System clean? Bitte GMER/ HJT/ MBAM Logs ansehen

#0
07.05.2010, 20:07
Member

Beiträge: 14
#1 hallo liebe gemeinde,

da mein hauptnotebook mit sensiblen daten laut GMER in der atapi.sys suspicious modification aufweist habe ich es seit zwei tagen vom netz. (gmer hat kein rootkit gefunden..nur das) aufgefallen ist mir das ganze durch den google search hijack- ch wurde zu malwareseiten weitergeleitet. nachdem ich die infektion festgestellt hatte, habe ich mir auch noch MBAM auf dem gerät installiert und siehe das, es hat etliche verbindungsversuche richtung china/ moldavien geblockt.

ich poste nun die logs meines zweiten notebooks
(nicht befallen) und wäre euch für hilfe sher dankbar. ich habe alle gängigen scans hier angewandt obwohl nichts auf eine infektion hindeutet- es geht mir darum dass ich schnellstmöglich meine passwörter von foren etc. von einem sauberen system ändern möchte!

kaspersky internet security 2009 findet nichts.

HJT

Zitat

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:05:01, on 07.05.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Hamachi\hamachi.exe
C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Programme\SONY\VAIO Event Service\VESMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programme\Apoint\Apoint.exe
C:\Programme\Sony\VAIO Power Management\SPMgr.exe
C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Programme\Sony\ISB Utility\ISBMgr.exe
C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Programme\LogMeIn\x86\LogMeInSystray.exe
C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Programme\LogMeIn\x86\LMIGuardian.exe
C:\Programme\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Programme\Sony\VAIO Power Management\OPT Drive Power Saving.exe
C:\Programme\Apoint\ApMsgFwd.exe
C:\Programme\Apoint\Apntex.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\cmd.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Programme\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [Switcher.exe] "C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SetDefPrt] C:\Programme\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Programme\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.sat1.de
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208615801328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208615879390
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (avp) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Hamachi Service (HamachiService) - LogMeIn Inc. - C:\Programme\Hamachi\hamachi.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Programme\SONY\VAIO Event Service\VESMgr.exe

--
End of file - 8941 bytes
gmer1

Zitat

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-07 09:32:24
Windows 5.1.2600 Service Pack 3
Running: 6vh6rgwu.exe; Driver: C:\DOKUME~1\VAIOTZ~1\LOKALE~1\Temp\pgtdypog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwAdjustPrivilegesToken [0xA8A69A72]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwClose [0xA8A6A01E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwConnectPort [0xA8A6BA82]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateFile [0xA8A6B438]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateKey [0xA8A691E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xA8A6D3E4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateThread [0xA8A69E1A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteKey [0xA8A6962A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteValueKey [0xA8A6982A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeviceIoControlFile [0xA8A6B744]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDuplicateObject [0xA8A6D8F0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateKey [0xA8A69940]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateValueKey [0xA8A699A8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwFsControlFile [0xA8A6B5FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwLoadDriver [0xA8A6CEA8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenFile [0xA8A6B294]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenKey [0xA8A6934A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenProcess [0xA8A69C40]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenSection [0xA8A6D40E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenThread [0xA8A69B96]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryKey [0xA8A69A10]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryMultipleValueKey [0xA8A69714]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryValueKey [0xA8A694F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueueApcThread [0xA8A6D110]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwReplaceKey [0xA8A68E6A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRequestWaitReplyPort [0xA8A6C30C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRestoreKey [0xA8A68FCC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwResumeThread [0xA8A6D7C0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSaveKey [0xA8A68C68]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSecureConnectPort [0xA8A6B924]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetContextThread [0xA8A69F18]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSecurityObject [0xA8A6CFA2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSystemInformation [0xA8A6D438]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetValueKey [0xA8A693A0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendProcess [0xA8A6D51C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendThread [0xA8A6D648]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSystemDebugControl [0xA8A6CDD4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwTerminateProcess [0xA8A69CEA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwWriteVirtualMemory [0xA8A69D5C]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF84 5 Bytes JMP A8A801E8 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF912 5 Bytes JMP A8A805A2 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 2C74 80504510 4 Bytes CALL 12F8EBA6
.text ntkrnlpa.exe!ZwCallbackReturn + 2FC4 80504860 12 Bytes [1C, D5, A6, A8, 48, D6, A6, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2FD4 80504870 4 Bytes JMP 7CA8A69C
? C:\WINDOWS\system32\Drivers\RKREVEAL150.SYS Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[2032] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[2032] USER32.dll!AlignRects + FFFA5598 7E362A78 4 Bytes [70, 11, 41, 35]
.text C:\Programme\Mozilla Firefox\firefox.exe[2740] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 004013F0 C:\Programme\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[2752] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[2752] USER32.dll!AlignRects + FFFA5598 7E362A78 4 Bytes [70, 11, 41, 35]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] 885F0CC0
IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] 885F0CC0

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- Threads - GMER 1.0.15 ----

Thread System [4:828] 88635100
Thread System [4:832] 88635100
Thread System [4:836] 885FF640
Thread System [4:840] 885FF640
Thread System [4:848] 88601630
Thread System [4:852] 88601630
Thread System [4:856] 88601630
Thread System [4:860] 885FF640

---- EOF - GMER 1.0.15 ----
gmer2

Zitat

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-07 09:48:09
Windows 5.1.2600 Service Pack 3
Running: 6vh6rgwu.exe; Driver: C:\DOKUME~1\VAIOTZ~1\LOKALE~1\Temp\pgtdypog.sys


---- Modules - GMER 1.0.15 ----

Module klbg.sys (KLBG Mini-Filter/Kaspersky Lab) BA118000-BA123000 (45056 bytes)
Module risdptsk.sys (RICOH SD/MMC Driver/REDC) BA128000-BA137000 (61440 bytes)
Module kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) B9DD8000-B9DF5000 (118784 bytes)
Module \SystemRoot\system32\DRIVERS\igxpmp32.sys (Intel Graphics Miniport Driver/Intel Corporation) B97D8000-B9D57000 (5763072 bytes)
Module \SystemRoot\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows (R) Server 2003 DDK provider) B979C000-B97C4000 (163840 bytes)
Module \SystemRoot\system32\DRIVERS\yk51x86.sys (NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller/Marvell) B975C000-B979C000 (262144 bytes)
Module \SystemRoot\system32\DRIVERS\NETw4x32.sys (Intel® Wireless WiFi Link Driver/Intel Corporation) B94F2000-B975C000 (2531328 bytes)
Module \SystemRoot\system32\DRIVERS\klfltdev.sys (KLFLTDEV Pnp device filter/Kaspersky Lab) BA218000-BA221000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\rimsptsk.sys (RICOH MS Driver/REDC) B94B4000-B94CE000 (106496 bytes)
Module \SystemRoot\system32\DRIVERS\SonyPI.sys (Sony Programmable I/O Control Device/Sony Corporation) BA248000-BA251000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\SonyNC.sys (Sony Notebook Control driver/Sony Corporation) BA4B0000-BA4B5000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\Apfiltr.sys (Alps Touch Pad Driver/Alps Electric Co., Ltd.) B949A000-B94B4000 (106496 bytes)
Module \SystemRoot\System32\Drivers\tosrfcom.sys (Bluetooth RFCOMM Driver/TOSHIBA Corporation) BA2C8000-BA2D8000 (65536 bytes)
Module \SystemRoot\system32\DRIVERS\lmimirr.sys (LogMeIn Mirror Miniport Driver/LogMeIn, Inc.) BA767000-BA768000 (4096 bytes)
Module \SystemRoot\system32\DRIVERS\klim5.sys (Kaspersky Lab Intermediate Network Driver/Kaspersky Lab) BA368000-BA370000 (32768 bytes)
Module \SystemRoot\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) BA378000-BA37D000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\hamachi.sys (Hamachi Virtual Network Interface Driver/LogMeIn, Inc.) BA388000-BA38D000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\tosporte.sys (TOSHIBA Bluetooth Port Emulation Driver/TOSHIBA Corporation) BA2E8000-BA2F3000 (45056 bytes)
Module \SystemRoot\system32\drivers\RtkHDAud.sys (Realtek(r) High Definition Audio Function Driver/Realtek Semiconductor Corp.) A8CE8000-A9147000 (4583424 bytes)
Module \SystemRoot\system32\DRIVERS\HSFHWAZL.sys (HSF_HWAZL WDM driver/Conexant Systems, Inc.) A8C91000-A8CC4000 (208896 bytes)
Module \SystemRoot\system32\DRIVERS\HSF_DPV.sys (HSF_DP driver/Conexant Systems, Inc.) A8B9F000-A8C91000 (991232 bytes)
Module \SystemRoot\system32\DRIVERS\HSF_CNXT.sys (HSF_CNXT driver/Conexant Systems, Inc.) A8AED000-A8B9F000 (729088 bytes)
Module \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) A8A65000-A8A9D000 (229376 bytes)
Module \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) BA3E8000-BA3ED000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\DMICall.sys (Windows 2000 DMI Call Kernel Driver/Sony Corporation) A9159000-A915A000 (4096 bytes)
Module \SystemRoot\System32\igxpgd32.dll (Intel Graphics 2D Driver/Intel Corporation) BF024000-BF04E000 (172032 bytes)
Module \SystemRoot\System32\igxprd32.dll (Intel Graphics 2D Rotation Driver/Intel Corporation) BF012000-BF024000 (73728 bytes)
Module \SystemRoot\System32\igxpdv32.DLL (Component GHAL Driver/Intel Corporation) BF04E000-BF1F2000 (1720320 bytes)
Module \SystemRoot\System32\igxpdx32.DLL (DirectDraw(R) Driver for Intel(R) Graphics Technology/Intel Corporation) BF1F2000-BF48D000 (2732032 bytes)
Module \SystemRoot\System32\ATMFD.DLL (Windows NT OpenType/Type 1 Font Driver/Adobe Systems Incorporated) BFFA0000-BFFE6000 (286720 bytes)
Module \??\C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes' Anti-Malware/Malwarebytes Corporation) A879A000-A879E000 (16384 bytes)
Module \SystemRoot\system32\DRIVERS\AegisP.sys (IEEE 802.1X Protocol Driver/Cisco Systems, Inc.) BA3A0000-BA3A5000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\s24trans.sys (Intel WLAN Packet Driver/Intel Corporation) A869A000-A869D000 (12288 bytes)
Module \??\C:\Programme\LogMeIn\x86\RaInfo.sys (RemotelyAnywhere Kernel Information Provider/LogMeIn, Inc.) BA5E0000-BA5E2000 (8192 bytes)
Module \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn Rfs Drivemap Driver/LogMeIn, Inc.) A87DE000-A87E8000 (40960 bytes)
Module \SystemRoot\system32\DRIVERS\mdmxsdk.sys (Diagnostic Interface x86 Driver/Conexant) A82DD000-A82E1000 (16384 bytes)
Module \??\C:\DOKUME~1\VAIOTZ~1\LOKALE~1\Temp\pgtdypog.sys (GMER) A71BA000-A71D1000 (94208 bytes)

