Results 1 to 7 of 7

Thread: csrss.exe

  1. #1
    Junior Member
    Join Date
    Aug 2009
    Posts
    3

    Default csrss.exe

    hey guys :-)

    i had malware on my computer wich was name csrss.exe. i know this is known as Client/Server Runtime Subsystem but my file was´nt only in C:\Windows\system32. i had avira antivir but this was´nt the right one. i installed kaspersky then and this one found the malware and removed it. but i don´t know if it´s really away, so someone from another board in germany told me to post my latest hijackThis log here.

    hope you´ve got help for me xD

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 08:16:33, on 12.08.2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Programme\Analog Devices\SoundMAX\Smax4.exe
    C:\Programme\iTunes\iTunesHelper.exe
    C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
    C:\Programme\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programme\Messenger\msmsgs.exe
    C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
    C:\Programme\Bonjour\mDNSResponder.exe
    C:\Programme\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\libusbd-nt.exe
    C:\Programme\Mozilla Firefox\firefox.exe
    C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
    F:\Programme\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
    C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    F:\Programme\Autodesk\3ds Max 9\vrayspawner90.exe
    C:\Programme\TightVNC\WinVNC.exe
    F:\Programme\Autodesk\3ds Max 9\3dsmax.exe
    C:\WINDOWS\TEMP\AdskCleanup.0001
    C:\Programme\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programme\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
    O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com...reqlab_srl.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windo..._5.3.0.228.cab
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.5.0.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C3C022B1-A92F-4246-AFC7-48EF945ABE7E}: NameServer = 192.168.178.1
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
    O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
    O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - F:\Programme\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Programme\WinPcap\rpcapd.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: VRaySpawner 90 - Unknown owner - F:\Programme\Autodesk\3ds Max 9\vrayspawner90.exe
    O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Programme\TightVNC\WinVNC.exe
    O23 - Service: XAMPP Service (XAMPP) - Unknown owner - c:\xampp\service.exe

    --
    End of file - 9679 bytes

  2. #2
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi remoteplayfreak

    Download at your desktop DDS from one of the links below:

    Link 1
    Link 2
    • Double click the tool to run it.
    • A black Screen will open, just read the contents and do nothing.
    • When the tool finish it will open 2 reports.
    • Copy/paste both reports back here and remove DDS from your desktop.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  3. #3
    Junior Member
    Join Date
    Aug 2009
    Posts
    3

    Default

    sorry for my bad english, but i´m from austria and 15 yeras old so...

    but here are the two logs as i was told in the descriptoin of the program:


    DDS (Ver_09-07-30.01) - NTFSx86
    Run by mojo at 11:09:34,21 on 13.08.2009
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1535.751 [GMT 2:00]

    AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Programme\Analog Devices\SoundMAX\Smax4.exe
    C:\Programme\iTunes\iTunesHelper.exe
    C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
    C:\Programme\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\devldr32.exe
    svchost.exe
    C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
    C:\Programme\Bonjour\mDNSResponder.exe
    C:\Programme\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\libusbd-nt.exe
    C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
    F:\Programme\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
    C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    F:\Programme\Autodesk\3ds Max 9\vrayspawner90.exe
    C:\Programme\TightVNC\WinVNC.exe
    F:\Programme\Autodesk\3ds Max 9\3dsmax.exe
    C:\Programme\iPod\bin\iPodService.exe
    C:\WINDOWS\TEMP\AdskCleanup.0001
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\PROGRA~1\MICROS~4\OFFICE11\OUTLOOK.EXE
    C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Programme\Mozilla Firefox\firefox.exe
    C:\Dokumente und Einstellungen\mojo\Desktop\dds.scr
    C:\Programme\Skype\Toolbars\Shared\SkypeNames.exe

