cdrom \Device\CdRom1 8AB5B1F8
Device \Driver\Cdrom \Device\CdRom2 8AB5B1F8
Device \Driver\PCI_PNP1684 \Device\00000067 spxt.sys
Device \Driver\sptd \Device\581440434 spxt.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A76B500
Device \Driver\NetBT \Device\NetBT_Tcpip_{4E375CBB-FD76-4309-993C-4E46DE2DA1CE} 8A76B500
Device \Driver\NetBT \Device\NetbiosSmb 8A76B500
Device \Driver\NetBT \Device\NetBT_Tcpip_{9D1FD2F6-D814-4027-8A9D-53F73CF86CB1} 8A76B500

AttachedDevice \Driver\Tcpip \Device\Udp avfwot.sys (TDI filtering kernel driver/Avira GmbH)
AttachedDevice \Driver\Tcpip \Device\RawIp avfwot.sys (TDI filtering kernel driver/Avira GmbH)

Device \Driver\USBSTOR \Device\00000097 8A675500
Device \Driver\usbohci \Device\USBFDO-0 8ABA91F8
Device \Driver\usbohci \Device\USBFDO-1 8ABA91F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A87F500
Device \Driver\usbohci \Device\USBFDO-2 8ABA91F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A87F500
Device \Driver\usbohci \Device\USBFDO-3 8ABA91F8
Device \Driver\usbohci \Device\USBFDO-4 8ABA91F8
Device \Driver\Ftdisk \Device\FtControl 8AEE21F8
Device \Driver\usbehci \Device\USBFDO-5 8AB6A1F8
Device \Driver\a321kkz1 \Device\Scsi\a321kkz11Port5Path0Target1Lun0 8A9BD1F8
Device \Driver\a321kkz1 \Device\Scsi\a321kkz11 8A9BD1F8
Device \Driver\imagedrv \Device\Scsi\imagedrv1 8AF501F8
Device \Driver\a321kkz1 \Device\Scsi\a321kkz11Port5Path0Target0Lun0 8A9BD1F8
Device \FileSystem\Cdfs \Cdfs 8A673500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA5 0xA4 0xB5 0x09 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x23 0xAE 0x96 0x5E ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x87 0x07 0xE6 0xED ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Programme\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xCC 0x4B 0x4F 0x97 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x78 0x3A 0x3B 0xD9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x5B 0x71 0x4A 0x58 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA8 0x81 0xE4 0x47 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x23 0xAE 0x96 0x5E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x87 0x07 0xE6 0xED ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x87 0x07 0xE6 0xED ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA5 0xA4 0xB5 0x09 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x23 0xAE 0x96 0x5E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x62 0x2A 0xB6 0x79 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x71 0x32 0x92 0xCA ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Programme\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xCC 0x4B 0x4F 0x97 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x78 0x3A 0x3B 0xD9 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x5B 0x71 0x4A 0x58 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE9 0xBD 0xCC 0xA1 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x23 0xAE 0x96 0x5E ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x71 0xBB 0x9E 0xAC ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x87 0x07 0xE6 0xED ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9F 0x5D 0x1C 0x76 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEC 0x22 0xB5 0x9B ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x6F 0x14 0x68 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x76 0x20 0x9E 0x10 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xE1 0xFE 0xD6 0x8D ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9F 0x5D 0x1C 0x76 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x28 0x1D 0x8B 0xFB ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x6F 0x14 0x68 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x80 0x4F 0x94 0x05 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x55 0xC0 0x6D 0xA1 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9F 0x5D 0x1C 0x76 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x28 0x1D 0x8B 0xFB ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x6F 0x14 0x68 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x39 0x4A 0x9F 0x4D ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x35 0xD7 0xB7 0x14 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9F 0x5D 0x1C 0x76 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x28 0x1D 0x8B 0xFB ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x6F 0x14 0x68 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEE 0x1E 0x58 0x92 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xB1 0x65 0x40 0xF9 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9F 0x5D 0x1C 0x76 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x28 0x1D 0x8B 0xFB ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x6F 0x14 0x68 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEE 0x1E 0x58 0x92 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xB1 0x65 0x40 0xF9 ...
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmhct.sys
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmhct.sys
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoeqh.dll
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSnrsr.dll
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSScfub.dll
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSfpmp.dll
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsbhc.dll
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdv.log
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9F 0x5D 0x1C 0x76 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x28 0x1D 0x8B 0xFB ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x6F 0x14 0x68 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEE 0x1E 0x58 0x92 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xB1 0x65 0x40 0xF9 ...
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmhct.sys
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmhct.sys
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoeqh.dll
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSnrsr.dll
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSScfub.dll
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSfpmp.dll
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsbhc.dll
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdv.log
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9F 0x5D 0x1C 0x76 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x28 0x1D 0x8B 0xFB ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x6F 0x14 0x68 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEE 0x1E 0x58 0x92 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xB1 0x65 0x40 0xF9 ...
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmhct.sys
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmhct.sys
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoeqh.dll
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSnrsr.dll
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSScfub.dll
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSfpmp.dll
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsbhc.dll
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdv.log
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9F 0x5D 0x1C 0x76 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x28 0x1D 0x8B 0xFB ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x6F 0x14 0x68 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEE 0x1E 0x58 0x92 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xB1 0x65 0x40 0xF9 ...
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmhct.sys
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmhct.sys
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoeqh.dll