---- Processes - GMER 1.0.15 ----

Process C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Anti-Virus/Kaspersky Lab) 140
Library C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Anti-Virus/Kaspersky Lab) 0x00400000
Library C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\prremote.dll (PR_REMOTE/Kaspersky Lab) 0x35840000
Library C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\fssync.dll (FSSYNC.DLL/Kaspersky Lab) 0x6D440000
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000
Library C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\Ushata.dll (Ushata module/Kaspersky Lab) 0x35A20000
Library C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\CLLDR.DLL (CLLDR/Kaspersky Lab) 0x35410000
Library C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\prloader.dll (Prague Loader/Kaspersky Lab) 0x357F0000
Library C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\prkernel.ppl (Prague kernel/Kaspersky Lab) 0x36320000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\pxstub.ppl (Proxy Stubs/Kaspersky Lab) 0x36470000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\params.ppl (Structure Serializer/Kaspersky Lab) 0x36220000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\winreg.ppl (WINREG/Kaspersky Lab) 0x36870000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\mkavio.ppl (64-bit IO wrapper/Kaspersky Lab) 0x36130000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\tempfile.ppl (Temporary IO/Kaspersky Lab) 0x36640000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\tm.ppl (Task Manager/Kaspersky Lab) 0x6E680000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\nfio.ppl (NFIO/Kaspersky Lab) 0x6E1C0000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\fsdrvplg.ppl (Plugin for FSDrv/Kaspersky Lab) 0x35EC0000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\bl.ppl (AVP2005 Product Business Logic/Kaspersky Lab) 0x6DDC0000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\wmihlpr.ppl (wmi helper/Kaspersky Lab) 0x36880000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\regmap.ppl (REGISTRY_MAPPER/Kaspersky Lab) 0x364C0000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\ndetect.ppl (Nertwork Detection/Kaspersky Lab) 0x36160000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\crpthlpr.ppl (CryptoHelper/Kaspersky Lab) 0x35E50000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\dtreg.ppl (DTREG/Kaspersky Lab) 0x35E80000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\sfdb.ppl (SFDB/Kaspersky Lab) 0x36530000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\schedule.ppl (Scheduler/Kaspersky Lab) 0x36520000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\timer.ppl (Timer/Kaspersky Lab) 0x36660000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\thpimpl.ppl (Thread Pool/Kaspersky Lab) 0x36650000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\lic.ppl (Licensing Library/Kaspersky Lab) 0x6E040000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\report.ppl (Report System/Kaspersky Lab) 0x364D0000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\reportdb.ppl (Report DB System/Kaspersky Lab) 0x364E0000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\hashmd5.ppl (HASHMD5/Kaspersky Lab) 0x35ED0000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\avs.ppl (AV Server/Kaspersky Lab) 0x6DC00000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\vmarea.ppl (VM Area/Kaspersky Lab) 0x36850000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\avlib.ppl (Anti-Virus functions library/Kaspersky Lab) 0x35B10000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\avspm.ppl (AV Server Performance Monitor/Kaspersky Lab) 0x35C20000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\qb.ppl (QBStorage/Kaspersky Lab) 0x36480000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\procmon.ppl (Process Monitor/Kaspersky Lab) 0x6E360000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\propmap.ppl (PROPMAP/Kaspersky Lab) 0x363D0000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\filemap.ppl (File Mapping Helper/Kaspersky Lab) 0x35EB0000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\syswatch.ppl (SysWatch/Kaspersky Lab) 0x36620000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\netwatch.ppl (Network Watcher/Kaspersky Lab) 0x36190000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\httpscan.ppl (HTTP Scanner/Kaspersky Lab) 0x35F90000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\sc.ppl (ScriptChecker/Kaspersky Lab) 0x36510000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\antispam.ppl (AntiSpam mail fiter/Kaspersky Lab) 0x35A70000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\oas.ppl (File Monitor/Kaspersky Lab) 0x361F0000
Library C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP8\Bases\kavbase.kdl (AV engine/Kaspersky Lab ZAO) 0x38000000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\mc.ppl (Mail Monitor/Kaspersky Lab) 0x360D0000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\ahids.ppl (ids task/Kaspersky Lab) 0x35A60000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\CKAHUM.dll (Kaspersky Anti-Hacker User Mode Component/Kaspersky Lab) 0x353B0000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\CKAHComm.dll (Kaspersky Anti-Hacker Communication Library/Kaspersky Lab) 0x35340000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\ckahrule.dll (Kaspersky Anti-Hacker Rules Manager/Kaspersky Lab) 0x35350000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\hips.ppl (HIPS/Kaspersky Lab) 0x35EE0000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\CKAHStat.dll (Kaspersky Anti-Hacker Statistic Componet/Kaspersky Lab) 0x35380000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\aphish.ppl (AntiPhishing/Kaspersky Lab) 0x35AD0000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\avpgs.ppl (Driver Communication Module/Kaspersky Lab) 0x35B30000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\httpanlz.ppl (HTTP Protocoller/Kaspersky Lab) 0x35F40000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\aphisht.ppl (AntiPhishingTask/Kaspersky Lab) 0x35AE0000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\adialtsk.ppl (AntiDial/Kaspersky Lab) 0x35A40000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\trafmon2.ppl (Traffic Monitor/Kaspersky Lab) 0x366A0000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\pdm2rt.ppl (Behavior PDM2rt/Kaspersky Lab) 0x362B0000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\smtpprtc.ppl (SMTP Protocoller/Kaspersky Lab) 0x36540000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\pop3prtc.ppl (POP3 Protocoller/Kaspersky Lab) 0x36310000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\maildisp.ppl (MailDispatcher/Kaspersky Lab) 0x36080000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\imapprtc.ppl (IMAP Protocoller/Kaspersky Lab) 0x35FC0000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\nntpprtc.ppl (NNTP Protocoller/Kaspersky Lab) 0x361D0000
Library C:\Programme\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x16080000
Library C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP8\Bases\klavemu.kdl (Heuristics engine/Kaspersky Lab) 0x38400000
Library C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP8\Bases\kjim.kdl (Script Heuristics Engine/Kaspersky Lab ZAO) 0x38800000
Library C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP8\Bases\mark.kdl (Anti-Rootkit Engine/Kaspersky Lab ZAO) 0x38300000
Library C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP8\Bases\vlns.kdl (Vulnerability scanner/Kaspersky Lab) 0x38200000
Library C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avzkrnl.dll 0x35060000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\ichk2.ppl (ICHK2/Kaspersky Lab) 0x35FA0000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\ichksa.ppl (iCheckerSA/Kaspersky Lab) 0x35FB0000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\urlflt.ppl (UrlFiltering/Kaspersky Lab) 0x6E800000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\uniarc.ppl (UniArchiver plugin/Kaspersky Lab) 0x367A0000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\proxydet.ppl (TRANSPOR/Kaspersky Lab) 0x363F0000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\Updater.dll (updater.EXE/Kaspersky Lab) 0x35900000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\minizip.ppl (ZIP MiniArchiver plugin/Kaspersky Lab) 0x36120000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\cab.ppl (CAB MiniArchiver plugin/Kaspersky Lab) 0x35E30000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\arj.ppl (ARJ MiniArchiver plugin/Kaspersky Lab) 0x35AF0000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\rar.ppl (RAR/Kaspersky Lab) 0x364A0000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\lha.ppl (LHA Repacker/Kaspersky Lab) 0x36010000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\dmap.ppl (Direct Mapper plugin/Kaspersky Lab) 0x35E70000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\prseqio.ppl (SEQIO/Kaspersky Lab) 0x36400000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\mdb.ppl (MDB/Kaspersky Lab) 0x360E0000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\msoe.ppl (MSOE/Kaspersky Lab) 0x36140000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\mailmsg.ppl (MAILMSG/Kaspersky Lab) 0x360C0000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\unstored.ppl (Unstored Transformer plugin/Kaspersky Lab) 0x367E0000

Process C:\Programme\SONY\VAIO Event Service\VESMgr.exe (VAIO Event Service (Service Module)/Sony Corporation) 192
Library C:\Programme\SONY\VAIO Event Service\VESMgr.exe (VAIO Event Service (Service Module)/Sony Corporation) 0x00400000
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000
Library C:\Programme\Sony\VAIO HDD Protection\VESStorageProtect.dll (VAIO Event Service (VESStorageProtect Module)/Sony Corporation) 0x10000000
Library C:\Programme\Sony\VAIO Event Service\VESBasePS.dll 0x01000000
Library C:\Programme\Gemeinsame Dateien\Sony Shared\Sony Utilities\SnyUtils.dll (SnyUtils.DLL/Sony Corporation) 0x01060000
Library C:\Programme\Gemeinsame Dateien\Sony Shared\SXBIOS\sxbios.dll (SxBios DLL/Sony Corporation) 0x01080000
Library C:\Programme\Sony\VAIO Event Service\VESSuEvent.dll (VAIO Event Service (SnyUtils Event Module)/Sony Corporation) 0x013C0000
Library C:\Programme\Sony\VAIO Event Service\VESWndMsg.dll (VAIO Event Service (WndMsg Module)/Sony Corporation) 0x014E0000
Library C:\Programme\SONY\VAIO Event Service\VESWndMsgHook.dll (VAIO Event Service (Hook Module for VESWndMsg)/Sony Corporation) 0x01820000
Library C:\Programme\Sony\VAIO Event Service\VESTransform.dll (VAIO Event Service (Transform Module)/Sony Corporation) 0x01C40000
Library C:\Programme\Sony\VAIO Power Management\VESPowerMgr.dll (VAIO Event Service (Power Management Module)/Sony Corporation) 0x01880000
Library C:\Programme\Sony\VAIO Event Service\VESSemiPnP.dll (VAIO Event Service (Plug and Display Function Module)/Sony Corporation) 0x018E0000
Library C:\Programme\Sony\VAIO Event Service\VESSuPerform.dll (VAIO Event Service (SnyUtils Perform Module)/Sony Corporation) 0x01900000
Library C:\Programme\Sony\VAIO Event Service\VESVideo.dll (VAIO Event Service(Video Module)/Sony Corporation) 0x01920000
Library C:\Programme\Sony\VAIO Event Service\VESPerform.dll (VAIO Event Service (Common Perform Module)/Sony Corporation) 0x01940000
Library C:\Programme\Sony\Battery Care Function\VES Battery Care.dll (VAIO Event Service (BCF Module)/Sony Corporation) 0x01970000
Library C:\Programme\Sony\VAIO Event Service\VESFnLock.dll (VAIO Event Service (Fn Lock Module)/Sony Corporation) 0x01990000
Library C:\Programme\Sony\VAIO Event Service\VESHKWndCommon.dll (VAIO Event Service (Hotkey UI Module)/Sony Corporation) 0x01F70000
Library C:\WINDOWS\system32\IGFXEXPS.DLL (igfxext Module/Intel Corporation) 0x019D0000
Library C:\Programme\Sony\Battery Care Function\BatteryCare.dll (Battery Care Function/Sony Corporation) 0x019E0000

Process C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel(R) PROSet/Wireless Event Log/Intel Corporation) 196
Library C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel(R) PROSet/Wireless Event Log/Intel Corporation) 0x00400000
Library C:\Programme\Intel\Wireless\Bin\PfMgrApi.dll (ProfileMgrApi DLL/Intel Corporation) 0x10000000
Library C:\Programme\Intel\Wireless\Bin\TraceAPI.DLL (TraceAPI Module/Intel Corporation) 0x00350000
Library C:\Programme\Intel\Wireless\Bin\PsRegApi.dll (PsRegApi/Intel Corporation) 0x004D0000
Library C:\Programme\Intel\Wireless\Bin\DbEngine.dll (Secure Database Egnine DLL/Intel Corporation) 0x00590000
Library C:\Programme\Intel\Wireless\Bin\LIBEAY32.dll (OpenSSL Shared Library/The OpenSSL Project, http://www.openssl.org/) 0x00630000
Library C:\Programme\Intel\Wireless\Bin\IntStngs.dll (IntelSettings DLL/Intel Corporation) 0x00740000
Library C:\Programme\Intel\Wireless\Bin\MurocApi.dll (MurocApi DLL/Intel Corporation) 0x007D0000
Library C:\Programme\Intel\Wireless\Bin\S24MUDLL.dll (Interface DLL for S24EvMon functions/Intel Corporation) 0x008C0000
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000

Process C:\Programme\Hamachi\hamachi.exe (Hamachi Client/LogMeIn Inc.) 248
Library C:\Programme\Hamachi\hamachi.exe (Hamachi Client/LogMeIn Inc.) 0x00400000
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000

Process C:\WINDOWS\system32\wscntfy.exe (Windows Security Center Notification App/Microsoft Corporation) 312
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000

Process C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe (ZeroCfgSvc MFC Application/Intel Corporation) 316
Library C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe (ZeroCfgSvc MFC Application/Intel Corporation) 0x00400000
Library C:\Programme\Intel\Wireless\bin\PfMgrApi.dll (ProfileMgrApi DLL/Intel Corporation) 0x10000000
Library C:\Programme\Intel\Wireless\bin\TraceAPI.DLL (TraceAPI Module/Intel Corporation) 0x00350000
Library C:\Programme\Intel\Wireless\bin\PsRegApi.dll (PsRegApi/Intel Corporation) 0x00500000
Library C:\Programme\Intel\Wireless\bin\DbEngine.dll (Secure Database Egnine DLL/Intel Corporation) 0x005C0000
Library C:\Programme\Intel\Wireless\bin\LIBEAY32.dll (OpenSSL Shared Library/The OpenSSL Project, http://www.openssl.org/) 0x00660000
Library C:\Programme\Intel\Wireless\bin\IntStngs.dll (IntelSettings DLL/Intel Corporation) 0x00770000
Library C:\Programme\Intel\Wireless\bin\MurocApi.dll (MurocApi DLL/Intel Corporation) 0x00800000
Library C:\Programme\Intel\Wireless\bin\S24MUDLL.dll (Interface DLL for S24EvMon functions/Intel Corporation) 0x008F0000
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000
Library C:\Programme\Intel\Wireless\Bin\ZcSvcDEU.dll (ZeroCfgSvc MFC Application/Intel Corporation) 0x010E0000

Process C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Framework MFC Application/Intel Corporation) 336
Library C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Framework MFC Application/Intel Corporation) 0x00400000
Library C:\Programme\Intel\Wireless\Bin\PsRegApi.dll (PsRegApi/Intel Corporation) 0x10000000
Library C:\Programme\Intel\Wireless\Bin\LIBEAY32.dll (OpenSSL Shared Library/The OpenSSL Project, http://www.openssl.org/) 0x00520000
Library C:\Programme\Intel\Wireless\Bin\IntStngs.dll (IntelSettings DLL/Intel Corporation) 0x00350000
Library C:\Programme\Intel\Wireless\Bin\TraceAPI.DLL (TraceAPI Module/Intel Corporation) 0x00630000
Library C:\Programme\Intel\Wireless\Bin\MurocApi.dll (MurocApi DLL/Intel Corporation) 0x006D0000
Library C:\Programme\Intel\Wireless\Bin\S24MUDLL.dll (Interface DLL for S24EvMon functions/Intel Corporation) 0x007B0000
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000
Library C:\Programme\Intel\Wireless\Bin\FrWrkDEU.dll (Intel Framework MFC Application/Intel Corporation) 0x00F60000
Library C:\Programme\Intel\Wireless\Bin\FrameworkPlugins\ConnMgr.dll (Intel PROSet/Wireless Application/Intel Corporation) 0x00F90000
Library C:\Programme\Intel\Wireless\Bin\PfMgrApi.dll (ProfileMgrApi DLL/Intel Corporation) 0x01120000
Library C:\Programme\Intel\Wireless\Bin\DbEngine.dll (Secure Database Egnine DLL/Intel Corporation) 0x01270000
Library C:\Programme\Intel\Wireless\Bin\IntWADEU.dll (Intel PROSet/Wireless Application/Intel Corporation) 0x01470000

Process C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 344
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000

Process C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Wireless Management Service/Intel Corporation ) 412
Library C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Wireless Management Service/Intel Corporation ) 0x00400000
Library C:\Programme\Intel\Wireless\Bin\TraceAPI.DLL (TraceAPI Module/Intel Corporation) 0x10000000
Library C:\Programme\Intel\Wireless\Bin\PsRegApi.dll (PsRegApi/Intel Corporation) 0x00350000
Library C:\Programme\Intel\Wireless\Bin\LIBEAY32.dll (OpenSSL Shared Library/The OpenSSL Project, http://www.openssl.org/) 0x00550000
Library C:\Programme\Intel\Wireless\Bin\IntStngs.dll (IntelSettings DLL/Intel Corporation) 0x00660000
Library C:\Programme\Intel\Wireless\Bin\IWMSPROV.DLL 0x006F0000
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 756
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000

Process C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes' Anti-Malware/Malwarebytes Corporation) 912
Library C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes' Anti-Malware/Malwarebytes Corporation) 0x00400000
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000
Library C:\Programme\Malwarebytes' Anti-Malware\mbam.dll (Malwarebytes' Anti-Malware/Malwarebytes Corporation) 0x10000000
Library c:\windows\system32\netprovcredman.dll (Network Provider Credentials Manager/Intel Corporation) 0x00C80000
Library C:\WINDOWS\system32\LMIRfsClientNP.dll (LogMeIn Rfs Client Network Provider/LogMeIn, Inc.) 0x00D80000

Process C:\WINDOWS\system32\igfxext.exe (igfxext Module/Intel Corporation) 1036
Library C:\WINDOWS\system32\igfxext.exe (igfxext Module/Intel Corporation) 0x00400000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000
Library C:\WINDOWS\system32\igfxsrvc.dll (igfxsrvc Module/Intel Corporation) 0x10000000
Library C:\WINDOWS\system32\IGFXEXPS.DLL (igfxext Module/Intel Corporation) 0x01100000

Process C:\Programme\PC Connectivity Solution\ServiceLayer.exe (ServiceLayer Module/Nokia.) 1048
Library C:\Programme\PC Connectivity Solution\ServiceLayer.exe (ServiceLayer Module/Nokia.) 0x00400000
Library C:\Programme\PC Connectivity Solution\NclTools.dll (NCL Tools/Nokia) 0x10000000
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000
Library C:\Programme\PC Connectivity Solution\Transports\NCLIrDAMM.dll (Infrared/Nokia Corp.) 0x00FC0000
Library C:\Programme\PC Connectivity Solution\Transports\NCLRSMM.dll (Serial cable/Nokia Corp.) 0x01140000
Library C:\Programme\PC Connectivity Solution\Transports\NCLUSBMM.dll (Nokia USB media module/Nokia Corp.) 0x01380000
Library C:\Programme\PC Connectivity Solution\Transports\NclMSBTMM.dll (Bluetooth (Microsoft)/Nokia Corp.) 0x014C0000
Library C:\Programme\PC Connectivity Solution\Transports\NclToBTMM.dll (Bluetooth (Toshiba)/Nokia Corp.) 0x01930000
Library C:\WINDOWS\system32\TosBtAPI.dll (TosBtAPI/TOSHIBA CORPORATION.) 0x01970000
Library C:\WINDOWS\system32\TosBdAPI.dll (TosBdAPI/TOSHIBA CORPORATION.) 0x01510000

Process C:\WINDOWS\system32\brsvc01a.exe (brsvc01a/brother Industries Ltd) 1112
Library C:\WINDOWS\system32\brsvc01a.exe (brsvc01a/brother Industries Ltd) 0x00400000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000

Process C:\WINDOWS\system32\igfxsrvc.exe (igfxsrvc Module/Intel Corporation) 1144
Library C:\WINDOWS\system32\igfxsrvc.exe (igfxsrvc Module/Intel Corporation) 0x00400000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000
Library C:\WINDOWS\system32\igfxsrvc.dll (igfxsrvc Module/Intel Corporation) 0x10000000
Library C:\WINDOWS\system32\igfxdev.dll (igfxdev Module/Intel Corporation) 0x01100000

Process C:\WINDOWS\system32\brss01a.exe (brss01a.exe/brother Industries Ltd) 1168
Library C:\WINDOWS\system32\brss01a.exe (brss01a.exe/brother Industries Ltd) 0x00400000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000

Process C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) 1176
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000
Library C:\WINDOWS\system32\LMIport.dll (RemotelyAnywhere Printer Port Monitor/LogMeIn, Inc.) 0x50400000
Library C:\WINDOWS\system32\mdimon.dll (Microsoft® Document Imaging/Microsoft Corporation) 0x009D0000
Library C:\WINDOWS\system32\ssp4ml3.dll 0x009E0000
Library C:\WINDOWS\system32\tbtmon.dll (TOSHIBA CORPORATION.) 0x10000000
Library C:\WINDOWS\system32\TosBtHcrpAPI.dll (TOSHIBA CORPORATION.) 0x00D40000
Library C:\WINDOWS\system32\TosBtAPI.dll (TosBtAPI/TOSHIBA CORPORATION.) 0x00D60000
Library C:\WINDOWS\system32\TosBdAPI.dll (TosBdAPI/TOSHIBA CORPORATION.) 0x00DD0000
Library C:\WINDOWS\system32\tbtmon98Language.dll (TOSHIBA CORPORATION.) 0x00DF0000
Library C:\WINDOWS\system32\xrxg1l3.dll 0x00E90000
Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\brmfpp1.dll (Brother print processor for Windows 2000/Brother Industries ,Ltd ) 0x00EA0000
Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\LMIproc.dll (RemotelyAnywhere Print Processor/LogMeIn, Inc.) 0x6A900000
Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll (Microsoft® Document Imaging/Microsoft Corporation) 0x00F30000
Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll (Print Filter Pipeline Proxy/Microsoft Corporation) 0x3F420000
Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\ssp4mpc.dll (Windows?Server 2003 Driver Development Kit Print DLL/Windows (R) 2000 DDK provider) 0x00F50000
Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\xrxg1pc.dll (Windows?Server 2003 Driver Development Kit Print DLL/Windows (R) 2000 DDK provider) 0x00F60000
Library C:\Programme\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x16080000

Process C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Anti-Virus/Kaspersky Lab) 1332
Library C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Anti-Virus/Kaspersky Lab) 0x00400000
Library C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\prremote.dll (PR_REMOTE/Kaspersky Lab) 0x35840000
Library C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\fssync.dll (FSSYNC.DLL/Kaspersky Lab) 0x6D440000
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000
Library C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\Ushata.dll (Ushata module/Kaspersky Lab) 0x35A20000
Library C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\CLLDR.DLL (CLLDR/Kaspersky Lab) 0x35410000
Library C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\prloader.dll (Prague Loader/Kaspersky Lab) 0x357F0000
Library C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\prkernel.ppl (Prague kernel/Kaspersky Lab) 0x36320000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\pxstub.ppl (Proxy Stubs/Kaspersky Lab) 0x36470000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\params.ppl (Structure Serializer/Kaspersky Lab) 0x36220000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\winreg.ppl (WINREG/Kaspersky Lab) 0x36870000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\mkavio.ppl (64-bit IO wrapper/Kaspersky Lab) 0x36130000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\tempfile.ppl (Temporary IO/Kaspersky Lab) 0x36640000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\avpgui.ppl (Kaspersky Anti-Virus GUI Logic/Kaspersky Lab) 0x35B50000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\nfio.ppl (NFIO/Kaspersky Lab) 0x6E1C0000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\fsdrvplg.ppl (Plugin for FSDrv/Kaspersky Lab) 0x35EC0000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\basegui.ppl (Kaspersky Anti-Virus GUI Windows part/Kaspersky Lab) 0x35C80000
Library c:\programme\kaspersky lab\kaspersky internet security 2009\thpimpl.ppl (Thread Pool/Kaspersky Lab) 0x36650000

Process C:\WINDOWS\system32\ctfmon.exe (CTF Loader/Microsoft Corporation) 1416
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000

Process C:\Programme\LogMeIn\x86\LogMeInSystray.exe (LogMeIn Desktop Application/LogMeIn, Inc.) 1468
Library C:\Programme\LogMeIn\x86\LogMeInSystray.exe (LogMeIn Desktop Application/LogMeIn, Inc.) 0x00400000
Library C:\Programme\LogMeIn\x86\LogMeInSystray.dll (LogMeIn Desktop Application/LogMeIn, Inc.) 0x10000000
Library C:\Programme\LogMeIn\x86\rntfywnd.dll (LogMeIn Notify Package/LogMeIn, Inc.) 0x00350000
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000

Process C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes' Anti-Malware/Malwarebytes Corporation) 1472
Library C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes' Anti-Malware/Malwarebytes Corporation) 0x00400000
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000

Process C:\Programme\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) 1524
Library C:\Programme\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) 0x00400000
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000

Process C:\WINDOWS\system32\igfxsrvc.exe (igfxsrvc Module/Intel Corporation) 1536
Library C:\WINDOWS\system32\igfxsrvc.exe (igfxsrvc Module/Intel Corporation) 0x00400000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000
Library C:\WINDOWS\system32\igfxsrvc.dll (igfxsrvc Module/Intel Corporation) 0x10000000
Library C:\WINDOWS\system32\igfxdev.dll (igfxdev Module/Intel Corporation) 0x01110000

Process C:\Programme\Apoint\ApMsgFwd.exe (ApMsgFwd/Alps Electric Co., Ltd.) 1584
Library C:\Programme\Apoint\ApMsgFwd.exe (ApMsgFwd/Alps Electric Co., Ltd.) 0x00400000
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000

Process C:\Programme\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) 1596
Library C:\Programme\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) 0x00400000
Library C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation) 0x10000000
Library C:\Programme\Mozilla Firefox\sqlite3.dll (SQLite Database Library/sqlite.org) 0x00280000
Library C:\Programme\Mozilla Firefox\MOZCRT19.dll (User-Generated Microsoft (R) C/C++ Runtime Library/Mozilla Foundation) 0x78130000
Library C:\Programme\Mozilla Firefox\js3250.dll 0x00300000
Library C:\Programme\Mozilla Firefox\nspr4.dll (NSPR Library/Mozilla Foundation) 0x004E0000
Library C:\Programme\Mozilla Firefox\smime3.dll (NSS S/MIME Library/Mozilla Foundation) 0x00510000
Library C:\Programme\Mozilla Firefox\nss3.dll (NSS Base Library/Mozilla Foundation) 0x00530000
Library C:\Programme\Mozilla Firefox\nssutil3.dll (NSS Utility Library/Mozilla Foundation) 0x005D0000
Library C:\Programme\Mozilla Firefox\plc4.dll (PLC Library/Mozilla Foundation) 0x005F0000
Library C:\Programme\Mozilla Firefox\plds4.dll (PLDS Library/Mozilla Foundation) 0x00600000
Library C:\Programme\Mozilla Firefox\ssl3.dll (NSS SSL Library/Mozilla Foundation) 0x00610000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Library C:\Programme\Mozilla Firefox\xpcom.dll (Mozilla Foundation) 0x00640000
Library C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll (Mozilla Virtual Keyboard/Kaspersky Lab) 0x35710000
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000
Library C:\Programme\Mozilla Firefox\components\browserdirprovider.dll (Mozilla Foundation) 0x011B0000
Library C:\Programme\Mozilla Firefox\components\brwsrcmp.dll (Mozilla Foundation) 0x02340000
Library C:\Programme\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x16080000
Library C:\Programme\Mozilla Firefox\softokn3.dll (NSS PKCS #11 Library/Mozilla Foundation) 0x04510000
Library C:\Programme\Mozilla Firefox\nssdbm3.dll (Legacy Database Driver/Mozilla Foundation) 0x04540000
Library C:\Programme\Mozilla Firefox\freebl3.dll (NSS freebl Library/Mozilla Foundation) 0x04560000
Library C:\Programme\Mozilla Firefox\nssckbi.dll (NSS Builtin Trusted Root CAs/Mozilla Foundation) 0x04B00000

Process C:\WINDOWS\system32\winlogon.exe (Windows NT-Anmeldung/Microsoft Corporation) 1660
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000
Library C:\WINDOWS\system32\klogon.dll (Logon Visualizer/Kaspersky Lab) 0x354D0000
Library C:\WINDOWS\system32\LMIinit.dll (LogMeIn Remote Control Helper/LogMeIn, Inc.) 0x10000000
Library C:\WINDOWS\system32\VESWinlogon.dll (VAIO Event Service (Winlogon Notification Module)/Sony Corporation) 0x01570000
Library c:\windows\system32\netprovcredman.dll (Network Provider Credentials Manager/Intel Corporation) 0x017C0000
Library C:\WINDOWS\system32\LMIRfsClientNP.dll (LogMeIn Rfs Client Network Provider/LogMeIn, Inc.) 0x01820000

Process C:\WINDOWS\system32\services.exe (Anwendung für Dienste und Controller/Microsoft Corporation) 1704
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000

Process C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) 1716
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000

Process C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel(R) PROSet/Wireless Registry Service/Intel Corporation) 1840
Library C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel(R) PROSet/Wireless Registry Service/Intel Corporation) 0x00400000
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1860
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1888
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000

Process C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA Bluetooth Service/TOSHIBA CORPORATION) 1916
Library C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA Bluetooth Service/TOSHIBA CORPORATION) 0x00400000
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1940
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1976
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000
Library C:\Programme\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x16080000

Process C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple Inc.) 2040
Library C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple Inc.) 0x00400000
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000

Process C:\Programme\LogMeIn\x86\LMIGuardian.exe (LMIGuardian/LogMeIn, Inc.) 2176
Library C:\Programme\LogMeIn\x86\LMIGuardian.exe (LMIGuardian/LogMeIn, Inc.) 0x00400000
Library C:\Programme\LogMeIn\x86\LMIGuardianDll.dll (LMIGuardianHttp/LogMeIn, Inc.) 0x10000000
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000

Process C:\Dokumente und Einstellungen\vaio tz\Desktop\6vh6rgwu.exe 2388
Library C:\Dokumente und Einstellungen\vaio tz\Desktop\6vh6rgwu.exe 0x00400000
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000

Process C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe (Intel 802.1x Server/Intel Corporation) 2416
Library C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe (Intel 802.1x Server/Intel Corporation) 0x00400000
Library C:\Programme\Intel\Wireless\Bin\acAuth.dll 0x10000000
Library C:\Programme\Intel\Wireless\Bin\C1XStngs.dll (C8021XSettings DLL/Intel Corporation) 0x004C0000
Library C:\Programme\Intel\Wireless\Bin\TraceAPI.DLL (TraceAPI Module/Intel Corporation) 0x00350000
Library C:\Programme\Intel\Wireless\Bin\PsRegApi.dll (PsRegApi/Intel Corporation) 0x005B0000
Library C:\Programme\Intel\Wireless\Bin\IntStngs.dll (IntelSettings DLL/Intel Corporation) 0x00670000
Library C:\Programme\Intel\Wireless\Bin\IWMSPROV.DLL 0x00700000
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000
Library C:\Programme\Intel\Wireless\Bin\C8021DEU.dll (C8021XSettings DLL/Intel Corporation) 0x00E40000
Library C:\Programme\Intel\Wireless\Bin\LSAWRAPI.dll (LSAWRAPI/Intel Corporation) 0x23000000
Library C:\Programme\Intel\Wireless\Bin\PfMgrApi.dll (ProfileMgrApi DLL/Intel Corporation) 0x07910000
Library C:\Programme\Intel\Wireless\Bin\DbEngine.dll (Secure Database Egnine DLL/Intel Corporation) 0x07710000
Library C:\Programme\Intel\Wireless\Bin\LIBEAY32.dll (OpenSSL Shared Library/The OpenSSL Project, http://www.openssl.org/) 0x07A50000

Process C:\WINDOWS\system32\wbem\wmiprvse.exe (WMI/Microsoft Corporation) 2436
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000

Process C:\WINDOWS\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) 2524
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000

Process C:\WINDOWS\Explorer.EXE (Windows Explorer/Microsoft Corporation) 2544
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000
Library C:\Programme\Nokia\Nokia PC Suite 6\PhoneBrowser.dll (Phone Browser/Nokia) 0x10000000
Library C:\Programme\Nokia\Nokia PC Suite 6\PCSCM.dll (PC Suite Common Modules/Nokia) 0x02D90000
Library C:\Programme\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_ger.nlr (Nokia Phone Browser language resources/Nokia) 0x012B0000
Library C:\Programme\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr (Nokia Phone Browser graphics resources/Nokia) 0x02F40000
Library C:\Programme\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes' Anti-Malware/Malwarebytes Corporation) 0x00D20000
Library C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ShellEx.dll (Windows Shell Extension/Kaspersky Lab) 0x358F0000
Library c:\windows\system32\netprovcredman.dll (Network Provider Credentials Manager/Intel Corporation) 0x02170000
Library C:\WINDOWS\system32\LMIRfsClientNP.dll (LogMeIn Rfs Client Network Provider/LogMeIn, Inc.) 0x02730000
Library C:\PROGRA~1\SPYBOT~1\SDHelper.dll (SBSD IE Protection/Safer Networking Limited) 0x038F0000
Library C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU (PDF Shell Extension/Adobe Systems, Inc.) 0x04600000

Process C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TosBtMng/TOSHIBA CORPORATION.) 2716
Library C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TosBtMng/TOSHIBA CORPORATION.) 0x00400000
Library C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosCpsAPI.dll (TosCpsAPI/TOSHIBA CORPORATION.) 0x10000000
Library C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMngHelp.dll (TosBtMngHelp/TOSHIBA CORPORATION.) 0x00340000
Library C:\WINDOWS\system32\TosAvAPI.dll (TosAvAPI/TOSHIBA CORPORATION.) 0x00380000
Library C:\WINDOWS\system32\TosBtSDDB.dll (TosBtSDDB/TOSHIBA CORPORATION.) 0x00390000
Library C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMngLang.dll (TosBtMngLang/TOSHIBA CORPORATION.) 0x003C0000
Library C:\WINDOWS\system32\TosBdAPI.dll (TosBdAPI/TOSHIBA CORPORATION.) 0x003D0000
Library C:\WINDOWS\system32\TosCommAPI.dll 0x00730000
Library C:\WINDOWS\system32\TosLaneAPI.dll (TosLaneApi/TOSHIBA CORPORATION.) 0x00750000
Library C:\WINDOWS\system32\TosBtAPI.dll (TosBtAPI/TOSHIBA CORPORATION.) 0x00770000
Library C:\WINDOWS\system32\LCWizard.dll (Bluetooth Local COM Setup Wizard/TOSHIBA CORPORATION) 0x007E0000
Library C:\Programme\Toshiba\Bluetooth Toshiba Stack\BtUsrMod.dll (BtUsrMod DLL/TOSHIBA CORPORATION) 0x00870000
Library C:\WINDOWS\system32\TosHidAPI.dll (TosHidAPI/TOSHIBA CORPORATION.) 0x008B0000
Library C:\WINDOWS\system32\TosGnsAPI.dll (TosGnsAPI/TOSHIBA CORPORATION.) 0x008D0000
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000
Library C:\WINDOWS\system32\TosAcpiAPI.dll (TosAcpiApi/TOSHIBA CORPORATION.) 0x00FA0000
Library C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtLoad.dll (TosBtLoad/TOSHIBA) 0x01080000

Process C:\Programme\Sony\VAIO Power Management\OPT Drive Power Saving.exe (OPT Drive Power Saving/Sony Corporation) 2728
Library C:\Programme\Sony\VAIO Power Management\OPT Drive Power Saving.exe (OPT Drive Power Saving/Sony Corporation) 0x00400000
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000
Library C:\Programme\Sony\VAIO Power Management\KoralCommonDll.dll ( CD/DVD Drive Power Saving Setting Utility/Sony Corporation) 0x10000000
Library C:\Programme\Gemeinsame Dateien\Sony Shared\Sony Utilities\SnyUtils.dll (SnyUtils.DLL/Sony Corporation) 0x00FB0000
Library C:\Programme\Gemeinsame Dateien\Sony Shared\SXBIOS\sxbios.dll (SxBios DLL/Sony Corporation) 0x00FE0000
Library C:\Programme\Sony\VAIO Power Management\de-DE\OPT Drive Power Saving.resources.dll ( / ) 0x01390000

Process C:\Programme\Apoint\Apntex.exe (Alps Pointing-device Driver for Windows NT/2000/XP/Alps Electric Co., Ltd.) 2984
Library C:\Programme\Apoint\Apntex.exe (Alps Pointing-device Driver for Windows NT/2000/XP/Alps Electric Co., Ltd.) 0x00400000
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000
Library C:\WINDOWS\system32\VXDIF.DLL (Vxdif/Alps Electric Co., Ltd.) 0x10000000

Process C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (TosBtHSP/TOSHIBA CORPORATION.) 3040
Library C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (TosBtHSP/TOSHIBA CORPORATION.) 0x00400000
Library C:\WINDOWS\system32\TosBtECCAPI.dll (TosBtECCAPI/TOSHIBA CORPORATION.) 0x10000000
Library C:\WINDOWS\system32\TosBtAPI.dll (TosBtAPI/TOSHIBA CORPORATION.) 0x00330000
Library C:\WINDOWS\system32\TosBdAPI.dll (TosBdAPI/TOSHIBA CORPORATION.) 0x003A0000
Library C:\WINDOWS\system32\LCWizard.dll (Bluetooth Local COM Setup Wizard/TOSHIBA CORPORATION) 0x004C0000
Library C:\WINDOWS\system32\TosSndAPI.dll (TosSndAPI/TOSHIBA CORPORATION.) 0x003C0000
Library C:\WINDOWS\system32\TosSndPlug.dll (TosSndPlug/TOSHIBA CORPORATION.) 0x00550000
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000

Process C:\WINDOWS\system32\taskmgr.exe (Windows Task-Manager/Microsoft Corporation) 3376
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000

Process C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TosA2dp/TOSHIBA CORPORATION.) 3676
Library C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TosA2dp/TOSHIBA CORPORATION.) 0x00400000
Library C:\WINDOWS\system32\TosBtECCAPI.dll (TosBtECCAPI/TOSHIBA CORPORATION.) 0x10000000
Library C:\WINDOWS\system32\TosBtAPI.dll (TosBtAPI/TOSHIBA CORPORATION.) 0x00340000
Library C:\WINDOWS\system32\TosBdAPI.dll (TosBdAPI/TOSHIBA CORPORATION.) 0x003B0000
Library C:\WINDOWS\system32\TosAvdtAPI.dll (TosAvdtAPI/TOSHIBA CORPORATION.) 0x004C0000
Library C:\WINDOWS\system32\TosSndAPI.dll (TosSndAPI/TOSHIBA CORPORATION.) 0x003D0000
Library C:\WINDOWS\system32\TosSndPlug.dll (TosSndPlug/TOSHIBA CORPORATION.) 0x00550000
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000

Process C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) 3876
Library C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) 0x00400000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000

Process C:\WINDOWS\system32\hkcmd.exe (hkcmd Module/Intel Corporation) 3988
Library C:\WINDOWS\system32\hkcmd.exe (hkcmd Module/Intel Corporation) 0x00400000
Library C:\WINDOWS\system32\hccutils.DLL (hccutils Module/Intel Corporation) 0x10000000
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000
Library C:\WINDOWS\system32\igfxsrvc.dll (igfxsrvc Module/Intel Corporation) 0x00990000

Process C:\WINDOWS\system32\igfxpers.exe (persistence Module/Intel Corporation) 4000
Library C:\WINDOWS\system32\igfxpers.exe (persistence Module/Intel Corporation) 0x00400000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000
Library C:\WINDOWS\system32\igfxsrvc.dll (igfxsrvc Module/Intel Corporation) 0x10000000

Process C:\Programme\Apoint\Apoint.exe (Alps Pointing-device Driver/Alps Electric Co., Ltd.) 4020
Library C:\Programme\Apoint\Apoint.exe (Alps Pointing-device Driver/Alps Electric Co., Ltd.) 0x00400000
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000
Library C:\WINDOWS\system32\VXDIF.DLL (Vxdif/Alps Electric Co., Ltd.) 0x10000000
Library C:\Programme\Apoint\Apoint.DLL (Alps Pointing-device Driver/Alps Electric Co., Ltd.) 0x00A60000
Library C:\Programme\Apoint\EzAuto.dll (Alps pointing device extension/Alps Electric Co., Ltd.) 0x00AB0000
Library C:\Programme\Apoint\ApRes.dll (Alps Pointing-device Driver/Alps Electric Co., Ltd.) 0x01680000
Library C:\Programme\Apoint\EzLaunch.DLL (Easy Launcher/Alps Electric Co., Ltd.) 0x018D0000

Process C:\Programme\Sony\VAIO Power Management\SPMgr.exe (SPM Module/Sony Corporation) 4032
Library C:\Programme\Sony\VAIO Power Management\SPMgr.exe (SPM Module/Sony Corporation) 0x00400000
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000
Library C:\Programme\Sony\VAIO Power Management\SPMDAM.dll (SPM Data Access Manager/Sony Corporation) 0x10000000
Library C:\Programme\Gemeinsame Dateien\Sony Shared\Sony Utilities\SnyUtils.dll (SnyUtils.DLL/Sony Corporation) 0x00AA0000
Library C:\Programme\Gemeinsame Dateien\Sony Shared\SXBIOS\sxbios.dll (SxBios DLL/Sony Corporation) 0x00AC0000
Library C:\Programme\Sony\VAIO Power Management\SPMRes.dll (SPM Resource/Sony Corporation) 0x00DF0000
Library C:\Programme\Intel\Wireless\Bin\MurocApi.dll (MurocApi DLL/Intel Corporation) 0x00E40000
Library C:\Programme\Intel\Wireless\Bin\S24MUDLL.dll (Interface DLL for S24EvMon functions/Intel Corporation) 0x00F90000
Library C:\Programme\Intel\Wireless\Bin\PsRegApi.dll (PsRegApi/Intel Corporation) 0x00FD0000
Library C:\Programme\Intel\Wireless\Bin\TraceAPI.DLL (TraceAPI Module/Intel Corporation) 0x01090000
Library C:\Programme\Intel\Wireless\Bin\IntStngs.dll (IntelSettings DLL/Intel Corporation) 0x01140000
Library C:\Programme\Intel\Wireless\Bin\LIBEAY32.dll (OpenSSL Shared Library/The OpenSSL Project, http://www.openssl.org/) 0x011D0000
Library C:\Programme\Sony\VAIO Power Management\SPMDrv.dll (SPM driver/Sony Corporation) 0x06CE0000

Process C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Wireless Switch Setting Utility/Sony Corporation) 4052
Library C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Wireless Switch Setting Utility/Sony Corporation) 0x00400000
Library C:\Programme\Sony\Wireless Switch Setting Utility\Frn.dll (Frn DLL/Sony Corporation) 0x10000000
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000
Library C:\Programme\Sony\Wireless Switch Setting Utility\SwitcherLocale.dll (Wireless Switch Setting Utility/Sony Corporation) 0x00BB0000
Library C:\Programme\Sony\Wireless Switch Setting Utility\WissuIF.dll (Wireless Switch Setting Utility/Sony Corporation) 0x00A80000
Library C:\Programme\Gemeinsame Dateien\Sony Shared\Sony Utilities\SnyUtils.dll (SnyUtils.DLL/Sony Corporation) 0x00C20000
Library C:\Programme\Gemeinsame Dateien\Sony Shared\SXBIOS\sxbios.dll (SxBios DLL/Sony Corporation) 0x00C40000
Library C:\Programme\Intel\Wireless\Bin\S24MUDLL.dll (Interface DLL for S24EvMon functions/Intel Corporation) 0x01080000
Library C:\Programme\Intel\Wireless\Bin\PsRegApi.dll (PsRegApi/Intel Corporation) 0x010D0000
Library C:\Programme\Intel\Wireless\Bin\TraceAPI.dll (TraceAPI Module/Intel Corporation) 0x011B0000
Library C:\Programme\Intel\Wireless\Bin\PfMgrAPI.dll (ProfileMgrApi DLL/Intel Corporation) 0x01280000
Library C:\Programme\Intel\Wireless\Bin\DbEngine.dll (Secure Database Egnine DLL/Intel Corporation) 0x013D0000
Library C:\Programme\Intel\Wireless\Bin\LIBEAY32.dll (OpenSSL Shared Library/The OpenSSL Project, http://www.openssl.org/) 0x01470000
Library C:\Programme\Intel\Wireless\Bin\IntStngs.dll (IntelSettings DLL/Intel Corporation) 0x01580000
Library C:\Programme\Intel\Wireless\Bin\C1XStngs.dll (C8021XSettings DLL/Intel Corporation) 0x01670000
Library C:\Programme\Intel\Wireless\Bin\C8021DEU.dll (C8021XSettings DLL/Intel Corporation) 0x01790000
Library C:\Programme\Intel\Wireless\Bin\MurocApi.dll (MurocApi DLL/Intel Corporation) 0x017C0000

Process C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) 4076
Library C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) 0x00400000
Library C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (kldialhk/Kaspersky Lab) 0x35020000
Library C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky OE plugin loader/Kaspersky Lab) 0x354C0000
Library C:\Programme\Gemeinsame Dateien\Sony Shared\Sony Utilities\SnyUtils.dll (SnyUtils.DLL/Sony Corporation) 0x10000000
Library C:\Programme\Gemeinsame Dateien\Sony Shared\SXBIOS\sxbios.dll (SxBios DLL/Sony Corporation) 0x003C0000
Library C:\Programme\Sony\ISB Utility\ISBRes.dll (Sony Corporation) 0x00D80000

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\System32\Drivers\5U870UVCx86.sys (Ricoh USB Camera driver/Ricoh) [MANUAL] 5U870UVC
Service C:\WINDOWS\system32\DRIVERS\AegisP.sys (IEEE 802.1X Protocol Driver/Cisco Systems, Inc.) [AUTO] AegisP
Service C:\WINDOWS\system32\DRIVERS\Apfiltr.sys (Alps Touch Pad Driver/Alps Electric Co., Ltd.) [MANUAL] ApfiltrService
Service C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple Inc.) [AUTO] Apple Mobile Device
Service C:\Programme\Kaspersky [AUTO] avp
Service C:\Programme\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) [AUTO] Bonjour Service
Service C:\WINDOWS\system32\brsvc01a.exe (brsvc01a/brother Industries Ltd) [AUTO] Brother XP spl Service
Service C:\WINDOWS\System32\Drivers\BrScnUsb.sys (Brother USB Scanner Driver/Brother Industries Ltd.) [MANUAL] BrScnUsb
Service C:\WINDOWS\system32\Drivers\DgiVecp.sys [AUTO] DgiVecp
Service C:\WINDOWS\system32\DRIVERS\DMICall.sys (Windows 2000 DMI Call Kernel Driver/Sony Corporation) [SYSTEM] DMICall
Service C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel(R) PROSet/Wireless Event Log/Intel Corporation) [AUTO] EvtEng
Service C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) [MANUAL] GEARAspiWDM
Service C:\WINDOWS\system32\DRIVERS\hamachi.sys (Hamachi Virtual Network Interface Driver/LogMeIn, Inc.) [MANUAL] hamachi
Service C:\Programme\Hamachi\hamachi.exe (Hamachi Client/LogMeIn Inc.) [AUTO] HamachiService
Service C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows (R) Server 2003 DDK provider) [MANUAL] HDAudBus
Service C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys (HSF_HWAZL WDM driver/Conexant Systems, Inc.) [MANUAL] HSFHWAZL
Service C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (HSF_DP driver/Conexant Systems, Inc.) [MANUAL] HSF_DPV
Service C:\WINDOWS\system32\DRIVERS\igxpmp32.sys (Intel Graphics Miniport Driver/Intel Corporation) [MANUAL] ialm
Service C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek(r) High Definition Audio Function Driver/Realtek Semiconductor Corp.) [MANUAL] IntcAzAudAddService
Service IntelNetProvCredMan
Service C:\Programme\iPod\bin\iPodService.exe (iPodService Module/Apple Inc.) [MANUAL] iPod Service
Service C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) [BOOT] kl1
Service C:\WINDOWS\system32\drivers\klbg.sys (KLBG Mini-Filter/Kaspersky Lab) [BOOT] klbg
Service C:\WINDOWS\system32\DRIVERS\klfltdev.sys (KLFLTDEV Pnp device filter/Kaspersky Lab) [MANUAL] KLFLTDEV
Service C:\WINDOWS\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) [SYSTEM] klif
Service C:\WINDOWS\system32\DRIVERS\klim5.sys (Kaspersky Lab Intermediate Network Driver/Kaspersky Lab) [MANUAL] klim5
Service C:\Programme\LogMeIn\x86\RaInfo.sys (RemotelyAnywhere Kernel Information Provider/LogMeIn, Inc.) [AUTO] LMIInfo
Service C:\Programme\LogMeIn\x86\RaMaint.exe (LogMeIn Maintenance Service/LogMeIn, Inc.) [DISABLED] LMIMaint
Service C:\WINDOWS\system32\DRIVERS\lmimirr.sys (LogMeIn Mirror Miniport Driver/LogMeIn, Inc.) [MANUAL] lmimirr
Service C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn Rfs Drivemap Driver/LogMeIn, Inc.) [AUTO] LMIRfsDriver
Service C:\Programme\LogMeIn\x86\LogMeIn.exe (LogMeIn/LogMeIn, Inc.) [DISABLED] LogMeIn
Service C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes' Anti-Malware/Malwarebytes Corporation) [MANUAL] MBAMProtector
Service C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes' Anti-Malware/Malwarebytes Corporation) [AUTO] MBAMService
Service C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Diagnostic Interface x86 Driver/Conexant) [AUTO] mdmxsdk
Service MSDTC Bridge 3.0.0.0
Service C:\WINDOWS\system32\DRIVERS\NETw4x32.sys (Intel® Wireless WiFi Link Driver/Intel Corporation) [MANUAL] NETw4x32
Service C:\WINDOWS\system32\drivers\nmwcd.sys (Nokia USB Phone Bus Driver/Nokia) [MANUAL] nmwcd
Service C:\WINDOWS\system32\drivers\nmwcdc.sys (Nokia USB Phone Generic Client/Nokia) [MANUAL] nmwcdc
Service C:\WINDOWS\system32\drivers\nmwcdcj.sys (Nokia USB Phone Modem Client/Nokia) [MANUAL] nmwcdcj
Service C:\WINDOWS\system32\drivers\nmwcdcm.sys (Nokia USB Phone Modem Client/Nokia) [MANUAL] nmwcdcm
Service Outlook
Service C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink
Service C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel(R) PROSet/Wireless Registry Service/Intel Corporation) [AUTO] RegSrvc
Service C:\WINDOWS\system32\DRIVERS\rimsptsk.sys (RICOH MS Driver/REDC) [MANUAL] rimsptsk
Service C:\WINDOWS\system32\DRIVERS\risdptsk.sys (RICOH SD/MMC Driver/REDC) [BOOT] risdptsk
Service C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Wireless Management Service/Intel Corporation ) [AUTO] S24EventMonitor
Service C:\WINDOWS\system32\DRIVERS\s24trans.sys (Intel WLAN Packet Driver/Intel Corporation) [AUTO] s24trans
Service C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [MANUAL] Secdrv
Service C:\Programme\PC Connectivity Solution\ServiceLayer.exe (ServiceLayer Module/Nokia.) [MANUAL] ServiceLayer
Service ServiceModelEndpoint 3.0.0.0
Service ServiceModelOperation 3.0.0.0
Service ServiceModelService 3.0.0.0
Service SMSvcHost 3.0.0.0
Service C:\WINDOWS\system32\DRIVERS\SonyNC.sys (Sony Notebook Control driver/Sony Corporation) [MANUAL] SNC
Service C:\WINDOWS\system32\DRIVERS\SonyImgF.sys (Sony Image Filter Driver/Sony Corporation) [MANUAL] SonyImgF
Service C:\WINDOWS\system32\DRIVERS\SonyPI.sys (Sony Programmable I/O Control Device/Sony Corporation) [MANUAL] SPI
Service C:\WINDOWS\system32\Drivers\SSPORT.sys [AUTO] SSPORT
Service C:\WINDOWS\system32\DRIVERS\StreamIP.sys (Microsoft IP Test Driver/Microsoft Corporation) [MANUAL] streamip
Service C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA Bluetooth Service/TOSHIBA CORPORATION) [AUTO] TOSHIBA Bluetooth Service
Service C:\WINDOWS\system32\DRIVERS\tosporte.sys (TOSHIBA Bluetooth Port Emulation Driver/TOSHIBA Corporation) [MANUAL] tosporte
Service C:\WINDOWS\system32\DRIVERS\tosrfbd.sys (Bluetooth RF Bus Driver/TOSHIBA CORPORATION) [MANUAL] tosrfbd
Service C:\WINDOWS\System32\Drivers\tosrfbnp.sys (Bluetooth RFBNEP Driver/TOSHIBA Corporation) [MANUAL] tosrfbnp
Service C:\WINDOWS\System32\Drivers\tosrfcom.sys (Bluetooth RFCOMM Driver/TOSHIBA Corporation) [SYSTEM] Tosrfcom
Service C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys (Bluetooth HID Driver from TOSHIBA/TOSHIBA Corporation.) [MANUAL] Tosrfhid
Service C:\WINDOWS\system32\DRIVERS\tosrfnds.sys (Bluetooth BNEP Driver/TOSHIBA Corporation.) [MANUAL] tosrfnds
Service C:\WINDOWS\system32\drivers\tosrfsnd.sys (Bluetooth Audio Driver (WDM)/TOSHIBA Corporation) [MANUAL] TosRfSnd
Service C:\WINDOWS\system32\DRIVERS\tosrfusb.sys (Bluetooth USB Miniport Driver/TOSHIBA CORPORATION) [MANUAL] tosrfusb
Service system32\DRIVERS\UIUSYS.SYS [MANUAL] UIUSys
Service C:\Programme\SONY\VAIO Event Service\VESMgr.exe (VAIO Event Service (Service Module)/Sony Corporation) [AUTO] VAIO Event Service
Service C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (HSF_CNXT driver/Conexant Systems, Inc.) [MANUAL] winachsf
Service Windows Workflow Foundation 3.0.0.0
Service C:\WINDOWS\system32\DRIVERS\yk51x86.sys (NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller/Marvell) [MANUAL] yukonwxp

---- EOF - GMER 1.0.15 ----
fsecure blacklight

Zitat

05/07/10 09:51:06 [Info]: BlackLight Engine 2.2.1092 initialized
05/07/10 09:51:06 [Info]: OS: 5.1 build 2600 (Service Pack 3)
05/07/10 09:51:06 [Note]: 7019 4
05/07/10 09:51:06 [Note]: 7005 0
05/07/10 09:51:10 [Note]: 7006 0
05/07/10 09:51:10 [Note]: 7011 2544
05/07/10 09:51:10 [Note]: 7035 0
05/07/10 09:51:11 [Note]: 7026 0
05/07/10 09:51:11 [Note]: 7026 0
05/07/10 09:51:15 [Note]: FSRAW library version 1.7.1024
05/07/10 10:02:04 [Note]: 7007 0
trendmicro rootkit buster

Zitat

+----------------------------------------------------
| Trend Micro RootkitBuster
| Module version: 2.80.0.1077
+----------------------------------------------------


--== Dump Hidden MBR, Hidden Files and Alternate Data Streams on C:\ ==--
No hidden files found.

--== Dump Hidden Registry Value on HKLM ==--
No hidden registry entries found.


--== Dump Hidden Process ==--
No hidden processes found.

--== Dump Hidden Driver ==--
No hidden drivers found.
superantispyware

Zitat

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/07/2010 at 01:28 PM

Application Version : 4.36.1006

Core Rules Database Version : 4852
Trace Rules Database Version: 2713

Scan type : Quick Scan
Total Scan Time : 00:14:35

Memory items scanned : 569
Memory threats detected : 0
Registry items scanned : 518
Registry threats detected : 0
File items scanned : 6736
File threats detected : 3

Adware.Tracking Cookie
C:\Dokumente und Einstellungen\vaio tz\Cookies\vaio_tz@www.googleadservices[1].txt
C:\Dokumente und Einstellungen\vaio tz\Cookies\vaio_tz@2o7[1].txt
C:\Dokumente und Einstellungen\vaio tz\Cookies\vaio_tz@ad.zanox[2].txt
ich bin jetzt natürlich sehr besorgt, da ich nicht weiss wielange die atapi.sys geschichte schon auf dem system war und ob evtl. daten gestohlen wurden, oder zielen solche dinge eher auf user/pw kombinationen ab um bankdaten zu erhaschen?

meine kreditkarten haben ich heute vorsorglich sperren lassen und alle onlinebanking pins per (hoffentlich rootfreiem...) iphone geändert. die logins zu foren habe ich nun jetzt noch vor zu ändern...alles wichtige wie email, ebay etc. ist bereits geschehen. meint ihr ich muss mir weitere sorgen machen da nicht funktionstuechtige logins einfach entsorgt werden oder wurde evtl mitunter nichts sensibles übertragen da gefundener trojaner nicht auch gleich funktionstuechtig sein muss?

kann es auch sein dass solche kits lediglich erstmal nur ein tuerchen oeffnen um dann weitere exe files zu laden und nicht direkt ans eingemachte keyloggen gehen?

ich danke euch schon mal im vorraus und hoffe heute nacht mal wieder schlafen zu können...
mein betroffenes notebook werde ich formatieren. wie sieht es mit daten wie docs/jpg etc aus? kann ich das ales vergessen oder gibt es eine möglichkeit zu überorüfen ob die files garantiert schadfrei sind?
Seitenanfang Seitenende
07.05.2010, 20:13
Member

Beiträge: 3716
#2 warum nutzt du hier kein kaspersky 2010?
deinen andern pc solltest du entweder von uns untersuchen lassen bzw nach dieser anleitung neu aufsetzen:
http://board.protecus.de/t13020.htm
du hast schon mal alle zugangsdaten geendert, das ist gut.
Seitenanfang Seitenende
07.05.2010, 20:18
Member

Themenstarter

Beiträge: 14
#3 2010 werde ich jetzt installieren.
beim anderen pc gehe ich kein risiko ein, formatierung ist in ordnung, auch wenn schlimmstenfalls aus sicherheitsgründen alle darauf befindlichen daten dran glauben müssten...

sind denn die logs von diesem notebook in ordnung?
Seitenanfang Seitenende
07.05.2010, 20:21
Moderator

Beiträge: 5694
#4 Hallo und herzlich Willkommen auf Protecus.de

Um ein infiziertes System zu bereinigen bedarf es neben Zeit auch die Beachtung folgender Punkte:

• Halte Dich an die Anweisungen des jeweiligen Helfers.
• Falls Du externen Speichermedien (USB Sticks, Festplatten) hast, dann schliesse die vor der Reinigung an.
• Während der Reinigung solltest Du weder Programme installieren noch deinstallieren, welche nicht ausdrücklich verlangt werden.
• Bitte arbeite jeden Schritt der Reihe nach ab.
• Falls bei einem Schritt Probleme auftauchen, poste was du bereits hast und melde Dich mit dem Problembeschreiben.


• Die Bereinigung ist erst beendet wenn der jeweilige Helfer das OK gibt.
• Wenn die Kiste wieder flott läuft heisst das nicht, dass das Sytem auch sauber ist.
• Bei geschäftlich genutzten Rechner sollte der zuständige IT Verantwortliche beigezogen werden.
• Ein Support unsererseits kann unter Umständen bei einem Firmenrechner abgelehnt werden.
• Bei illegaler Software besteht die Möglichkeit, dass der Support eingestellt wird.
• Jegliche Cracks oder Keygens werden weder gefördert noch akzeptiert.
• Bei stark infizierten Systemen vorallem wenn Backdoors oder Rootkits involviert sind kann es vorkommen, dass ein Helfer zum Neuaufsetzen rät.
• In letzter Instanz ist dann immer der User welcher entscheidet.


Vista und Win7 User:

Alle Programme und Tools, die wir anordnen, immer mit Rechtsklick und Als Administrator ausführen.

Schritt 1

Also diese Log sind sauber. Aber denoch mache folgendes:

Malwarebytes Anti-Malware

Lade MBAM herunter, installiere es und wähle bei Reiter:

-> “Update“> “Suche nach Aktualisierungen“
-> “Einstellungen“> “Beende Internet Explorer während des Löschvorgangs“
-> “Scanner”> "Quickscan durchfuehren".

Wenn am Ende Infizierungen gefunden werden, diese anhaken und entfernen lassen. Starte dein Rechner neu

Schritt 2

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

>Doppelklick auf die OTL.exe
-->Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
>Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
>Unter Extra Registry, wähle bitte Use SafeList
>Klicke nun auf Run Scan links oben
>Wenn der Scan beendet wurde werden 2 Logfiles erstellt
>Poste die Logfiles in Code-Tags hier in den Thread.




Bezüglich Deinem betroffenen PC poste ich Dir einfach einmal folgendes:

Backdoor Warnung

Da Dein Computer mit einer sog. Backdoor (Hintertür) infiziert ist, lies Dir diesen Beitrag sehr aufmerksam durch. Eine Backdoor versteckt sich durch ein Rootkit. Backdoors verursachen diverse Schäden in Windows und erlauben dem Angreifer die komplette Kontrolle über das infizierte System zu übernehmen. Sei Dir bewusst, dass der Angreifer neue Schädlinge bei Bedarf "nachladen" kann, dass er Tastatur-Eingaben mitloggen kann, dass er Programme ausführen kann und/oder sehen kann, was auf Deinem Bildschirm passiert. Daher lautet meine dringende Empfehlung, zu formatieren und Windows neu zu installieren. Das Thema wird sehr kontrovers diskutiert, aber viele Experten aus der "Security Comunity" sind sicher, dass ein einmal mit einer Backdoor infiziertes System auch nach einer Bereiniung nicht wieder als vertrauenswürdig anzusehen ist, denn es ist nicht das Gefährliche, was wir sehen, sondern das, was wir nicht sehen.

Eine weitere Gefahr bei dieser Art von Infektion ist der Identitätsklau, denn diese Art von Schädling kann alle Deine Passwörter stehlen, E-Mail-Daten, Bankdaten, Karten-Nummern usw. durch Mitloggen der Tastatur-Eingaben ausspionieren. Mit diesem System auf keinen Fall mehr Online-Banking, Filesharing, Mailing oder Messaging betreiben. Keine Up- und Downloads, außer auf Security-Seiten. Es ist daher eine gute Idee, alle auf diesem System gespeicherten oder benutzten Passwörter von einem garantiert sauberen Rechner aus durch neue Passwörter zu ersetzen.

Bitte trenne den Computer während der Neuinstallation oder Bereinigung vom Internet (Netz und WLAN), denn wenn der Computer am Netz angeschlossen ist, kann der Angreifer das System weiter modifizieren und vorbeugende Maßnahmen treffen, damit eine Bereinigung so manipuliert wird, dass Fixes nicht so ausgeführt werden, wie vorgesehen.

Tiefergehende Informationen zu diesem Thema findest Du bei Gehen Sie sicher ins Internet.

Zitat

Da der Computer aktuell als komprimitiert eingestuft wird, unbedingt den Rechner vom Netz trennen, wenn er unbeaufsichtigt ist.
Mit diesem Computer keinesfalls Online-Banking, Filesharing, Mailing oder Messaging betreiben.
Keine Up- und Downloads, außer auf Security-Seiten.
Alle auf diesem System gespeicherten Passwörter von einem garantiert sauberen Rechner aus durch neue ersetzen.
Mehr Information zum Thema, siehe auch System-Sicherheit


Du kannst jegliche Daten sichern welche nicht ausführbar sind:
http://de.wikipedia.org/wiki/Ausf%C3%BChrbare_Datei
D.h. Jpg. doc. txt...


Sichere diese auf eine externe Platte und gehe dabei folgendermassen vor:
http://www.hijackthis-forum.de/tipps-tricks/27560-neuaufsetzen-windows-xp-vista-und-windows-7-anleitungen.html#post255576
Seitenanfang Seitenende
07.05.2010, 20:29
Member

Beiträge: 3716
#5 du kannst deine daten schon sichern, ist kein problem, das hier gepostete sieht alles gut aus.
Seitenanfang Seitenende
07.05.2010, 20:50
Member

Themenstarter

Beiträge: 14
#6 OTL logfile

Code

OTL logfile created on: 07.05.2010 20:28:39 - Run 1
OTL by OldTimer - Version 3.2.4.1     Folder = C:\Dokumente und Einstellungen\vaio tz\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 61,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 20,03 Gb Total Space | 4,57 Gb Free Space | 22,82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 54,50 Gb Total Space | 46,96 Gb Free Space | 86,17% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VAIO
Current User Name: vaio tz
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Dokumente und Einstellungen\vaio tz\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Hamachi\hamachi.exe (LogMeIn Inc.)
PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
PRC - C:\Programme\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.)
PRC - C:\Programme\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation)
PRC - C:\Programme\SONY\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
PRC - C:\Programme\SONY\VAIO Power Management\OPT Drive Power Saving.exe (Sony Corporation)
PRC - C:\Programme\SONY\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
PRC - C:\Programme\SONY\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\SONY\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\WINDOWS\system32\brsvc01a.exe (brother Industries Ltd)
PRC - C:\WINDOWS\system32\brss01a.exe (brother Industries Ltd)


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - C:\Dokumente und Einstellungen\vaio tz\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll (Kaspersky Lab)
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll (Kaspersky Lab)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (HamachiService) -- C:\Programme\Hamachi\hamachi.exe (LogMeIn Inc.)
SRV - (avp) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
SRV - (LMIMaint) -- C:\Programme\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LogMeIn) -- C:\Programme\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (S24EventMonitor) Intel(R) -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) Intel(R) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (WLSetupSvc) -- C:\Programme\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (usnjsvc) -- C:\Programme\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (VAIO Event Service) -- C:\Programme\SONY\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (LPDSVC) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Brother XP spl Service) -- C:\WINDOWS\system32\brsvc01a.exe (brother Industries Ltd)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (klif) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (klbg) -- C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\system32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Programme\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab)
DRV - (KLFLTDEV) -- C:\WINDOWS\system32\drivers\klfltdev.sys (Kaspersky Lab)
DRV - (NETw4x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (SonyImgF) -- C:\WINDOWS\system32\drivers\SonyImgF.sys (Sony Corporation)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (risdptsk) -- C:\WINDOWS\system32\DRIVERS\risdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (5U870UVC) -- C:\WINDOWS\system32\drivers\5U870UVCx86.sys (Ricoh)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\nmwcd.sys (Nokia)
DRV - (nmwcdcm) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys (Nokia)
DRV - (nmwcdcj) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\nmwcdc.sys (Nokia)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (BrScnUsb) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys (Brother Industries Ltd.)
DRV - (SPI) -- C:\WINDOWS\system32\drivers\SonyPI.sys (Sony Corporation)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.06 20:28:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.06 20:28:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\THBExt [2008.11.30 20:13:11 | 000,000,000 | ---D | M]

[2008.09.07 14:10:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\vaio tz\Anwendungsdaten\Mozilla\Extensions
[2010.05.04 18:16:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\vaio tz\Anwendungsdaten\Mozilla\Firefox\Profiles\rmat2c5l.default\extensions
[2010.04.28 16:47:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\vaio tz\Anwendungsdaten\Mozilla\Firefox\Profiles\rmat2c5l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.04 18:16:30 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.03.19 10:58:32 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.19 10:58:32 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.19 10:58:32 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.19 10:58:32 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.19 10:58:32 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.05.07 02:03:21 | 000,393,148 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 13576 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVP] C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\SONY\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Programme\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [SetDefPrt] C:\Programme\Brother\Brmfl05a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm ()
O9 - Extra Button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: sat1.de ([www] http in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208615801328 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208615879390 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.27.27.127 62.52.50.57 193.189.244.205
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.dll - C:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\vaio tz\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\vaio tz\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.04.08 11:49:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010.05.07 19:13:40 | 000,000,000 | ---D | C] -- C:\promqryui
[2010.05.07 18:47:49 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\vaio tz\Desktop\OTL.exe
[2010.05.07 13:31:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\vaio tz\DoctorWeb
[2010.05.07 13:08:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
[2010.05.07 13:07:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\vaio tz\Anwendungsdaten\SUPERAntiSpyware.com
[2010.05.07 13:07:45 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2010.05.07 13:06:22 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
[2010.05.07 10:04:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\vaio tz\Desktop\TMRBLog
[2010.05.07 07:14:53 | 000,161,296 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010.05.07 07:14:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\vaio tz\Desktop\log
[2010.05.07 07:14:32 | 000,000,000 | ---D | C] -- C:\Programme\Sophos
[2010.05.07 06:54:32 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.05.07 06:53:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\vaio tz\Anwendungsdaten\Malwarebytes
[2010.05.07 06:53:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.05.07 06:53:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.05.07 06:53:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.05.07 06:53:37 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.05.07 00:41:46 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.05.07 00:41:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2010.05.07 00:38:32 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Downloads
[66 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 E:\Eigene Dateien\*.tmp files -> E:\Eigene Dateien\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010.05.07 20:27:44 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\vaio tz\Desktop\OTL.exe
[2010.05.07 19:14:00 | 007,864,320 | -H-- | M] () -- C:\Dokumente und Einstellungen\vaio tz\NTUSER.DAT
[2010.05.07 18:18:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.05.07 18:18:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.05.07 18:18:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.05.07 17:03:21 | 000,000,140 | ---- | M] () -- C:\Dokumente und Einstellungen\vaio tz\Desktop\DrWeb.csv
[2010.05.07 13:07:50 | 000,000,758 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.05.07 12:59:28 | 039,433,328 | ---- | M] () -- C:\Dokumente und Einstellungen\vaio tz\Desktop\lwd5wd2v.exe
[2010.05.07 10:02:34 | 000,000,534 | ---- | M] () -- C:\Dokumente und Einstellungen\vaio tz\Desktop\Verknüpfung mit fsbl-20100507075106.lnk
[2010.05.07 07:14:53 | 000,161,296 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010.05.07 07:14:17 | 000,442,400 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010.05.07 07:07:51 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\vaio tz\Desktop\6vh6rgwu.exe
[2010.05.07 06:54:34 | 000,001,704 | ---- | M] () -- C:\Dokumente und Einstellungen\vaio tz\Desktop\HijackThis.lnk
[2010.05.07 06:53:45 | 000,000,682 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.07 02:03:21 | 000,393,148 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.05.07 00:53:43 | 000,393,148 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100507-020321.backup
[2010.05.07 00:41:56 | 000,000,911 | ---- | M] () -- C:\Dokumente und Einstellungen\vaio tz\Desktop\Spybot - Search & Destroy.lnk
[2010.05.07 00:30:23 | 008,829,216 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010.05.07 00:30:23 | 000,122,456 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010.05.07 00:30:23 | 000,040,772 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2010.05.07 00:30:15 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\vaio tz\ntuser.ini
[2010.05.07 00:29:23 | 000,113,933 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010.05.07 00:29:23 | 000,097,549 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.27 10:45:47 | 000,022,528 | ---- | M] () -- E:\Eigene Dateien\Aufgabenliste edc.doc
[2010.04.15 19:24:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[66 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 E:\Eigene Dateien\*.tmp files -> E:\Eigene Dateien\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010.05.07 17:03:21 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\vaio tz\Desktop\DrWeb.csv
[2010.05.07 13:08:53 | 039,433,328 | ---- | C] () -- C:\Dokumente und Einstellungen\vaio tz\Desktop\lwd5wd2v.exe
[2010.05.07 13:07:50 | 000,000,758 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.05.07 10:02:34 | 000,000,534 | ---- | C] () -- C:\Dokumente und Einstellungen\vaio tz\Desktop\Verknüpfung mit fsbl-20100507075106.lnk
[2010.05.07 09:42:48 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\vaio tz\Desktop\6vh6rgwu.exe
[2010.05.07 06:54:34 | 000,001,704 | ---- | C] () -- C:\Dokumente und Einstellungen\vaio tz\Desktop\HijackThis.lnk
[2010.05.07 06:53:45 | 000,000,682 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.07 00:41:56 | 000,000,911 | ---- | C] () -- C:\Dokumente und Einstellungen\vaio tz\Desktop\Spybot - Search & Destroy.lnk
[2010.04.27 10:45:47 | 000,022,528 | ---- | C] () -- E:\Eigene Dateien\Aufgabenliste edc.doc
[2009.03.03 06:02:52 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ssp4ml3.dll
[2008.08.17 11:40:09 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\xrxg1l3.dll
[2008.06.23 18:38:12 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008.06.23 18:32:35 | 000,000,468 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008.06.23 18:32:35 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008.06.23 18:32:34 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2008.04.20 14:20:43 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.04.08 12:30:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008.04.08 12:13:35 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\igfxtvcx.dll
[2008.02.04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007.09.04 09:42:23 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4847.dll
[2007.03.29 23:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2006.12.05 13:05:06 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005.07.22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
< End of report >
extras log

Code

OTL Extras logfile created on: 07.05.2010 20:28:39 - Run 1
OTL by OldTimer - Version 3.2.4.1     Folder = C:\Dokumente und Einstellungen\vaio tz\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 61,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 20,03 Gb Total Space | 4,57 Gb Free Space | 22,82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 54,50 Gb Total Space | 46,96 Gb Free Space | 86,17% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VAIO
Current User Name: vaio tz
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\livecall.exe" = C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\livecall.exe" = C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{11964613-805F-432D-A12B-169554B793E7}" = Nokia Connectivity Cable Driver
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A23120C-CD83-4CE6-B451-C5C998052522}" = Battery Care Function
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{619A0D15-9CC3-477D-B4B0-EFC4E7122EEE}" = ODF Add-In für Microsoft Office
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7F831576-6246-42C7-B523-55B3F96509CC}" = LogMeIn
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{99A40651-0BC2-4095-8F9A-A40FAB224FEF}" = PC Connectivity Solution
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}" = Nokia PC Suite
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C518C7BF-A345-4019-815B-FFDF32EBCAD9}" = VAIO HDD Protection
"{C7EEC93A-2A61-4B1E-B696-A264680A889D}" = MobileMe Control Panel
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}" = Safari
"{E5145D2D-793B-4A16-BA42-3F13EEAA7D5E}" = iTunes
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1887DA9-5B90-403F-AFB6-1390FCAEA7B8}" = Citrix XenCenter
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows-Treiberpaket - Nokia Modem  (02/15/2007 3.1)
"4077F884D1BB007055BDB83B621D87220A73F30F" = Windows-Treiberpaket - Nokia (WUDFRd) WPD  (06/01/2007 6.84.33.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Windows-Treiberpaket - Nokia Modem  (02/15/2007 3.1)
"CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Windows-Treiberpaket - Nokia Modem  (05/24/2007 6.84.0.1)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_104D1700" = Soft Data Fax Modem with SmartCP
"getPlus(R)_dll" = getPlus(R)_dll
"Hamachi" = Hamachi 1.0.3.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallWIX_{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.9.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"ProInst" = Intel(R) PROSet/Wireless Software
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"TVWiz" = Intel(R) TV Wizard
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 07.02.2010 09:09:05 | Computer Name = VAIO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung spmgr.exe, Version 1.9.5.5250, fehlgeschlagenes
Modul spmgr.exe, Version 1.9.5.5250, Fehleradresse 0x0000b324.

Error - 07.02.2010 09:09:48 | Computer Name = VAIO | Source = Application Error | ID = 1001
Description = Fehlerhafter Speicherbereich 520687881.

Error - 07.02.2010 11:40:54 | Computer Name = VAIO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung spmgr.exe, Version 1.9.5.5250, fehlgeschlagenes
Modul spmgr.exe, Version 1.9.5.5250, Fehleradresse 0x0000b324.

Error - 07.02.2010 11:41:17 | Computer Name = VAIO | Source = Application Error | ID = 1001
Description = Fehlerhafter Speicherbereich 520687881.

Error - 06.05.2010 10:07:37 | Computer Name = VAIO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung spmgr.exe, Version 1.9.5.5250, fehlgeschlagenes
Modul spmgr.exe, Version 1.9.5.5250, Fehleradresse 0x0000b324.

Error - 06.05.2010 10:08:06 | Computer Name = VAIO | Source = Application Error | ID = 1001
Description = Fehlerhafter Speicherbereich 520687881.

Error - 07.05.2010 00:58:48 | Computer Name = VAIO | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei.  .

Error - 07.05.2010 00:58:48 | Computer Name = VAIO | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei.  .

[ System Events ]
Error - 06.05.2010 18:31:30 | Computer Name = VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2

Error - 06.05.2010 18:31:30 | Computer Name = VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2

Error - 07.05.2010 00:52:00 | Computer Name = VAIO | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.27.27.33 für die Netzwerkkarte mit der Netzwerkadresse
001B77742991 wurde durch  den DHCP-Server 192.27.27.127 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).

Error - 07.05.2010 03:35:47 | Computer Name = VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2

Error - 07.05.2010 03:35:47 | Computer Name = VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2

Error - 07.05.2010 06:39:53 | Computer Name = VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2

Error - 07.05.2010 06:39:53 | Computer Name = VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2

Error - 07.05.2010 12:18:23 | Computer Name = VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2

Error - 07.05.2010 12:18:23 | Computer Name = VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2

Error - 07.05.2010 12:23:33 | Computer Name = VAIO | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.27.27.33 für die Netzwerkkarte mit der Netzwerkadresse
001B77742991 wurde durch  den DHCP-Server 192.27.27.127 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).


< End of report >
Seitenanfang Seitenende
07.05.2010, 21:56
Moderator

Beiträge: 5694
#7 Und was meint Malwarebytes?
Seitenanfang Seitenende
07.05.2010, 22:14
Member

Themenstarter

Beiträge: 14
#8 sorry, ganz vergessen.

Code

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4073

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

07.05.2010 22:13:37
mbam-log-2010-05-07 (22-13-37).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 124293
Laufzeit: 12 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Seitenanfang Seitenende
08.05.2010, 18:19
Member

Themenstarter

Beiträge: 14
#9 also gehe ich recht in der annahme, dass das andere notebook an dem ich mich momentan befinde garantiert sauber ist, sodass ich die pws von hier ändern kann?

habe hier nun auch noch mal hitman pro 3.5. drüberlaufen lassen- nichts gefunden.
prevx 3.05 ist auch installiert und findet nichts + aktiver schutz ist an. somit momentaner schutz KIS 2010 + mbam realtimeschutz + prevx realtimeschutz
Seitenanfang Seitenende
08.05.2010, 18:42
Moderator

Beiträge: 5694
#10 Ja so ist es. Ich sehe kein Anzeichen auf eine Infektion oder andere Adware. Den anderen Laptop solltest Du dann unbedingt Neu aufsetzen bevor du irgendwelche externen Sachen anhängst. Die ANleitungen dafür stehen oben. Auch wie du die Daten sicher kannst.
Seitenanfang Seitenende
08.05.2010, 18:58
Member

Themenstarter

Beiträge: 14
#11 danke dir swiss!

ich habe über das andere notebook interessehalber combofix laufen lassen (die logs möchte ich nicht per usb stick o.ä. mit dem notebook hier in verbindung bringen):

Zitat

gelöscht:
windows\system\%appdata%
windows\fonts\code_39b_ttf
windows\system32\icon.ico
windows\system32\shellnk.tlb
windows\system32\test.dll

wuauclt.exe ist infiziert.

infizierte kopie von windows\system32\drivers\tdx.sys wurde desinfiziert.
sieht nach recherche aus wie tdss bzw. tdl3 da gmer bezüglich der atapi.sys (google redirection) die supsicious modification meldet.


heissen die funde automatisch auch dass mir daten gestohlen wurden und ich überwacht wurde oder ist das nicht zwingend erforderlich das auch schaden entstanden ist?

ich habe in keinen logs etwas von den üblichen lowsec (stolen data) einträgen gesehen.

ich bin nun doch sehr besorgt, trotz änderung bankverb./ kreditkarten und bereits aller wichtiger accountszugänge.

sollte ich mir noch über andere dinge sorgen machen oder übertreibe ich hier und bin vermutlich nur einer von hundertausenden beim datensammlungsversuch...?
Dieser Beitrag wurde am 08.05.2010 um 19:15 Uhr von scared editiert.
Seitenanfang Seitenende
08.05.2010, 19:18
Moderator

Beiträge: 5694
#12 Also ruf Deine Bank an und teile ihnen dies mit. Die sollen Dir dann neue Tans geben. Die wissen was zu machen ist. Dann sicher das PW wechslen bei Ebanking. Ob überhaupt schon ein Zugriff auf Dein em System stattgefunden hat kann man nicht sagen.
Seitenanfang Seitenende
08.05.2010, 19:24
Member

Themenstarter

Beiträge: 14
#13 ich habe alle meine onlinebankingpins geändert und werde die kto nummern ändern- ich nutze keine tan listen, nur mobile tans aufs handy.

was mich nur beunruhigt waren die verbindungsversuche richtung china/moldavien nachdem mir der google redirect aufgefallen ist. habe mbam gekauft und dann wurden besagte ips geblockt.

also ist es mit der sicherung der finanziellen informationen getan und ich muss mir im regelfall um nichts weiteres gedanken machen?...
Seitenanfang Seitenende
08.05.2010, 19:42
Moderator

Beiträge: 5694
Seitenanfang Seitenende
08.05.2010, 20:34
Member

Themenstarter

Beiträge: 14
#15 den router habe ich auch zu beginn gleich gecheckt. router ist sauber, pw auch geändert und einstellungen überprüft. die dns server sind korrekt.

also sollte die angelegenheit mit änderung aller relevaten logins abgehakt sein..?....
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: