Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU Trojaner mit Webcam; Win7

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 11.01.2013, 23:11   #1
smtraxx
 
GVU Trojaner mit Webcam; Win7 - Standard

GVU Trojaner mit Webcam; Win7



Hallo...Vor einigen stunden wurde mein pc mit der gvu-Meldung gesperrt, ich sollte in den nächsten 48 stunden 100 euro zahlen, sonst würde mein pc nicht wieder entsperrt werden.

Die Webcam wurde eingeschaltet.

Ich kann den PC abgesichert noch hochfahren, ohne dass die Sperre erscheint.OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.01.2013 22:52:05 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Desktop\Systemrettung\2
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,95 Gb Total Physical Memory | 3,39 Gb Available Physical Memory | 85,87% Memory free
7,90 Gb Paging File | 7,38 Gb Available in Paging File | 93,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,16 Gb Total Space | 405,71 Gb Free Space | 89,73% Space Free | Partition Type: NTFS
Drive E: | 14,90 Gb Total Space | 14,84 Gb Free Space | 99,61% Space Free | Partition Type: FAT32
 
Computer Name: USER-VAIO | User Name: User | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.11 20:29:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\Systemrettung\2\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.01.29 05:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV - [2012.12.11 20:00:44 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.11 18:48:33 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.12.11 18:48:18 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.12.11 18:48:14 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.11.14 07:04:22 | 000,568,832 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
SRV - [2012.11.10 19:20:49 | 000,107,520 | ---- | M] () [Auto | Stopped] -- C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2012.10.11 12:17:59 | 002,312,216 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager)
SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.15 12:26:32 | 000,103,472 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011.03.31 15:37:36 | 000,146,592 | ---- | M] (Atheros) [Auto | Stopped] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011.03.31 15:36:44 | 000,075,936 | ---- | M] (Atheros Commnucations) [Auto | Stopped] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2011.03.30 09:09:12 | 001,021,112 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
SRV - [2011.03.29 07:13:25 | 002,361,344 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011.03.05 16:42:36 | 000,064,704 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2011.03.01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.28 10:29:18 | 000,852,160 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011.02.23 14:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2011.02.21 12:55:08 | 000,113,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2011.02.21 12:55:08 | 000,067,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2011.02.18 22:15:06 | 000,099,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV - [2011.02.18 22:10:06 | 000,546,608 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2011.02.18 22:02:08 | 000,385,336 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV - [2011.02.14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService)
SRV - [2011.02.01 13:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.01 13:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.01.20 12:27:18 | 000,286,936 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV - [2011.01.20 12:16:26 | 000,887,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010.11.27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Stopped] -- c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.11 18:48:39 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.12.11 18:48:39 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.09.24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.04.21 03:15:20 | 000,437,272 | R--- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.03.31 15:36:58 | 000,287,392 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011.03.31 15:36:58 | 000,283,296 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011.03.31 15:36:58 | 000,059,040 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011.03.31 15:36:56 | 000,259,232 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011.03.31 15:36:56 | 000,166,048 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011.03.31 15:36:56 | 000,109,216 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2011.03.31 15:36:56 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011.03.31 15:36:56 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011.03.29 10:00:53 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011.03.29 09:55:05 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.29 07:51:30 | 000,425,064 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.29 07:15:05 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011.03.29 04:57:20 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.17 04:06:44 | 000,316,024 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011.02.16 13:50:45 | 002,377,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.04.26 21:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sony.eu/vaioportal
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0DA5F1FD-8677-46B9-9050-CC0119C9A818}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=115303&tt=4512_3&babsrc=SP_ss&mntrId=8c62048100000000000090004ecfa77f
IE - HKCU\..\SearchScopes\{3D20336D-3798-4A6C-A867-4E80FA987507}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{4D49925D-69A0-452D-B068-E07F6B5077A2}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{7D45A33E-17E4-4B7D-AC84-856FBA38EAC8}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{A53032FF-B305-4499-B976-58CCE4C85B30}: "URL" = hxxp://www.mysearchresults.com/search?&c=4001&t=10&q={searchTerms}
IE - HKCU\..\SearchScopes\{ACE491E8-06AF-4241-95C1-23A9DC3545D1}: "URL" = hxxp://de.shopping.com/?linkin_id=8056363
IE - HKCU\..\SearchScopes\{BDAE5D64-BF36-4B61-AF9D-CB9B7C3A1C28}: "URL" = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
IE - HKCU\..\SearchScopes\{C8AF4A4F-B3FB-48BE-BA52-47D4E5707C20}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-21/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{E7B895E5-5BD2-4D09-AE8E-65B8BB55B4A7}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=13705333-8bf7-4fe6-b81d-63e62aa89fbb&apn_sauid=AB277E12-846E-49AF-A59E-A2AC3B392033
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.11.06 18:46:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.11.10 19:21:01 | 000,000,000 | ---D | M]
 
[2012.11.10 19:20:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - homepage: hxxp://search.babylon.com/?affID=115303&tt=4512_3&babsrc=HP_ss&mntrId=8c62048100000000000090004ecfa77f
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://search.babylon.com/?affID=115303&tt=4512_3&babsrc=HP_ss&mntrId=8c62048100000000000090004ecfa77f
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.14_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2:64bit: - BHO: (GMX MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (GMX MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (GMX MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (GMX MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (GMX MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (GMX MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MailCheck IE Broker] C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B8452BE-420F-4DCE-97DF-84DA01619BC8}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53709B17-E474-4BB6-9278-A129A894F15D}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.08.04 18:13:52 | 000,000,110 | -H-- | M] () - E:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.11 22:46:31 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Systemrettung
[2013.01.09 18:41:20 | 000,189,192 | ---- | C] (Корпорация Майкрософт) -- C:\Users\User\wgsdgsdgdsgsd.exe
[2012.12.24 16:39:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C232362A-1877-406C-A1BB-774B7AB60773}
[2012.12.23 10:40:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP270 series
[2012.12.23 10:40:05 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2012.12.23 10:39:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2012.12.23 10:30:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DA3F4CC4-97BD-444F-8C93-74C912DF104D}
[2012.12.22 19:09:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6B329FF3-87DC-458F-B857-8291949EE9E4}
[2012.12.16 18:40:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F04438EF-9DB5-4D88-84C6-13DE4ABFE717}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.11 22:51:17 | 000,000,000 | ---- | M] () -- C:\Users\User\defogger_reenable
[2013.01.11 22:48:28 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.11 22:48:28 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.11 22:48:28 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.11 22:48:28 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.11 22:48:28 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.11 22:44:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.11 22:44:24 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.11 20:33:39 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2013.01.11 19:59:30 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.10 20:03:37 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.10 19:52:06 | 000,020,992 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.10 19:52:06 | 000,020,992 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.10 19:30:49 | 000,301,536 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.10 19:28:15 | 001,590,378 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.10 19:07:13 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.09 18:41:23 | 000,002,865 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013.01.09 18:41:23 | 000,001,047 | ---- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013.01.09 18:41:20 | 000,189,192 | ---- | M] (Корпорация Майкрософт) -- C:\Users\User\wgsdgsdgdsgsd.exe
[2013.01.08 20:25:06 | 000,151,757 | ---- | M] () -- C:\test.xml
[2013.01.05 20:04:56 | 000,001,039 | ---- | M] () -- C:\Users\User\Bilder - Verknüpfung.lnk
[2012.12.15 20:08:32 | 000,002,378 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.11 22:51:17 | 000,000,000 | ---- | C] () -- C:\Users\User\defogger_reenable
[2013.01.09 18:41:23 | 000,002,865 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013.01.09 18:41:23 | 000,001,047 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013.01.09 18:41:20 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2013.01.05 20:04:56 | 000,001,039 | ---- | C] () -- C:\Users\User\Bilder - Verknüpfung.lnk
[2012.12.23 10:39:20 | 000,012,544 | ---- | C] () -- C:\Windows\SysWow64\CNC173BD.TBL
[2012.12.23 10:39:20 | 000,012,544 | ---- | C] () -- C:\Windows\SysNative\CNC173BD.TBL
[2011.03.30 02:46:48 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.03.30 02:46:47 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.03.30 02:46:46 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.02.11 00:03:27 | 001,590,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.11.10 19:20:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Babylon
[2012.11.10 19:21:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BabylonToolbar
[2012.11.10 19:20:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DefaultTab
[2012.11.03 15:03:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Geändert von smtraxx (11.01.2013 um 23:21 Uhr) Grund: Einträge korrigiert

Alt 11.01.2013, 23:14   #2
smtraxx
 
GVU Trojaner mit Webcam; Win7 - Standard

GVU Trojaner mit Webcam; Win7



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 11.01.2013 22:52:05 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Desktop\Systemrettung\2
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,95 Gb Total Physical Memory | 3,39 Gb Available Physical Memory | 85,87% Memory free
7,90 Gb Paging File | 7,38 Gb Available in Paging File | 93,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,16 Gb Total Space | 405,71 Gb Free Space | 89,73% Space Free | Partition Type: NTFS
Drive E: | 14,90 Gb Total Space | 14,84 Gb Free Space | 99,61% Space Free | Partition Type: FAT32
 
Computer Name: USER-VAIO | User Name: User | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4D0B2539-1EA0-464F-9E30-6AE3461A5B59}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{DF35BF33-5E3B-4C1F-843B-381BBF392242}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{181EC9FC-6251-4107-8DEC-9D432CEC94E7}" = protocol=17 | dir=in | app=c:\program files\sony\vaio care\vcagent.exe | 
"{3C914312-D79F-42E3-9B8C-4A4C7B3E8491}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{40BC268B-776E-4BDB-90A1-7433626D1E8C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{4573D055-4867-4500-A9E8-40DBEEDBDCFA}" = protocol=17 | dir=in | app=c:\program files\sony\vaio care\selfhealupdate.exe | 
"{583CBDF4-5EC3-49DA-843B-6F0D3ACEF72D}" = protocol=6 | dir=in | app=c:\program files\sony\vaio care\vcagent.exe | 
"{8E6A2809-11DA-4C69-848E-74E31121029C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{9480A35A-099D-46F7-A732-FF9A5C3E8125}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{A3A485C8-1FED-4888-B370-A022AB19010D}" = protocol=6 | dir=in | app=c:\program files\sony\vaio care\vaiocaremain.exe | 
"{D895E1D7-1F83-49AB-9DAB-7E9E6EFDA870}" = protocol=6 | dir=in | app=c:\program files\sony\vaio care\selfhealupdate.exe | 
"{E957ED82-0666-4D8B-A656-FCF01E0EC840}" = protocol=17 | dir=in | app=c:\program files\sony\vaio care\vaiocaremain.exe | 
"{EE2A43E5-EF3D-4E5A-89A6-BF52353C5168}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F379B8FB-7C26-48C4-82CD-8957AF57F43A}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{115B60D5-BBDB-490E-AF2E-064D37A3CE01}" = Media Gallery
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series" = Canon MP270 series MP Drivers
"{133D3F07-D558-46CE-80E8-F4D75DBBAD63}" = PMB VAIO Edition Plug-in
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{312395BC-7CC2-434C-A660-30250276A926}" = SSLx64
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{4EFA8109-732B-4026-9F0C-B70ECF3F9293}" = Windows Live Remote Service Resources
"{4F31AC31-0A28-4F5A-8416-513972DA1F79}" = Sony Corporation
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{75C95C84-264F-4CC7-8A7E-346444E6C7C1}" = VAIO Improvement Validation
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{9F672527-2BE4-47AB-B061-C057BDE30B30}" = Windows Live Remote Client Resources
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D55EAC07-7207-44BD-B524-0F063F327743}" = VIx64
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{F1DC5C16-9B1F-467B-85E3-CB48C27AC50D}" = VESx64
"{F2611404-06BF-4E67-A5B7-8DB2FFC1CBF6}" = VSNx64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{046885A1-B4AE-4459-A0D1-8C93706698D6}" = 
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{07441A52-E208-478A-92B7-5C337CA8C131}" = VAIO - Remote Play mit PlayStation®3
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08D7BC86-7358-464C-8AD0-0D84B5F0A0C9}" = Remote Keyboard
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{09B7C7EB-3140-4B5E-842F-9C79A7137139}" = Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1B0545C4-620F-4661-A369-C4D113F24932}" = Windows Live Writer Resources
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{2303F9E7-6293-4A85-BC21-CA226FAD5CE4}" = Windows Live Mail
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{260E3D78-94E6-47EC-8E29-46301572BB1E}" = Control ActiveX Windows Live Mesh pentru conexiuni la distanță
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{270380EB-8812-42E1-8289-53700DB840D2}" = PMB VAIO Edition Plug-in
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2C8FBAB0-4564-47B8-AC4B-9C7401B94BF2}" = Основи Windows Live
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger
"{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.1
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}" = PMB VAIO Edition Guide
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3A26D9BD-0F73-432D-B522-2BA18138F7EF}" = VAIO Improvement
"{3A94F54D-A8A4-4B82-B346-92B4D56A2708}" = VESx86
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}" = Windows Live Meshin etäyhteyksien ActiveX-komponentti
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5A92468F-3ED8-4F96-A9E1-4F176C80EC29}" = VAIO Quick Web Access
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{5FA51AAF-23FE-42F4-A724-D79F85F41D4B}" = Remote Play with PlayStation 3
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{61438020-DDD4-42FA-99A2-50225441980A}" = ArcSoft Magic-i Visual Effects 2
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63C43435-F428-42BA-8E7B-5848749D9262}" = SSLx86
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6AC57EEF-2733-4DE6-81BB-E78ACB964C22}" = Windows Live Photo Common
"{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{70991E0A-1108-437E-BA7D-085702C670C0}" = 
"{70EED410-697B-4193-A2CB-2F790F82B420}" = VAIO Data Restore Tool
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}" = VAIO - Remote-Tastatur 
"{73D8886A-D416-4687-B609-0D3836BA410C}" = VAIO Event Service
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{80651674-74AA-4155-AF2D-1339E628D187}" = Windows Live Movie Maker
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" = 
"{8356CB97-A48F-44CB-837A-A12838DC4669}" = PMB VAIO Edition Plug-in
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" = 
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{91989CE7-EE83-4A53-8E06-D97887928119}" = VAIO Care
"{91BD94FE-ADCA-49CC-BE96-97D4BBC36FAF}" = Windows Live Mesh
"{92280FD3-A119-41E6-A740-A62DBA4DFB53}" = Windows Live UX Platform Language Pack
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{9B088046-8A01-4355-99DD-8530C022F682}" = VCCx86
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{B8991D99-88FD-41F2-8C32-DB70278D5C30}" = VWSTx86
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C115A674-A398-49E5-9C6E-C0A541D3EA10}" = Фотоколекція Windows Live
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO-Handbuch
"{C72E35E5-C5C6-4328-AD9A-BBCCC816A2E6}" = VAIO Hardware Diagnostics
"{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}" = ArcSoft WebCam Companion 4
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D17C2A58-E0EA-4DD7-A2D6-C448FD25B6F6}" = VIx86
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D57A002F-2B34-4E7B-A58B-0A4FBDA2E93F}" = Windows Live Messenger
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}" = Babylon Chrome Toolbar
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F28C98E9-BAC1-41FF-81F2-8885925CCB48}" = Windows Live Writer
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FA870BF1-44A1-4B7D-93E1-C101369AF0C1}" = VAIO - Media Gallery
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = GMX Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar IE8" = GMX MailCheck für Internet Explorer
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar 
"DealPly" = DealPly
"DefaultTab" = DefaultTab
"DefaultTab Chrome" = DefaultTab Chrome
"Google Chrome" = Google Chrome
"InstallShield_{270380EB-8812-42E1-8289-53700DB840D2}" = VAIO - PMB VAIO Edition Plug-in
"InstallShield_{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}" = VAIO - PMB VAIO Edition Guide
"QuickTime" = QuickTime
"splashtop" = VAIO Quick Web Access
"VAIO Help and Support" = 
"VAIO Hero Screensaver - Summer 2011 Screensaver" = VAIO Hero Screensaver - Summer 2011 Screensaver
"Vittalia" = Vittalia Installer
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.12.2012 06:24:57 | Computer Name = User-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16455,
 Zeitstempel: 0x507284ba  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x05e300c4  ID des fehlerhaften
 Prozesses: 0xe7c  Startzeit der fehlerhaften Anwendung: 0x01cdd5f6ce11020a  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: ad59f79a-41ea-11e2-8e0b-78843cdfb46c
 
Error - 09.12.2012 13:23:58 | Computer Name = User-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DefaultTabSearch.exe, Version: 0.0.0.0,
 Zeitstempel: 0x509b4379  Name des fehlerhaften Moduls: DefaultTabSearch.exe, Version:
 0.0.0.0, Zeitstempel: 0x509b4379  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00002c90
ID
 des fehlerhaften Prozesses: 0xa50  Startzeit der fehlerhaften Anwendung: 0x01cdd631f008673a
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
Berichtskennung:
 36b0832b-4225-11e2-95b1-78843cdfb46c
 
Error - 09.12.2012 13:25:13 | Computer Name = User-VAIO | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.12.2012 13:27:26 | Computer Name = User-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16455,
 Zeitstempel: 0x507284ba  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0xefb99090  ID des fehlerhaften
 Prozesses: 0x117c  Startzeit der fehlerhaften Anwendung: 0x01cdd63243b0c384  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: b294a1ee-4225-11e2-95b1-78843cdfb46c
 
Error - 11.12.2012 06:18:47 | Computer Name = User-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DefaultTabSearch.exe, Version: 0.0.0.0,
 Zeitstempel: 0x509b4379  Name des fehlerhaften Moduls: DefaultTabSearch.exe, Version:
 0.0.0.0, Zeitstempel: 0x509b4379  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00002c90
ID
 des fehlerhaften Prozesses: 0x9ec  Startzeit der fehlerhaften Anwendung: 0x01cdd788dee41e98
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
Berichtskennung:
 25ff7877-437c-11e2-90e9-78843cdfb46c
 
Error - 11.12.2012 06:20:03 | Computer Name = User-VAIO | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.12.2012 13:42:40 | Computer Name = User-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DefaultTabSearch.exe, Version: 0.0.0.0,
 Zeitstempel: 0x509b4379  Name des fehlerhaften Moduls: DefaultTabSearch.exe, Version:
 0.0.0.0, Zeitstempel: 0x509b4379  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00002c90
ID
 des fehlerhaften Prozesses: 0xa54  Startzeit der fehlerhaften Anwendung: 0x01cdd7c6e1e51882
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
Berichtskennung:
 28909f98-43ba-11e2-90ec-78843cdfb46c
 
Error - 11.12.2012 13:44:00 | Computer Name = User-VAIO | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.12.2012 13:50:31 | Computer Name = User-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DefaultTabSearch.exe, Version: 0.0.0.0,
 Zeitstempel: 0x509b4379  Name des fehlerhaften Moduls: DefaultTabSearch.exe, Version:
 0.0.0.0, Zeitstempel: 0x509b4379  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00002c90
ID
 des fehlerhaften Prozesses: 0xa5c  Startzeit der fehlerhaften Anwendung: 0x01cdd7c7fa473c13
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
Berichtskennung:
 40ec59d3-43bb-11e2-8e31-78843cdfb46c
 
Error - 11.12.2012 13:51:48 | Computer Name = User-VAIO | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 06.01.2013 14:33:58 | Computer Name = User-VAIO | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 06.01.2013 14:34:27 | Computer Name = User-VAIO | Source = Service Control Manager | ID = 7034
Description = Dienst "DefaultTabSearch" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 08.01.2013 14:19:37 | Computer Name = User-VAIO | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 08.01.2013 14:20:08 | Computer Name = User-VAIO | Source = Service Control Manager | ID = 7034
Description = Dienst "DefaultTabSearch" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 09.01.2013 12:57:40 | Computer Name = User-VAIO | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 09.01.2013 12:58:13 | Computer Name = User-VAIO | Source = Service Control Manager | ID = 7034
Description = Dienst "DefaultTabSearch" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 09.01.2013 13:42:30 | Computer Name = User-VAIO | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 09.01.2013 13:44:12 | Computer Name = User-VAIO | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 09.01.2013 13:45:33 | Computer Name = User-VAIO | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 09.01.2013 13:46:48 | Computer Name = User-VAIO | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
 
< End of report >
         
--- --- ---


Die Logfiles wurden im abgesicherten Modus erstellt !!!
__________________


Alt 11.01.2013, 23:31   #3
smtraxx
 
GVU Trojaner mit Webcam; Win7 - Standard

GVU Trojaner mit Webcam; Win7



Die GMER Datei hat 1,3MB und zu viele Zeichen... Kann sie nicht einfügen...



---- Registry - GMER 2.0 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90004eceddd4
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90004ecfa780
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90004eceddd4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90004ecfa780 (not active ControlSet)

GMER 2.0.18444 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-01-11 23:27:51
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB4O 465,76GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\User\AppData\Local\Temp\kxliapob.sys


---- System - GMER 2.0 ----

SSDT ZwAcceptConnectPort fffff8000238eb50 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAccessCheck fffff8000209c204 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwAccessCheckAndAuditAlarm fffff800023ba6a0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAccessCheckByType fffff800020b5244 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwAccessCheckByTypeAndAuditAlarm fffff80002375d2c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAccessCheckByTypeResultList fffff800021f1160 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwAccessCheckByTypeResultListAndAuditAlarm fffff800024ff3c0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAccessCheckByTypeResultListAndAuditAlarmByHandle fffff800024ff300 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAddAtom fffff8000232b20c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAddBootEntry fffff8000251be90 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAddDriverEntry fffff8000251bbf0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAdjustGroupsToken fffff80002354f5c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAdjustPrivilegesToken fffff80002389ab8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlertResumeThread fffff80002500ee0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlertThread fffff800023be368 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAllocateLocallyUniqueId fffff8000236beb8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAllocateReserveObject fffff800024b7e80 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAllocateUserPhysicalPages fffff8000252f2e0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAllocateUuids fffff80002327b10 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAllocateVirtualMemory fffff800023ce2f0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlpcAcceptConnectPort fffff800023b3d10 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlpcCancelMessage fffff8000233cb0c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlpcConnectPort fffff800023b8be0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlpcCreatePort fffff800023bea30 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlpcCreatePortSection fffff80002371924 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlpcCreateResourceReserve fffff800023bee74 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlpcCreateSectionView fffff80002370b90 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlpcCreateSecurityContext fffff800023756ac \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlpcDeletePortSection fffff80002368c6c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlpcDeleteResourceReserve fffff800024a9130 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlpcDeleteSectionView fffff8000238e070 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlpcDeleteSecurityContext fffff80002375878 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlpcDisconnectPort fffff8000238daf8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlpcImpersonateClientOfPort fffff800023aa130 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlpcOpenSenderProcess fffff800023b992c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlpcOpenSenderThread fffff80002390f90 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlpcQueryInformation fffff80002365e30 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlpcQueryInformationMessage fffff800023a9c90 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlpcRevokeSecurityContext fffff800024a8fb0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlpcSendWaitReceivePort fffff800023e3da0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlpcSetInformation fffff800023bdaa4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwApphelpCacheControl fffff800023b7040 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAreMappedFilesTheSame fffff80002327840 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAssignProcessToJobObject fffff8000238c554 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCallbackReturn fffff800020d2b00 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwCancelIoFile fffff800024ecc30 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCancelIoFileEx fffff800023f9750 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCancelSynchronousIoFile fffff80002501cd0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCancelTimer fffff8000208abac \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwClearEvent fffff800023c0b90 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwClose fffff800023ce170 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCloseObjectAuditAlarm fffff800023ad20c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCommitComplete fffff800025032d0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCommitEnlistment fffff80002529e60 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCommitTransaction fffff80002362ee0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCompactKeys fffff80002506d50 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCompareTokens fffff8000239bc8c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCompleteConnectPort fffff8000235f6a0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCompressKey fffff800025580a0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwConnectPort fffff80002382b90 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwContinue fffff800020dca40 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwCreateDebugObject fffff800024b7c00 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateDirectoryObject fffff8000236b8f0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateEnlistment fffff8000235b9d0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateEvent fffff8000239c3c0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateEventPair fffff800024b7d80 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateFile fffff800023deadc \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateIoCompletion fffff800023b9334 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateJobObject fffff800024b8500 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateJobSet fffff800024fd1b0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateKey fffff800023888f8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateKeyTransacted fffff8000235e56c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateKeyedEvent fffff80002387a14 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateMailslotFile fffff80002349070 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateMutant fffff8000237af94 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateNamedPipeFile fffff800023967c0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreatePagingFile fffff80002542070 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreatePort fffff80002390f34 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreatePrivateNamespace fffff800023468c0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateProcess fffff8000254ae60 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateProcessEx fffff8000254add0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateProfile fffff800024ff1c0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateProfileEx fffff800024ff290 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateResourceManager fffff8000235f898 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateSection fffff800023b1f80 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateSemaphore fffff8000237b490 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateSymbolicLinkObject fffff8000236bf40 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateThread fffff800024b89d0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateThreadEx fffff800023c6750 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateTimer fffff80002369170 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateToken fffff8000236ae94 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateTransaction fffff80002358c3c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateTransactionManager fffff8000235ec8c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateUserProcess fffff8000237fe90 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateWaitablePort fffff800024f8bc0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateWorkerFactory fffff800023b943c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwDebugActiveProcess fffff80002528050 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwDebugContinue fffff800024ff9f0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwDelayExecution fffff800023cd020 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwDeleteAtom fffff80002511d60 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwDeleteBootEntry fffff800024cae00 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwDeleteDriverEntry fffff800024ca8e0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwDeleteFile fffff800023326c0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwDeleteKey fffff80002355e44 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwDeleteObjectAuditAlarm fffff800024fe530 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwDeletePrivateNamespace fffff800023f63f0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwDeleteValueKey fffff8000235478c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwDeviceIoControlFile fffff800023f1e90 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwDisableLastKnownGood fffff800024a8d20 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwDisplayString fffff800025316f0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwDrawText fffff800021f85f0 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwDuplicateObject fffff800023b01f0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwDuplicateToken fffff8000237ac68 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwEnableLastKnownGood fffff800024f55d0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwEnumerateBootEntries fffff80002537220 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwEnumerateDriverEntries fffff80002536800 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwEnumerateKey fffff8000238cee0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwEnumerateSystemEnvironmentValuesEx fffff800025377e0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwEnumerateTransactionObject fffff800024fcc60 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwEnumerateValueKey fffff800023b6d60 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwExtendSection fffff80002509ad0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwFilterToken fffff800023f9ae0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwFindAtom fffff800023c9190 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwFlushBuffersFile fffff80002373880 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwFlushInstallUILanguage fffff8000250d500 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwFlushInstructionCache fffff800023464cc \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwFlushKey fffff80002374830 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwFlushProcessWriteBuffers fffff800020774bc \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwFlushVirtualMemory fffff80002339d30 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwFlushWriteBuffer fffff80002446d70 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwFreeUserPhysicalPages fffff800025039c0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwFreeVirtualMemory fffff800020c7200 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwFreezeRegistry fffff800021d3000 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwFreezeTransactions fffff80002500df0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwFsControlFile fffff800023b0e4c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwGetContextThread fffff80002328544 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwGetCurrentProcessorNumber fffff80002364e8c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwGetDevicePowerState fffff800024fbc10 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwGetMUIRegistryInfo fffff80002387828 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwGetNextProcess fffff8000250a100 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwGetNextThread fffff80002509e10 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwGetNlsSectionPtr fffff80002508d50 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwGetNotificationResourceManager fffff80002500c70 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwGetPlugPlayEvent fffff8000233fcc4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwGetWriteWatch fffff800020774cc \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwImpersonateAnonymousToken fffff80002369358 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwImpersonateClientOfPort fffff800025173e0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwImpersonateThread fffff8000237b830 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwInitializeNlsFiles fffff8000237c36c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwInitializeRegistry fffff80002331680 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwInitiatePowerAction fffff80002522fa0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwIsProcessInJob fffff800024eddf0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwIsSystemResumeAutomatic fffff80002445540 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwIsUILanguageComitted fffff80002395504 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwListenPort fffff80002507110 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwLoadDriver fffff800025533a0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwLoadKey fffff800023531e0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwLoadKey2 fffff80002558850 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwLoadKeyEx fffff80002352200 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwLockFile fffff800023497d0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwLockProductActivationKeys fffff800024ee8f0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwLockRegistryKey fffff80002506440 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwLockVirtualMemory fffff800021ed510 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwMakePermanentObject fffff8000250f730 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwMakeTemporaryObject fffff8000236dcb0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwMapCMFModule fffff8000237d790 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwMapUserPhysicalPages fffff800024e92d0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwMapUserPhysicalPagesScatter fffff800024e8ac0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwMapViewOfSection fffff800023f00e0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwModifyBootEntry fffff8000251be60 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwModifyDriverEntry fffff8000251bbc0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwNotifyChangeDirectoryFile fffff8000233abbc \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwNotifyChangeKey fffff8000238a8c0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwNotifyChangeMultipleKeys fffff8000238a000 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwNotifyChangeSession fffff80002501910 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenDirectoryObject fffff800023f0ff4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenEnlistment fffff800024f9cf0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenEvent fffff800023b8444 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenEventPair fffff800024bfbf0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenFile fffff800023bf6dc \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenIoCompletion fffff800024bf870 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenJobObject fffff800024bfd60 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenKey fffff800023b0ee0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenKeyEx fffff800023a8250 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenKeyTransacted fffff800024fd700 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenKeyTransactedEx fffff8000235e990 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenKeyedEvent fffff800024bfb40 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenMutant fffff800023f0504 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenObjectAuditAlarm fffff800024fe640 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenPrivateNamespace fffff8000236cfb0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenProcess fffff800023a98c0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenProcessToken fffff8000237b0c4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenProcessTokenEx fffff800023b2210 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenResourceManager fffff800023f9058 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenSection fffff800023f0480 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenSemaphore fffff8000233c910 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenSession fffff800024bf7e0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenSymbolicLinkObject fffff8000237b1ac \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenThread fffff800023c8d60 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenThreadToken fffff800023aa904 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenThreadTokenEx fffff800023aa360 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenTimer fffff800024bfcb0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenTransaction fffff800024f9a50 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenTransactionManager fffff800024fc940 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwPlugPlayControl fffff8000239b0a0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwPowerInformation fffff8000239162c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwPrePrepareComplete fffff80002503430 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwPrePrepareEnlistment fffff80002529f10 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwPrepareComplete fffff800025034e0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwPrepareEnlistment fffff80002529fc0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwPrivilegeCheck fffff8000236e1a4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwPrivilegeObjectAuditAlarm fffff800024fee30 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwPrivilegedServiceAuditAlarm fffff8000233f114 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwPropagationComplete fffff80002530440 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwPropagationFailed fffff80002501460 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwProtectVirtualMemory fffff800023ef220 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwPulseEvent fffff80002339b80 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryAttributesFile fffff800023b23f0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryBootEntryOrder fffff80002536f80 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryBootOptions fffff800024caae0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryDebugFilterState fffff800021151b0 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwQueryDefaultLocale fffff80002382da0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryDefaultUILanguage fffff800024852b0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryDirectoryFile fffff800023bfdb0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryDirectoryObject fffff800023f0a44 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryDriverEntryOrder fffff80002536ce0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryEaFile fffff8000253f340 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryEvent fffff8000236e3e8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryFullAttributesFile fffff80002366d70 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryInformationAtom fffff800024cc840 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryInformationEnlistment fffff800024f7fb0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryInformationFile fffff800023b4950 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryInformationJobObject fffff80002519570 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryInformationPort fffff800024a8c50 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryInformationProcess fffff800023e7af0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryInformationResourceManager fffff800024f7680 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryInformationThread fffff800023c4044 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryInformationToken fffff8000239cb20 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryInformationTransaction fffff800024f78f0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryInformationTransactionManager fffff800023f8bc4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryInformationWorkerFactory fffff800021ef850 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwQueryInstallUILanguage fffff800023939bc \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryIntervalProfile fffff80002456f70 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryIoCompletion fffff800024ecf30 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryKey fffff800023a68a0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryLicenseValue fffff800023bb528 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryMultipleValueKey fffff800023894c8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryMutant fffff800024ed4b0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryObject fffff800023b7b30 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryOpenSubKeys fffff80002524d30 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryOpenSubKeysEx fffff80002524940 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryPerformanceCounter fffff80002385900 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryPortInformationProcess fffff800024452d0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryQuotaInformationFile fffff8000253e650 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQuerySection fffff800023f34b0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQuerySecurityAttributesToken fffff8000239aea0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQuerySecurityObject fffff80002369480 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQuerySemaphore fffff800024ed660 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQuerySymbolicLinkObject fffff8000237fc6c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQuerySystemEnvironmentValue fffff8000251c230 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQuerySystemEnvironmentValueEx fffff80002540850 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQuerySystemInformation fffff800023e0fdc \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQuerySystemInformationEx fffff800023b9294 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQuerySystemTime fffff800024e8ac0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryTimer fffff800024ed340 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryTimerResolution fffff8000233b1c4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryValueKey fffff800023a7a90 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryVirtualMemory fffff800023b0f00 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryVolumeInformationFile fffff800023eb6a0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueueApcThread fffff800023bb4fc \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueueApcThreadEx fffff800023bb3c0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwRaiseException fffff800020dcc80 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwRaiseHardError fffff80002509100 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwReadFile fffff800023c0080 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwReadFileScatter fffff8000233d070 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwReadOnlyEnlistment fffff80002503380 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwReadRequestData fffff8000253e5d0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwReadVirtualMemory fffff8000237bb10 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwRecoverEnlistment fffff80002528eb0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwRecoverResourceManager fffff8000235c488 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwRecoverTransactionManager fffff8000235c068 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwRegisterProtocolAddressInformation fffff80002530550 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwRegisterThreadTerminatePort fffff800024edee0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwReleaseKeyedEvent fffff800023bde34 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwReleaseMutant fffff800023cca44 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwReleaseSemaphore fffff8000238a99c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwReleaseWorkerFactoryWorker fffff800020c67bc \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwRemoveIoCompletion fffff80002391480 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwRemoveIoCompletionEx fffff800023734a8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwRemoveProcessDebug fffff800024ed1d0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwRenameKey fffff8000252b2a0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwRenameTransactionManager fffff800025193a0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwReplaceKey fffff80002557960 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwReplacePartitionUnit fffff800021fe1d0 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwReplyPort fffff800024b88a0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwReplyWaitReceivePort fffff800023ea6a4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwReplyWaitReceivePortEx fffff800023ea6c0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwReplyWaitReplyPort fffff800024c8b30 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwRequestPort fffff800023c8f10 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwRequestWaitReplyPort fffff800023ea0a0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwResetEvent fffff800024ed820 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwResetWriteWatch fffff80002077064 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwRestoreKey fffff80002557c40 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwResumeProcess fffff800025263c0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwResumeThread fffff800023c77e0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwRollbackComplete fffff80002501500 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwRollbackEnlistment fffff80002522200 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwRollbackTransaction fffff80002528550 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwRollforwardTransactionManager fffff8000252a070 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSaveKey fffff80002555bb0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSaveKeyEx fffff80002555900 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSaveMergedKeys fffff80002555730 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSecureConnectPort fffff80002380ff0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSerializeBoot fffff800024aca70 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetBootEntryOrder fffff8000251bc20 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetBootOptions fffff800024ccea0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetContextThread fffff80002328210 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetDebugFilterState fffff800024a8e20 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetDefaultHardErrorPort fffff800024acfb0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetDefaultLocale fffff80002485330 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetDefaultUILanguage fffff80002486a10 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetDriverEntryOrder fffff8000251b980 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetEaFile fffff8000253eec0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetEvent fffff800023bf610 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetEventBoostPriority fffff800024ed7a0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetHighEventPair fffff80002500800 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetHighWaitLowEventPair fffff80002500fb0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetInformationDebugObject fffff800024fd530 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetInformationEnlistment fffff800024fcf00 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetInformationFile fffff800023b52a0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetInformationJobObject fffff80002525050 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetInformationKey fffff8000237665c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetInformationObject fffff80002370aec \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetInformationProcess fffff800023c4bc0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetInformationResourceManager fffff80002530120 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetInformationThread fffff8000239fcd0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetInformationToken fffff800023698f0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetInformationTransaction fffff800025318c0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetInformationTransactionManager fffff80002519300 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetInformationWorkerFactory fffff800020c9b30 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwSetIntervalProfile fffff80002482950 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetIoCompletion fffff80002366ca0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetIoCompletionEx fffff800024ecdf0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetLdtEntries fffff80002164b30 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwSetLowEventPair fffff80002500870 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetLowWaitHighEventPair fffff80002501030 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetQuotaInformationFile fffff80002540f70 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetSecurityObject fffff800023706b0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetSystemEnvironmentValue fffff8000251bec0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetSystemEnvironmentValueEx fffff80002540530 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetSystemInformation fffff8000254e050 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetSystemPowerState fffff80002323390 \SystemRoot\system32\ntoskrnl.exe [PAGELK]
SSDT ZwSetSystemTime fffff800024f40d0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetThreadExecutionState fffff8000251e4b0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetTimer fffff800020c6dbc \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwSetTimerEx fffff8000208540c \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwSetTimerResolution fffff800024ff600 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetUuidSeed fffff8000252fd60 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetValueKey fffff80002388934 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetVolumeInformationFile fffff800023f87b0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwShutdownSystem fffff80002559c60 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwShutdownWorkerFactory fffff8000238b65c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSignalAndWaitForSingleObject fffff800021ea220 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwSinglePhaseReject fffff80002529db0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwStartProfile fffff80002538930 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwStopProfile fffff800025041c0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSuspendProcess fffff80002527a90 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSuspendThread fffff80002328384 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSystemDebugControl fffff80002366744 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwTerminateJobObject fffff80002335540 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwTerminateProcess fffff8000238de10 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwTerminateThread fffff800023acb00 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwTestAlert fffff800023c8d90 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwThawRegistry fffff800021d3290 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwThawTransactions fffff800024ae420 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwTraceControl fffff8000237a200 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwTraceEvent fffff800020bf9c4 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwTranslateFilePath fffff800024fe220 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwUmsThreadYield fffff8000245f1e0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwUnloadDriver fffff800024c0c20 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwUnloadKey fffff80002361800 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwUnloadKey2 fffff80002359af0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwUnloadKeyEx fffff80002529590 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwUnlockFile fffff80002349430 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwUnlockVirtualMemory fffff800021e9750 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwUnmapViewOfSection fffff800023ee1c4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwVdmControl fffff8000253d890 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwWaitForDebugEvent fffff80002511230 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwWaitForKeyedEvent fffff800023be0d0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwWaitForMultipleObjects fffff800023cd5a8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwWaitForMultipleObjects32 fffff800023fa720 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwWaitForSingleObject fffff800023ccf00 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwWaitForWorkViaWorkerFactory fffff800020c5fb0 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwWaitHighEventPair fffff800024f7460 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwWaitLowEventPair fffff800024f74f0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwWorkerFactoryWorkerReady fffff800020ce4a0 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwWriteFile fffff800023e9080 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwWriteFileGather fffff80002530d90 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwWriteRequestData fffff8000253e550 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwWriteVirtualMemory fffff8000237b9a4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwYieldExecution fffff800020a9358 \SystemRoot\system32\ntoskrnl.exe [.text]

---- User code sections - GMER 2.0 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1236] C:\Windows\system32\OLEAUT32.dll!OleCreatePropertyFrameIndirect 000007feffb24ed0 9 bytes [68, 78, 03, 6C, 03, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[1236] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheetW 000007fefc8f5c54 7 bytes [68, 08, 03, 6C, 03, C3, CC]
.text C:\Program Files\Internet Explorer\iexplore.exe[1236] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheet 000007fefc8f5c64 9 bytes [68, 40, 03, 6C, 03, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[1236] C:\Windows\system32\comdlg32.dll!PageSetupDlgW 000007feff7717a0 9 bytes [68, B0, 03, 6C, 03, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtdllDefWindowProc_A 0000000077a3f548 7 bytes JMP 0000000103420570
.text C:\Program Files\Internet Explorer\iexplore.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtdllDefWindowProc_W 0000000077a4b0ac 7 bytes JMP 00000001034205a8
.text C:\Program Files\Internet Explorer\iexplore.exe[1940] C:\Windows\system32\kernel32.dll!CreateThread 0000000077816580 9 bytes JMP 00000001034204c8
.text C:\Program Files\Internet Explorer\iexplore.exe[1940] C:\Windows\system32\ole32.dll!OleLoadFromStream 000007feff6875f0 7 bytes [68, E0, 05, 42, 03, C3, CC]
.text C:\Program Files\Internet Explorer\iexplore.exe[1940] C:\Windows\system32\OLEAUT32.dll!VariantClear 000007feffac1180 10 bytes [68, C0, 06, 42, 03, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[1940] C:\Windows\system32\OLEAUT32.dll!SysFreeString 000007feffac1320 7 bytes [68, 50, 06, 42, 03, C3, CC]
.text C:\Program Files\Internet Explorer\iexplore.exe[1940] C:\Windows\system32\OLEAUT32.dll!SysAllocStringByteLen 000007feffac4450 6 bytes [68, 18, 06, 42, 03, C3]
.text C:\Program Files\Internet Explorer\iexplore.exe[1940] C:\Windows\system32\OLEAUT32.dll!VariantChangeType 000007feffac6720 10 bytes [68, 88, 06, 42, 03, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[1940] C:\Windows\system32\OLEAUT32.dll!OleCreatePropertyFrameIndirect 000007feffb24ed0 9 bytes [68, 78, 03, 42, 03, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[1940] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheetW 000007fefc8f5c54 7 bytes [68, 08, 03, 42, 03, C3, CC]
.text C:\Program Files\Internet Explorer\iexplore.exe[1940] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheet 000007fefc8f5c64 9 bytes [68, 40, 03, 42, 03, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[1940] C:\Windows\system32\comdlg32.dll!PageSetupDlgW 000007feff7717a0 9 bytes [68, B0, 03, 42, 03, C3, CC, ...]
__________________

Antwort

Themen zu GVU Trojaner mit Webcam; Win7
100 euro, 100 euro zahlen, 48 stunden, abgesichert, avira searchfree toolbar, babylontoolbar, bingbar, browser manager, canon, dealply, entsperrt, erschein, erscheint, euro, gesperrt, gvu trojaner, gvu trojaner mit webcam, gvu trojaner ukash win7, hochfahren, origin, plug-in, sperre, stunde, stunden, troja, trojaner, webcam, win, win7, würde, zahlen




Ähnliche Themen: GVU Trojaner mit Webcam; Win7


  1. Win7 friert immer bei Webcam benutzung ein
    Log-Analyse und Auswertung - 22.09.2014 (10)
  2. Win7-32bit: (GVU?) Trojaner inkl. Foto via WebCam
    Plagegeister aller Art und deren Bekämpfung - 16.10.2013 (7)
  3. Win7 mit Trojaner inkl. Webcam, kein abgesicherter Modus möglich
    Log-Analyse und Auswertung - 16.09.2013 (3)
  4. Win7 GVU/BKA Trojaner / webcam bild / abgesicherter Modus läuft nicht /
    Log-Analyse und Auswertung - 28.07.2013 (18)
  5. GVU Trojaner hat Windows 7 gesperrt - Webcam - paysafecard oder ukash - Trojaner-Board
    Plagegeister aller Art und deren Bekämpfung - 26.06.2013 (3)
  6. GVU-Trojaner mit Webcam Bild auf WIN7 64Bit
    Plagegeister aller Art und deren Bekämpfung - 15.05.2013 (10)
  7. GVU Trojaner mit Webcam unter Win7 64-Bit
    Plagegeister aller Art und deren Bekämpfung - 24.02.2013 (4)
  8. GVU-Trojaner mit Webcam (Win7)
    Plagegeister aller Art und deren Bekämpfung - 17.02.2013 (11)
  9. GVU Trojaner mit Webcam Win7 Trojan.Ransom.FGen
    Plagegeister aller Art und deren Bekämpfung - 24.12.2012 (30)
  10. GVU-Virus mit Webcam/Win7/Laie
    Log-Analyse und Auswertung - 25.10.2012 (15)
  11. Polizei Virus Östrreich mit webcam, Win7 64bit
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (10)
  12. Win7 home pre 64bit mit gvu trojaner mit webcam
    Log-Analyse und Auswertung - 31.07.2012 (4)
  13. GVU Trojamer mit Webcam - Win7 64bit
    Plagegeister aller Art und deren Bekämpfung - 27.07.2012 (22)
  14. GVU Bundestrojaner mit Webcam - Win7
    Log-Analyse und Auswertung - 20.07.2012 (17)
  15. GVU Trojaner mit Webcam Win7
    Log-Analyse und Auswertung - 13.07.2012 (7)
  16. GVU Trojaner Webcam
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (1)
  17. GVU Tjojaner mit Webcam-Fenster (Win7)
    Plagegeister aller Art und deren Bekämpfung - 28.06.2012 (5)

Zum Thema GVU Trojaner mit Webcam; Win7 - Hallo...Vor einigen stunden wurde mein pc mit der gvu-Meldung gesperrt, ich sollte in den nächsten 48 stunden 100 euro zahlen, sonst würde mein pc nicht wieder entsperrt werden. Die Webcam - GVU Trojaner mit Webcam; Win7...
Archiv
Du betrachtest: GVU Trojaner mit Webcam; Win7 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.