    ============== Pseudo HJT Report ===============

    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programme\gemeinsame dateien\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\programme\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programme\gemeinsame dateien\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\java\jre6\bin\jp2ssv.dll
    BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\programme\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    uRun: [SpybotSD TeaTimer] c:\programme\spybot - search & destroy\TeaTimer.exe
    mRun: [SoundMAXPnP] c:\programme\analog devices\soundmax\SMax4PNP.exe
    mRun: [SoundMAX] "c:\programme\analog devices\soundmax\Smax4.exe" /tray
    mRun: [AdobeCS4ServiceManager] "c:\programme\gemeinsame dateien\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [QuickTime Task] "c:\programme\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\programme\itunes\iTunesHelper.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\programme\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [TkBellExe] "c:\programme\gemeinsame dateien\real\update_ob\realsched.exe" -osboot
    mRun: [SunJavaUpdateSched] "c:\programme\java\jre6\bin\jusched.exe"
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [AVP] "c:\programme\kaspersky lab\kaspersky internet security 2010\avp.exe"
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    uPolicies-explorer: NoActiveDesktop = 00000000
    IE: Hinzufügen zu Anti-Banner - c:\programme\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
    IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\programme\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\programme\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
    DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} - hxxp://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    TCP: {C3C022B1-A92F-4246-AFC7-48EF945ABE7E} = 192.168.178.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\gemein~1\skype\SKYPE4~1.DLL
    Notify: klogon - c:\windows\system32\klogon.dll
    AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\dokume~1\mojo\anwend~1\mozilla\firefox\profiles\i9qtylvi.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
    FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
    FF - component: c:\programme\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
    FF - plugin: c:\program files\real\realplayer\netscape6\nppl3260.dll
    FF - plugin: c:\program files\real\realplayer\netscape6\nprjplug.dll
    FF - plugin: c:\program files\real\realplayer\netscape6\nprpjplug.dll
    FF - plugin: c:\programme\mozilla firefox\plugins\NPMCult3DP.dll
    FF - plugin: c:\programme\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - plugin: c:\windows\system32\cult3d\NPMCult3DP.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\programme\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
    c:\programme\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
    c:\programme\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
    c:\programme\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
    c:\programme\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
    c:\programme\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
    c:\programme\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
    c:\programme\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
    c:\programme\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
    c:\programme\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
    c:\programme\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
    c:\programme\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
    c:\programme\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
    c:\programme\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
    c:\programme\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
    c:\programme\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
    c:\programme\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
    c:\programme\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
    c:\programme\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
    c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
    c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
    c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
    c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
    c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
    c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
    c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
    c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
    c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
    c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
    c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
    c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
    c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
    c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
    c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
    c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
    c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
    c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
    c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
    c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
    c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
    c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
    c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
    c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
    c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
    c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
    c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

    ============= SERVICES / DRIVERS ===============

    R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-6-15 128016]
    R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-12-15 33808]
    R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-8-11 296976]
    R2 AVP;Kaspersky Internet Security;c:\programme\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-7-3 303376]
    R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
    R2 VRaySpawner 90;VRaySpawner 90;f:\programme\autodesk\3ds max 9\vrayspawner90.exe [2009-7-28 118784]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-5-13 31760]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-5-16 19472]
    R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2009-8-1 33792]
    S2 XAMPP;XAMPP Service;c:\xampp\service.exe [2007-12-21 60928]
    S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2009-7-17 17408]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-12-23 50704]