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSnrsr.dll
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSScfub.dll
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSfpmp.dll
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsbhc.dll
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdv.log
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9F 0x5D 0x1C 0x76 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x28 0x1D 0x8B 0xFB ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x6F 0x14 0x68 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEE 0x1E 0x58 0x92 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xB1 0x65 0x40 0xF9 ...
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmhct.sys
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmhct.sys
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoeqh.dll
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSnrsr.dll
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSScfub.dll
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSfpmp.dll
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsbhc.dll
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdv.log
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9F 0x5D 0x1C 0x76 ...
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x28 0x1D 0x8B 0xFB ...
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x6F 0x14 0x68 ...
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE8 0x34 0x64 0xF3 ...
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x5E 0x6B 0x0A 0x37 ...
Reg HKLM\SYSTEM\ControlSet014\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet014\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet014\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmhct.sys
Reg HKLM\SYSTEM\ControlSet014\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet014\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet014\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmhct.sys
Reg HKLM\SYSTEM\ControlSet014\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoeqh.dll
Reg HKLM\SYSTEM\ControlSet014\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat
Reg HKLM\SYSTEM\ControlSet014\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSnrsr.dll
Reg HKLM\SYSTEM\ControlSet014\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
Reg HKLM\SYSTEM\ControlSet014\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSScfub.dll
Reg HKLM\SYSTEM\ControlSet014\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSfpmp.dll
Reg HKLM\SYSTEM\ControlSet014\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet014\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsbhc.dll
Reg HKLM\SYSTEM\ControlSet014\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log
Reg HKLM\SYSTEM\ControlSet014\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdv.log
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9F 0x5D 0x1C 0x76 ...
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x28 0x1D 0x8B 0xFB ...
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x6F 0x14 0x68 ...
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5E 0x6B 0x0A 0x37 ...
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x5E 0x6B 0x0A 0x37 ...
Reg HKLM\SYSTEM\ControlSet015\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet015\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet015\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmhct.sys
Reg HKLM\SYSTEM\ControlSet015\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet015\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet015\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmhct.sys
Reg HKLM\SYSTEM\ControlSet015\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoeqh.dll
Reg HKLM\SYSTEM\ControlSet015\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat
Reg HKLM\SYSTEM\ControlSet015\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSnrsr.dll
Reg HKLM\SYSTEM\ControlSet015\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
Reg HKLM\SYSTEM\ControlSet015\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSScfub.dll
Reg HKLM\SYSTEM\ControlSet015\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSfpmp.dll
Reg HKLM\SYSTEM\ControlSet015\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet015\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsbhc.dll
Reg HKLM\SYSTEM\ControlSet015\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log
Reg HKLM\SYSTEM\ControlSet015\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdv.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9F 0x5D 0x1C 0x76 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4C 0x30 0xD9 0xE9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x46 0x78 0x9D 0x5C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xBE 0xEB 0x01 0x3A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x51 0x71 0x13 0x8A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x75 0x3D 0xE3 0x9F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x2D 0x17 0xB2 0x86 ...
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9F 0x5D 0x1C 0x76 ...
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x62 0x57 0x7E 0x5D ...
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x6F 0x14 0x68 ...
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xFD 0x37 0xC0 0x01 ...
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xD7 0x90 0x73 0x6F ...
Reg HKLM\SYSTEM\ControlSet017\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet017\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet017\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmhct.sys
Reg HKLM\SYSTEM\ControlSet017\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet017\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet017\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmhct.sys
Reg HKLM\SYSTEM\ControlSet017\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoeqh.dll
Reg HKLM\SYSTEM\ControlSet017\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat
Reg HKLM\SYSTEM\ControlSet017\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSnrsr.dll
Reg HKLM\SYSTEM\ControlSet017\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
Reg HKLM\SYSTEM\ControlSet017\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSScfub.dll
Reg HKLM\SYSTEM\ControlSet017\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSfpmp.dll
Reg HKLM\SYSTEM\ControlSet017\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet017\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsbhc.dll
Reg HKLM\SYSTEM\ControlSet017\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log
Reg HKLM\SYSTEM\ControlSet017\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdv.log
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9F 0x5D 0x1C 0x76 ...
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4C 0x30 0xD9 0xE9 ...
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x46 0x78 0x9D 0x5C ...
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xBE 0xEB 0x01 0x3A ...
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x51 0x71 0x13 0x8A ...
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x75 0x3D 0xE3 0x9F ...
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x2D 0x17 0xB2 0x86 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6FE2D66A-F1AA-EFA3-564B-868124AA02DD}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6FE2D66A-F1AA-EFA3-564B-868124AA02DD}@hahciemkgdgkhihp 0x6B 0x61 0x69 0x64 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6FE2D66A-F1AA-EFA3-564B-868124AA02DD}@iabdgleilaldgpnpdk 0x6B 0x61 0x69 0x64 ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x1d1c06c0 size 0x1af
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR

Anhang: Im Ordner Qoobox.jpg

Dieser Beitrag wurde am 11.06.2009 um 14:46 Uhr von TinoF editiert.

11.06.2009, 15:35

raman

Moderator

Beiträge: 7805

#12 Danke fuer den Upload. Die c_340863.nls war defekt, bzw war nicht mal eine ausfuehrbare Datei.

Lade dir bitte MBR von http://www2.gmer.net/mbr/mbr.exe
auf den Desktop herunter und gebe unter Start ausfuehren

%userprofile%\desktop\mbr.exe -f

ein und druecke Enter. Starte neu, gebe unter Start Ausfuehren

%userprofile%\desktop\mbr.exe

ein und druecke enter. Poste dann den Inhalt der mbr.log Datei und poste ihn hier.
__________
MfG Ralf
SEO-Spam Hunter

11.06.2009, 15:37

raman

Moderator

Beiträge: 7805

#13 Nachtrag: Lade die Datei avsda.dll.vir aus dem Quarantaene Ordner bitte auch hier hoch
http://www.bleepingcomputer.com/submit-malware.php?channel=49
__________
MfG Ralf
SEO-Spam Hunter

11.06.2009, 15:47

TinoF

Member

Themenstarter

Beiträge: 13

#14 Wenn ich
%userprofile%\desktop\mbr.exe -f
eingebe ,sagt er mir, dass C:\Dokumente nicht gefunden werden konnte.
Wenn ich es ohne -f starte, kommt dieser log bei raus:

Code

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK 
malicious code @ sector 0x1d1c06c0 size 0x1af !
copy of MBR has been found in sector 62 !
PE file found in sector at 0x01D1C06C0 !

Nachtrag:
Ok, die avsda.dll.vir hab ich auch hochgeladen.

Dieser Beitrag wurde am 11.06.2009 um 15:52 Uhr von TinoF editiert.

11.06.2009, 15:51

raman

Moderator

Beiträge: 7805

#15 ERstelle bitte nochmal eine cfscript.txt mit folgendem Inhalt

Code

FIXCSET::

und ziehe diese, wie unter Punkt 5 http://board.protecus.de/t37145.htm#322346 beschrieben auf die Combofix.exe und poste danach den erstellten Report.
__________
MfG Ralf
SEO-Spam Hunter

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1 2