PDA

View Full Version : csrss.exe



remoteplayfreak
2009-08-12, 09:16
hey guys :-)

i had malware on my computer wich was name csrss.exe. i know this is known as Client/Server Runtime Subsystem but my file was´nt only in C:\Windows\system32. i had avira antivir but this was´nt the right one. i installed kaspersky then and this one found the malware and removed it. but i don´t know if it´s really away, so someone from another board in germany told me to post my latest hijackThis log here.

hope you´ve got help for me xD

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:16:33, on 12.08.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programme\Analog Devices\SoundMAX\Smax4.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\Programme\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
F:\Programme\Autodesk\3ds Max 9\vrayspawner90.exe
C:\Programme\TightVNC\WinVNC.exe
F:\Programme\Autodesk\3ds Max 9\3dsmax.exe
C:\WINDOWS\TEMP\AdskCleanup.0001
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3C022B1-A92F-4246-AFC7-48EF945ABE7E}: NameServer = 192.168.178.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - F:\Programme\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: VRaySpawner 90 - Unknown owner - F:\Programme\Autodesk\3ds Max 9\vrayspawner90.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Programme\TightVNC\WinVNC.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - c:\xampp\service.exe

--
End of file - 9679 bytes

Shaba
2009-08-13, 07:17
Hi remoteplayfreak

Download at your desktop DDS from one of the links below:

Link 1 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link 2 (http://www.forospyware.com/sUBs/dds)

Double click the tool to run it.
A black Screen will open, just read the contents and do nothing.
When the tool finish it will open 2 reports.
Copy/paste both reports back here and remove DDS from your desktop.

remoteplayfreak
2009-08-13, 12:12
sorry for my bad english, but i´m from austria and 15 yeras old so...

but here are the two logs as i was told in the descriptoin of the program:


DDS (Ver_09-07-30.01) - NTFSx86
Run by mojo at 11:09:34,21 on 13.08.2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1535.751 [GMT 2:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programme\Analog Devices\SoundMAX\Smax4.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\devldr32.exe
svchost.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\Programme\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
F:\Programme\Autodesk\3ds Max 9\vrayspawner90.exe
C:\Programme\TightVNC\WinVNC.exe
F:\Programme\Autodesk\3ds Max 9\3dsmax.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\TEMP\AdskCleanup.0001
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\MICROS~4\OFFICE11\OUTLOOK.EXE
C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\mojo\Desktop\dds.scr
C:\Programme\Skype\Toolbars\Shared\SkypeNames.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programme\gemeinsame dateien\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\programme\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programme\gemeinsame dateien\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\programme\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\programme\spybot - search & destroy\TeaTimer.exe
mRun: [SoundMAXPnP] c:\programme\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\programme\analog devices\soundmax\Smax4.exe" /tray
mRun: [AdobeCS4ServiceManager] "c:\programme\gemeinsame dateien\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "c:\programme\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\programme\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\programme\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\programme\gemeinsame dateien\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\programme\java\jre6\bin\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [AVP] "c:\programme\kaspersky lab\kaspersky internet security 2010\avp.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-explorer: NoActiveDesktop = 00000000
IE: Hinzufügen zu Anti-Banner - c:\programme\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\programme\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\programme\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} - hxxp://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
TCP: {C3C022B1-A92F-4246-AFC7-48EF945ABE7E} = 192.168.178.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\gemein~1\skype\SKYPE4~1.DLL
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll

================= FIREFOX ===================

FF - ProfilePath - c:\dokume~1\mojo\anwend~1\mozilla\firefox\profiles\i9qtylvi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: c:\programme\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpjplug.dll
FF - plugin: c:\programme\mozilla firefox\plugins\NPMCult3DP.dll
FF - plugin: c:\programme\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\cult3d\NPMCult3DP.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\programme\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\programme\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\programme\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\programme\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\programme\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\programme\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\programme\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\programme\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\programme\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\programme\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\programme\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\programme\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\programme\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\programme\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\programme\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\programme\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\programme\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\programme\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\programme\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-6-15 128016]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-12-15 33808]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-8-11 296976]
R2 AVP;Kaspersky Internet Security;c:\programme\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-7-3 303376]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 VRaySpawner 90;VRaySpawner 90;f:\programme\autodesk\3ds max 9\vrayspawner90.exe [2009-7-28 118784]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-5-13 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-5-16 19472]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2009-8-1 33792]
S2 XAMPP;XAMPP Service;c:\xampp\service.exe [2007-12-21 60928]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2009-7-17 17408]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-12-23 50704]

=============== Created Last 30 ================

2009-08-13 10:50 3,329 a------- c:\windows\system32\wbem\Outlook_01ca1bf30f5c40ec.mof
2009-08-11 18:32 <DIR> --d----- c:\programme\Spybot - Search & Destroy
2009-08-11 18:32 <DIR> --d----- c:\dokume~1\alluse~1\anwend~1\Spybot - Search & Destroy
2009-08-11 17:20 <DIR> --d----- c:\windows\system32\LogFiles
2009-08-11 17:00 604,140 a--sh--- c:\windows\system32\drivers\ISwift3.dat
2009-08-11 16:56 105,395 a------- c:\windows\system32\drivers\klin.dat
2009-08-11 16:56 94,643 a------- c:\windows\system32\drivers\klick.dat
2009-08-11 16:55 <DIR> --d----- c:\programme\Kaspersky Lab
2009-08-11 16:55 <DIR> --d----- c:\dokume~1\alluse~1\anwend~1\Kaspersky Lab
2009-08-11 14:17 <DIR> --d----- c:\dokume~1\alluse~1\anwend~1\Kaspersky Lab Setup Files
2009-08-11 13:47 452,647 a----r-- C:\txtsetup.sif
2009-08-11 13:47 262,448 a----r-- C:\$LDR$
2009-08-11 13:47 <DIR> --d----- C:\$WIN_NT$.~BT
2009-08-11 13:47 <DIR> --d----- c:\windows\setup.pss
2009-08-11 13:24 82,432 a------- c:\windows\system32\msxml4r.dll
2009-08-11 13:24 44,544 a------- c:\windows\system32\msxml4a.dll
2009-08-11 13:24 1,233,920 a------- c:\windows\system32\msxml4.dll
2009-08-11 13:19 420,240 a------- c:\windows\system32\mpg4c32.dll
2009-08-11 13:19 309,616 a------- c:\windows\system32\wmv8dmod.dll
2009-08-11 13:19 245,760 a------- c:\windows\system32\mp4sds32.ax
2009-08-11 13:17 <DIR> --d----- c:\programme\MAGIX Online Druck Service
2009-08-11 13:17 <DIR> --d----- c:\programme\gemeinsame dateien\MAGIX Shared
2009-08-11 13:11 <DIR> --d----- c:\windows\system32\MAGIX
2009-08-11 13:11 <DIR> --d----- C:\MAGIX
2009-08-11 13:11 1,089,536 a------- c:\windows\system32\ROBOEX32.DLL
2009-08-11 13:11 85,504 a------- c:\windows\system32\HtmlWH.dll
2009-08-11 13:11 49,152 a------- c:\windows\system32\INETWH32.dll
2009-08-11 13:11 446,464 a------- c:\windows\system32\mgxoschk.dll
2009-08-11 13:11 2,856 a------- c:\windows\mgxoschk.ini
2009-08-11 13:01 306,688 a------- c:\windows\IsUninst.exe
2009-08-11 13:01 226,816 -------- c:\windows\system32\htvcdsvcd.ax
2009-08-11 13:01 81,920 -------- c:\windows\system32\ezrgb24.ax
2009-08-11 13:01 <DIR> --d----- c:\windows\Vbox
2009-08-11 13:01 9,728 -------- c:\windows\system\regsvr32.exe
2009-08-11 13:00 <DIR> --d----- c:\windows\system32\Iosubsys
2009-08-11 12:59 <DIR> --d----- c:\programme\NewTech Infosystems
2009-08-11 12:59 1,024 ----hr-- c:\windows\system32\NTICDMK32.dll
2009-08-11 12:59 6,912 a------- c:\windows\system32\drivers\NTIDrvr.sys
2009-08-11 12:56 400 a------- c:\windows\ODBC.INI
2009-08-11 12:55 17,920 a------- c:\windows\system32\mdimon.dll
2009-08-11 12:48 <DIR> --d----- c:\windows\SHELLNEW
2009-08-11 09:13 <DIR> --d----- c:\windows\system32\Adobe
2009-08-11 07:37 <DIR> --d----- c:\dokume~1\mojo\anwend~1\Wireshark
2009-08-11 07:08 <DIR> --d----- c:\programme\WinPcap
2009-08-11 07:07 <DIR> --d----- c:\programme\Wireshark
2009-08-10 20:42 <DIR> --d----- c:\programme\CamStudio
2009-08-10 20:32 <DIR> --d----- C:\Fraps
2009-08-10 18:14 <DIR> --d----- c:\programme\iPhone-Konfigurationsprogramm
2009-08-10 15:30 <DIR> --d----- c:\programme\ClearProg
2009-08-10 15:07 <DIR> --d----- c:\programme\Trend Micro
2009-08-10 10:58 <DIR> --d----- C:\devkitPro
2009-08-02 21:31 719,872 a------- c:\windows\system32\devil.dll
2009-08-02 21:31 318,976 a------- c:\windows\system32\avisynth.dll
2009-08-02 21:31 70,656 a------- c:\windows\system32\yv12vfw.dll
2009-08-02 21:31 70,656 a------- c:\windows\system32\i420vfw.dll
2009-08-02 21:31 27,648 a------- c:\windows\system32\AVSredirect.dll
2009-08-02 21:30 <DIR> --d----- c:\programme\eRightSoft
2009-08-02 21:26 <DIR> --d----- C:\ConverterOutput
2009-08-02 21:26 1,060,864 a------- c:\windows\system32\MFC71.DLL
2009-08-02 21:26 258,352 a------- c:\windows\system32\unicows.dll
2009-08-02 21:26 94,650 a------- c:\windows\system32\HKCU_GNU.reg
2009-08-02 21:26 60,273 a------- c:\windows\system32\pthreadGC2.dll
2009-08-02 21:26 57,344 a------- c:\windows\system32\ff_vfw.dll
2009-08-02 21:26 6,144 a------- c:\windows\system32\ff_acm.acm
2009-08-02 21:26 2,004 a------- c:\windows\system32\HKLM_GNU.reg
2009-08-02 21:26 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2009-08-02 21:26 372,736 a------- c:\windows\system32\xvid.ax
2009-08-02 21:26 14,909 a------- c:\windows\system32\A_reg.reg
2009-08-02 21:26 110,592 a------- c:\windows\system32\PropListCtrl.ocx
2009-08-02 21:26 <DIR> --d----- c:\programme\Cucusoft
2009-08-02 21:17 <DIR> --d----- c:\programme\gemeinsame dateien\xing shared
2009-08-02 21:16 <DIR> --d----- c:\programme\gemeinsame dateien\Real
2009-08-02 17:34 <DIR> --d----- c:\dokume~1\alluse~1\anwend~1\SecTaskMan
2009-08-02 17:33 <DIR> --d----- c:\programme\Security Task Manager
2009-08-02 09:12 <DIR> --d----- c:\dokumente und einstellungen\mojo\Desktopdesmume
2009-08-01 20:54 <DIR> --d----- c:\dokume~1\alluse~1\anwend~1\VOWSoft
2009-08-01 20:54 <DIR> --d----- c:\programme\iPodRobot
2009-08-01 09:07 19,456 a------- c:\windows\system32\libusbd-9x.exe
2009-08-01 09:07 18,944 a------- c:\windows\system32\libusbd-nt.exe
2009-08-01 09:07 46,592 a------- c:\windows\system32\libusb0.dll
2009-08-01 09:07 33,792 a------- c:\windows\system32\drivers\libusb0.sys
2009-08-01 09:07 <DIR> --d----- c:\programme\LibUSB-Win32-0.1.10.1
2009-07-31 19:44 <DIR> --d----- c:\programme\gemeinsame dateien\DivX Shared
2009-07-31 19:44 <DIR> --d----- c:\programme\DivX
2009-07-30 15:19 664 a------- c:\windows\system32\d3d9caps.dat
2009-07-30 14:42 <DIR> --d----- c:\windows\pss
2009-07-29 19:08 <DIR> --d----- c:\programme\SystemRequirementsLab
2009-07-29 19:06 <DIR> --d----- c:\dokumente und einstellungen\mojo\SystemRequirementsLab
2009-07-29 11:11 55,296 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-29 11:11 594,432 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-07-28 18:48 <DIR> --d----- c:\windows\system32\Cult3D
2009-07-28 18:26 90,112 a------- c:\windows\unvise32.exe
2009-07-28 18:26 <DIR> --d----- c:\programme\Cycore
2009-07-28 16:28 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-28 16:28 73,728 a------- c:\windows\system32\javacpl.cpl
2009-07-28 12:53 <DIR> --d----- c:\programme\gemeinsame dateien\ChaosGroup
2009-07-28 11:32 <DIR> --d----- c:\programme\gemeinsame dateien\Autodesk Shared
2009-07-28 11:30 <DIR> --d----- C:\3dsmax9Trial
2009-07-28 10:17 <DIR> --d----- c:\windows\Logs
2009-07-28 09:50 <DIR> --d----- c:\programme\Autodesk
2009-07-27 13:02 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_netaapl_01005.Wdf
2009-07-27 13:02 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-07-22 06:51 1,089,883 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-07-21 10:01 <DIR> --d----- c:\windows\system32\logs
2009-07-21 09:59 253,952 a------- c:\windows\system32\avmcsock.dll
2009-07-21 09:59 232,960 a------- c:\windows\system32\avmtfbox.dll
2009-07-21 09:59 217,088 a------- c:\windows\system32\C65dll.dll
2009-07-21 09:59 87,552 a------- c:\windows\system32\avmtfbox.tsp
2009-07-21 09:59 <DIR> --d----- c:\windows\system32\FBox
2009-07-21 09:59 <DIR> --d----- c:\programme\TAPI Services for FRITZ!Box
2009-07-21 09:58 328,704 a------- c:\windows\IsUn0407.exe
2009-07-20 21:52 <DIR> --d----- c:\dokume~1\mojo\anwend~1\cmw
2009-07-20 21:51 <DIR> --d----- c:\programme\winpwn-2.5
2009-07-20 16:17 <DIR> --d----- C:\xampp
2009-07-20 15:54 <DIR> --d----- c:\dokumente und einstellungen\all users\AdobeTemp
2009-07-20 13:07 <DIR> --dsh--- c:\dokumente und einstellungen\mojo\PrivacIE
2009-07-18 12:15 <DIR> --d----- c:\windows\RegisteredPackages
2009-07-18 12:13 129,520 -------- c:\windows\system32\pxafs.dll
2009-07-18 12:02 <DIR> --d----- c:\programme\Vstplugins
2009-07-18 12:01 <DIR> --d----- c:\programme\Sony
2009-07-18 09:52 <DIR> --d----- c:\programme\iPhoneBrowser
2009-07-18 09:06 268,648 a------- c:\windows\system32\mucltui.dll
2009-07-18 09:06 208,744 a------- c:\windows\system32\muweb.dll
2009-07-18 09:06 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-07-17 21:51 <DIR> --d----- c:\dokumente und einstellungen\mojo\Tracing
2009-07-17 21:42 <DIR> --d----- c:\programme\Microsoft
2009-07-17 21:42 <DIR> --d----- c:\programme\Windows Live SkyDrive
2009-07-17 21:38 <DIR> --d----- c:\dokume~1\alluse~1\anwend~1\Viewpoint
2009-07-17 21:38 <DIR> --d----- c:\programme\Viewpoint
2009-07-17 21:37 <DIR> --d----- c:\programme\gemeinsame dateien\Windows Live
2009-07-17 21:37 540 a---h--- C:\IPH.PH
2009-07-17 18:56 <DIR> --d----- c:\windows\system32\de
2009-07-17 18:56 <DIR> --d----- c:\windows\l2schemas
2009-07-17 18:56 <DIR> --d----- c:\windows\system32\bits
2009-07-17 18:43 <DIR> --d----- c:\windows\ServicePackFiles
2009-07-17 18:41 <DIR> --d----- c:\windows\network diagnostic
2009-07-17 18:36 <DIR> --d----- c:\windows\EHome
2009-07-17 18:29 <DIR> --dsh--- c:\dokumente und einstellungen\mojo\IETldCache
2009-07-17 13:33 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-07-17 13:33 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-07-17 13:33 <DIR> --d----- c:\programme\iPod
2009-07-17 13:33 <DIR> --d----- c:\programme\iTunes
2009-07-17 13:33 <DIR> --d----- c:\dokume~1\alluse~1\anwend~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-17 13:32 <DIR> --d----- c:\programme\Bonjour
2009-07-17 13:31 1,419,232 a------- c:\windows\system32\wdfcoinstaller01005.dll
2009-07-17 13:31 17,408 a------- c:\windows\system32\drivers\netaapl.sys
2009-07-17 13:31 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-07-17 13:31 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-07-17 13:30 <DIR> --d----- c:\programme\gemeinsame dateien\Apple
2009-07-17 13:04 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-07-17 13:04 <DIR> --d----- c:\windows\ie8updates
2009-07-17 13:03 11,067,392 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-07-17 13:03 1,985,536 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-07-17 13:03 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-07-17 13:03 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-07-17 13:03 <DIR> -cd-h--- c:\windows\ie8
2009-07-17 09:30 <DIR> --d----- c:\programme\HyCam2
2009-07-17 09:26 <DIR> --d----- c:\programme\TightVNC
2009-07-17 09:17 457,607 -c------ c:\windows\system32\dllcache\mdlib.wmv
2009-07-17 09:14 73,216 -------- c:\windows\system32\drivers\atintuxx.sys
2009-07-17 09:02 1,025 a------- c:\windows\system32\sysprs7.tgz
2009-07-17 09:02 1,025 a------- c:\windows\system32\sysprs7.dll
2009-07-17 09:02 1,025 a------- c:\windows\system32\clauth2.dll
2009-07-17 09:02 1,025 a------- c:\windows\system32\clauth1.dll
2009-07-17 09:02 219 a------- c:\windows\system32\lsprst7.tgz
2009-07-17 09:02 205 a------- c:\windows\system32\lsprst7.dll
2009-07-17 09:02 87 a------- c:\windows\system32\ssprs.tgz
2009-07-17 09:02 73 a------- c:\windows\system32\ssprs.dll
2009-07-17 09:02 21 a------- c:\windows\SurCode.INI
2009-07-17 09:02 <DIR> --d----- c:\dokume~1\alluse~1\anwend~1\Minnetonka Audio Software
2009-07-17 08:53 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-07-16 12:11 <DIR> --d--r-- c:\programme\Skype
2009-07-16 09:26 273,024 -c------ c:\windows\system32\dllcache\bthport.sys
2009-07-16 09:26 273,024 -------- c:\windows\system32\drivers\bthport.sys
2009-07-16 09:25 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-07-16 09:25 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-07-16 09:25 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-07-16 09:24 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-07-16 09:24 217,600 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-07-15 20:15 74,240 -c------ c:\windows\system32\dllcache\mscms.dll
2009-07-15 20:14 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-07-15 18:38 <DIR> --d----- c:\dokume~1\mojo\anwend~1\UseNeXT
2009-07-15 18:38 <DIR> --d----- c:\programme\UseNeXT
2009-07-15 16:59 <DIR> --d----- c:\dokume~1\mojo\anwend~1\TeraCopy
2009-07-15 16:58 <DIR> --d----- c:\programme\TeraCopy
2009-07-15 16:53 <DIR> --d----- c:\dokume~1\mojo\anwend~1\NCH Software
2009-07-15 15:59 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-07-15 15:54 <DIR> --d----- c:\programme\HandBrake
2009-07-15 15:29 <DIR> --d----- c:\windows\system32\de-DE
2009-07-15 15:28 <DIR> --d----- c:\windows\system32\XPSViewer
2009-07-15 15:27 14,048 -------- c:\windows\system32\spmsg2.dll
2009-07-15 15:25 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-07-15 15:25 <DIR> --d----- c:\programme\MSXML 6.0
2009-07-15 15:17 <DIR> --d----- c:\programme\VideoLAN
2009-07-15 15:15 <DIR> --d----- c:\programme\NCH Software
2009-07-15 15:09 <DIR> --d----- c:\programme\YASAVOB2MP4
2009-07-15 15:06 <DIR> --d----- c:\programme\gemeinsame dateien\Adobe AIR
2009-07-15 15:04 <DIR> --d----- c:\programme\gemeinsame dateien\Macrovision Shared
2009-07-15 13:56 386 a------- c:\windows\system32\$winnt$.inf
2009-07-15 13:11 <DIR> --d----- c:\programme\Alcohol Soft
2009-07-15 12:58 <DIR> --d----- c:\programme\gemeinsame dateien\ODBC
2009-07-15 12:58 <DIR> --d----- c:\programme\gemeinsame dateien\SpeechEngines
2009-07-15 12:57 <DIR> --d-h--- c:\dokumente und einstellungen\all users\Vorlagen
2009-07-15 12:57 <DIR> --d--r-- c:\dokumente und einstellungen\all users\Startmenü
2009-07-15 12:57 <DIR> --d--r-- c:\dokumente und einstellungen\all users\Dokumente
2009-07-15 12:57 <DIR> --d----- c:\dokumente und einstellungen\all users\Favoriten
2009-07-15 12:57 <DIR> --d-hr-- c:\dokumente und einstellungen\all users\Anwendungsdaten
2009-07-15 12:54 <DIR> --d----- c:\programme\uTorrent
2009-07-15 12:52 <DIR> --d----- c:\dokume~1\mojo\anwend~1\uTorrent
2009-07-15 12:44 <DIR> --d----- c:\programme\Analog Devices
2009-07-15 12:43 <DIR> --d----- c:\programme\gemeinsame dateien\InstallShield
2009-07-15 12:09 <DIR> --d--r-- c:\dokumente und einstellungen\mojo\Eigene Dateien
2009-07-15 12:09 <DIR> --d-hr-- c:\dokumente und einstellungen\mojo\Anwendungsdaten
2009-07-15 12:09 <DIR> --d-h--- c:\dokumente und einstellungen\mojo\Vorlagen
2009-07-15 12:09 <DIR> --d-h--- c:\dokumente und einstellungen\mojo\Netzwerkumgebung
2009-07-15 12:09 <DIR> --d-h--- c:\dokumente und einstellungen\mojo\Lokale Einstellungen
2009-07-15 12:09 <DIR> --d-h--- c:\dokumente und einstellungen\mojo\Druckumgebung
2009-07-15 12:09 <DIR> --d--r-- c:\dokumente und einstellungen\mojo\Startmenü
2009-07-15 12:09 <DIR> --d--r-- c:\dokumente und einstellungen\mojo\Favoriten
2009-07-15 12:04 <DIR> --dsh--- c:\dokumente und einstellungen\all users\DRM
2009-07-15 12:04 <DIR> --d-h--- c:\programme\WindowsUpdate
2009-07-15 12:04 <DIR> --d----- c:\programme\Online-Dienste
2009-07-15 12:03 <DIR> --d----- c:\programme\gemeinsame dateien\Dienste
2009-07-15 12:03 <DIR> --d----- c:\programme\gemeinsame dateien\MSSoap
2009-07-15 12:02 <DIR> --d----- c:\programme\Online Services
2009-07-15 12:02 <DIR> --d----- c:\programme\Messenger
2009-07-15 12:02 <DIR> --d----- c:\programme\MSN Gaming Zone
2009-07-15 12:02 <DIR> --d----- c:\programme\Windows NT

==================== Find3M ====================

2009-08-13 10:50 452,300 a------- c:\windows\system32\perfh007.dat
2009-08-13 10:50 81,320 a------- c:\windows\system32\perfc007.dat
2009-08-02 21:16 499,712 a------- c:\windows\system32\msvcp71.dll
2009-07-17 18:58 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-07-15 13:09 716,272 a------- c:\windows\system32\drivers\sptd.sys
2009-07-15 12:03 21,740 a------- c:\windows\system32\emptyregdb.dat
2009-07-03 18:55 915,456 a------- c:\windows\system32\wininet.dll
2009-07-03 15:48 219,664 a------- c:\windows\system32\klogon.dll
2009-07-03 15:45 27,507 a------- c:\windows\system32\drivers\klopp.dat
2009-06-16 16:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 16:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-15 14:01 128,016 a------- c:\windows\system32\drivers\kl1.sys
2009-06-03 21:09 1,296,896 a------- c:\windows\system32\quartz.dll
2006-05-03 11:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 12:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2008-03-16 14:30 216,064 ---shr-- c:\windows\system32\nbDX.dll

============= FINISH: 11:10:32,48 ===============

Shaba
2009-08-13, 13:36
Your english is fine :)

Please copy/paste contents of attach.txt to your next reply.

remoteplayfreak
2009-08-13, 18:44
thanks :-)

heres attach.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume3
Install Date: 15.07.2009 12:07:41
System Uptime: 13.08.2009 10:31:52 (1 hours ago)

Motherboard: MSI | | MS-7113
Processor: Intel(R) Celeron(R) CPU 2.66GHz | CPU 1 | 2660/532mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 59 GiB total, 11,034 GiB free.
D: is FIXED (NTFS) - 39 GiB total, 30,954 GiB free.
E: is FIXED (NTFS) - 16 GiB total, 12,256 GiB free.
F: is FIXED (NTFS) - 35 GiB total, 25,81 GiB free.
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is CDROM ()
L: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

3dsmax ancillary install
AAC Decoder
Acrobat.com
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Recommended Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Extra Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CS4 American English Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe Encore CS4 Library
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI others
Adobe Flash CS4 Professional
Adobe Flash CS4 STI-other
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Reader 9.1.2 - Deutsch
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Mobile Device Support
Apple Software Update
µTorrent
Autodesk 3ds Max 8 Additional Maps and Materials
Autodesk 3ds Max 8 Architectural Materials
Autodesk 3ds Max 9 32-bit
Autodesk DWF Viewer 7
AutoUpdate
AVM TAPI Services for FRITZ!Box
Backburner
Bonjour
CamStudio
Choice Guard
ClearProg 1.6.0 Final
Connect
Cucusoft YouTube Mate 7.17
Cult3D Designer 5.3
Cult3D Mozilla Viewer
devkitProUpdater 1.5.0
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
EasyCleaner
FBX Plugin 2006.08 for Max 9.0
FileZilla Client 3.2.4.1
Fraps
Google SketchUp Pro 7
H.264 Decoder
HandBrake 0.9.3
HijackThis 2.0.2
Hotfix für Windows XP (KB952287)
Hotfix für Windows XP (KB961118)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
HyperCam 2
iPhone-Konfigurationsprogramm
iPhoneBrowser
IsoBuster 2.5.5
iTunes
Java(TM) 6 Update 15
Kaspersky Internet Security 2010
kuler
LibUSB-Win32-0.1.10.1
MAGIX Foto Manager
MAGIX music maker 2006
MAGIX Music Manager
MAGIX Online Druck Service
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft XML Parser
MKV Splitter
Mozilla Firefox (3.5.2)
MSVCRT
MSXML 6 Service Pack 2 (KB954459)
NTI CD & DVD-Maker
NTI CD & DVD-Maker 6.5 Gold
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
plist Editor for Windows 1.0.1
Prism Video Converter
QuickTime
RealPlayer
Security Task Manager 1.7h
Segoe UI
Sicherheitsupdate für Windows Internet Explorer 8 (KB969897)
Sicherheitsupdate für Windows Internet Explorer 8 (KB972260)
Sicherheitsupdate für Windows Media Player (KB952069)
Sicherheitsupdate für Windows XP (KB923561)
Sicherheitsupdate für Windows XP (KB923689)
Sicherheitsupdate für Windows XP (KB923789)
Sicherheitsupdate für Windows XP (KB938464-v2)
Sicherheitsupdate für Windows XP (KB941569)
Sicherheitsupdate für Windows XP (KB946648)
Sicherheitsupdate für Windows XP (KB950762)
Sicherheitsupdate für Windows XP (KB950974)
Sicherheitsupdate für Windows XP (KB951066)
Sicherheitsupdate für Windows XP (KB951376-v2)
Sicherheitsupdate für Windows XP (KB951748)
Sicherheitsupdate für Windows XP (KB952004)
Sicherheitsupdate für Windows XP (KB952954)
Sicherheitsupdate für Windows XP (KB954459)
Sicherheitsupdate für Windows XP (KB954600)
Sicherheitsupdate für Windows XP (KB955069)
Sicherheitsupdate für Windows XP (KB956572)
Sicherheitsupdate für Windows XP (KB956802)
Sicherheitsupdate für Windows XP (KB956803)
Sicherheitsupdate für Windows XP (KB957097)
Sicherheitsupdate für Windows XP (KB958644)
Sicherheitsupdate für Windows XP (KB958687)
Sicherheitsupdate für Windows XP (KB959426)
Sicherheitsupdate für Windows XP (KB960225)
Sicherheitsupdate für Windows XP (KB960803)
Sicherheitsupdate für Windows XP (KB961371)
Sicherheitsupdate für Windows XP (KB961501)
Sicherheitsupdate für Windows XP (KB968537)
Sicherheitsupdate für Windows XP (KB969897)
Sicherheitsupdate für Windows XP (KB970238)
Sicherheitsupdate für Windows XP (KB971633)
Sicherheitsupdate für Windows XP (KB973346)
Skype web features
Skype™ 4.1
Sony Vegas Pro 8.0
SoundMAX
Spybot - Search & Destroy
Suite Shared Configuration CS4
SUPER © Version 2009.bld.36 (June 10, 2009)
System Requirements Lab
TeraCopy 2.01
Text-To-Speech-Runtime
TightVNC 1.3.10
Update für Windows Internet Explorer 8 (KB971930)
Update für Windows XP (KB951978)
Update für Windows XP (KB955839)
Update für Windows XP (KB961503)
Update für Windows XP (KB967715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
UseNeXT
V-Ray for 3dsmax R9 for x86
VC80CRTRedist - 8.0.50727.762
Viewpoint Media Player
VLC media player 1.0.0
WebFldrs XP
Winamp
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Live-Uploadtool
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Media Format Runtime
Windows XP Service Pack 3
WinPcap 4.1 beta5
winpwn-2.5 2.5.0.2
WinRAR
Wireshark 1.2.1
XAMPP 1.7.1
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0
YASA VOB to MP4 Converter v3.9 (build 0059)

==== End Of File ===========================

Shaba
2009-08-13, 19:26
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent


I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Please run a new DDS log scan when finished and post the logs back here.

Shaba
2009-08-19, 07:06
Due to the lack of feedback this Topic is closed.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

Everyone else please begin a New Topic.