    =============== Created Last 30 ================

    2009-08-13 10:50 3,329 a------- c:\windows\system32\wbem\Outlook_01ca1bf30f5c40ec.mof
    2009-08-11 18:32 <DIR> --d----- c:\programme\Spybot - Search & Destroy
    2009-08-11 18:32 <DIR> --d----- c:\dokume~1\alluse~1\anwend~1\Spybot - Search & Destroy
    2009-08-11 17:20 <DIR> --d----- c:\windows\system32\LogFiles
    2009-08-11 17:00 604,140 a--sh--- c:\windows\system32\drivers\ISwift3.dat
    2009-08-11 16:56 105,395 a------- c:\windows\system32\drivers\klin.dat
    2009-08-11 16:56 94,643 a------- c:\windows\system32\drivers\klick.dat
    2009-08-11 16:55 <DIR> --d----- c:\programme\Kaspersky Lab
    2009-08-11 16:55 <DIR> --d----- c:\dokume~1\alluse~1\anwend~1\Kaspersky Lab
    2009-08-11 14:17 <DIR> --d----- c:\dokume~1\alluse~1\anwend~1\Kaspersky Lab Setup Files
    2009-08-11 13:47 452,647 a----r-- C:\txtsetup.sif
    2009-08-11 13:47 262,448 a----r-- C:\$LDR$
    2009-08-11 13:47 <DIR> --d----- C:\$WIN_NT$.~BT
    2009-08-11 13:47 <DIR> --d----- c:\windows\setup.pss
    2009-08-11 13:24 82,432 a------- c:\windows\system32\msxml4r.dll
    2009-08-11 13:24 44,544 a------- c:\windows\system32\msxml4a.dll
    2009-08-11 13:24 1,233,920 a------- c:\windows\system32\msxml4.dll
    2009-08-11 13:19 420,240 a------- c:\windows\system32\mpg4c32.dll
    2009-08-11 13:19 309,616 a------- c:\windows\system32\wmv8dmod.dll
    2009-08-11 13:19 245,760 a------- c:\windows\system32\mp4sds32.ax
    2009-08-11 13:17 <DIR> --d----- c:\programme\MAGIX Online Druck Service
    2009-08-11 13:17 <DIR> --d----- c:\programme\gemeinsame dateien\MAGIX Shared
    2009-08-11 13:11 <DIR> --d----- c:\windows\system32\MAGIX
    2009-08-11 13:11 <DIR> --d----- C:\MAGIX
    2009-08-11 13:11 1,089,536 a------- c:\windows\system32\ROBOEX32.DLL
    2009-08-11 13:11 85,504 a------- c:\windows\system32\HtmlWH.dll
    2009-08-11 13:11 49,152 a------- c:\windows\system32\INETWH32.dll
    2009-08-11 13:11 446,464 a------- c:\windows\system32\mgxoschk.dll
    2009-08-11 13:11 2,856 a------- c:\windows\mgxoschk.ini
    2009-08-11 13:01 306,688 a------- c:\windows\IsUninst.exe
    2009-08-11 13:01 226,816 -------- c:\windows\system32\htvcdsvcd.ax
    2009-08-11 13:01 81,920 -------- c:\windows\system32\ezrgb24.ax
    2009-08-11 13:01 <DIR> --d----- c:\windows\Vbox
    2009-08-11 13:01 9,728 -------- c:\windows\system\regsvr32.exe
    2009-08-11 13:00 <DIR> --d----- c:\windows\system32\Iosubsys
    2009-08-11 12:59 <DIR> --d----- c:\programme\NewTech Infosystems
    2009-08-11 12:59 1,024 ----hr-- c:\windows\system32\NTICDMK32.dll
    2009-08-11 12:59 6,912 a------- c:\windows\system32\drivers\NTIDrvr.sys
    2009-08-11 12:56 400 a------- c:\windows\ODBC.INI
    2009-08-11 12:55 17,920 a------- c:\windows\system32\mdimon.dll
    2009-08-11 12:48 <DIR> --d----- c:\windows\SHELLNEW
    2009-08-11 09:13 <DIR> --d----- c:\windows\system32\Adobe
    2009-08-11 07:37 <DIR> --d----- c:\dokume~1\mojo\anwend~1\Wireshark
    2009-08-11 07:08 <DIR> --d----- c:\programme\WinPcap
    2009-08-11 07:07 <DIR> --d----- c:\programme\Wireshark
    2009-08-10 20:42 <DIR> --d----- c:\programme\CamStudio
    2009-08-10 20:32 <DIR> --d----- C:\Fraps
    2009-08-10 18:14 <DIR> --d----- c:\programme\iPhone-Konfigurationsprogramm
    2009-08-10 15:30 <DIR> --d----- c:\programme\ClearProg
    2009-08-10 15:07 <DIR> --d----- c:\programme\Trend Micro
    2009-08-10 10:58 <DIR> --d----- C:\devkitPro
    2009-08-02 21:31 719,872 a------- c:\windows\system32\devil.dll
    2009-08-02 21:31 318,976 a------- c:\windows\system32\avisynth.dll
    2009-08-02 21:31 70,656 a------- c:\windows\system32\yv12vfw.dll
    2009-08-02 21:31 70,656 a------- c:\windows\system32\i420vfw.dll
    2009-08-02 21:31 27,648 a------- c:\windows\system32\AVSredirect.dll
    2009-08-02 21:30 <DIR> --d----- c:\programme\eRightSoft
    2009-08-02 21:26 <DIR> --d----- C:\ConverterOutput
    2009-08-02 21:26 1,060,864 a------- c:\windows\system32\MFC71.DLL
    2009-08-02 21:26 258,352 a------- c:\windows\system32\unicows.dll
    2009-08-02 21:26 94,650 a------- c:\windows\system32\HKCU_GNU.reg
    2009-08-02 21:26 60,273 a------- c:\windows\system32\pthreadGC2.dll
    2009-08-02 21:26 57,344 a------- c:\windows\system32\ff_vfw.dll
    2009-08-02 21:26 6,144 a------- c:\windows\system32\ff_acm.acm
    2009-08-02 21:26 2,004 a------- c:\windows\system32\HKLM_GNU.reg
    2009-08-02 21:26 547 a------- c:\windows\system32\ff_vfw.dll.manifest
    2009-08-02 21:26 372,736 a------- c:\windows\system32\xvid.ax
    2009-08-02 21:26 14,909 a------- c:\windows\system32\A_reg.reg
    2009-08-02 21:26 110,592 a------- c:\windows\system32\PropListCtrl.ocx
    2009-08-02 21:26 <DIR> --d----- c:\programme\Cucusoft
    2009-08-02 21:17 <DIR> --d----- c:\programme\gemeinsame dateien\xing shared
    2009-08-02 21:16 <DIR> --d----- c:\programme\gemeinsame dateien\Real
    2009-08-02 17:34 <DIR> --d----- c:\dokume~1\alluse~1\anwend~1\SecTaskMan
    2009-08-02 17:33 <DIR> --d----- c:\programme\Security Task Manager
    2009-08-02 09:12 <DIR> --d----- c:\dokumente und einstellungen\mojo\Desktopdesmume
    2009-08-01 20:54 <DIR> --d----- c:\dokume~1\alluse~1\anwend~1\VOWSoft
    2009-08-01 20:54 <DIR> --d----- c:\programme\iPodRobot
    2009-08-01 09:07 19,456 a------- c:\windows\system32\libusbd-9x.exe
    2009-08-01 09:07 18,944 a------- c:\windows\system32\libusbd-nt.exe
    2009-08-01 09:07 46,592 a------- c:\windows\system32\libusb0.dll
    2009-08-01 09:07 33,792 a------- c:\windows\system32\drivers\libusb0.sys
    2009-08-01 09:07 <DIR> --d----- c:\programme\LibUSB-Win32-0.1.10.1
    2009-07-31 19:44 <DIR> --d----- c:\programme\gemeinsame dateien\DivX Shared
    2009-07-31 19:44 <DIR> --d----- c:\programme\DivX
    2009-07-30 15:19 664 a------- c:\windows\system32\d3d9caps.dat
    2009-07-30 14:42 <DIR> --d----- c:\windows\pss
    2009-07-29 19:08 <DIR> --d----- c:\programme\SystemRequirementsLab
    2009-07-29 19:06 <DIR> --d----- c:\dokumente und einstellungen\mojo\SystemRequirementsLab
    2009-07-29 11:11 55,296 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
    2009-07-29 11:11 594,432 -c------ c:\windows\system32\dllcache\msfeeds.dll
    2009-07-28 18:48 <DIR> --d----- c:\windows\system32\Cult3D
    2009-07-28 18:26 90,112 a------- c:\windows\unvise32.exe
    2009-07-28 18:26 <DIR> --d----- c:\programme\Cycore
    2009-07-28 16:28 411,368 a------- c:\windows\system32\deploytk.dll
    2009-07-28 16:28 73,728 a------- c:\windows\system32\javacpl.cpl
    2009-07-28 12:53 <DIR> --d----- c:\programme\gemeinsame dateien\ChaosGroup
    2009-07-28 11:32 <DIR> --d----- c:\programme\gemeinsame dateien\Autodesk Shared
    2009-07-28 11:30 <DIR> --d----- C:\3dsmax9Trial
    2009-07-28 10:17 <DIR> --d----- c:\windows\Logs
    2009-07-28 09:50 <DIR> --d----- c:\programme\Autodesk
    2009-07-27 13:02 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_netaapl_01005.Wdf
    2009-07-27 13:02 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2009-07-22 06:51 1,089,883 -c------ c:\windows\system32\dllcache\ntprint.cat
    2009-07-21 10:01 <DIR> --d----- c:\windows\system32\logs
    2009-07-21 09:59 253,952 a------- c:\windows\system32\avmcsock.dll
    2009-07-21 09:59 232,960 a------- c:\windows\system32\avmtfbox.dll
    2009-07-21 09:59 217,088 a------- c:\windows\system32\C65dll.dll
    2009-07-21 09:59 87,552 a------- c:\windows\system32\avmtfbox.tsp
    2009-07-21 09:59 <DIR> --d----- c:\windows\system32\FBox
    2009-07-21 09:59 <DIR> --d----- c:\programme\TAPI Services for FRITZ!Box
    2009-07-21 09:58 328,704 a------- c:\windows\IsUn0407.exe
    2009-07-20 21:52 <DIR> --d----- c:\dokume~1\mojo\anwend~1\cmw
    2009-07-20 21:51 <DIR> --d----- c:\programme\winpwn-2.5
    2009-07-20 16:17 <DIR> --d----- C:\xampp
    2009-07-20 15:54 <DIR> --d----- c:\dokumente und einstellungen\all users\AdobeTemp
    2009-07-20 13:07 <DIR> --dsh--- c:\dokumente und einstellungen\mojo\PrivacIE
    2009-07-18 12:15 <DIR> --d----- c:\windows\RegisteredPackages
    2009-07-18 12:13 129,520 -------- c:\windows\system32\pxafs.dll
    2009-07-18 12:02 <DIR> --d----- c:\programme\Vstplugins
    2009-07-18 12:01 <DIR> --d----- c:\programme\Sony
    2009-07-18 09:52 <DIR> --d----- c:\programme\iPhoneBrowser
    2009-07-18 09:06 268,648 a------- c:\windows\system32\mucltui.dll
    2009-07-18 09:06 208,744 a------- c:\windows\system32\muweb.dll
    2009-07-18 09:06 27,496 a------- c:\windows\system32\mucltui.dll.mui
    2009-07-17 21:51 <DIR> --d----- c:\dokumente und einstellungen\mojo\Tracing
    2009-07-17 21:42 <DIR> --d----- c:\programme\Microsoft
    2009-07-17 21:42 <DIR> --d----- c:\programme\Windows Live SkyDrive
    2009-07-17 21:38 <DIR> --d----- c:\dokume~1\alluse~1\anwend~1\Viewpoint
    2009-07-17 21:38 <DIR> --d----- c:\programme\Viewpoint
    2009-07-17 21:37 <DIR> --d----- c:\programme\gemeinsame dateien\Windows Live
    2009-07-17 21:37 540 a---h--- C:\IPH.PH
    2009-07-17 18:56 <DIR> --d----- c:\windows\system32\de
    2009-07-17 18:56 <DIR> --d----- c:\windows\l2schemas
    2009-07-17 18:56 <DIR> --d----- c:\windows\system32\bits
    2009-07-17 18:43 <DIR> --d----- c:\windows\ServicePackFiles
    2009-07-17 18:41 <DIR> --d----- c:\windows\network diagnostic
    2009-07-17 18:36 <DIR> --d----- c:\windows\EHome
    2009-07-17 18:29 <DIR> --dsh--- c:\dokumente und einstellungen\mojo\IETldCache
    2009-07-17 13:33 107,368 a------- c:\windows\system32\GEARAspi.dll
    2009-07-17 13:33 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
    2009-07-17 13:33 <DIR> --d----- c:\programme\iPod
    2009-07-17 13:33 <DIR> --d----- c:\programme\iTunes
    2009-07-17 13:33 <DIR> --d----- c:\dokume~1\alluse~1\anwend~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-07-17 13:32 <DIR> --d----- c:\programme\Bonjour
    2009-07-17 13:31 1,419,232 a------- c:\windows\system32\wdfcoinstaller01005.dll
    2009-07-17 13:31 17,408 a------- c:\windows\system32\drivers\netaapl.sys
    2009-07-17 13:31 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
    2009-07-17 13:31 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
    2009-07-17 13:30 <DIR> --d----- c:\programme\gemeinsame dateien\Apple
    2009-07-17 13:04 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
    2009-07-17 13:04 <DIR> --d----- c:\windows\ie8updates
    2009-07-17 13:03 11,067,392 -c------ c:\windows\system32\dllcache\ieframe.dll
    2009-07-17 13:03 1,985,536 -c------ c:\windows\system32\dllcache\iertutil.dll
    2009-07-17 13:03 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
    2009-07-17 13:03 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
    2009-07-17 13:03 <DIR> -cd-h--- c:\windows\ie8
    2009-07-17 09:30 <DIR> --d----- c:\programme\HyCam2
    2009-07-17 09:26 <DIR> --d----- c:\programme\TightVNC
    2009-07-17 09:17 457,607 -c------ c:\windows\system32\dllcache\mdlib.wmv
    2009-07-17 09:14 73,216 -------- c:\windows\system32\drivers\atintuxx.sys
    2009-07-17 09:02 1,025 a------- c:\windows\system32\sysprs7.tgz
    2009-07-17 09:02 1,025 a------- c:\windows\system32\sysprs7.dll
    2009-07-17 09:02 1,025 a------- c:\windows\system32\clauth2.dll
    2009-07-17 09:02 1,025 a------- c:\windows\system32\clauth1.dll
    2009-07-17 09:02 219 a------- c:\windows\system32\lsprst7.tgz
    2009-07-17 09:02 205 a------- c:\windows\system32\lsprst7.dll
    2009-07-17 09:02 87 a------- c:\windows\system32\ssprs.tgz
    2009-07-17 09:02 73 a------- c:\windows\system32\ssprs.dll
    2009-07-17 09:02 21 a------- c:\windows\SurCode.INI
    2009-07-17 09:02 <DIR> --d----- c:\dokume~1\alluse~1\anwend~1\Minnetonka Audio Software
    2009-07-17 08:53 56 a---h--- c:\windows\system32\ezsidmv.dat
    2009-07-16 12:11 <DIR> --d--r-- c:\programme\Skype
    2009-07-16 09:26 273,024 -c------ c:\windows\system32\dllcache\bthport.sys
    2009-07-16 09:26 273,024 -------- c:\windows\system32\drivers\bthport.sys
    2009-07-16 09:25 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
    2009-07-16 09:25 333,952 -c------ c:\windows\system32\dllcache\srv.sys
    2009-07-16 09:25 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
    2009-07-16 09:24 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
    2009-07-16 09:24 217,600 -c------ c:\windows\system32\dllcache\wordpad.exe
    2009-07-15 20:15 74,240 -c------ c:\windows\system32\dllcache\mscms.dll
    2009-07-15 20:14 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
    2009-07-15 18:38 <DIR> --d----- c:\dokume~1\mojo\anwend~1\UseNeXT
    2009-07-15 18:38 <DIR> --d----- c:\programme\UseNeXT
    2009-07-15 16:59 <DIR> --d----- c:\dokume~1\mojo\anwend~1\TeraCopy
    2009-07-15 16:58 <DIR> --d----- c:\programme\TeraCopy
    2009-07-15 16:53 <DIR> --d----- c:\dokume~1\mojo\anwend~1\NCH Software
    2009-07-15 15:59 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
    2009-07-15 15:54 <DIR> --d----- c:\programme\HandBrake
    2009-07-15 15:29 <DIR> --d----- c:\windows\system32\de-DE
    2009-07-15 15:28 <DIR> --d----- c:\windows\system32\XPSViewer
    2009-07-15 15:27 14,048 -------- c:\windows\system32\spmsg2.dll
    2009-07-15 15:25 26,144 a------- c:\windows\system32\spupdsvc.exe
    2009-07-15 15:25 <DIR> --d----- c:\programme\MSXML 6.0
    2009-07-15 15:17 <DIR> --d----- c:\programme\VideoLAN
    2009-07-15 15:15 <DIR> --d----- c:\programme\NCH Software
    2009-07-15 15:09 <DIR> --d----- c:\programme\YASAVOB2MP4
    2009-07-15 15:06 <DIR> --d----- c:\programme\gemeinsame dateien\Adobe AIR
    2009-07-15 15:04 <DIR> --d----- c:\programme\gemeinsame dateien\Macrovision Shared
    2009-07-15 13:56 386 a------- c:\windows\system32\$winnt$.inf
    2009-07-15 13:11 <DIR> --d----- c:\programme\Alcohol Soft
    2009-07-15 12:58 <DIR> --d----- c:\programme\gemeinsame dateien\ODBC
    2009-07-15 12:58 <DIR> --d----- c:\programme\gemeinsame dateien\SpeechEngines
    2009-07-15 12:57 <DIR> --d-h--- c:\dokumente und einstellungen\all users\Vorlagen
    2009-07-15 12:57 <DIR> --d--r-- c:\dokumente und einstellungen\all users\Startmenü
    2009-07-15 12:57 <DIR> --d--r-- c:\dokumente und einstellungen\all users\Dokumente
    2009-07-15 12:57 <DIR> --d----- c:\dokumente und einstellungen\all users\Favoriten
    2009-07-15 12:57 <DIR> --d-hr-- c:\dokumente und einstellungen\all users\Anwendungsdaten
    2009-07-15 12:54 <DIR> --d----- c:\programme\uTorrent
    2009-07-15 12:52 <DIR> --d----- c:\dokume~1\mojo\anwend~1\uTorrent
    2009-07-15 12:44 <DIR> --d----- c:\programme\Analog Devices
    2009-07-15 12:43 <DIR> --d----- c:\programme\gemeinsame dateien\InstallShield
    2009-07-15 12:09 <DIR> --d--r-- c:\dokumente und einstellungen\mojo\Eigene Dateien
    2009-07-15 12:09 <DIR> --d-hr-- c:\dokumente und einstellungen\mojo\Anwendungsdaten
    2009-07-15 12:09 <DIR> --d-h--- c:\dokumente und einstellungen\mojo\Vorlagen
    2009-07-15 12:09 <DIR> --d-h--- c:\dokumente und einstellungen\mojo\Netzwerkumgebung
    2009-07-15 12:09 <DIR> --d-h--- c:\dokumente und einstellungen\mojo\Lokale Einstellungen
    2009-07-15 12:09 <DIR> --d-h--- c:\dokumente und einstellungen\mojo\Druckumgebung
    2009-07-15 12:09 <DIR> --d--r-- c:\dokumente und einstellungen\mojo\Startmenü
    2009-07-15 12:09 <DIR> --d--r-- c:\dokumente und einstellungen\mojo\Favoriten
    2009-07-15 12:04 <DIR> --dsh--- c:\dokumente und einstellungen\all users\DRM
    2009-07-15 12:04 <DIR> --d-h--- c:\programme\WindowsUpdate
    2009-07-15 12:04 <DIR> --d----- c:\programme\Online-Dienste
    2009-07-15 12:03 <DIR> --d----- c:\programme\gemeinsame dateien\Dienste
    2009-07-15 12:03 <DIR> --d----- c:\programme\gemeinsame dateien\MSSoap
    2009-07-15 12:02 <DIR> --d----- c:\programme\Online Services
    2009-07-15 12:02 <DIR> --d----- c:\programme\Messenger
    2009-07-15 12:02 <DIR> --d----- c:\programme\MSN Gaming Zone
    2009-07-15 12:02 <DIR> --d----- c:\programme\Windows NT

    ==================== Find3M ====================

    2009-08-13 10:50 452,300 a------- c:\windows\system32\perfh007.dat
    2009-08-13 10:50 81,320 a------- c:\windows\system32\perfc007.dat
    2009-08-02 21:16 499,712 a------- c:\windows\system32\msvcp71.dll
    2009-07-17 18:58 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
    2009-07-15 13:09 716,272 a------- c:\windows\system32\drivers\sptd.sys
    2009-07-15 12:03 21,740 a------- c:\windows\system32\emptyregdb.dat
    2009-07-03 18:55 915,456 a------- c:\windows\system32\wininet.dll
    2009-07-03 15:48 219,664 a------- c:\windows\system32\klogon.dll
    2009-07-03 15:45 27,507 a------- c:\windows\system32\drivers\klopp.dat
    2009-06-16 16:36 119,808 a------- c:\windows\system32\t2embed.dll
    2009-06-16 16:36 81,920 a------- c:\windows\system32\fontsub.dll
    2009-06-15 14:01 128,016 a------- c:\windows\system32\drivers\kl1.sys
    2009-06-03 21:09 1,296,896 a------- c:\windows\system32\quartz.dll
    2006-05-03 11:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
    2007-02-21 12:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
    2008-03-16 14:30 216,064 ---shr-- c:\windows\system32\nbDX.dll

    ============= FINISH: 11:10:32,48 ===============

  4. #4
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Your english is fine

    Please copy/paste contents of attach.txt to your next reply.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  5. #5
    Junior Member
    Join Date
    Aug 2009
    Posts
    3

    Default

    thanks :-)

    heres attach.txt


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-07-30.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume3
    Install Date: 15.07.2009 12:07:41
    System Uptime: 13.08.2009 10:31:52 (1 hours ago)

    Motherboard: MSI | | MS-7113
    Processor: Intel(R) Celeron(R) CPU 2.66GHz | CPU 1 | 2660/532mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 59 GiB total, 11,034 GiB free.
    D: is FIXED (NTFS) - 39 GiB total, 30,954 GiB free.
    E: is FIXED (NTFS) - 16 GiB total, 12,256 GiB free.
    F: is FIXED (NTFS) - 35 GiB total, 25,81 GiB free.
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    K: is CDROM ()
    L: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    3dsmax ancillary install
    AAC Decoder
    Acrobat.com
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Recommended Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Extra Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe CS4 American English Speech Analysis Models
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Dreamweaver CS4
    Adobe Drive CS4
    Adobe Dynamiclink Support
    Adobe Encore CS4
    Adobe Encore CS4 Library
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Fireworks CS4
    Adobe Flash CS4
    Adobe Flash CS4 Extension - Flash Lite STI others
    Adobe Flash CS4 Professional
    Adobe Flash CS4 STI-other
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Linguistics CS4
    Adobe Media Encoder CS4
    Adobe Media Encoder CS4 Additional Exporter
    Adobe Media Encoder CS4 Dolby
    Adobe Media Encoder CS4 Exporter
    Adobe Media Encoder CS4 Importer
    Adobe Media Player
    Adobe OnLocation CS4
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Premiere Pro CS4
    Adobe Premiere Pro CS4 Functional Content
    Adobe Reader 9.1.2 - Deutsch
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Shockwave Player 11.5
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Apple Mobile Device Support
    Apple Software Update
    µTorrent
    Autodesk 3ds Max 8 Additional Maps and Materials
    Autodesk 3ds Max 8 Architectural Materials
    Autodesk 3ds Max 9 32-bit
    Autodesk DWF Viewer 7
    AutoUpdate
    AVM TAPI Services for FRITZ!Box
    Backburner
    Bonjour
    CamStudio
    Choice Guard
    ClearProg 1.6.0 Final
    Connect
    Cucusoft YouTube Mate 7.17
    Cult3D Designer 5.3
    Cult3D Mozilla Viewer
    devkitProUpdater 1.5.0
    DivX Codec
    DivX Converter
    DivX Player
    DivX Plus DirectShow Filters
    DivX Version Checker
    DivX Web Player
    EasyCleaner
    FBX Plugin 2006.08 for Max 9.0
    FileZilla Client 3.2.4.1
    Fraps
    Google SketchUp Pro 7
    H.264 Decoder
    HandBrake 0.9.3
    HijackThis 2.0.2
    Hotfix für Windows XP (KB952287)
    Hotfix für Windows XP (KB961118)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB954550-v5)
    HyperCam 2
    iPhone-Konfigurationsprogramm
    iPhoneBrowser
    IsoBuster 2.5.5
    iTunes
    Java(TM) 6 Update 15
    Kaspersky Internet Security 2010
    kuler
    LibUSB-Win32-0.1.10.1
    MAGIX Foto Manager
    MAGIX music maker 2006
    MAGIX Music Manager
    MAGIX Online Druck Service
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
    Microsoft .NET Framework 3.5 Language Pack SP1 - deu
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Office Professional Edition 2003
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft XML Parser
    MKV Splitter
    Mozilla Firefox (3.5.2)
    MSVCRT
    MSXML 6 Service Pack 2 (KB954459)
    NTI CD & DVD-Maker
    NTI CD & DVD-Maker 6.5 Gold
    PDF Settings CS4
    Photoshop Camera Raw
    Pixel Bender Toolkit
    plist Editor for Windows 1.0.1
    Prism Video Converter
    QuickTime
    RealPlayer
    Security Task Manager 1.7h
    Segoe UI
    Sicherheitsupdate für Windows Internet Explorer 8 (KB969897)
    Sicherheitsupdate für Windows Internet Explorer 8 (KB972260)
    Sicherheitsupdate für Windows Media Player (KB952069)
    Sicherheitsupdate für Windows XP (KB923561)
    Sicherheitsupdate für Windows XP (KB923689)
    Sicherheitsupdate für Windows XP (KB923789)
    Sicherheitsupdate für Windows XP (KB938464-v2)
    Sicherheitsupdate für Windows XP (KB941569)
    Sicherheitsupdate für Windows XP (KB946648)
    Sicherheitsupdate für Windows XP (KB950762)
    Sicherheitsupdate für Windows XP (KB950974)
    Sicherheitsupdate für Windows XP (KB951066)
    Sicherheitsupdate für Windows XP (KB951376-v2)
    Sicherheitsupdate für Windows XP (KB951748)
    Sicherheitsupdate für Windows XP (KB952004)
    Sicherheitsupdate für Windows XP (KB952954)
    Sicherheitsupdate für Windows XP (KB954459)
    Sicherheitsupdate für Windows XP (KB954600)
    Sicherheitsupdate für Windows XP (KB955069)
    Sicherheitsupdate für Windows XP (KB956572)
    Sicherheitsupdate für Windows XP (KB956802)
    Sicherheitsupdate für Windows XP (KB956803)
    Sicherheitsupdate für Windows XP (KB957097)
    Sicherheitsupdate für Windows XP (KB958644)
    Sicherheitsupdate für Windows XP (KB958687)
    Sicherheitsupdate für Windows XP (KB959426)
    Sicherheitsupdate für Windows XP (KB960225)
    Sicherheitsupdate für Windows XP (KB960803)
    Sicherheitsupdate für Windows XP (KB961371)
    Sicherheitsupdate für Windows XP (KB961501)
    Sicherheitsupdate für Windows XP (KB968537)
    Sicherheitsupdate für Windows XP (KB969897)
    Sicherheitsupdate für Windows XP (KB970238)
    Sicherheitsupdate für Windows XP (KB971633)
    Sicherheitsupdate für Windows XP (KB973346)
    Skype web features
    Skype™ 4.1
    Sony Vegas Pro 8.0
    SoundMAX
    Spybot - Search & Destroy
    Suite Shared Configuration CS4
    SUPER © Version 2009.bld.36 (June 10, 2009)
    System Requirements Lab
    TeraCopy 2.01
    Text-To-Speech-Runtime
    TightVNC 1.3.10
    Update für Windows Internet Explorer 8 (KB971930)
    Update für Windows XP (KB951978)
    Update für Windows XP (KB955839)
    Update für Windows XP (KB961503)
    Update für Windows XP (KB967715)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    UseNeXT
    V-Ray for 3dsmax R9 for x86
    VC80CRTRedist - 8.0.50727.762
    Viewpoint Media Player
    VLC media player 1.0.0
    WebFldrs XP
    Winamp
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 8
    Windows Live-Uploadtool
    Windows Live Anmelde-Assistent
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Media Format Runtime
    Windows XP Service Pack 3
    WinPcap 4.1 beta5
    winpwn-2.5 2.5.0.2
    WinRAR
    Wireshark 1.2.1
    XAMPP 1.7.1
    XML Paper Specification Shared Components Language Pack 1.0
    XML Paper Specification Shared Components Pack 1.0
    YASA VOB to MP4 Converter v3.9 (build 0059)

    ==== End Of File ===========================

  6. #6
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    µTorrent


    I'd like you to read the this thread.

    Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

    Please run a new DDS log scan when finished and post the logs back here.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  7. #7
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Due to the lack of feedback this Topic is closed.

    If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

    If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

    Everyone else please begin a New Topic.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •