Hallo zusammen!

Ich hätte es euch liebend gern erspart, euch mit (m)einem Viren-Problem behelligen zu müssen. Aber mein Kaspersky Internet Security 11 hat kürzlich den Trojaner Trojan.Win32.FraudPack.bdud in der Datei sshnas21.dll auf meinem Rechner (unter users/***/AppData/Local/temp/sshnas21.dll) entdeckt und in die Quarantäne verschoben.

Inzwischen wird als Status "virenfrei" angezeigt und mir empfohlen, die Datei wiederherzustellen. Nachdem ich dies das erste Mal getan hatte, wurde der Trojaner wenig später wieder in der Datei entdeckt - jetzt liegt sie erneut in Quarantäne, obwohl der Status (nachdem desinfizieren nicht ging, sollte sie glaube ich gelöscht werden) wieder auf "virenfrei" geändert wurde.

Zudem wurde in teils alten Dateien, die auf meinem Rechner bzw. der externen Festplatte lagerten, die folgende Trojaner entdeckt (von der vorherigen Kaspersky-Version nicht aufgespürt):
Trojan.Win32.TDSS.bjff (in JB3MV2_PCWDRV_US_01_00.EXE und JB3MV2_PCWDRV_US_01_00.EXE//WISE0012.BIN), Backdoor.Win32.Psychward.dz (ET_Patch_2_60.exe - nicht ausgeführt), Packed.Win32.katusha.n.silent (in unlocker1.8.9.exe sowie den Dateien vj0.exe, vjz.exe, vj4.exe, vj3.exe, vj1.exe).

Bei den VJ-Dateien handelte es sich um einen vermeintlichen License-Key (ja, ich weiß: ) als exe-Datei, die ich vor anderthalb Wochen runtergeladen und ausgeführt habe ... Nachdem die Dateien immer wieder von allein im Tasmanager unter Prozesse auftauchten und immer größer wurden, habe ich sie via Kaspersky unter Quarantäne gestellt. Dort geschieht jedoch nichts, wenn ich mit "rechte Maustaste --> Prüfen" eine Überprüfung veranlassen will :-/

Im Schutz-Center von Kaspersky werden die Trojaner in den verschiedenen vj.exe-Dateien bei jedem Durchlauf immer wieder aufgeführt mit rotem Warnschild, konkret: Trojan.Win32.FraudPack.bdud (in Vjz.exe) sowie Packed.Win32.Katusha.o (in vj0.exe, vj4.exe, vj3.exe, vj2.exe, vj1.exe). Als Fundort wird jeweils users/***/AppData/Local/Temp/) angegeben.

Neben der Tatsache, dass Kaspersky die sshnas21.dll potentiell wieder herstellen will, warnt er mich permanent vor einem legalen Programm auf meinem Rechner, das von einem Angreifer benutzt werden kann, um den Computer oder die Benutzerdaten zu beschädigen (er meint anscheinend Adware not-a-virus:AdWare.Win32.NSIS.a - da im Bericht (s.u.) ebenfalls aufgeführte rtmpdump habe ich bereits wieder entfernt). Klicke ich auf den Knopf "Korrigieren", passiert nichts - außer ab und an der Rat, die ein oder andere "virenfreie" Datei aus der Quarantäne wiederherzustellen. Probleme mit dem automatischen Öffnen des IE, wie sie andere User bei sshnas21.dll-Befall hatten, sind nie aufgetreten.

Allerdings läuft an meinem Rechner (Core2Duo T7500@2.20 Ghz, 3 GB Ram mit Vista SP2) sehr häufig der Lüfter. Auch dann, wenn im Tasmanager nur eine CPU-Auslastung von unter 10 Prozent angezeigt wird. Dafür ist der physikalische Speicher auch dann zu 40 Prozent ausgelastet. Nach einer gewissen Zeit nach dem Hochfahren beruhigt sich der Rechner bisweilen wieder.

Das Kaspersky Removal Tool hat beim Durchlaufen mit den Voreinstellungen nichts gefunden. Mit Einstellungen Dokumente, Computer, etc. durchsuchen ist es irgendwann abgestürzt, ich habe es deinstalliert.

Kaspersky zeigt unter "erkannte Bedrohungen" keine "akuten Bedrohungen" (rotes Warnschild) mehr an, nur noch mehrere (s.o.) mit gelbem Warnschild (u.a. die vermeintlich virenfreie sshnas21.dll), die aber auch bei der Auswahl "aktive erkannte Bedrohungen". "Neutralisierte erkannte Bedrohungen" ist hingegen leer, obwohl die sshnas21.dll ja erkannt und bearbeitet wurde.

Habe inzwischen Malwarebytes (5 Funde) und RSIT durchlaufen lassen, deren Logs ich zusammen mit dem Kaspersky-Bericht in die folgenden Posts packe.

Wäre äußerst dankbar, wenn mir jemand sagen könnte, ...

1.) wie gefährlich die gefundenen Trojaner sind
2.) ob der Rechner noch immer befallen ist
3.) was bei einem weiter bestehenden Befall noch zu tun ist
4.) wie ich den Warnhinweis bei Kaspersky entfernen (Sicherheit ist durch ein legales Programm bedroht) und
5.) mit der sshnas21.dll-Datei und denvj-Dateien in Quarantäne verfahren soll?

Vielen Dank im Voraus!
Moriarty

Anbei zunächst das Mbam-Log:

##############################

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4412

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

10.08.2010 02:18:57
mbam-log-2010-08-10 (02-18-57).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 130059
Laufzeit: 7 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\INCG9WP8HQ (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Hier nun die Logs der Analyse mit RSIT, zunächst die log.txt:

#################################

RSIT Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Logfile of random's system information tool 1.08 (written by random/random)
Run by *** at 2010-08-10 03:11:08
Microsoft® Windows Vista™ Business  Service Pack 2
System drive C: has 11 GB (18%) free of 60 GB
Total RAM: 3069 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 03:11:26, on 10.08.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Anwendungen\Visagesoft\eXPert PDF\vspdfprsrv.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Anwendungen\Eraser\Eraser.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Users\***\Desktop\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\trend micro\***.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://search.conduit.com?SearchSource=10&ctid=CT2319825
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O1 - Hosts: 217.27.3.154 cms.n-tv.de
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - 

C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\f3wcpij0.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.76.dll (file 

missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Program Files\Anwendungen\Visagesoft\eXPert PDF\vspdfprsrv.exe --background
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Sicherheit\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware  (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Anwendungen\Eraser\Eraser.exe -hide
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ie_banner_deny.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows 

Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - h**p://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - h**p://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - h**p://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - 

h**p://ccfiles.creative.com/Web/softwareupdate/su/ocx/15112/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F808A7E5-5C90-4E27-BA74-424F821375ED}: NameServer = 192.168.2.1
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Anwendungen\Audio\Common\Database\bin\fbserver.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: OX - Unknown owner - C:\Users\CHRIST~1\AppData\Local\Temp\OX.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: UDGEFNO - Unknown owner - C:\Users\CHRIST~1\AppData\Local\Temp\UDGEFNO.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XTYGLT - Unknown owner - C:\Users\CHRIST~1\AppData\Local\Temp\XTYGLT.exe (file missing)

--
End of file - 8935 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\Google Software Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}]
IE7Pro BHO - C:\Program Files\IEPro\iepro.dll [2009-07-03 777320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll [2010-05-07 68280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll [2010-07-04 191160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - FireShot - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\f3wcpij0.default\extensions\{0b457cAA-602d-484a-

8fe7-c1d894a011ba}\library\fsaddin-0.76.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2007-10-09 3444736]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-04-27 857648]
"vspdfprsrv.exe"=C:\Program Files\Anwendungen\Visagesoft\eXPert PDF\vspdfprsrv.exe [2006-05-04 998912]
"DELL Webcam Manager"=C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [2007-07-27 118784]
"OEM02Mon.exe"=C:\Windows\OEM02Mon.exe [2007-05-10 36864]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2007-05-06 405504]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"UnlockerAssistant"=C:\Program Files\Sicherheit\Unlocker\UnlockerAssistant.exe []
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [2010-05-07 344736]
" Malwarebytes Anti-Malware  (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Eraser"=C:\Program Files\Anwendungen\Eraser\Eraser.exe [2007-12-23 916240]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dradio-Recorder]
C:\Program Files\Anwendungen\Audio\dradio-Recorder\phonostarStarter.exe [2009-07-28 112640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dradio-RecorderTimer]
C:\Program Files\Anwendungen\Audio\dradio-Recorder\phonostarTimer.exe [2009-07-29 31744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start 

Menu^Programs^Startup^HDDlife.lnk]
C:\Program Files\Sicherheit\BinarySense\HDDlife 3\HDDlifePro.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\system32\klogon.dll [2010-05-07 228024]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDriveTypeAutoRun"=28

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\IEPro\MiniDM.exe"="C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM"
"C:\Program Files\Anwendungen\Internet\PPMate\ppmate.exe"="C:\Program Files\Anwendungen\Internet\PPMate\ppmate.exe:*:Enabled:PPMate"
"C:\Program Files\Anwendungen\Internet\PPMate\ppmnet.exe"="C:\Program Files\Anwendungen\Internet\PPMate\ppmnet.exe:*:Enabled:PPMate"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-08-10 03:11:08 ----D---- C:\rsit
2010-08-10 03:11:08 ----D---- C:\Program Files\trend micro
2010-08-10 02:06:37 ----D---- C:\Users\***\AppData\Roaming\Malwarebytes
2010-08-10 02:06:21 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-08-10 02:06:20 ----D---- C:\ProgramData\Malwarebytes
2010-08-10 02:06:20 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-10 02:06:20 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-08-09 19:02:10 ----SHD---- C:\Config.Msi
2010-08-09 00:57:45 ----A---- C:\Windows\system32\pncrt.dll
2010-08-09 00:57:44 ----RSH---- C:\Windows\system32\nbDX.dll
2010-08-09 00:57:44 ----RSH---- C:\Windows\system32\msfDX.dll
2010-08-09 00:57:44 ----RSH---- C:\Windows\system32\flvDX.dll
2010-08-06 00:34:04 ----D---- C:\ProgramData\SecTaskMan
2010-08-06 00:33:59 ----D---- C:\Program Files\Security Task Manager
2010-08-02 20:59:34 ----A---- C:\Windows\system32\shell32.dll
2010-08-02 14:07:28 ----D---- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
2010-08-02 00:55:33 ----D---- C:\Users\***\AppData\Roaming\Iggels

======List of files/folders modified in the last 1 months======

2010-08-10 03:11:18 ----D---- C:\Windows\Temp
2010-08-10 03:11:08 ----D---- C:\Program Files
2010-08-10 03:02:15 ----D---- C:\ProgramData\Kaspersky Lab
2010-08-10 02:28:38 ----D---- C:\Windows\Tasks
2010-08-10 02:21:37 ----SHD---- C:\System Volume Information
2010-08-10 02:06:21 ----D---- C:\Windows\system32\drivers
2010-08-10 02:06:20 ----D---- C:\ProgramData
2010-08-10 01:26:11 ----D---- C:\Program Files\Common Files\Adobe
2010-08-10 01:26:10 ----D---- C:\Windows\system32\Adobe
2010-08-10 01:24:18 ----D---- C:\Windows
2010-08-10 01:20:58 ----D---- C:\Users\***\AppData\Roaming\Skype
2010-08-10 01:09:06 ----SHD---- C:\Windows\Installer
2010-08-10 00:44:17 ----D---- C:\ProgramData\Google Updater
2010-08-09 23:54:09 ----D---- C:\Program Files\Common Files\Steam
2010-08-09 23:16:42 ----D---- C:\Program Files\Creative
2010-08-09 23:11:51 ----D---- C:\Windows\system32\Tasks
2010-08-09 23:03:23 ----D---- C:\Windows\pss
2010-08-09 21:50:20 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-09 21:50:20 ----D---- C:\Program Files\Spiele
2010-08-09 19:02:13 ----D---- C:\Program Files\Common Files\Ahead
2010-08-09 19:02:12 ----D---- C:\Windows\System32
2010-08-08 22:39:21 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-08 22:39:20 ----D---- C:\Windows\inf
2010-08-08 01:18:05 ----D---- C:\Users\***\AppData\Roaming\Flock
2010-08-08 01:17:26 ----D---- C:\Users\***\AppData\Roaming\Free Download Manager
2010-08-08 01:15:55 ----D---- C:\Program Files\Anwendungen
2010-08-08 01:15:54 ----D---- C:\Windows\Prefetch
2010-08-08 01:15:29 ----D---- C:\Program Files\OpenOffice.org 3
2010-08-08 01:15:13 ----RSD---- C:\Windows\assembly
2010-08-08 00:57:23 ----D---- C:\Program Files\Mozilla Sunbird
2010-08-08 00:35:49 ----D---- C:\Program Files\Common Files
2010-08-08 00:06:00 ----D---- C:\Windows\system32\catroot2
2010-08-05 00:38:06 ----SHD---- C:\$Recycle.Bin
2010-08-04 23:52:13 ----D---- C:\Windows\Debug
2010-08-04 23:15:28 ----D---- C:\Users\***\AppData\Roaming\gtk-2.0
2010-08-02 22:08:32 ----D---- C:\Windows\winsxs
2010-08-02 20:56:45 ----D---- C:\Windows\system32\catroot
2010-08-02 14:28:45 ----D---- C:\Windows\Minidump
2010-07-28 23:59:20 ----D---- C:\Program Files\Mozilla Firefox
2010-07-22 01:44:36 ----D---- C:\Program Files\Mozilla Thunderbird
2010-07-14 22:10:58 ----D---- C:\Program Files\Windows Mail

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 KL1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2010-05-07 132184]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2008-11-20 43872]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2009-02-03 59000]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2006-06-14 13680]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\Windows\System32\drivers\sfvfs02.sys [2007-02-08 83320]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2008-03-27 717296]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2010-07-04 475224]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
R1 uiwbrdr;uiwbrdr; C:\Windows\System32\DRIVERS\uiwbrdr.sys [2007-03-15 272384]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-14 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R3 BCM43XX;Treiber für Dell Wireless WLAN Karte; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-10-09 1044472]
R3 bcm4sbxp;Broadcom 440x 10/100-integrierter Controller-XP-Treiber; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
R3 BthEnum;Bluetooth-Auflistungsdienst; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
R3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-18 92160]
R3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
R3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-06-16 9768640]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-10-10 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 7424]
R3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-05-06 326656]
R3 StillCam;Treiber für serielle Digitalkamera; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-18 9216]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-04-27 182456]
R3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2008-11-19 25216]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]
S1 eeCtrl;eeCtrl; C:\Windows\system32\drivers\eeCtrl.sys []
S1 kl2;kl2; C:\Windows\system32\DRIVERS\kl2.sys [2010-05-07 132184]
S1 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys []
S3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys []
S3 BCM43XV;Broadcom Extensible 802.11-Netzwerkadaptertreiber; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-10-09 1044472]
S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 Jukebox3;Jukebox3; C:\Windows\system32\DRIVERS\ctpdusb.sys [2006-01-19 17280]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVP;Kaspersky Anti-Virus Service; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [2010-05-07 344736]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 LexBceS;LexBce Server; C:\Windows\System32\LEXBCES.EXE [2002-02-14 299008]
R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-05-06 94208]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2007-10-09 24064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 

130384]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\Anwendungen\Audio\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 OpenVPNService;OpenVPN Service; C:\Program Files\OpenVPN\bin\openvpnserv.exe [2008-11-19 15872]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 OX;OX; C:\Users\CHRIST~1\AppData\Local\Temp\OX.exe []
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-08-09 407336]
S3 UDGEFNO;UDGEFNO; C:\Users\CHRIST~1\AppData\Local\Temp\UDGEFNO.exe []
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319

\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 XTYGLT;XTYGLT; C:\Users\CHRIST~1\AppData\Local\Temp\XTYGLT.exe []

-----------------EOF-----------------
         

--- --- ---

#####################################

Hier nun noch die info.txt

info.txtRSIT Logfile:

Code: Alles auswählenAufklappen

ATTFilter

logfile of random's system information tool 1.08 2010-08-10 03:11:28

======Uninstall list======

*tmx englisch-->MsiExec.exe /X{A3CB2CF2-FB36-4A70-B9D3-31420DDBCEEB}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x7 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x7 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x7 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x7 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x7 
7-Zip 4.57-->"C:\Program Files\Anwendungen\7-Zip\Uninstall.exe"
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Reader 9.3.3 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Advanced Audio FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x7  /remove
Advanced Video FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x7  /remove
Ashampoo Burning Studio 6-->"C:\Program Files\Anwendungen\Ashampoo\Ashampoo Burning Studio 6\Uninstall\BS6_Uninstall.EXE"
Ashampoo WinOptimizer 2008-->"C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2008\Uninstall\1806_Uninstall.exe"
CCleaner-->"C:\Program Files\Sicherheit\CCleaner\uninst.exe"
Cisco EAP-FAST Module-->MsiExec.exe /I{BF53252E-4AB2-4C7F-A0FD-6100755745E3}
Cisco LEAP Module-->MsiExec.exe /I{76F9CF97-FC4B-4E20-B363-D127C888448F}
Cisco PEAP Module-->MsiExec.exe /I{4E5386F5-C0F6-4532-A54A-374865AEAB71}
Citrix XenApp Web Plugin-->MsiExec.exe /X{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}
Condition Zero Deleted Scenes-->"C:\Program Files\Spiele\Steam\steam.exe" steam://uninstall/100
Condition Zero-->"C:\Program Files\Spiele\Steam\steam.exe" steam://uninstall/80
Cool Edit Pro 2.0-->C:\Program Files\Anwendungen\coolpro2\cep2unin.exe
Counter-Strike Steamworks Beta-->"C:\Program Files\Spiele\Steam\steam.exe" steam://uninstall/150
Counter-Strike-->"C:\Program Files\Spiele\Steam\steam.exe" steam://uninstall/10
Creative Jukebox Driver-->C:\Windows\UNWISE.EXE C:\Windows\JB3DRV.LOG
Cuttermaran 1.69a-->MsiExec.exe /I{01CEF48F-41F2-4A43-82F2-25D23D68C1D4}
Debugging Tools for Windows (x86)-->MsiExec.exe /I{D09605BE-5587-4B0C-86C8-69B5092CB80F}
Dell Resource CD-->MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
Dell Touchpad-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Dell Webcam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x7  /remove
Dell Webcam Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x7  /remove
Dell Wireless WLAN Karte-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
dradio-Recorder Version 3.00.5-->"C:\Program Files\Anwendungen\Audio\dradio-Recorder\unins000.exe"
ElsterFormular 2006/2007-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}\setup.exe" -l0x7  -removeonly
ElsterFormular 2007/2008-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}\setup.exe" -l0x7  -removeonly
ElsterFormular 2008/2009-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}\setup.exe" -l0x7  -removeonly
ElsterFormular-->C:\Program Files\ElsterFormular\uninstall.exe
Englisch 201-->C:\Program Files\Sprachen\Strokes 3.0\ENG201geruninstall.exe
Eraser-->"C:\ProgramData\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.exe" REMOVE=TRUE MODIFY=FALSE
Eraser-->C:\ProgramData\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.exe
EVEREST Home Edition v2.20-->"C:\Program Files\Sicherheit\Lavalys\EVEREST Home Edition\unins000.exe"
eXPert PDF 4-->MsiExec.exe /X{A6E92CAB-9E63-46DC-8ABF-0CAFF7B7CD02}
f4 3.1.0-->C:\Program Files\f4\uninstall.exe
Firebird SQL Server - MAGIX Edition-->C:\Program Files\Anwendungen\Audio\Common\Database\unwise.exe
Français 100-->MsiExec.exe /I{8863206D-D100-4933-B852-1951C14D3EAD}
GetASFStream-->"C:\Program Files\Anwendungen\Audio\GetASFStream\epuninst.exe" /s
GIMP 2.6.10-->"C:\Program Files\Anwendungen\Grafik\GIMP-2.0\setup\unins000.exe"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GTK+ Runtime 2.14.7 rev a (nur entfernen)-->C:\Program Files\Common Files\GTK\2.0\uninst.exe
HD Tune 2.55-->"C:\Program Files\Anwendungen\HD Tune\unins000.exe"
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
IE7Pro-->C:\Program Files\IEPro\uninst.exe
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Kaspersky Anti-Virus 2011-->MsiExec.exe /I{66F1F013-008F-4875-B283-5A814B820347}
Kaspersky Internet Security 2011-->MsiExec.exe /I{66F1F013-008F-4875-B283-5A814B820347}
Laptop Integrated Webcam Driver (1.04.01.1011)  -->C:\Windows\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt -langid 0x0407
LeechFTP -->C:\Windows\eraser.exe KILL "C:\Program Files\Anwendungen\Internet\LeechFTP\uninstall.uif"
Macromedia Dreamweaver 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ABDA9912-5D00-11D4-BAE7-9367CA097955}\Setup.exe" mmUninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{6AFCA4E1-9B78-3640-8F72-A7BF33448200}
Mozilla ActiveX Control v1.7.12-->C:\Program Files\Anwendungen\Mozilla ActiveX Control v1.7.12\uninst.exe
Mozilla Firefox (3.6.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (3.0.6)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NetLCR v4.10.405-->"C:\Program Files\Anwendungen\Internet\NetLCR\unins000.exe"
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
OpenVPN 2.1_rc15-->C:\Program Files\OpenVPN\Uninstall.exe
Opera 10.53-->MsiExec.exe /X{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}
PDF Blender-->C:\Program Files\Anwendungen\PDF Blender\uninstall.exe
Security Task Manager 1.7h-->C:\Program Files\Security Task Manager\Uninstal.exe "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager"
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76}
Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB982135)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0112C750-A06F-4F92-9C40-E5C1EA9A70EB}
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x7 -remove -removeonly
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SUPER © Version 2010.bld.38 (May 2, 2010)-->C:\PROGRA~1\ANWEND~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
tmx808-->MsiExec.exe /I{F765A6C2-1E03-4B0D-9484-2281A2942CA6}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}
Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96}
Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Visual C++ 9.0 CRT (x86) WinSXS MSM-->MsiExec.exe /I{0138F525-6C8A-333F-A105-14AE030B9A54}
WEB.DE Club SmartFax-->C:\Program Files\Anwendungen\WEB.DE\WEB.DE Club SmartFax\uninst.exe
WEB.DE SmartDrive Manager-->C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\uninst.exe
Windows Live installer-->MsiExec.exe /X{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}
Windows Live Writer-->MsiExec.exe /X{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

======Hosts File======

217.27.3.154 cms.n-tv.de

======Security center information======

AS: Lavasoft Ad-Watch Live! (disabled)
AS: Windows-Defender (disabled)

=====Application event log=====

Computer Name: ***-PC
Event Code: 900
Message: Der Softwarelizenzierungsdienst wird gestartet.

Record Number: 7118
Source Name: Microsoft-Windows-Security-Licensing-SLC
Time Written: 20080630211842.000000-000
Event Type: Informationen
User: 

Computer Name: ***-PC
Event Code: 2
Message: Der Zertifikatdiensteclient wurde angehalten.
Record Number: 7117
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20080630100432.729800-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: ***-PC
Event Code: 901
Message: Der Softwarelizenzierungsdienst wird beendet.

Record Number: 7116
Source Name: Microsoft-Windows-Security-Licensing-SLC
Time Written: 20080630100432.000000-000
Event Type: Informationen
User: 

Computer Name: ***-PC
Event Code: 1532
Message: Das Benutzerprofil wurde angehalten  


Record Number: 7115
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080630100432.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: ***-PC
Event Code: 1530
Message: Es wurde festgestellt, dass Ihre Registrierungsdatei noch von anderen Anwendungen oder Diensten verwendet wird. Die Datei wird nun entladen. Die Anwendungen oder Dienste, die Ihre Registrierungsdatei anhalten, funktionieren anschließend u. U. nicht mehr ordnungsgemäß.  

 DETAIL - 
 1 user registry handles leaked from \Registry\User\S-1-5-21-1266740531-1925796205-1647025121-1000_Classes:
Process 1016 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1266740531-1925796205-1647025121-1000_CLASSES

Record Number: 7114
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080630100430.000000-000
Event Type: Warnung
User: NT-AUTORITÄT\SYSTEM

=====Security event log=====

Computer Name: ***-PC
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		SYSTEM
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-ID:		0x3e7

Berechtigungen:		SeAssignPrimaryTokenPrivilege
			SeTcbPrivilege
			SeSecurityPrivilege
			SeTakeOwnershipPrivilege
			SeLoadDriverPrivilege
			SeBackupPrivilege
			SeRestorePrivilege
			SeDebugPrivilege
			SeAuditPrivilege
			SeSystemEnvironmentPrivilege
			SeImpersonatePrivilege
Record Number: 46981
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090430104631.497398-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: ***-PC
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		***-PC$
	Kontodomäne:		WORKGROUP
	Anmelde-ID:		0x3e7

Anmeldetyp:			5

Neue Anmeldung:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		SYSTEM
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-ID:		0x3e7
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Prozessinformationen:
	Prozess-ID:		0x2e0
	Prozessname:		C:\Windows\System32\services.exe

Netzwerkinformationen:
	Arbeitsstationsname:	
	Quellnetzwerkadresse:	-
	Quellport:		-

Detaillierte Authentifizierungsinformationen:
	Anmeldeprozess:		Advapi  
	Authentifizierungspaket:	Negotiate
	Übertragene Dienste:	-
	Paketname (nur NTLM):	-
	Schlüssellänge:		0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
	 - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
	- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
	- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
	- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 46980
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090430104631.497398-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: ***-PC
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		***-PC$
	Kontodomäne:		WORKGROUP
	Anmelde-ID:		0x3e7
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Konto, dessen Anmeldeinformationen verwendet wurden:
	Kontoname:		SYSTEM
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Zielserver:
	Zielservername:	localhost
	Weitere Informationen:	localhost

Prozessinformationen:
	Prozess-ID:		0x2e0
	Prozessname:		C:\Windows\System32\services.exe

Netzwerkinformationen:
	Netzwerkadresse:	-
	Port:			-

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden.  Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 46979
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090430104631.497398-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: ***-PC
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

Antragsteller:
	Sicherheits-ID:		S-1-5-19
	Kontoname:		LOKALER DIENST
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-ID:		0x3e5

Berechtigungen:		SeAssignPrimaryTokenPrivilege
			SeAuditPrivilege
			SeImpersonatePrivilege
Record Number: 46978
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090430104631.419398-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: ***-PC
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		***-PC$
	Kontodomäne:		WORKGROUP
	Anmelde-ID:		0x3e7

Anmeldetyp:			5

Neue Anmeldung:
	Sicherheits-ID:		S-1-5-19
	Kontoname:		LOKALER DIENST
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-ID:		0x3e5
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Prozessinformationen:
	Prozess-ID:		0x2e0
	Prozessname:		C:\Windows\System32\services.exe

Netzwerkinformationen:
	Arbeitsstationsname:	
	Quellnetzwerkadresse:	-
	Quellport:		-

Detaillierte Authentifizierungsinformationen:
	Anmeldeprozess:		Advapi  
	Authentifizierungspaket:	Negotiate
	Übertragene Dienste:	-
	Paketname (nur NTLM):	-
	Schlüssellänge:		0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
	 - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
	- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
	- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
	- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 46977
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090430104631.419398-000
Event Type: Überwachung erfolgreich
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Anwendungen\Smart Projects\IsoBuster;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=2

-----------------EOF-----------------
         

--- --- ---

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

• "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
  - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
  - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
• Charakteristische Merkmale/Profilinformationen:
  - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
• Die Systemprüfung und Bereinigung:
  - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
• Innerhalb der Betreuungszeit:
  - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
• Die Reihenfolge:
  - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
• Ansonsten unsere Forumsregeln:
  - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Antwort auf Deine Frage:
Die Schädlinge hinterlassen immer "charakteristische Spuren" an ihrem "Tatort", sie vollkommen aufzuspüren und entfernen ist nicht immer möglich. Daher ist empfehlenswert, das stark komprimierte System komplett neu zu installieren, den Auslieferungszustand wieder so zu erreichen
Wenn du dich für eine umfassende Reinigung deines Systems entscheidest, so geht`s weiter:

1.
Bitte Versteckte - und Systemdateien sichtbar machen den Link hier anklicken:
System-Dateien und -Ordner unter XP und Vista sichtbar machen
Am Ende unserer Arbeit, kannst wieder rückgängig machen!

2.
→ besuche die Seite von virustotal und die Datei/en aus Codebox bitte prüfen lassen - inklusive Dateigröße und Name, MD5 und SHA1 auch mitkopieren:
→ Tipps für die Suche nach Dateien

Code: Alles auswählenAufklappen

ATTFilter

C:\Users\CHRIST~1\AppData\Local\Temp\OX.exe
C:\Users\CHRIST~1\AppData\Local\Temp\UDGEFNO.exe
C:\Users\CHRIST~1\AppData\Local\Temp\XTYGLT.exe
 
         

→ Klicke auf "Durchsuchen"
→ Suche die Datei auf deinem Rechner→ Doppelklick auf die zu prüfende Datei (oder kopiere den Inhalt ab aus der Codebox)
→ "Senden der Datei" und Warte, bis der Scandurchlauf aller Virenscanner beendet ist
→ das Ergebnis wie Du es bekommst (NICHT AUSLASSEN!) da reinkoperen (inklusive <geprüfter Dateiname> + Dateigröße und Name, MD5 und SHA1)

** Beispiel - das zu Logfile von Virustotal soll so wie hier aussehen Also nicht auslassen, sondern wie Du es bekommst da reinkopieren!:

Code: Alles auswählenAufklappen

ATTFilter

Datei <hier kommt die Dateiname> empfangen 2009.xx.xx xx:xx:xx (CET)
Antivirus	Version	letzte aktualisierung	Ergebnis
a-squared	4.0.0.73	2009.01.28	-
AhnLab-V3	5.0.0.2	2009.01.28	-
AntiVir	7.9.0.60	2009.01.28	-
Authentium	5.1.0.4	2009.01.27	-

...über 40 Virenscannern...also Geduld!!
         

3.
→ Lade Dir HJTscanlist.zip herunter
→ entpacke die Datei auf deinem Desktop
→ Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren
→ per Doppelklick starten
→ Wähle dein Betriebsystem aus - Vista
→ Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen
→ Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren
→ Bitte kopiere den Inhalt hier in Deinen Thread.

4.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool CCleaner herunter
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

5.
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :

• - also lade Dir Gmer herunter und entpacke es auf deinen Desktop
  - starte gmer.exe
  - [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
  - bitte nichts am Pc machen während der Scan läuft!
  - klicke auf "Scan", um das Tool zu starten
  - wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
  - mit "Ok" wird GMER beendet.
  - das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!

6.
Lade und installiere das Tool RootRepeal herunter

• setze einen Hacken bei: "Drivers"-> "Scan"-> Save Report"...
• "Stealth Objects" -> "Scan"-> Save Report"...
• "Hidden Services" -> "Scan"-> Save Report"...
• speichere das Logfile als "RootRepeal.txt" auf dem Desktop und Kopiere den Inhalt hier in den Thread

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein log schreibst du:[code]
hier kommt dein logfile rein
→ dahinter:[/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
Coverflow

Hallo Coverflow und vielen Dank, dass Du dich der Sache annimmst.

Beim Abarbeiten deiner To-Do-Liste bin allerdings schon beim Finden der drei genannten exe-Dateien gescheitert. Ich habe die Suchtipps befolgt, trotzdem wurde die Datei nicht entdeckt.

Bei der Suche nach ox.exe auf dem gesamten Rechner und der externen Festplatte wurden mir lediglich diverse pdf-Dateien angezeigt. Die Suche im Temp-Ordner blieb erfolglos.


Deshalb anbei zunächst die Übersichten von hjtscanlist und CCleaner:

Code: Alles auswählenAufklappen

ATTFilter

 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                        º                                    º 
                                    hjtscanlist v2.0              
                        º                                    º 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 

Microsoft Windows [Version 6.0.6002]
 
 
C:

  10.08.2010 12:26     C:\Windows --------- 28672   
       C:\hiberfil.sys ---------    
       C:\pagefile.sys ---------    
  10.08.2010 04:59     C:\System Volume Information --------- 24576   
  10.08.2010 04:40     C:\rsit --------- 4096   
  10.08.2010 03:11     C:\Program Files --------- 24576   
  10.08.2010 02:06     C:\ProgramData --------- 12288   
  10.08.2010 01:24     C:\Config.Msi --------- 0   
  05.08.2010 00:38     C:\$Recycle.Bin --------- 0   
  04.07.2010 02:33     C:\aaw7boot.log --------- 95868   
  25.06.2010 16:52     C:\3c767e736e4a17d0946ee37b37 --------- 4096   
  08.05.2010 00:55     C:\WinDDK --------- 0   
  08.05.2010 00:39     C:\CTSUFile.txt --------- 19706   
  07.09.2009 16:38     C:\Boot --------- 4096   
  24.04.2009 16:06     C:\temp_phw --------- 0   
  11.04.2009 08:36     C:\bootmgr --------- 333257   
  01.10.2008 11:44     C:\MSOCache --------- 0   
  20.09.2008 00:04     C:\test.txt --------- 943   
  20.09.2008 00:03     C:\ppmaterecord --------- 0   
  24.04.2008 18:30     C:\MSDOS.SYS --------- 0   
  24.04.2008 18:30     C:\IO.SYS --------- 0   
  16.04.2008 21:36     C:\ElsterFormular --------- 0   
  25.03.2008 14:50     C:\PerfLogs --------- 0   
  25.03.2008 13:54     C:\5c3ab949edb764837f89435098 --------- 0   
  18.03.2008 11:25     C:\newfile.enc --------- 21469   
  18.03.2008 11:25     C:\newkey --------- 21469   
  18.03.2008 11:16     C:\Intel --------- 0   
  18.03.2008 11:15     C:\dell --------- 0   
  18.03.2008 11:12     C:\Users --------- 4096   
  18.03.2008 11:12     C:\Programme --------- 0   
  18.03.2008 11:12     C:\Dokumente und Einstellungen --------- 0   
  18.03.2008 11:04     C:\BOOTSECT.BAK --------- 8192   
  07.11.2007 08:12     C:\VC_RED.MSI --------- 232960   
  07.11.2007 08:09     C:\VC_RED.cab --------- 1442522   
  07.11.2007 08:03     C:\install.res.2052.dll --------- 75792   
  07.11.2007 08:03     C:\install.res.3082.dll --------- 96272   
  07.11.2007 08:03     C:\install.res.1033.dll --------- 91152   
  07.11.2007 08:03     C:\install.res.1036.dll --------- 97296   
  07.11.2007 08:03     C:\install.res.1041.dll --------- 81424   
  07.11.2007 08:03     C:\install.res.1040.dll --------- 95248   
  07.11.2007 08:03     C:\install.res.1028.dll --------- 76304   
  07.11.2007 08:03     C:\install.res.1031.dll --------- 96272   
  07.11.2007 08:03     C:\install.exe --------- 562688   
  07.11.2007 08:03     C:\install.res.1042.dll --------- 79888   
  07.11.2007 08:00     C:\install.ini --------- 843   
  07.11.2007 08:00     C:\globdata.ini --------- 1110   
  07.11.2007 08:00     C:\eula.1028.txt --------- 17734   
  07.11.2007 08:00     C:\eula.3082.txt --------- 17734   
  07.11.2007 08:00     C:\eula.2052.txt --------- 17734   
  07.11.2007 08:00     C:\eula.1042.txt --------- 17734   
  07.11.2007 08:00     C:\eula.1041.txt --------- 118   
  07.11.2007 08:00     C:\eula.1040.txt --------- 17734   
  07.11.2007 08:00     C:\eula.1036.txt --------- 17734   
  07.11.2007 08:00     C:\eula.1033.txt --------- 10134   
  07.11.2007 08:00     C:\vcredist.bmp --------- 5686   
  07.11.2007 08:00     C:\eula.1031.txt --------- 17734   
  02.11.2006 15:02     C:\Documents and Settings --------- 0   
  18.09.2006 23:43     C:\config.sys --------- 10   
  18.09.2006 23:43     C:\autoexec.bat --------- 24   
----------------------------------------

 
C:\Windows

  10.08.2010 13:05     C:\Windows\WindowsUpdate.log --------- 2038933   
  10.08.2010 05:05     C:\Windows\bthservsdp.dat --------- 2140   
  10.08.2010 01:24     C:\Windows\PFRO.log --------- 578   
  08.05.2010 02:52     C:\Windows\QTFont.qfn --------- 54156   
  08.05.2010 02:39     C:\Windows\QTFont.for --------- 1409   
  15.01.2010 23:40     C:\Windows\bootstat.dat --------- 67584   
  06.07.2009 13:12     C:\Windows\_MSRSTRT.EXE --------- 2560   
  11.04.2009 08:27     C:\Windows\explorer.exe --------- 2926592   
  18.02.2009 02:23     C:\Windows\mgxoschk.ini --------- 7119   
  30.10.2008 17:10     C:\Windows\VPNInstall.MIF --------- 1615   
  20.09.2008 00:04     C:\Windows\psnetwork.ini --------- 382   
  30.07.2008 15:25     C:\Windows\win.ini --------- 174   
  30.07.2008 15:25     C:\Windows\system.ini --------- 247   
  25.03.2008 14:57     C:\Windows\WindowsShell.Manifest --------- 749   
  25.03.2008 14:27     C:\Windows\SPInstall.etl --------- 196608   
  19.03.2008 01:23     C:\Windows\Adobereg.db --------- 135   
  18.03.2008 12:12     C:\Windows\nsreg.dat --------- 0   
  19.01.2008 00:33     C:\Windows\regedit.exe --------- 134656   
  19.01.2008 00:33     C:\Windows\notepad.exe --------- 151040   
  19.01.2008 00:33     C:\Windows\HelpPane.exe --------- 498176   
  19.01.2008 00:33     C:\Windows\fveupdate.exe --------- 13312   
  19.01.2008 00:33     C:\Windows\bfsvc.exe --------- 58880   
  10.10.2007 17:02     C:\Windows\OEM02Cfg.exe --------- 28672   
  18.07.2007 20:51     C:\Windows\CtDrvIns.exe --------- 90112   
  10.05.2007 02:01     C:\Windows\OEM02Mon.exe --------- 36864   
  05.04.2007 12:52     C:\Windows\OEM002.uns --------- 4510   
  22.02.2007 04:06     C:\Windows\DELL_VERSION --------- 32   
  02.11.2006 14:36     C:\Windows\WMSysPr9.prx --------- 316640   
  02.11.2006 14:35     C:\Windows\twunk_32.exe --------- 31232   
  02.11.2006 14:35     C:\Windows\twunk_16.exe --------- 49680   
  02.11.2006 14:35     C:\Windows\twain_32.dll --------- 50688   
  02.11.2006 14:35     C:\Windows\twain.dll --------- 94784   
  02.11.2006 11:45     C:\Windows\winhlp32.exe --------- 9216   
  02.11.2006 11:45     C:\Windows\hh.exe --------- 14848   
  02.11.2006 09:46     C:\Windows\mib.bin --------- 43131   
  19.09.2006 13:41     C:\Windows\Business.xml --------- 4261   
  18.09.2006 23:43     C:\Windows\_default.pif --------- 707   
  18.09.2006 23:43     C:\Windows\winhelp.exe --------- 256192   
  18.09.2006 23:30     C:\Windows\msdfmap.ini --------- 1405   
  03.05.2006 00:38     C:\Windows\SetBrowser.exe --------- 72444   
  03.05.2006 00:38     C:\Windows\SetBrowser.ini --------- 748   
  19.01.2006 02:01     C:\Windows\ctpdusb.uns --------- 3635   
  11.05.2003 16:51     C:\Windows\RunUnDrv.exe --------- 26112   
  05.01.2000 00:20     C:\Windows\unvise32qt.exe --------- 86016   
  10.10.1999 19:00     C:\Windows\Ctregrun.exe --------- 41984   
  25.06.1999 10:55     C:\Windows\UNWISE.EXE --------- 149504   
  02.12.1998 10:11     C:\Windows\vbuzip10.Dll --------- 143360   
  21.10.1998 19:43     C:\Windows\IsUn0407.exe --------- 328704   
  08.07.1998 18:30     C:\Windows\eraser.exe --------- 18944   
  13.10.1997 20:55     C:\Windows\unin0407.exe --------- 299008   
----------------------------------------

 
C:\Windows\System

 02.11.2006 14:35      C:\Windows\System\mciseq.drv --------- 25264 
 02.11.2006 14:35      C:\Windows\System\mciwave.drv --------- 28160 
 02.11.2006 14:35      C:\Windows\System\avifile.dll --------- 109456 
 02.11.2006 14:35      C:\Windows\System\mciavi.drv --------- 73376 
 02.11.2006 14:35      C:\Windows\System\avicap.dll --------- 69584 
 02.11.2006 14:35      C:\Windows\System\msvideo.dll --------- 126912 
 02.11.2006 09:10      C:\Windows\System\OLESVR.DLL --------- 24064 
 02.11.2006 09:10      C:\Windows\System\WFWNET.DRV --------- 12704 
 02.11.2006 09:10      C:\Windows\System\COMMDLG.DLL --------- 32816 
 02.11.2006 09:10      C:\Windows\System\TIMER.DRV --------- 4048 
 02.11.2006 09:10      C:\Windows\System\MMSYSTEM.DLL --------- 68992 
 02.11.2006 09:10      C:\Windows\System\mmtask.tsk --------- 1152 
 02.11.2006 09:10      C:\Windows\System\mouse.drv --------- 2032 
 02.11.2006 09:10      C:\Windows\System\vga.drv --------- 2176 
 02.11.2006 09:10      C:\Windows\System\sound.drv --------- 1744 
 02.11.2006 09:10      C:\Windows\System\keyboard.drv --------- 2000 
 02.11.2006 09:10      C:\Windows\System\SHELL.DLL --------- 5120 
 02.11.2006 09:10      C:\Windows\System\system.drv --------- 3360 
 18.09.2006 23:43      C:\Windows\System\ver.dll --------- 9008 
 18.09.2006 23:43      C:\Windows\System\olecli.dll --------- 82944 
 18.09.2006 23:43      C:\Windows\System\lzexpand.dll --------- 9936 
 18.09.2006 23:35      C:\Windows\System\stdole.tlb --------- 5532 
----------------------------------------

 
C:\Windows\System32

 10.08.2010 13:20     C:\Windows\system32\hjtscanlist.txt --------- 8842  
 10.08.2010 12:24     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-

601632D005A0 --------- 3776  
 10.08.2010 12:24     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-

601632D005A0 --------- 3776  
 10.08.2010 05:00     C:\Windows\system32\drivers --------- 53248  
 10.08.2010 05:00     C:\Windows\system32\catroot --------- 4096  
 10.08.2010 01:26     C:\Windows\system32\Adobe --------- 4096  
 09.08.2010 23:11     C:\Windows\system32\Tasks --------- 8192  
 08.08.2010 22:39     C:\Windows\system32\perfh009.dat --------- 629724  
 08.08.2010 22:39     C:\Windows\system32\perfc009.dat --------- 119088  
 08.08.2010 22:39     C:\Windows\system32\perfh007.dat --------- 669120  
 08.08.2010 22:39     C:\Windows\system32\perfc007.dat --------- 144964  
 08.08.2010 22:39     C:\Windows\system32\PerfStringBackup.INI --------- 1555612  
 08.08.2010 00:06     C:\Windows\system32\catroot2 --------- 12288  
 26.07.2010 17:51     C:\Windows\system32\shell32.dll --------- 11584512  
 04.07.2010 03:32     C:\Windows\system32\DRVSTORE --------- 0  
 02.07.2010 21:39     C:\Windows\system32\mrt.exe --------- 34045896  
 25.06.2010 16:50     C:\Windows\system32\en-US --------- 8192  
 11.06.2010 16:29     C:\Windows\system32\FNTCACHE.DAT --------- 337576  
 11.06.2010 16:20     C:\Windows\system32\migration --------- 4096  
 11.06.2010 16:20     C:\Windows\system32\wbem --------- 61440  
 27.05.2010 03:04     C:\Windows\system32\de-DE --------- 204800  
 26.05.2010 19:06     C:\Windows\system32\atmlib.dll --------- 34304  
 26.05.2010 16:47     C:\Windows\system32\atmfd.dll --------- 289792  
 21.05.2010 14:14     C:\Windows\system32\MpSigStub.exe --------- 221568  
 11.05.2010 03:22     C:\Windows\system32\jupdate-1.6.0_20-b02.log --------- 3217  
 08.05.2010 03:24     C:\Windows\system32\MAGIX --------- 0  
 08.05.2010 01:37     C:\Windows\system32\WindowsPowerShell --------- 0  
 07.05.2010 12:37     C:\Windows\system32\klogon.dll --------- 228024  
 04.05.2010 07:59     C:\Windows\system32\wininet.dll --------- 916480  
 04.05.2010 07:59     C:\Windows\system32\urlmon.dll --------- 1209344  
 04.05.2010 07:58     C:\Windows\system32\occache.dll --------- 206848  
 04.05.2010 07:56     C:\Windows\system32\mstime.dll --------- 611840  
 04.05.2010 07:56     C:\Windows\system32\mshtml.dll --------- 5950976  
 04.05.2010 07:56     C:\Windows\system32\msfeedsbs.dll --------- 55296  
 04.05.2010 07:56     C:\Windows\system32\msfeeds.dll --------- 599040  
 04.05.2010 07:55     C:\Windows\system32\jsproxy.dll --------- 25600  
 04.05.2010 07:55     C:\Windows\system32\inetcpl.cpl --------- 1469440  
 04.05.2010 07:55     C:\Windows\system32\ieui.dll --------- 164352  
 04.05.2010 07:55     C:\Windows\system32\iesysprep.dll --------- 109056  
 04.05.2010 07:55     C:\Windows\system32\iesetup.dll --------- 71680  
 04.05.2010 07:55     C:\Windows\system32\iertutil.dll --------- 1985536  
 04.05.2010 07:55     C:\Windows\system32\iernonce.dll --------- 55808  
 04.05.2010 07:55     C:\Windows\system32\iepeers.dll --------- 184320  
 04.05.2010 07:55     C:\Windows\system32\ieframe.dll --------- 11076096  
 04.05.2010 07:55     C:\Windows\system32\iedkcs32.dll --------- 387584  
 04.05.2010 06:31     C:\Windows\system32\ieUnatt.exe --------- 133632  
 04.05.2010 06:30     C:\Windows\system32\ie4uinit.exe --------- 173056  
 04.05.2010 06:30     C:\Windows\system32\msfeedssync.exe --------- 13312  
 04.05.2010 06:30     C:\Windows\system32\mshtml.tlb --------- 1638912  
 01.05.2010 16:13     C:\Windows\system32\win32k.sys --------- 2037248  
 23.04.2010 16:13     C:\Windows\system32\tzres.dll --------- 2048  
 16.04.2010 18:43     C:\Windows\system32\Apphlpdm.dll --------- 28672  
 16.04.2010 16:39     C:\Windows\system32\GameUXLegacyGDFs.dll --------- 4240384  
 12.04.2010 17:29     C:\Windows\system32\javaws.exe --------- 153376  
 12.04.2010 17:29     C:\Windows\system32\javaw.exe --------- 145184  
 12.04.2010 17:29     C:\Windows\system32\java.exe --------- 145184  
 12.04.2010 17:29     C:\Windows\system32\deployJava1.dll --------- 411368  
 05.04.2010 19:01     C:\Windows\system32\asycfilt.dll --------- 67072  
 01.04.2010 13:05     C:\Windows\system32\jupdate-1.6.0_19-b04.log --------- 4423  
 18.03.2010 13:16     C:\Windows\system32\msvcr100_clr0400.dll --------- 771424  
 05.03.2010 16:01     C:\Windows\system32\vbscript.dll --------- 420352  
 21.02.2010 01:06     C:\Windows\system32\nshhttp.dll --------- 24064  
 21.02.2010 01:05     C:\Windows\system32\httpapi.dll --------- 30720  
 18.02.2010 16:07     C:\Windows\system32\ntkrnlpa.exe --------- 3600776  
 18.02.2010 16:07     C:\Windows\system32\ntoskrnl.exe --------- 3548040  
 18.02.2010 15:30     C:\Windows\system32\iphlpsvc.dll --------- 200704  
 12.02.2010 12:32     C:\Windows\system32\browserchoice.exe --------- 293376  
 08.02.2010 03:30     C:\Windows\system32\Macromed --------- 0  
 29.01.2010 17:40     C:\Windows\system32\inetcomm.dll --------- 738816  
 27.01.2010 14:23     C:\Windows\system32\WDI --------- 8192  
 25.01.2010 14:00     C:\Windows\system32\secproc_ssp_isv.dll --------- 152576  
 25.01.2010 14:00     C:\Windows\system32\secproc_ssp.dll --------- 152064  
 25.01.2010 14:00     C:\Windows\system32\secproc_isv.dll --------- 471552  
 25.01.2010 14:00     C:\Windows\system32\secproc.dll --------- 471552  
 25.01.2010 13:58     C:\Windows\system32\msdrm.dll --------- 332288  
 25.01.2010 10:21     C:\Windows\system32\RMActivate_ssp_isv.exe --------- 346624  
 25.01.2010 10:21     C:\Windows\system32\RMActivate_isv.exe --------- 526336  
 25.01.2010 10:21     C:\Windows\system32\RMActivate_ssp.exe --------- 347136  
 25.01.2010 10:21     C:\Windows\system32\RMActivate.exe --------- 518144  
 21.01.2010 17:05     C:\Windows\system32\l3codeca.acm --------- 62464  
 17.01.2010 20:41     C:\Windows\system32\LogFiles --------- 4096  
 13.01.2010 19:34     C:\Windows\system32\cabview.dll --------- 98304  
 06.01.2010 17:39     C:\Windows\system32\gameux.dll --------- 1696256  
 27.12.2009 12:29     C:\Windows\system32\QuickTime --------- 0  
 27.12.2009 12:29     C:\Windows\system32\qtplugin.log --------- 4492  
 23.12.2009 13:33     C:\Windows\system32\wintrust.dll --------- 172032  
 04.12.2009 20:30     C:\Windows\system32\tsbyuv.dll --------- 12288  
 04.12.2009 20:29     C:\Windows\system32\quartz.dll --------- 1314816  
 04.12.2009 20:28     C:\Windows\system32\msyuv.dll --------- 22528  
 04.12.2009 20:28     C:\Windows\system32\msvidc32.dll --------- 31744  
 04.12.2009 20:28     C:\Windows\system32\msvfw32.dll --------- 123904  
 04.12.2009 20:28     C:\Windows\system32\msrle32.dll --------- 13312  
 04.12.2009 20:28     C:\Windows\system32\mciavi32.dll --------- 82944  
 04.12.2009 20:28     C:\Windows\system32\iyuv_32.dll --------- 50176  
 04.12.2009 20:27     C:\Windows\system32\avifil32.dll --------- 91136  
 04.12.2009 09:19     C:\Windows\system32\jscript.dll --------- 726528  
 17.11.2009 18:18     C:\Windows\system32\pt-BR --------- 0  
 17.11.2009 18:18     C:\Windows\system32\bg-BG --------- 0  
 17.11.2009 18:18     C:\Windows\system32\it-IT --------- 0  
 17.11.2009 18:18     C:\Windows\system32\he-IL --------- 0  
----------------------------------------

 
C:\Windows\Prefetch

 10.08.2010 13:20     C:\Windows\Prefetch\CONIME.EXE-B273009A.pf --------- 13530  
 10.08.2010 13:20     C:\Windows\Prefetch\DLLHOST.EXE-893DDF55.pf --------- 20572  
 10.08.2010 13:19     C:\Windows\Prefetch\CONSENT.EXE-65F6206D.pf --------- 85586  
 10.08.2010 13:19     C:\Windows\Prefetch\VERCLSID.EXE-4D95F5A7.pf --------- 13566  
 10.08.2010 13:16     C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-AA7A1FDD.pf --------- 18572  
 10.08.2010 13:16     C:\Windows\Prefetch\DLLHOST.EXE-71214090.pf --------- 20682  
 10.08.2010 13:14     C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-AFAD3EF9.pf --------- 35656  
 10.08.2010 13:03     C:\Windows\Prefetch\WMIPRVSE.EXE-43972D0F.pf --------- 33634  
 10.08.2010 13:02     C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-031B6478.pf --------- 234072  
 10.08.2010 13:00     C:\Windows\Prefetch\JAVAW.EXE-C4EA16F0.pf --------- 231802  
 10.08.2010 12:59     C:\Windows\Prefetch\CONTROL.EXE-9459D5A0.pf --------- 38580  
 10.08.2010 12:59     C:\Windows\Prefetch\CCLEANER.EXE-BC1F1F57.pf --------- 141526  
 10.08.2010 12:58     C:\Windows\Prefetch\NOTEPAD.EXE-EB1B961A.pf --------- 19160  
 10.08.2010 12:48     C:\Windows\Prefetch\TASKMGR.EXE-72398DC0.pf --------- 48762  
 10.08.2010 12:47     C:\Windows\Prefetch\LOGONUI.EXE-1BEE4A84.pf --------- 36162  
 10.08.2010 12:39     C:\Windows\Prefetch\WERCON.EXE-FE5CD389.pf --------- 215012  
 10.08.2010 12:39     C:\Windows\Prefetch\WERMGR.EXE-2A1BCBC7.pf --------- 21128  
 10.08.2010 12:39     C:\Windows\Prefetch\AVP.EXE-3E677F5B.pf --------- 262774  
 10.08.2010 12:39     C:\Windows\Prefetch\TASKENG.EXE-5BAF290C.pf --------- 47974  
 10.08.2010 12:34     C:\Windows\Prefetch\SVCHOST.EXE-F59CA9BD.pf --------- 28818  
 10.08.2010 12:34     C:\Windows\Prefetch\RUNDLL32.EXE-C050E39E.pf --------- 155828  
 10.08.2010 12:33     C:\Windows\Prefetch\IEXPLORE.EXE-1B894AFB.pf --------- 178602  
 10.08.2010 12:33     C:\Windows\Prefetch\IEPROCX.EXE-969CE5B6.pf --------- 15090  
 10.08.2010 12:29     C:\Windows\Prefetch\WMPNSCFG.EXE-DF1DD51A.pf --------- 20318  
 10.08.2010 12:28     C:\Windows\Prefetch\KLWTBLFS.EXE-3E51A105.pf --------- 20356  
 10.08.2010 12:28     C:\Windows\Prefetch\FIREFOX.EXE-E60C0AA7.pf --------- 245410  
 10.08.2010 12:28     C:\Windows\Prefetch\WMIADAP.EXE-369DF1CD.pf --------- 215320  
 10.08.2010 12:27     C:\Windows\Prefetch\ACRORD32INFO.EXE-E3F62CBD.pf --------- 100826  
 10.08.2010 12:27     C:\Windows\Prefetch\SYNTPENH.EXE-4361DC86.pf --------- 21214  
 10.08.2010 12:27     C:\Windows\Prefetch\EXPLORER.EXE-7A3328DA.pf --------- 224540  
 10.08.2010 12:27     C:\Windows\Prefetch\DWM.EXE-AEABE78B.pf --------- 34274  
 10.08.2010 12:27     C:\Windows\Prefetch\USERINIT.EXE-F39AB672.pf --------- 18320  
 10.08.2010 12:26     C:\Windows\Prefetch\MPNOTIFY.EXE-55171BA9.pf --------- 35474  
 10.08.2010 12:26     C:\Windows\Prefetch\GOOGLEUPDATERSERVICE.EXE-600E0B48.pf --------- 25112  
 10.08.2010 12:26     C:\Windows\Prefetch\MSCORSVW.EXE-FAA88858.pf --------- 11890  
 10.08.2010 12:25     C:\Windows\Prefetch\ReadyBoot --------- 0  
 10.08.2010 12:25     C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf --------- 4061676  
 10.08.2010 05:05     C:\Windows\Prefetch\AgGlFgAppHistory.db --------- 2312992  
 10.08.2010 05:05     C:\Windows\Prefetch\AgGlFaultHistory.db --------- 920286  
 10.08.2010 05:05     C:\Windows\Prefetch\AgGlGlobalHistory.db --------- 5083810  
 10.08.2010 05:05     C:\Windows\Prefetch\AgRobust.db --------- 355604  
 10.08.2010 05:05     C:\Windows\Prefetch\PfSvPerfStats.bin --------- 508  
 10.08.2010 05:00     C:\Windows\Prefetch\MOBSYNC.EXE-D8BC6ED2.pf --------- 36506  
 10.08.2010 04:58     C:\Windows\Prefetch\SVCHOST.EXE-8FD92526.pf --------- 20076  
 10.08.2010 04:58     C:\Windows\Prefetch\VSSVC.EXE-04D079CC.pf --------- 30528  
 10.08.2010 03:09     C:\Windows\Prefetch\WERFAULT.EXE-B7E27BE5.pf --------- 64582  
 10.08.2010 02:51     C:\Windows\Prefetch\PLUGIN-CONTAINER.EXE-1D5F6C6B.pf --------- 50148  
 10.08.2010 02:28     C:\Windows\Prefetch\WMPNETWK.EXE-BD0344CA.pf --------- 120518  
 10.08.2010 02:27     C:\Windows\Prefetch\PRESENTATIONSETTINGS.EXE-6F4C5E34.pf --------- 21192  
 10.08.2010 02:07     C:\Windows\Prefetch\MPCMDRUN.EXE-BB72ED6F.pf --------- 594  
 10.08.2010 02:07     C:\Windows\Prefetch\MPAS-D_BD1.EXE-B82677C3.pf --------- 26930  
 10.08.2010 02:07     C:\Windows\Prefetch\MPSIGSTUB.EXE-7C60A359.pf --------- 81906  
 10.08.2010 02:07     C:\Windows\Prefetch\WUAUCLT.EXE-830BCC14.pf --------- 155408  
 10.08.2010 02:06     C:\Windows\Prefetch\REGSVR32.EXE-55A4EE79.pf --------- 43978  
 10.08.2010 01:57     C:\Windows\Prefetch\THUNDERBIRD.EXE-EDED9AF7.pf --------- 205514  
 10.08.2010 01:57     C:\Windows\Prefetch\RUNDLL32.EXE-A828B5A0.pf --------- 65404  
 10.08.2010 01:20     C:\Windows\Prefetch\DLLHOST.EXE-928474CF.pf --------- 25546  
 10.08.2010 01:07     C:\Windows\Prefetch\MSIEXEC.EXE-B5AFA339.pf --------- 125016  
 10.08.2010 01:01     C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-1266740531-1925796205-1647025121-1000.db --------- 

1147054  
 10.08.2010 01:01     C:\Windows\Prefetch\AgGlUAD_S-1-5-21-1266740531-1925796205-1647025121-1000.db --------- 

2182904  
 10.08.2010 00:49     C:\Windows\Prefetch\LOGON.SCR-7C80CA1C.pf --------- 33122  
 10.08.2010 00:44     C:\Windows\Prefetch\GOOGLEUPDATER.EXE-746F6782.pf --------- 52314  
 10.08.2010 00:18     C:\Windows\Prefetch\DREAMWEAVER.EXE-B6A4BC90.pf --------- 103274  
 10.08.2010 00:04     C:\Windows\Prefetch\WMPSHARE.EXE-73C9F24C.pf --------- 33782  
 10.08.2010 00:04     C:\Windows\Prefetch\WMPLAYER.EXE-9DE758AE.pf --------- 66732  
 09.08.2010 22:41     C:\Windows\Prefetch\SKYPE.EXE-30E88FB5.pf --------- 85696  
 09.08.2010 22:33     C:\Windows\Prefetch\_IU14D2N.TMP-A4C09231.pf --------- 36370  
 09.08.2010 19:04     C:\Windows\Prefetch\JAVAWS.EXE-25FD1E0F.pf --------- 22082  
 09.08.2010 19:02     C:\Windows\Prefetch\NMINDEXINGSERVICE.EXE-F0985361.pf --------- 39654  
 09.08.2010 19:02     C:\Windows\Prefetch\NMIndexStoreSvr.exe-57A64E06.pf --------- 53078  
 09.08.2010 18:54     C:\Windows\Prefetch\HIJACKTHIS.EXE-86839AE8.pf --------- 39238  
 09.08.2010 18:07     C:\Windows\Prefetch\WUDFHOST.EXE-81420B07.pf --------- 23556  
 09.08.2010 17:41     C:\Windows\Prefetch\RUNDLL32.EXE-77934D94.pf --------- 31780  
 09.08.2010 03:09     C:\Windows\Prefetch\ADOBEARM.EXE-ACA00A4A.pf --------- 55648  
 09.08.2010 03:09     C:\Windows\Prefetch\ACRORD32.EXE-C2658FE9.pf --------- 82984  
 09.08.2010 01:09     C:\Windows\Prefetch\UNLOCKER.EXE-4D035D23.pf --------- 25562  
 09.08.2010 01:03     C:\Windows\Prefetch\AU_.EXE-2CDE59EC.pf --------- 43764  
 08.08.2010 21:12     C:\Windows\Prefetch\DFRGNTFS.EXE-4F838A89.pf --------- 107162  
 08.08.2010 21:12     C:\Windows\Prefetch\DEFRAG.EXE-738093E8.pf --------- 15280  
 08.08.2010 21:12     C:\Windows\Prefetch\Layout.ini --------- 2040740  
 08.08.2010 19:11     C:\Windows\Prefetch\AgCx_SC2.db --------- 936058  
 08.08.2010 03:23     C:\Windows\Prefetch\SVCHOST.EXE-E2D30E5C.pf --------- 31846  
 08.08.2010 03:23     C:\Windows\Prefetch\RUNDLL32.EXE-9A2E6957.pf --------- 29646  
 08.08.2010 01:17     C:\Windows\Prefetch\FDM.EXE-CFE8D74C.pf --------- 77718  
 08.08.2010 01:15     C:\Windows\Prefetch\UNINS000.EXE-9D48C8BA.pf --------- 26698  
 08.08.2010 01:05     C:\Windows\Prefetch\UNOPKG.EXE-4DF1690C.pf --------- 23818  
 08.08.2010 01:05     C:\Windows\Prefetch\UNOPKG.BIN-417F81E7.pf --------- 125210  
 08.08.2010 01:03     C:\Windows\Prefetch\SONGBIRD-UNINSTALL.EXE-7F7170C0.pf --------- 20582  
 08.08.2010 01:03     C:\Windows\Prefetch\UNINSTALL.EXE-BC710168.pf --------- 25420  
 08.08.2010 00:58     C:\Windows\Prefetch\UNINST.EXE-C010A9C1.pf --------- 24328  
 08.08.2010 00:58     C:\Windows\Prefetch\UNINST.EXE-8E8F59E4.pf --------- 23084  
 08.08.2010 00:57     C:\Windows\Prefetch\UNINST.EXE-0FA1486F.pf --------- 25808  
 08.08.2010 00:57     C:\Windows\Prefetch\UNINSTALLER.EXE-B8EF4F7F.pf --------- 24164  
 08.08.2010 00:56     C:\Windows\Prefetch\UNINSTALL.EXE-6C397AF0.pf --------- 25056  
 08.08.2010 00:46     C:\Windows\Prefetch\IMAGEREADY.EXE-0DAAD494.pf --------- 46444  
 08.08.2010 00:46     C:\Windows\Prefetch\ISUN0407.EXE-E0680D8F.pf --------- 32382  
 08.08.2010 00:45     C:\Windows\Prefetch\UNINS003.EXE-A90F369D.pf --------- 20806  
 08.08.2010 00:37     C:\Windows\Prefetch\UNINSTALL.EXE-CD5B5B20.pf --------- 24820  
 08.08.2010 00:35     C:\Windows\Prefetch\UNINS000.EXE-1AF141B9.pf --------- 27688  
 08.08.2010 00:35     C:\Windows\Prefetch\UNINSTALL.EXE-E9C7CD30.pf --------- 23030  
 08.08.2010 00:34     C:\Windows\Prefetch\GLB1A2B.EXE-5F1F62EF.pf --------- 21744  
 08.08.2010 00:34     C:\Windows\Prefetch\RUNDLL32.EXE-C3CCC034.pf --------- 51408  
 08.08.2010 00:34     C:\Windows\Prefetch\UNWISE.EXE-40409D49.pf --------- 27330  
 07.08.2010 23:08     C:\Windows\Prefetch\DLLHOST.EXE-9523903C.pf --------- 21730  
 07.08.2010 22:57     C:\Windows\Prefetch\DELLTPAD.EXE-F2CBC24B.pf --------- 26614  
 07.08.2010 22:48     C:\Windows\Prefetch\HELPPANE.EXE-D1016F9E.pf --------- 71266  
 07.08.2010 22:48     C:\Windows\Prefetch\RUNDLL32.EXE-45B0383E.pf --------- 25744  
 06.08.2010 02:45     C:\Windows\Prefetch\ORBITDOWNLOADERSETUP4001.TMP-1E8CB260.pf --------- 41056  
 06.08.2010 02:45     C:\Windows\Prefetch\ORBITDOWNLOADERSETUP4001.EXE-1EA02554.pf --------- 19362  
 06.08.2010 02:45     C:\Windows\Prefetch\ORBITDOWNLOADERSETUP4001.TMP-A0BE913E.pf --------- 25250  
 06.08.2010 02:40     C:\Windows\Prefetch\RUNDLL32.EXE-C40E3719.pf --------- 36900  
 06.08.2010 02:39     C:\Windows\Prefetch\RTMPDUMP.EXE-DC9ADC7A.pf --------- 11206  
 06.08.2010 02:38     C:\Windows\Prefetch\SVCHOST.EXE-2FFE0083.pf --------- 16856  
 06.08.2010 02:38     C:\Windows\Prefetch\SVCHOST.EXE-F5AA802A.pf --------- 13534  
 06.08.2010 02:38     C:\Windows\Prefetch\SBSTART.EXE-87929347.pf --------- 40280  
 06.08.2010 02:33     C:\Windows\Prefetch\WINLOA~1.EXE-9BA60487.pf --------- 19448  
 06.08.2010 02:29     C:\Windows\Prefetch\VLC.EXE-84DE547F.pf --------- 107224  
 06.08.2010 02:00     C:\Windows\Prefetch\RUNDLL32.EXE-982A72D8.pf --------- 37758  
 06.08.2010 01:58     C:\Windows\Prefetch\RUNDLL32.EXE-FCBAD65D.pf --------- 37566  
 06.08.2010 01:58     C:\Windows\Prefetch\FLVSTREAMER-2.1C_WIN32.EXE-E8FFEB14.pf --------- 19510  
 06.08.2010 01:52     C:\Windows\Prefetch\FLVSTREAMER_WIN32_LATEST.EXE-936E6BFB.pf --------- 32300  
 06.08.2010 01:10     C:\Windows\Prefetch\UNINSTALL.EXE-224B4D25.pf --------- 19558  
 06.08.2010 01:01     C:\Windows\Prefetch\WINLOAD.EXE-6196CC56.pf --------- 20908  
 06.08.2010 01:01     C:\Windows\Prefetch\GLB5F11.TMP-CE83B82D.pf --------- 82350  
 06.08.2010 01:01     C:\Windows\Prefetch\MEDIATHEK-SETUP.EXE-E1F5F26D.pf --------- 46694  
 06.08.2010 01:01     C:\Windows\Prefetch\WINLOAD_TB.EXE-DC293A4F.pf --------- 81758  
 06.08.2010 00:42     C:\Windows\Prefetch\RUNDLL32.EXE-6F158C28.pf --------- 47798  
 06.08.2010 00:34     C:\Windows\Prefetch\TASKMAN.EXE-AF1AA752.pf --------- 33886  
 06.08.2010 00:33     C:\Windows\Prefetch\SETUP.EXE-6F7CB629.pf --------- 24212  
 06.08.2010 00:33     C:\Windows\Prefetch\TASKMANAGER17.EXE-E773F829.pf --------- 46440  
 06.08.2010 00:24     C:\Windows\Prefetch\ROUTE.EXE-AA5DBD7E.pf --------- 10564  
 06.08.2010 00:08     C:\Windows\Prefetch\AgCx_S1_S-1-5-21-1266740531-1925796205-1647025121-1000.snp.db --------- 

4884908  
 06.08.2010 00:08     C:\Windows\Prefetch\UI0DETECT.EXE-B742F20E.pf --------- 22976  
 06.08.2010 00:08     C:\Windows\Prefetch\OX.EXE-9664C4FB.pf --------- 21838  
 06.08.2010 00:08     C:\Windows\Prefetch\ROOTKITREVEALER.EXE-BD9EE12B.pf --------- 20402  
 06.08.2010 00:03     C:\Windows\Prefetch\XTYGLT.EXE-56E0CFE4.pf --------- 24764  
 05.08.2010 23:54     C:\Windows\Prefetch\OPENVPN.EXE-51BE6D5E.pf --------- 26320  
 05.08.2010 23:54     C:\Windows\Prefetch\OPENVPN-GUI-1.0.3.EXE-DC0E9B91.pf --------- 18350  
 05.08.2010 23:47     C:\Windows\Prefetch\MPMINISIGSTUB.EXE-168F3172.pf --------- 6478  
 05.08.2010 23:46     C:\Windows\Prefetch\RUNDLL32.EXE-BF913C5E.pf --------- 44296  
 01.08.2010 22:59     C:\Windows\Prefetch\AgCx_SC1.db --------- 707399  
 01.08.2010 05:30     C:\Windows\Prefetch\AgCx_SC1.db.trx --------- 113028  
 18.03.2008 11:07     C:\Windows\Prefetch\AgAppLaunch.db --------- 332116  
----------------------------------------

 
C:\Windows\Tasks

 10.08.2010 12:26     C:\Windows\Tasks\Google Software Updater.job --------- 1052  
 10.08.2010 12:24     C:\Windows\Tasks\SA.DAT --------- 6  
 10.08.2010 05:05     C:\Windows\Tasks\SCHEDLGU.TXT --------- 32558  
 09.08.2010 03:16     C:\Windows\Tasks\Ad-Aware Update (Weekly).job --------- 474  
----------------------------------------

 
C:\Windows\Temp

 10.08.2010 02:07     C:\Windows\Temp\MpCmdRun.log --------- 2310  
 10.08.2010 02:07     C:\Windows\Temp\MpSigStub.log --------- 3268  
 09.08.2010 23:01     C:\Windows\Temp\History --------- 0  
 09.08.2010 23:01     C:\Windows\Temp\Cookies --------- 0  
 09.08.2010 23:01     C:\Windows\Temp\Temporary Internet Files --------- 0  
 02.08.2010 12:36     C:\Windows\Temp\klsBF38.tmp --------- 91240  
 09.10.2009 13:27     C:\Windows\Temp\Low --------- 0  
----------------------------------------

 
C:\Users\***~1\AppData\Local\Temp

 10.08.2010 13:05     C:\Users\***~1\AppData\Local\Temp\Temp1_avp.zip --------- 0  
 10.08.2010 13:05     C:\Users\***~1\AppData\Local\Temp\Temp1_avp-6.zip --------- 0  
 10.08.2010 13:05     C:\Users\***~1\AppData\Local\Temp\Temp1_avp-5.zip --------- 0  
 10.08.2010 13:05     C:\Users\***~1\AppData\Local\Temp\Temp1_avp-2.zip --------- 0  
 10.08.2010 13:05     C:\Users\***~1\AppData\Local\Temp\Temp1_avp-1.zip --------- 4096  
 10.08.2010 13:05     C:\Users\***~1\AppData\Local\Temp\***.bmp --------- 31832  
 10.08.2010 13:01     C:\Users\***~1\AppData\Local\Temp\hsperfdata_*** --------- 0  
 10.08.2010 12:33     C:\Users\***~1\AppData\Local\Temp\Low --------- 0  
 10.08.2010 12:32     C:\Users\***~1\AppData\Local\Temp\jusched.log --------- 1820  
 10.08.2010 12:28     C:\Users\***~1\AppData\Local\Temp\ima1A06.tmp --------- 262144  
 10.08.2010 12:28     C:\Users\***~1\AppData\Local\Temp\ima19F5.tmp --------- 262144  
 10.08.2010 12:27     C:\Users\***~1\AppData\Local\Temp\AdobeARM.log --------- 3806  
 10.08.2010 12:27     C:\Users\***~1\AppData\Local\Temp\WPDNSE --------- 0  
 10.08.2010 05:01     C:\Users\***~1\AppData\Local\Temp\{04948FB6-86C9-42BF-90A0-E8910E194B61} --------- 0  
 10.08.2010 05:01     C:\Users\***~1\AppData\Local\Temp\{76486921-7354-4973-AF4A-6DC7FECC1FBC} --------- 4096  
 10.08.2010 02:50     C:\Users\***~1\AppData\Local\Temp\FAP9C10.tmp --------- 4  
 10.08.2010 02:29     C:\Users\***~1\AppData\Local\Temp\~DFF896.tmp --------- 114688  
 10.08.2010 01:57     C:\Users\***~1\AppData\Local\Temp\moz_mapi --------- 4096  
 10.08.2010 01:47     C:\Users\***~1\AppData\Local\Temp\FAPF805.tmp --------- 4  
 10.08.2010 01:26     C:\Users\***~1\AppData\Local\Temp\Log --------- 0  
 09.08.2010 23:48     C:\Users\***~1\AppData\Local\Temp\FAP6408.tmp --------- 4  
 09.08.2010 23:48     C:\Users\***~1\AppData\Local\Temp\FAPFCBB.tmp --------- 4  
 09.08.2010 23:47     C:\Users\***~1\AppData\Local\Temp\FAP5422.tmp --------- 4  
 09.08.2010 23:11     C:\Users\***~1\AppData\Local\Temp\{e26c84d8-a44b-40eb-bbfb-1ff72fa4c133} --------- 0  
 09.08.2010 19:04     C:\Users\***~1\AppData\Local\Temp\AUCHECK_PARSER.txt --------- 74  
 09.08.2010 19:04     C:\Users\***~1\AppData\Local\Temp\AUCHECK_CORE.txt --------- 302  
 09.08.2010 19:01     C:\Users\***~1\AppData\Local\Temp\nro.log --------- 0  
 09.08.2010 02:53     C:\Users\***~1\AppData\Local\Temp\WERDDEB.tmp.version.txt --------- 462  
 09.08.2010 01:06     C:\Users\***~1\AppData\Local\Temp\WLZ375E.tmp --------- 16384  
 18.03.2008 11:12     C:\Users\***~1\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0  
 10.11.2003 13:55     C:\Users\***~1\AppData\Local\Temp\setFC9C.tmp --------- 116880  
 02.12.2002 15:33     C:\Users\***~1\AppData\Local\Temp\SetD443.tmp --------- 107512  
----------------------------------------

 
C:\Program Files

 10.08.2010 04:59     C:\Program Files\InstallShield Installation Information --------- 12288  
 10.08.2010 04:59     C:\Program Files\trend micro --------- 4096  
 10.08.2010 02:16     C:\Program Files\Malwarebytes' Anti-Malware --------- 4096  
 09.08.2010 23:16     C:\Program Files\Creative --------- 4096  
 09.08.2010 21:50     C:\Program Files\Spiele --------- 4096  
 08.08.2010 01:15     C:\Program Files\Anwendungen --------- 8192  
 08.08.2010 01:15     C:\Program Files\OpenOffice.org 3 --------- 4096  
 08.08.2010 00:57     C:\Program Files\Mozilla Sunbird --------- 8192  
 08.08.2010 00:35     C:\Program Files\Common Files --------- 8192  
 06.08.2010 00:34     C:\Program Files\Security Task Manager --------- 32768  
 28.07.2010 23:59     C:\Program Files\Mozilla Firefox --------- 28672  
 22.07.2010 01:44     C:\Program Files\Mozilla Thunderbird --------- 28672  
 14.07.2010 22:10     C:\Program Files\Windows Mail --------- 4096  
 04.07.2010 03:41     C:\Program Files\Windows Sidebar --------- 4096  
 04.07.2010 03:39     C:\Program Files\Kaspersky Lab --------- 0  
 04.07.2010 03:34     C:\Program Files\Lavasoft --------- 0  
 25.06.2010 16:50     C:\Program Files\Microsoft.NET --------- 0  
 11.06.2010 16:20     C:\Program Files\Internet Explorer --------- 4096  
 11.06.2010 11:55     C:\Program Files\Microsoft Silverlight --------- 4096  
 11.05.2010 16:12     C:\Program Files\ElsterFormular --------- 4096  
 11.05.2010 03:22     C:\Program Files\Java --------- 4096  
 08.05.2010 03:15     C:\Program Files\Sicherheit --------- 4096  
 15.03.2010 16:32     C:\Program Files\f4 --------- 8192  
 12.03.2010 06:40     C:\Program Files\Movie Maker --------- 4096  
 27.01.2010 16:10     C:\Program Files\Adobe --------- 4096  
 24.12.2009 16:15     C:\Program Files\Google --------- 4096  
 17.11.2009 18:18     C:\Program Files\Windows Portable Devices --------- 0  
 28.10.2009 04:19     C:\Program Files\Windows Media Player --------- 4096  
 07.09.2009 21:44     C:\Program Files\IEPro --------- 4096  
 07.09.2009 16:28     C:\Program Files\Windows Calendar --------- 0  
 07.09.2009 16:28     C:\Program Files\Windows Collaboration --------- 4096  
 07.09.2009 16:28     C:\Program Files\Windows Journal --------- 4096  
 07.09.2009 16:28     C:\Program Files\Windows Photo Gallery --------- 4096  
 07.09.2009 16:28     C:\Program Files\Windows Defender --------- 4096  
 05.07.2009 00:50     C:\Program Files\Softi Software --------- 0  
 04.06.2009 12:57     C:\Program Files\Microsoft Works --------- 4096  
 11.05.2009 01:22     C:\Program Files\Ashampoo --------- 0  
 24.04.2009 14:53     C:\Program Files\OpenVPN --------- 4096  
 10.04.2009 22:07     C:\Program Files\Panasonic --------- 0  
 17.02.2009 03:33     C:\Program Files\AviSynth 2.5 --------- 0  
 11.02.2009 19:31     C:\Program Files\Sprachen --------- 0  
 01.02.2009 04:05     C:\Program Files\Windows Live --------- 0  
 12.12.2008 17:04     C:\Program Files\OpenOffice.org 2.4 --------- 4096  
 01.10.2008 11:50     C:\Program Files\Microsoft Office --------- 4096  
 08.09.2008 16:58     C:\Program Files\Games --------- 0  
 22.08.2008 13:04     C:\Program Files\Winamp --------- 0  
 19.07.2008 18:36     C:\Program Files\Sun --------- 0  
 26.05.2008 18:49     C:\Program Files\Creative Live Cam --------- 0  
 26.05.2008 18:48     C:\Program Files\Dell --------- 4096  
 25.04.2008 01:43     C:\Program Files\Creative Installation Information --------- 4096  
 16.04.2008 22:25     C:\Program Files\WEB.DE --------- 0  
 25.03.2008 14:57     C:\Program Files\desktop.ini --------- 174  
 19.03.2008 17:27     C:\Program Files\MSXML 4.0 --------- 0  
 18.03.2008 15:42     C:\Program Files\Internet --------- 0  
 18.03.2008 12:32     C:\Program Files\Synaptics --------- 0  
 18.03.2008 12:18     C:\Program Files\Real --------- 0  
 18.03.2008 11:30     C:\Program Files\SigmaTel --------- 0  
 18.03.2008 11:26     C:\Program Files\Cisco --------- 0  
 18.03.2008 11:16     C:\Program Files\Intel --------- 0  
 18.03.2008 11:12     C:\Program Files\Windows NT --------- 4096  
 18.03.2008 11:12     C:\Program Files\Gemeinsame Dateien --------- 0  
 02.11.2006 15:01     C:\Program Files\Uninstall Information --------- 0  
 02.11.2006 14:37     C:\Program Files\Reference Assemblies --------- 0  
 02.11.2006 14:37     C:\Program Files\MSBuild --------- 0  
----------------------------------------

 
C:\ProgramData\.. 

***    
Public    
desktop.ini    
Default    
Default User    
All Users    
----------------------------------------

 
C:\Windows\system32\drivers\etc\hosts

::1             localhost
217.27.3.154 cms.n-tv.de

----------------------------------------

 

Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                   0            24 K
System                           4 Services                   0         9.492 K
smss.exe                       524 Services                   0           736 K
csrss.exe                      664 Services                   0         5.340 K
wininit.exe                    716 Services                   0         4.100 K
csrss.exe                      728 Console                    1        16.492 K
services.exe                   768 Services                   0         6.936 K
lsass.exe                      784 Services                   0         8.348 K
lsm.exe                        792 Services                   0         3.880 K
svchost.exe                    952 Services                   0         6.628 K
svchost.exe                   1024 Services                   0         6.440 K
svchost.exe                   1092 Services                   0        43.328 K
svchost.exe                   1132 Services                   0        12.548 K
svchost.exe                   1172 Services                   0        99.036 K
svchost.exe                   1196 Services                   0        59.500 K
audiodg.exe                   1292 Services                   0        15.544 K
svchost.exe                   1320 Services                   0         4.908 K
SLsvc.exe                     1368 Services                   0        11.276 K
svchost.exe                   1432 Services                   0        12.868 K
winlogon.exe                  1552 Console                    1         5.648 K
svchost.exe                   1632 Services                   0        15.056 K
WLTRYSVC.EXE                  1768 Services                   0         2.536 K
BCMWLTRY.EXE                  1788 Services                   0        21.004 K
wlanext.exe                   1876 Services                   0         5.332 K
LEXBCES.EXE                   1908 Services                   0         4.756 K
LEXPPS.EXE                    1980 Services                   0         4.272 K
spoolsv.exe                    124 Services                   0        12.388 K
svchost.exe                    540 Services                   0        16.884 K
avp.exe                       2228 Services                   0       138.224 K
svchost.exe                   2292 Services                   0         3.572 K
svchost.exe                   2396 Services                   0         4.932 K
TMRUBotted.exe                2476 Services                   0         9.436 K
stacsv.exe                    2704 Services                   0         6.452 K
svchost.exe                   2788 Services                   0         7.704 K
svchost.exe                   2820 Services                   0         2.160 K
SearchIndexer.exe             2844 Services                   0        34.948 K
taskeng.exe                   3532 Services                   0         5.792 K
taskeng.exe                   2900 Console                    1        12.336 K
dwm.exe                       1860 Console                    1         4.140 K
explorer.exe                  3612 Console                    1       238.992 K
MSASCui.exe                   1588 Console                    1         8.924 K
WLTRAY.EXE                    2052 Console                    1        20.240 K
SynTPEnh.exe                  4060 Console                    1         7.252 K
vspdfprsrv.exe                3736 Console                    1        34.076 K
OEM02Mon.exe                  1448 Console                    1         5.028 K
sttray.exe                    3032 Console                    1        10.324 K
wmpnscfg.exe                  3568 Console                    1         5.244 K
wmpnetwk.exe                  3912 Services                   0        28.160 K
jusched.exe                    216 Console                    1         3.932 K
avp.exe                       2216 Console                    1         6.232 K
TMRUBottedTray.exe            2948 Console                    1         4.108 K
Eraser.exe                    1744 Console                    1         9.324 K
firefox.exe                   2940 Console                    1       106.792 K
klwtblfs.exe                  3600 Console                    1         5.120 K
taskeng.exe                   4900 Console                    1         4.680 K
sdclt.exe                     5156 Console                    1         9.512 K
svchost.exe                   1144 Services                   0         6.888 K
notepad.exe                   1848 Console                    1         5.992 K
cmd.exe                       3088 Console                    1         2.916 K
conime.exe                    4884 Console                    1         3.628 K
tasklist.exe                  3980 Console                    1         5.008 K
WmiPrvSE.exe                  5548 Services                   0         6.036 K

 
***** Ende des Scans 10.08.2010 um 13:20:46,71 ***
         

####################################

Hier die von CCleaner erstellte Übersicht:

Code: Alles auswählenAufklappen

ATTFilter

*tmx englisch	*tmx communications	10.08.2008	149,9MB	5.00.0000
7-Zip 4.57		18.07.2008	2,86MB	
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	06.09.2009		10.0.32.18
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	01.08.2010		10.1.53.64
Adobe Reader 9.3.3 - Deutsch	Adobe Systems Incorporated	30.06.2010	162,6MB	9.3.3
Adobe Shockwave Player 11.5	Adobe Systems, Inc.	18.07.2010	7,48MB	11.5.7.609
Advanced Audio FX Engine		25.05.2008		
Advanced Video FX Engine		25.05.2008		
Ashampoo Burning Studio 6	ashampoo Technology GmbH & Co. KG	17.02.2009	27,6MB	
Ashampoo WinOptimizer 2008	ashampoo GmbH & Co. KG	10.05.2009	21,6MB	
CCleaner	Piriform	08.08.2010	1,05MB	2.34
Cisco EAP-FAST Module	Cisco Systems, Inc.	17.03.2008	2,98MB	2.0.26
Cisco LEAP Module	Cisco Systems, Inc.	17.03.2008	1,04MB	1.0.11
Cisco PEAP Module	Cisco Systems, Inc.	17.03.2008	0,84MB	1.0.12
Condition Zero	Valve	28.09.2008	2.656,6MB	
Condition Zero Deleted Scenes	Ritual	28.09.2008	2.656,6MB		
Cool Edit Pro 2.0		29.07.2008	27,1MB	
Counter-Strike	Valve	28.09.2008	16,3MB	
Counter-Strike Steamworks Beta	Valve	28.09.2008		
Creative Jukebox Driver		24.04.2008		
Cuttermaran 1.69a	toarnold	05.04.2008	5,12MB	1.6.92
Debugging Tools for Windows (x86)	Microsoft Corporation	07.05.2010	41,7MB	6.12.2.633
Dell Resource CD	Ihr Firmenname	17.03.2008	3,04MB	1.00.0000
Dell Touchpad	Synaptics	09.04.2008	17,2MB	9.1.18.6
Dell Webcam Center		25.05.2008	14,1MB	
Dell Webcam Manager		25.05.2008	0,77MB	
Dell Wireless WLAN Karte	Dell Inc.	17.03.2008	23,8MB	4.170.25.12
dradio-Recorder Version 3.00.5		05.08.2009	22,6MB	
ElsterFormular	Landesfinanzdirektion Thüringen	10.05.2010	302,6MB	11.4.1.4323
ElsterFormular 2006/2007	Steuerverwaltung des Bundes und der Länder	15.04.2008	63,7MB	8.3.1.0
ElsterFormular 2007/2008	Steuerverwaltung des Bundes und der Länder	15.04.2008	65,5MB	9.2.0.0
ElsterFormular 2008/2009	Steuerverwaltung des Bundes und der Länder	07.04.2009	168,0MB	10.2.0.0
Englisch 201		17.06.2009		
Eraser	Heidi Computers Ltd.	05.04.2008	3,71MB		
EVEREST Home Edition v2.20	Lavalys Inc	17.03.2008	6,58MB	2.20
eXPert PDF 4	Visage Software	25.03.2008	33,2MB	4.1.670.404
f4 3.1.0	MAXqda	14.03.2010	8,18MB	3.1.0
Firebird SQL Server - MAGIX Edition	MAGIX AG	17.02.2009	6,22MB	2.0.1.13
Français 100	Strokes	09.02.2009	358,6MB	40.03.100
GetASFStream		21.09.2008	1,37MB	
GIMP 2.6.10	The GIMP Team	18.07.2010	112,7MB	2.6.10
Google Updater	Google Inc.	23.03.2009	2,48MB	2.4.1536.6592
GTK+ Runtime 2.14.7 rev a (nur entfernen)		23.03.2009		
HD Tune 2.55	EFD Software	31.01.2009	1,27MB	
HiJackThis	Trend Micro	09.08.2010	0,36MB	1.0.0
IE7Pro	IE7Pro Team	06.09.2009	7,99MB	2.4.6
Java(TM) 6 Update 20	Sun Microsystems, Inc.	12.12.2008	94,4MB	6.0.200
Kaspersky Internet Security 2011	Kaspersky Lab	03.07.2010	60,5MB	11.0.0.232
Laptop Integrated Webcam Driver (1.04.01.1011)		18.03.2008		
LeechFTP		20.03.2008		
Macromedia Dreamweaver 4	Macromedia	19.03.2008	60,0MB	4.0
Malwarebytes' Anti-Malware	Malwarebytes Corporation	09.08.2010	3,91MB	
Microsoft .NET Framework 1.1		10.02.2009		
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	15.02.2009	37,0MB	
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	11.02.2009	37,0MB	
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	24.06.2010	120,3MB	4.0.30319
Microsoft Office Home and Student 2007	Microsoft Corporation	03.06.2009	294,1MB	12.0.6425.1000
Microsoft Silverlight	Microsoft Corporation	05.06.2010	14,9MB	4.0.50524.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	29.07.2009	

0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	05.04.2008	2,38MB	8.0.56336
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	29.07.2009	

0,19MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	27.10.2008	2,06MB	

9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	10.05.2010	0,58MB	

9.0.30729
Mozilla ActiveX Control v1.7.12		31.01.2009	11,9MB	
Mozilla Firefox (3.6.8)	Mozilla	27.07.2010	32,4MB	3.6.8 (de)
Mozilla Thunderbird (3.0.6)	Mozilla	21.07.2010	31,5MB	3.0.6 (de)
MSXML 4.0 SP2 (KB936181)	Microsoft Corporation	18.03.2008	1,27MB	4.20.9848.0
MSXML 4.0 SP2 (KB941833)	Microsoft Corporation	19.03.2008	1,27MB	4.20.9849.0
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	11.11.2008	1,28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	24.11.2009	1,34MB	4.20.9876.0
neroxml	Nero AG	13.11.2008	1,24MB	1.0.0
NetLCR v4.10.405	Oleco GmbH	20.03.2008	1,78MB	
NVIDIA Drivers	NVIDIA Corporation	07.05.2010		1.3
OpenVPN 2.1_rc15		23.04.2009	3,85MB	2.1_rc15
Opera 10.53	Opera Software ASA	04.05.2010	28,3MB	10.53
PDF Blender		27.01.2010	1,28MB	
Security Task Manager 1.7h	Neuber GmbH	05.08.2010	2,45MB	1.7h
SigmaTel Audio	SigmaTel	17.03.2008	14,1MB	5.10.5102.0
Skype™ 4.2	Skype Technologies S.A.	24.07.2010	25,0MB	4.2.169
Spelling Dictionaries Support For Adobe Reader 8	Adobe Systems	24.06.2008	32,5MB	8.0.0
Steam	Valve	28.09.2008	1,31MB	1.0.0.0
SUPER © Version 2010.bld.38 (May 2, 2010)	eRightSoft	08.08.2010	120,7MB	Version 2010.bld.38 (May 2, 

2010)
tmx808	tmx communications	09.08.2008	147,5MB	1.30.0000
Trend Micro RUBotted	TrendMicro	09.08.2010	7,54MB	1.5.1011
WEB.DE Club SmartFax	WEB.DE GmbH	19.03.2008	9,47MB	2.00.165
WEB.DE SmartDrive Manager	WEB.DE GmbH	15.04.2008	6,40MB	1.0.360
Windows Live installer	Microsoft Corporation	31.01.2009	1,71MB	12.0.1471.1025
Windows Live Writer	Microsoft Corporation	01.02.2009	11,4MB	12.0.1370.0325
Windows Media Player Firefox Plugin	Microsoft Corp	01.07.2008	0,29MB	1.0.0.8
         

Ich habe Germ durchlaufen lassen, allerdings hat sich nach einer gewissen Zeit bei folgender Datei nichts mehr

getan:

C:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\f3wcpij0.default\ScrapBo

Anbei deshalb das Log (Teil 1) bis zum Stopp durch mich:

Code: Alles auswählenAufklappen

ATTFilter

GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-10 18:01:11
Windows 6.0.6002 Service Pack 2
Running: yrhwe1ck.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\kglyruod.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwAdjustPrivilegesToken [0x92C34992]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwAlpcConnectPort [0x92C363FA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwAlpcCreatePort [0x92C36674]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwAlpcSendWaitReceivePort [0x92C368E6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwClose [0x92C352AA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwConnectPort [0x92C35A52]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwCreateEvent [0x92C35E4E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwCreateFile [0x92C354C8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwCreateMutant [0x92C35D34]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwCreateNamedPipeFile [0x92C34582]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwCreatePort [0x92C35C08]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwCreateSection [0x92C3472A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwCreateSemaphore [0x92C35F6E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwCreateThread [0x92C34F32]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwCreateWaitablePort [0x92C35C9E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwDebugActiveProcess [0x92C37596]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwDuplicateObject [0x92C38716]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwFsControlFile [0x92C35694]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwLoadDriver [0x92C37688]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwMapViewOfSection [0x92C37D62]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwOpenEvent [0x92C35EE4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwOpenFile [0x92C35336]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwOpenMutant [0x92C35DC4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwOpenProcess [0x92C34BDC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwOpenSection [0x92C37AFC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwOpenSemaphore [0x92C36004]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwOpenThread [0x92C34AD0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwQueryDirectoryObject [0x92C36B30]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwQuerySection [0x92C3809C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwQueueApcThread [0x92C3798E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwReplyPort [0x92C36368]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwReplyWaitReceivePort [0x92C3622E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwRequestWaitReplyPort [0x92C37330]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwResumeThread [0x92C385B8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwSecureConnectPort [0x92C3579C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwSetContextThread [0x92C3514C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwSetInformationToken [0x92C36BD2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwSetSecurityObject [0x92C37790]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwSetSystemInformation [0x92C381EC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwSuspendProcess [0x92C382DE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwSuspendThread [0x92C38418]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwSystemDebugControl [0x92C374BA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwTerminateProcess [0x92C34D7C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwTerminateThread [0x92C34CD2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwUnmapViewOfSection [0x92C37F40]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwWriteVirtualMemory [0x92C34E68]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                

                                                  ZwCreateThreadEx [0x92C35030]

INT 0x52        ?                                                                                                   

                                                  86685BF8
INT 0x52        ?                                                                                                   

                                                  86685BF8
INT 0x52        ?                                                                                                   

                                                  86685BF8
INT 0x62        ?                                                                                                   

                                                  86685BF8
INT 0x72        ?                                                                                                   

                                                  86685BF8
INT 0x72        ?                                                                                                   

                                                  86685BF8
INT 0x72        ?                                                                                                   

                                                  86685BF8
INT 0x72        ?                                                                                                   

                                                  86685BF8
INT 0x92        ?                                                                                                   

                                                  8659ABF8
INT 0xB2        ?                                                                                                   

                                                  8659ABF8
INT 0xB2        ?                                                                                                   

                                                  8659ABF8

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 119                                                                       

                                                  836C687C 4 Bytes  [92, 49, C3, 92] {XCHG EDX, EAX; DEC ECX; RET ; 

XCHG EDX, EAX}
.text           ntkrnlpa.exe!KeSetEvent + 13D                                                                       

                                                  836C68A0 8 Bytes  [FA, 63, C3, 92, 74, 66, C3, ...] {CLI ; ARPL 

BX, AX; XCHG EDX, EAX; JZ 0x6c; RET ; XCHG EDX, EAX}
.text           ntkrnlpa.exe!KeSetEvent + 181                                                                       

                                                  836C68E4 4 Bytes  [E6, 68, C3, 92] {OUT 0x68, AL; RET ; XCHG EDX, 

EAX}
.text           ntkrnlpa.exe!KeSetEvent + 1A9                                                                       

                                                  836C690C 4 Bytes  [AA, 52, C3, 92] {STOSB ; PUSH EDX; RET ; XCHG 

EDX, EAX}
.text           ntkrnlpa.exe!KeSetEvent + 1C1                                                                       

                                                  836C6924 4 Bytes  [52, 5A, C3, 92] {PUSH EDX; POP EDX; RET ; XCHG 

EDX, EAX}
.text           ...                                                                                                 

                                                  
?               System32\Drivers\sppj.sys                                                                           

                                                  Das System kann den angegebenen Pfad nicht finden. !
.text           USBPORT.SYS!DllUnload                                                                               

                                                  8C3CA41B 5 Bytes  JMP 866851D8 

---- User code sections - GMER 1.0.15 ----

?               C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] C:\Windows\system32

\ntdll.dll                                                  time/date stamp mismatch; 
?               C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] C:\Windows\system32

\kernel32.dll                                               time/date stamp mismatch; 
.text           C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] USER32.dll!SetScrollInfo + 

7A8                                                 75EB7980 4 Bytes  JMP 46117075 
?               C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] C:\Windows\system32

\ntdll.dll                                                  time/date stamp mismatch; 
?               C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] C:\Windows\system32

\kernel32.dll                                               time/date stamp mismatch; 
.text           C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] USER32.dll!SetScrollInfo + 

7A8                                                 75EB7980 4 Bytes  JMP 46117075 

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                           

                                                  [8068B6D2] \SystemRoot\System32\Drivers\sppj.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                            

                                                  [8068B040] \SystemRoot\System32\Drivers\sppj.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                    

                                                  [8068B7FC] \SystemRoot\System32\Drivers\sppj.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort]                           

                                                  [8068B0BE] \SystemRoot\System32\Drivers\sppj.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                     

                                                  [8068B13C] \SystemRoot\System32\Drivers\sppj.sys
IAT             \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                  

                                                  [8069B048] \SystemRoot\System32\Drivers\sppj.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\kernel32.dll [ntdll.dll!RtlAllocateHeap]                 00610240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\kernel32.dll [ntdll.dll!RtlFreeHeap]                     006102B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\kernel32.dll [ntdll.dll!RtlSizeHeap]                     00610320
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\kernel32.dll [ntdll.dll!RtlReAllocateHeap]               00610390
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\msvcrt.dll [KERNEL32.dll!SetErrorMode]                   01CD07F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\msvcrt.dll [KERNEL32.dll!GetModuleHandleW]               01CD0860
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\msvcrt.dll [KERNEL32.dll!GetProcAddress]                 01CD08D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\msvcrt.dll [KERNEL32.dll!LoadLibraryA]                   01CD0940
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\msvcrt.dll [KERNEL32.dll!FreeLibrary]                    01CD09B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\msvcrt.dll [KERNEL32.dll!CreateProcessA]                 01CD0A20
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\msvcrt.dll [KERNEL32.dll!CreateProcessW]                 01CD0A90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\msvcrt.dll [KERNEL32.dll!HeapDestroy]                    006104E0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\msvcrt.dll [KERNEL32.dll!VirtualFree]                    00610550
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\msvcrt.dll [KERNEL32.dll!HeapFree]                       006105C0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\msvcrt.dll [KERNEL32.dll!VirtualAlloc]                   006106A0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\msvcrt.dll [KERNEL32.dll!GetModuleFileNameA]             01CD0B00
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\msvcrt.dll [KERNEL32.dll!GetModuleFileNameW]             01CD0B70
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    01CD0BE0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\msvcrt.dll [KERNEL32.dll!LoadLibraryW]                   01CD0C50
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\msvcrt.dll [KERNEL32.dll!GetModuleHandleA]               01CD0CC0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\msvcrt.dll [KERNEL32.dll!CreateThread]                   00610780
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\ADVAPI32.dll [ntdll.dll!RtlFreeHeap]                     006107F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap]                 00610860
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]               01CD0EF0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA]                 01CD0F60
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\ADVAPI32.dll [KERNEL32.dll!HeapFree]                     006108D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA]             75A60630
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\ADVAPI32.dll [KERNEL32.dll!FreeLibrary]                  75A606A0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW]               75A60710
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW]           75A60780
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\ADVAPI32.dll [KERNEL32.dll!SetErrorMode]                 75A607F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\ADVAPI32.dll [KERNEL32.dll!VirtualFree]                  00610A20
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\ADVAPI32.dll [KERNEL32.dll!CreateThread]                 00610B00
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW]             75A60860
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  75A608D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW]                 75A60940
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\RPCRT4.dll [ntdll.dll!RtlFreeHeap]                       00610B70
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\RPCRT4.dll [ntdll.dll!RtlAllocateHeap]                   00610BE0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    75A609B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA]             75A60A20
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\RPCRT4.dll [KERNEL32.dll!GetProcAddress]                 75A60A90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\RPCRT4.dll [KERNEL32.dll!FreeLibrary]                    75A60B00
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\RPCRT4.dll [KERNEL32.dll!LoadLibraryA]                   75A60B70
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\RPCRT4.dll [KERNEL32.dll!LoadLibraryW]                   75A60BE0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\RPCRT4.dll [KERNEL32.dll!VirtualFree]                    00610CC0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\RPCRT4.dll [KERNEL32.dll!VirtualAlloc]                   00610D30
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\RPCRT4.dll [KERNEL32.dll!HeapFree]                       00610E10
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\RPCRT4.dll [KERNEL32.dll!CreateThread]                   00610E80
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\RPCRT4.dll [KERNEL32.dll!GetModuleHandleW]               75A60C50
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\USER32.dll [ntdll.dll!RtlSizeHeap]                       00610EF0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\USER32.dll [ntdll.dll!RtlReAllocateHeap]                 00610F60
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\USER32.dll [ntdll.dll!RtlAllocateHeap]                   772C0400
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\USER32.dll [ntdll.dll!RtlFreeHeap]                       772C0470
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\USER32.dll [KERNEL32.dll!LoadLibraryExW]                 75A60CC0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\USER32.dll [KERNEL32.dll!CreateThread]                   772C04E0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\USER32.dll [KERNEL32.dll!CreateProcessW]                 75A60D30
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\USER32.dll [KERNEL32.dll!GetModuleFileNameA]             75A60DA0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\USER32.dll [KERNEL32.dll!GetModuleHandleA]               75A60E10
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\USER32.dll [KERNEL32.dll!LoadLibraryA]                   75A60E80
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    75A60EF0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\USER32.dll [KERNEL32.dll!GetModuleHandleW]               75A60F60
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\USER32.dll [KERNEL32.dll!GetModuleFileNameW]             01CE0010
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\USER32.dll [KERNEL32.dll!LoadLibraryW]                   01CE0080
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\USER32.dll [KERNEL32.dll!GetProcAddress]                 01CE00F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\USER32.dll [KERNEL32.dll!FreeLibrary]                    01CE0160
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\GDI32.dll [ntdll.dll!RtlAllocateHeap]                    772C0550
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\GDI32.dll [ntdll.dll!RtlFreeHeap]                        772C05C0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     01CE01D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\GDI32.dll [KERNEL32.dll!LoadLibraryExW]                  01CE0240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\GDI32.dll [KERNEL32.dll!LoadLibraryA]                    01CE02B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\GDI32.dll [KERNEL32.dll!FreeLibrary]                     01CE0320
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\GDI32.dll [KERNEL32.dll!GetProcAddress]                  01CE0390
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\GDI32.dll [KERNEL32.dll!LoadLibraryW]                    01CE0400
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\SHELL32.dll [KERNEL32.dll!VirtualFree]                   772C0630
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\SHELL32.dll [KERNEL32.dll!VirtualAlloc]                  772C06A0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   01CE0470
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\SHELL32.dll [KERNEL32.dll!LoadLibraryExW]                01CE04E0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\SHELL32.dll [KERNEL32.dll!HeapDestroy]                   772C0710
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\SHELL32.dll [KERNEL32.dll!CreateThread]                  772C0780
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\SHELL32.dll [KERNEL32.dll!CreateProcessW]                01CE0550
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\SHELL32.dll [KERNEL32.dll!GetModuleFileNameA]            01CE05C0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\SHELL32.dll [KERNEL32.dll!SetErrorMode]                  01CE0630
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\SHELL32.dll [KERNEL32.dll!GetModuleHandleW]              01CE06A0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\SHELL32.dll [KERNEL32.dll!GetProcAddress]                01CE0710
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\SHELL32.dll [KERNEL32.dll!GetModuleFileNameW]            01CE0780
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\SHELL32.dll [KERNEL32.dll!LoadLibraryW]                  01CE07F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\SHELL32.dll [KERNEL32.dll!FreeLibrary]                   01CE0860
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\SHELL32.dll [KERNEL32.dll!HeapFree]                      772C07F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                  01CE08D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\SHELL32.dll [ntdll.dll!RtlFreeHeap]                      772C0940
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW]                  01CE0940
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW]            01CE09B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\SHLWAPI.dll [KERNEL32.dll!HeapFree]                      772C09B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\SHLWAPI.dll [KERNEL32.dll!CreateThread]                  772C0A90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA]            01CE0A20
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW]              01CE0A90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   01CE0B00
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA]              01CE0B70
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW]                01CE0BE0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\SHLWAPI.dll [KERNEL32.dll!SetErrorMode]                  01CE0C50
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]                  01CE0CC0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\SHLWAPI.dll [KERNEL32.dll!FreeLibrary]                   01CE0D30
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                01CE0DA0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   01D006A0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW]              01D00710
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\CRYPT32.dll [KERNEL32.dll!VirtualAlloc]                  01C20A20
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\CRYPT32.dll [KERNEL32.dll!FreeLibrary]                   01D00780
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\CRYPT32.dll [KERNEL32.dll!GetProcAddress]                01D007F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\CRYPT32.dll [KERNEL32.dll!LoadLibraryA]                  01D00860
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\CRYPT32.dll [KERNEL32.dll!CreateThread]                  01C20A90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW]                01D008D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW]            01D00940
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA]              01D009B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\CRYPT32.dll [ntdll.dll!RtlFreeHeap]                      01C20B00
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\CRYPT32.dll [ntdll.dll!RtlAllocateHeap]                  01C20B70
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\USERENV.dll [ntdll.dll!RtlFreeHeap]                      01C20BE0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\USERENV.dll [KERNEL32.dll!HeapFree]                      01C20CC0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\USERENV.dll [KERNEL32.dll!CreateThread]                  01C20D30
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\USERENV.dll [KERNEL32.dll!SetErrorMode]                  01D00A90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\USERENV.dll [KERNEL32.dll!GetProcAddress]                01D00B00
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\USERENV.dll [KERNEL32.dll!FreeLibrary]                   01D00B70
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\USERENV.dll [KERNEL32.dll!LoadLibraryA]                  01D00BE0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   01D00C50
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\USERENV.dll [KERNEL32.dll!GetModuleFileNameW]            01D00CC0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\Secur32.dll [ntdll.dll!RtlAllocateHeap]                  01C20DA0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\Secur32.dll [ntdll.dll!RtlFreeHeap]                      01C20E10
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   01D00D30
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\Secur32.dll [KERNEL32.dll!LoadLibraryA]                  01D00DA0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\Secur32.dll [KERNEL32.dll!GetModuleHandleW]              01D00E10
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\Secur32.dll [KERNEL32.dll!LoadLibraryW]                  01D00E80
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\Secur32.dll [KERNEL32.dll!GetModuleFileNameW]            01D00EF0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\Secur32.dll [KERNEL32.dll!GetProcAddress]                01D00F60
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\Secur32.dll [KERNEL32.dll!FreeLibrary]                   01D10010
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     01D105C0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\WS2_32.dll [KERNEL32.dll!GetModuleFileNameA]             01D10E10
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\WS2_32.dll [KERNEL32.dll!GetModuleHandleA]               01D10E80
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    01D10EF0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\WS2_32.dll [KERNEL32.dll!FreeLibrary]                    01D10F60
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\WS2_32.dll [KERNEL32.dll!CreateThread]                   01C30B70
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\WS2_32.dll [KERNEL32.dll!GetProcAddress]                 01D20010
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\WS2_32.dll [KERNEL32.dll!LoadLibraryA]                   01D20080
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\WS2_32.dll [KERNEL32.dll!LoadLibraryExW]                 01D200F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\WS2_32.dll [KERNEL32.dll!HeapDestroy]                    01C30BE0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
         

GMER-Log, Teil 2

Code: Alles auswählenAufklappen

ATTFilter

\WS2_32.dll [KERNEL32.dll!GetModuleFileNameW]             01D20160
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\WS2_32.dll [KERNEL32.dll!LoadLibraryW]                   01D201D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\WS2_32.dll [KERNEL32.dll!HeapFree]                       01C30C50
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\SAMLIB.dll [ntdll.dll!RtlFreeHeap]                       01C30E10
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\SAMLIB.dll [KERNEL32.dll!LoadLibraryA]                   01D20240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\SAMLIB.dll [KERNEL32.dll!FreeLibrary]                    01D202B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\SAMLIB.dll [KERNEL32.dll!GetProcAddress]                 01D20320
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    01D20390
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\ole32.dll [KERNEL32.dll!GetModuleHandleW]                01D20400
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\ole32.dll [KERNEL32.dll!HeapFree]                        01C30EF0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\ole32.dll [KERNEL32.dll!CreateThread]                    01C40080
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\ole32.dll [KERNEL32.dll!LoadLibraryExW]                  01D20470
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\ole32.dll [KERNEL32.dll!HeapDestroy]                     01C400F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\ole32.dll [KERNEL32.dll!CreateProcessW]                  01D204E0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\ole32.dll [KERNEL32.dll!VirtualAlloc]                    01C40160
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     01D20550
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\ole32.dll [KERNEL32.dll!LoadLibraryW]                    01D205C0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\ole32.dll [KERNEL32.dll!GetModuleFileNameW]              01D20630
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\ole32.dll [KERNEL32.dll!LoadLibraryA]                    01D206A0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\ole32.dll [KERNEL32.dll!FreeLibrary]                     01D20710
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\ole32.dll [KERNEL32.dll!GetProcAddress]                  01D20780
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\ole32.dll [KERNEL32.dll!GetModuleFileNameA]              01D207F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\ole32.dll [ntdll.dll!RtlFreeHeap]                        01C401D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\ole32.dll [ntdll.dll!RtlAllocateHeap]                    01C40240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\ole32.dll [ntdll.dll!RtlReAllocateHeap]                  01C402B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\NETAPI32.dll [ntdll.dll!RtlAllocateHeap]                 01C40630
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\NETAPI32.dll [ntdll.dll!RtlFreeHeap]                     01C406A0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\NETAPI32.dll [KERNEL32.dll!LoadLibraryW]                 01D30010
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\NETAPI32.dll [KERNEL32.dll!LoadLibraryA]                 01D30080
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\NETAPI32.dll [KERNEL32.dll!FreeLibrary]                  01D300F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\NETAPI32.dll [KERNEL32.dll!GetProcAddress]               01D30160
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  01D301D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\NETAPI32.dll [KERNEL32.dll!GetModuleFileNameA]           01D30240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\NETAPI32.dll [KERNEL32.dll!HeapFree]                     01C40710
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

\NETAPI32.dll [KERNEL32.dll!CreateThread]                 01C407F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\kernel32.dll [ntdll.dll!RtlAllocateHeap]                 00960240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\kernel32.dll [ntdll.dll!RtlFreeHeap]                     009602B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\kernel32.dll [ntdll.dll!RtlSizeHeap]                     00960320
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\kernel32.dll [ntdll.dll!RtlReAllocateHeap]               00960390
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\msvcrt.dll [KERNEL32.dll!SetErrorMode]                   011E07F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\msvcrt.dll [KERNEL32.dll!GetModuleHandleW]               011E0860
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\msvcrt.dll [KERNEL32.dll!GetProcAddress]                 011E08D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\msvcrt.dll [KERNEL32.dll!LoadLibraryA]                   011E0940
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\msvcrt.dll [KERNEL32.dll!FreeLibrary]                    011E09B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\msvcrt.dll [KERNEL32.dll!CreateProcessA]                 011E0A20
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\msvcrt.dll [KERNEL32.dll!CreateProcessW]                 011E0A90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\msvcrt.dll [KERNEL32.dll!HeapDestroy]                    009604E0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\msvcrt.dll [KERNEL32.dll!VirtualFree]                    00960550
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\msvcrt.dll [KERNEL32.dll!HeapFree]                       009605C0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\msvcrt.dll [KERNEL32.dll!VirtualAlloc]                   009606A0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\msvcrt.dll [KERNEL32.dll!GetModuleFileNameA]             011E0B00
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\msvcrt.dll [KERNEL32.dll!GetModuleFileNameW]             011E0B70
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    011E0BE0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\msvcrt.dll [KERNEL32.dll!LoadLibraryW]                   011E0C50
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\msvcrt.dll [KERNEL32.dll!GetModuleHandleA]               011E0CC0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\msvcrt.dll [KERNEL32.dll!CreateThread]                   00960780
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\ADVAPI32.dll [ntdll.dll!RtlFreeHeap]                     009607F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap]                 00960860
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]               011E0EF0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA]                 011E0F60
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\ADVAPI32.dll [KERNEL32.dll!HeapFree]                     009608D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA]             75A60630
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\ADVAPI32.dll [KERNEL32.dll!FreeLibrary]                  75A606A0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW]               75A60710
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW]           75A60780
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\ADVAPI32.dll [KERNEL32.dll!SetErrorMode]                 75A607F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\ADVAPI32.dll [KERNEL32.dll!VirtualFree]                  00960A20
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\ADVAPI32.dll [KERNEL32.dll!CreateThread]                 00960B00
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW]             75A60860
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  75A608D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW]                 75A60940
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\RPCRT4.dll [ntdll.dll!RtlFreeHeap]                       00960B70
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\RPCRT4.dll [ntdll.dll!RtlAllocateHeap]                   00960BE0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    75A609B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA]             75A60A20
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\RPCRT4.dll [KERNEL32.dll!GetProcAddress]                 75A60A90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\RPCRT4.dll [KERNEL32.dll!FreeLibrary]                    75A60B00
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\RPCRT4.dll [KERNEL32.dll!LoadLibraryA]                   75A60B70
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\RPCRT4.dll [KERNEL32.dll!LoadLibraryW]                   75A60BE0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\RPCRT4.dll [KERNEL32.dll!VirtualFree]                    00960CC0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\RPCRT4.dll [KERNEL32.dll!VirtualAlloc]                   00960D30
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\RPCRT4.dll [KERNEL32.dll!HeapFree]                       00960E10
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\RPCRT4.dll [KERNEL32.dll!CreateThread]                   00960E80
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\RPCRT4.dll [KERNEL32.dll!GetModuleHandleW]               75A60C50
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\USER32.dll [ntdll.dll!RtlSizeHeap]                       00960EF0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\USER32.dll [ntdll.dll!RtlReAllocateHeap]                 00960F60
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\USER32.dll [ntdll.dll!RtlAllocateHeap]                   772C0400
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\USER32.dll [ntdll.dll!RtlFreeHeap]                       772C0470
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\USER32.dll [KERNEL32.dll!LoadLibraryExW]                 75A60CC0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\USER32.dll [KERNEL32.dll!CreateThread]                   772C04E0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\USER32.dll [KERNEL32.dll!CreateProcessW]                 75A60D30
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\USER32.dll [KERNEL32.dll!GetModuleFileNameA]             75A60DA0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\USER32.dll [KERNEL32.dll!GetModuleHandleA]               75A60E10
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\USER32.dll [KERNEL32.dll!LoadLibraryA]                   75A60E80
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    75A60EF0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\USER32.dll [KERNEL32.dll!GetModuleHandleW]               75A60F60
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\USER32.dll [KERNEL32.dll!GetModuleFileNameW]             011F0010
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\USER32.dll [KERNEL32.dll!LoadLibraryW]                   011F0080
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\USER32.dll [KERNEL32.dll!GetProcAddress]                 011F00F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\USER32.dll [KERNEL32.dll!FreeLibrary]                    011F0160
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\GDI32.dll [ntdll.dll!RtlAllocateHeap]                    772C0550
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\GDI32.dll [ntdll.dll!RtlFreeHeap]                        772C05C0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     011F01D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\GDI32.dll [KERNEL32.dll!LoadLibraryExW]                  011F0240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\GDI32.dll [KERNEL32.dll!LoadLibraryA]                    011F02B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\GDI32.dll [KERNEL32.dll!FreeLibrary]                     011F0320
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\GDI32.dll [KERNEL32.dll!GetProcAddress]                  011F0390
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\GDI32.dll [KERNEL32.dll!LoadLibraryW]                    011F0400
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\SHELL32.dll [KERNEL32.dll!VirtualFree]                   772C0630
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\SHELL32.dll [KERNEL32.dll!VirtualAlloc]                  772C06A0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   011F0470
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\SHELL32.dll [KERNEL32.dll!LoadLibraryExW]                011F04E0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\SHELL32.dll [KERNEL32.dll!HeapDestroy]                   772C0710
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\SHELL32.dll [KERNEL32.dll!CreateThread]                  772C0780
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\SHELL32.dll [KERNEL32.dll!CreateProcessW]                011F0550
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\SHELL32.dll [KERNEL32.dll!GetModuleFileNameA]            011F05C0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\SHELL32.dll [KERNEL32.dll!SetErrorMode]                  011F0630
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\SHELL32.dll [KERNEL32.dll!GetModuleHandleW]              011F06A0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\SHELL32.dll [KERNEL32.dll!GetProcAddress]                011F0710
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\SHELL32.dll [KERNEL32.dll!GetModuleFileNameW]            011F0780
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\SHELL32.dll [KERNEL32.dll!LoadLibraryW]                  011F07F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\SHELL32.dll [KERNEL32.dll!FreeLibrary]                   011F0860
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\SHELL32.dll [KERNEL32.dll!HeapFree]                      772C07F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                  011F08D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\SHELL32.dll [ntdll.dll!RtlFreeHeap]                      772C0940
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW]                  011F0940
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW]            011F09B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\SHLWAPI.dll [KERNEL32.dll!HeapFree]                      772C09B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\SHLWAPI.dll [KERNEL32.dll!CreateThread]                  772C0A90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA]            011F0A20
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW]              011F0A90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   011F0B00
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA]              011F0B70
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW]                011F0BE0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\SHLWAPI.dll [KERNEL32.dll!SetErrorMode]                  011F0C50
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]                  011F0CC0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\SHLWAPI.dll [KERNEL32.dll!FreeLibrary]                   011F0D30
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                011F0DA0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   012106A0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW]              01210710
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\CRYPT32.dll [KERNEL32.dll!VirtualAlloc]                  00970A20
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\CRYPT32.dll [KERNEL32.dll!FreeLibrary]                   01210780
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\CRYPT32.dll [KERNEL32.dll!GetProcAddress]                012107F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\CRYPT32.dll [KERNEL32.dll!LoadLibraryA]                  01210860
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\CRYPT32.dll [KERNEL32.dll!CreateThread]                  00970A90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW]                012108D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW]            01210940
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA]              012109B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\CRYPT32.dll [ntdll.dll!RtlFreeHeap]                      00970B00
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\CRYPT32.dll [ntdll.dll!RtlAllocateHeap]                  00970B70
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\USERENV.dll [ntdll.dll!RtlFreeHeap]                      00970BE0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\USERENV.dll [KERNEL32.dll!HeapFree]                      00970CC0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\USERENV.dll [KERNEL32.dll!CreateThread]                  00970D30
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\USERENV.dll [KERNEL32.dll!SetErrorMode]                  01210A90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\USERENV.dll [KERNEL32.dll!GetProcAddress]                01210B00
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\USERENV.dll [KERNEL32.dll!FreeLibrary]                   01210B70
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\USERENV.dll [KERNEL32.dll!LoadLibraryA]                  01210BE0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   01210C50
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\USERENV.dll [KERNEL32.dll!GetModuleFileNameW]            01210CC0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\Secur32.dll [ntdll.dll!RtlAllocateHeap]                  00970DA0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\Secur32.dll [ntdll.dll!RtlFreeHeap]                      00970E10
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   01210D30
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\Secur32.dll [KERNEL32.dll!LoadLibraryA]                  01210DA0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\Secur32.dll [KERNEL32.dll!GetModuleHandleW]              01210E10
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\Secur32.dll [KERNEL32.dll!LoadLibraryW]                  01210E80
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\Secur32.dll [KERNEL32.dll!GetModuleFileNameW]            01210EF0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\Secur32.dll [KERNEL32.dll!GetProcAddress]                01210F60
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\Secur32.dll [KERNEL32.dll!FreeLibrary]                   01220010
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     012205C0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\WS2_32.dll [KERNEL32.dll!GetModuleFileNameA]             01220E10
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\WS2_32.dll [KERNEL32.dll!GetModuleHandleA]               01220E80
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    01220EF0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\WS2_32.dll [KERNEL32.dll!FreeLibrary]                    01220F60
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\WS2_32.dll [KERNEL32.dll!CreateThread]                   00980B70
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\WS2_32.dll [KERNEL32.dll!GetProcAddress]                 01230010
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\WS2_32.dll [KERNEL32.dll!LoadLibraryA]                   01230080
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\WS2_32.dll [KERNEL32.dll!LoadLibraryExW]                 012300F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\WS2_32.dll [KERNEL32.dll!HeapDestroy]                    00980BE0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\WS2_32.dll [KERNEL32.dll!GetModuleFileNameW]             01230160
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\WS2_32.dll [KERNEL32.dll!LoadLibraryW]                   012301D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\WS2_32.dll [KERNEL32.dll!HeapFree]                       00980C50
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\SAMLIB.dll [ntdll.dll!RtlFreeHeap]                       00980E10
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\SAMLIB.dll [KERNEL32.dll!LoadLibraryA]                   01230240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\SAMLIB.dll [KERNEL32.dll!FreeLibrary]                    012302B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\SAMLIB.dll [KERNEL32.dll!GetProcAddress]                 01230320
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    01230390
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\ole32.dll [KERNEL32.dll!GetModuleHandleW]                01230400
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\ole32.dll [KERNEL32.dll!HeapFree]                        00980EF0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\ole32.dll [KERNEL32.dll!CreateThread]                    00F20080
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\ole32.dll [KERNEL32.dll!LoadLibraryExW]                  01230470
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\ole32.dll [KERNEL32.dll!HeapDestroy]                     00F200F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\ole32.dll [KERNEL32.dll!CreateProcessW]                  012304E0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\ole32.dll [KERNEL32.dll!VirtualAlloc]                    00F20160
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     01230550
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\ole32.dll [KERNEL32.dll!LoadLibraryW]                    012305C0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\ole32.dll [KERNEL32.dll!GetModuleFileNameW]              01230630
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\ole32.dll [KERNEL32.dll!LoadLibraryA]                    012306A0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\ole32.dll [KERNEL32.dll!FreeLibrary]                     01230710
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\ole32.dll [KERNEL32.dll!GetProcAddress]                  01230780
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\ole32.dll [KERNEL32.dll!GetModuleFileNameA]              012307F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\ole32.dll [ntdll.dll!RtlFreeHeap]                        00F201D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\ole32.dll [ntdll.dll!RtlAllocateHeap]                    00F20240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\ole32.dll [ntdll.dll!RtlReAllocateHeap]                  00F202B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\NETAPI32.dll [ntdll.dll!RtlAllocateHeap]                 00F20630
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\NETAPI32.dll [ntdll.dll!RtlFreeHeap]                     00F206A0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\NETAPI32.dll [KERNEL32.dll!LoadLibraryW]                 01240010
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\NETAPI32.dll [KERNEL32.dll!LoadLibraryA]                 01240080
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\NETAPI32.dll [KERNEL32.dll!FreeLibrary]                  012400F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\NETAPI32.dll [KERNEL32.dll!GetProcAddress]               01240160
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  012401D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\NETAPI32.dll [KERNEL32.dll!GetModuleFileNameA]           01240240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\NETAPI32.dll [KERNEL32.dll!HeapFree]                     00F20710
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\NETAPI32.dll [KERNEL32.dll!CreateThread]                 00F207F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\iphlpapi.dll [ntdll.dll!RtlFreeHeap]                     772C0080
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\iphlpapi.dll [ntdll.dll!RtlAllocateHeap]                 772C0010
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\iphlpapi.dll [KERNEL32.dll!HeapFree]                     772C02B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  75A605C0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\iphlpapi.dll [KERNEL32.dll!LoadLibraryA]                 75A60390
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\iphlpapi.dll [KERNEL32.dll!FreeLibrary]                  75A600F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\iphlpapi.dll [KERNEL32.dll!GetProcAddress]               75A60320
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\iphlpapi.dll [KERNEL32.dll!GetModuleHandleW]             75A602B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\WININET.dll [KERNEL32.dll!LoadLibraryW]                  75A604E0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\WININET.dll [KERNEL32.dll!CreateThread]                  772C01D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\WININET.dll [KERNEL32.dll!SetErrorMode]                  75A60550
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\WININET.dll [KERNEL32.dll!GetModuleHandleA]              75A60240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\WININET.dll [KERNEL32.dll!GetModuleHandleW]              75A602B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\WININET.dll [KERNEL32.dll!GetModuleFileNameA]            75A60160
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\WININET.dll [KERNEL32.dll!HeapFree]                      772C02B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   75A605C0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\WININET.dll [KERNEL32.dll!LoadLibraryExW]                75A60470
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\WININET.dll [KERNEL32.dll!GetProcAddress]                75A60320
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\WININET.dll [KERNEL32.dll!LoadLibraryA]                  75A60390
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\WININET.dll [KERNEL32.dll!FreeLibrary]                   75A600F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32

\WININET.dll [KERNEL32.dll!GetModuleFileNameW]            75A601D0

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                              

                                                  86F301F8

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                             

                                                  Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device          \Driver\volmgr \Device\VolMgrControl                                                                

                                                  8659C1F8

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                             

                                                  Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device          \Driver\usbuhci \Device\USBPDO-0                                                                    

                                                  87F4C1F8
Device          \Driver\usbuhci \Device\USBPDO-1                                                                    

                                                  87F4C1F8
Device          \Driver\usbehci \Device\USBPDO-2                                                                    

                                                  87F571F8
Device          \Driver\netbt \Device\NetBT_Tcpip_{45CA579C-89F4-46A3-905E-5F78C8604FD7}                            

                                                  88621500
Device          \Driver\usbuhci \Device\USBPDO-3                                                                    

                                                  87F4C1F8
Device          \Driver\usbuhci \Device\USBPDO-4                                                                    

                                                  87F4C1F8

AttachedDevice  \Driver\tdx \Device\Tcp                                                                             

                                                  kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

Device          \Driver\usbuhci \Device\USBPDO-5                                                                    

                                                  87F4C1F8
Device          \Driver\usbehci \Device\USBPDO-6                                                                    

                                                  87F571F8
Device          \Driver\volmgr \Device\HarddiskVolume1                                                              

                                                  8659C1F8
Device          \Driver\volmgr \Device\HarddiskVolume2                                                              

                                                  8659C1F8
Device          \Driver\cdrom \Device\CdRom0                                                                        

                                                  87F801F8
Device          \Driver\volmgr \Device\HarddiskVolume3                                                              

                                                  8659C1F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                         

                                                  86F2E1F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                  

                                                  86F2E1F8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                  

                                                  86F2E1F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1                                                         

                                                  86F2E1F8
Device          \Driver\volmgr \Device\HarddiskVolume4                                                              

                                                  8659C1F8
Device          \Driver\netbt \Device\NetBt_Wins_Export                                                             

                                                  88621500
Device          \Driver\USBSTOR \Device\00000084                                                                    

                                                  8850D1F8
Device          \Driver\netbt \Device\NetBT_Tcpip_{4434B8AD-3DEB-40BC-8D02-48A1755F9C62}                            

                                                  88621500
Device          \Driver\Smb \Device\NetbiosSmb                                                                      

                                                  884FB1F8
Device          \Driver\USBSTOR \Device\00000085                                                                    

                                                  8850D1F8
Device          \Driver\iScsiPrt \Device\RaidPort0                                                                  

                                                  880CE1F8

AttachedDevice  \Driver\tdx \Device\Udp                                                                             

                                                  kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                           

                                                  kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

Device          \Driver\netbt \Device\NetBT_Tcpip_{F808A7E5-5C90-4E27-BA74-424F821375ED}                            

                                                  88621500
Device          \Driver\usbuhci \Device\USBFDO-0                                                                    

                                                  87F4C1F8
Device          \Driver\usbuhci \Device\USBFDO-1                                                                    

                                                  87F4C1F8
Device          \Driver\usbehci \Device\USBFDO-2                                                                    

                                                  87F571F8
Device          \Driver\netbt \Device\NetBT_Tcpip_{C7F0FFAA-7E51-4B75-9B9D-3441F898A782}                            

                                                  88621500
Device          \Driver\usbuhci \Device\USBFDO-3                                                                    

                                                  87F4C1F8
Device          \Driver\usbuhci \Device\USBFDO-4                                                                    

                                                  87F4C1F8
Device          \Driver\usbuhci \Device\USBFDO-5                                                                    

                                                  87F4C1F8
Device          \Driver\usbehci \Device\USBFDO-6                                                                    

                                                  87F571F8
Device          \FileSystem\cdfs \Cdfs                                                                              

                                                  86B021F8

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001e4ce115ba (not active ControlSet)     

                                                  
Reg             HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001e4ce115ba@f4fc32626834                

                                                  0xF0 0x1C 0xAA 0x7D ...
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active 

ControlSet)                                                  
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                     

                                                  0
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                  

                                                  0xC5 0xE3 0x23 0x49 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4ce115ba (not active ControlSet)     

                                                  
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active 

ControlSet)                                                  
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                     

                                                  0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                  

                                                  0xC5 0xE3 0x23 0x49 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e4ce115ba (not active ControlSet)     

                                                  
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e4ce115ba@f4fc32626834                

                                                  0xF0 0x1C 0xAA 0x7D ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active 

ControlSet)                                                  
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                     

                                                  0
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                  

                                                  0xC5 0xE3 0x23 0x49 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4ce115ba                         

                                                  
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4ce115ba@f4fc32626834            

                                                  0xF0 0x1C 0xAA 0x7D ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                  

                                                  771343423
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                  

                                                  285507792
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                  

                                                  1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                    

                                                  
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                 

                                                  0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh              

                                                  0xC5 0xE3 0x23 0x49 ...
Reg             HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001e4ce115ba (not active ControlSet)     

                                                  
Reg             HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001e4ce115ba@f4fc32626834                

                                                  0xF0 0x1C 0xAA 0x7D ...
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active 

ControlSet)                                                  
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                     

                                                  0
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                  

                                                  0xC5 0xE3 0x23 0x49 ...
Reg             HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001e4ce115ba (not active ControlSet)     

                                                  
Reg             HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001e4ce115ba@f4fc32626834                

                                                  0xF0 0x1C 0xAA 0x7D ...
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active 

ControlSet)                                                  
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                     

                                                  0
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                  

                                                  0xC5 0xE3 0x23 0x49 ...
Reg             HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\001e4ce115ba (not active ControlSet)     

                                                  
Reg             HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\001e4ce115ba@f4fc32626834                

                                                  0xF0 0x1C 0xAA 0x7D ...
Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active 

ControlSet)                                                  
Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                     

                                                  0
Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                  

                                                  0xC5 0xE3 0x23 0x49 ...
         

Hier die Logs von RootRepeal, zunächst vom Scan:

Code: Alles auswählenAufklappen

ATTFilter

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:		2010/08/10 18:33
Program Version:		Version 1.3.5.0
Windows Version:		Windows Vista SP2
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\Windows\system32\DRIVERS\1394BUS.SYS
Address: 0x9212C000	Size: 57344	File Visible: -	Signed: -
Status: -

Name: acpi.sys
Image Path: C:\Windows\system32\drivers\acpi.sys
Address: 0x807B8000	Size: 286720	File Visible: -	Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x8361A000	Size: 3903488	File Visible: -	Signed: -
Status: -

Name: afd.sys
Image Path: C:\Windows\system32\drivers\afd.sys
Address: 0x93357000	Size: 294912	File Visible: -	Signed: -
Status: -

Name: atapi.sys
Image Path: C:\Windows\system32\drivers\atapi.sys
Address: 0x8BC82000	Size: 32768	File Visible: -	Signed: -
Status: -

Name: ataport.SYS
Image Path: C:\Windows\system32\drivers\ataport.SYS
Address: 0x8BC8A000	Size: 122880	File Visible: -	Signed: -
Status: -

Name: BATTC.SYS
Image Path: C:\Windows\system32\DRIVERS\BATTC.SYS
Address: 0x805F5000	Size: 40960	File Visible: -	Signed: -
Status: -

Name: bcm4sbxp.sys
Image Path: C:\Windows\system32\DRIVERS\bcm4sbxp.sys
Address: 0x9210B000	Size: 69632	File Visible: -	Signed: -
Status: -

Name: bcmwl6.sys
Image Path: C:\Windows\system32\DRIVERS\bcmwl6.sys
Address: 0x9200A000	Size: 1052672	File Visible: -	Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\Windows\System32\Drivers\Beep.SYS
Address: 0x92C9A000	Size: 28672	File Visible: -	Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\Windows\system32\BOOTVID.dll
Address: 0x8048B000	Size: 32768	File Visible: -	Signed: -
Status: -

Name: bowser.sys
Image Path: C:\Windows\system32\DRIVERS\bowser.sys
Address: 0x93266000	Size: 102400	File Visible: -	Signed: -
Status: -

Name: BthEnum.sys
Image Path: C:\Windows\system32\DRIVERS\BthEnum.sys
Address: 0xA33E0000	Size: 40960	File Visible: -	Signed: -
Status: -

Name: bthmodem.sys
Image Path: C:\Windows\system32\DRIVERS\bthmodem.sys
Address: 0xA33EA000	Size: 61440	File Visible: -	Signed: -
Status: -

Name: bthpan.sys
Image Path: C:\Windows\system32\DRIVERS\bthpan.sys
Address: 0x92F13000	Size: 106496	File Visible: -	Signed: -
Status: -

Name: bthport.sys
Image Path: C:\Windows\System32\Drivers\bthport.sys
Address: 0xA3337000	Size: 524288	File Visible: -	Signed: -
Status: -

Name: BTHUSB.sys
Image Path: C:\Windows\System32\Drivers\BTHUSB.sys
Address: 0xA332A000	Size: 53248	File Visible: -	Signed: -
Status: -

Name: cdd.dll
Image Path: C:\Windows\System32\cdd.dll
Address: 0x81720000	Size: 57344	File Visible: -	Signed: -
Status: -

Name: cdfs.sys
Image Path: C:\Windows\system32\DRIVERS\cdfs.sys
Address: 0xA32FD000	Size: 90112	File Visible: -	Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\Windows\system32\DRIVERS\cdrom.sys
Address: 0x8C3D8000	Size: 98304	File Visible: -	Signed: -
Status: -

Name: CI.dll
Image Path: C:\Windows\system32\CI.dll
Address: 0x804D4000	Size: 917504	File Visible: -	Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS
Address: 0x8C965000	Size: 135168	File Visible: -	Signed: -
Status: -

Name: CLFS.SYS
Image Path: C:\Windows\system32\CLFS.SYS
Address: 0x80493000	Size: 266240	File Visible: -	Signed: -
Status: -

Name: CmBatt.sys
Image Path: C:\Windows\system32\DRIVERS\CmBatt.sys
Address: 0x921FB000	Size: 14208	File Visible: -	Signed: -
Status: -

Name: compbatt.sys
Image Path: C:\Windows\system32\DRIVERS\compbatt.sys
Address: 0x805F2000	Size: 10496	File Visible: -	Signed: -
Status: -

Name: crashdmp.sys
Image Path: C:\Windows\System32\Drivers\crashdmp.sys
Address: 0x93079000	Size: 53248	File Visible: -	Signed: -
Status: -

Name: crcdisk.sys
Image Path: C:\Windows\system32\drivers\crcdisk.sys
Address: 0x8C986000	Size: 36864	File Visible: -	Signed: -
Status: -

Name: csc.sys
Image Path: C:\Windows\system32\drivers\csc.sys
Address: 0x92EA1000	Size: 372736	File Visible: -	Signed: -
Status: -

Name: dfsc.sys
Image Path: C:\Windows\System32\Drivers\dfsc.sys
Address: 0x92EFC000	Size: 94208	File Visible: -	Signed: -
Status: -

Name: disk.sys
Image Path: C:\Windows\system32\drivers\disk.sys
Address: 0x8C954000	Size: 69632	File Visible: -	Signed: -
Status: -

Name: drmk.sys
Image Path: C:\Windows\system32\drivers\drmk.sys
Address: 0x925D4000	Size: 151552	File Visible: -	Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x93091000	Size: 32768	File Visible: No	Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x93086000	Size: 45056	File Visible: No	Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\Windows\System32\drivers\Dxapi.sys
Address: 0x93099000	Size: 40960	File Visible: -	Signed: -
Status: -

Name: dxgkrnl.sys
Image Path: C:\Windows\System32\drivers\dxgkrnl.sys
Address: 0x91F5D000	Size: 659456	File Visible: -	Signed: -
Status: -

Name: ecache.sys
Image Path: C:\Windows\System32\drivers\ecache.sys
Address: 0x8C92D000	Size: 159744	File Visible: -	Signed: -
Status: -

Name: fileinfo.sys
Image Path: C:\Windows\system32\drivers\fileinfo.sys
Address: 0x8BCE4000	Size: 65536	File Visible: -	Signed: -
Status: -

Name: fltmgr.sys
Image Path: C:\Windows\system32\drivers\fltmgr.sys
Address: 0x8BCB2000	Size: 204800	File Visible: -	Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS
Address: 0x92C8A000	Size: 36864	File Visible: -	Signed: -
Status: -

Name: fwpkclnt.sys
Image Path: C:\Windows\System32\drivers\fwpkclnt.sys
Address: 0x8C0F1000	Size: 110592	File Visible: -	Signed: -
Status: -

Name: hal.dll
Image Path: C:\Windows\system32\hal.dll
Address: 0x839D3000	Size: 208896	File Visible: -	Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\Windows\system32\DRIVERS\HDAudBus.sys
Address: 0x8C10C000	Size: 577536	File Visible: -	Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Address: 0x92F2D000	Size: 65536	File Visible: -	Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Address: 0x92CAA000	Size: 28672	File Visible: -	Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\Windows\system32\DRIVERS\hidusb.sys
Address: 0xA3200000	Size: 36864	File Visible: -	Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\Windows\system32\drivers\HTTP.sys
Address: 0x931DC000	Size: 446464	File Visible: -	Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\Windows\system32\DRIVERS\i8042prt.sys
Address: 0x921C7000	Size: 77824	File Visible: -	Signed: -
Status: -

Name: intelide.sys
Image Path: C:\Windows\system32\drivers\intelide.sys
Address: 0x8BC5D000	Size: 28672	File Visible: -	Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\Windows\system32\DRIVERS\intelppm.sys
Address: 0x8C9D5000	Size: 61440	File Visible: -	Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys
Address: 0x921F0000	Size: 45056	File Visible: -	Signed: -
Status: -

Name: kbdhid.sys
Image Path: C:\Windows\system32\DRIVERS\kbdhid.sys
Address: 0x92F3D000	Size: 36864	File Visible: -	Signed: -
Status: -

Name: kdcom.dll
Image Path: C:\Windows\system32\kdcom.dll
Address: 0x80403000	Size: 28672	File Visible: -	Signed: -
Status: -

Name: kglyruod.sys
Image Path: C:\Users\***~1\AppData\Local\Temp\kglyruod.sys
Address: 0xA3313000	Size: 93056	File Visible: No	Signed: -
Status: -

Name: kl1.sys
Image Path: C:\Windows\system32\DRIVERS\kl1.sys
Address: 0x8C40B000	Size: 5382144	File Visible: -	Signed: -
Status: -

Name: klif.sys
Image Path: C:\Windows\system32\DRIVERS\klif.sys
Address: 0x92C0A000	Size: 524288	File Visible: -	Signed: -
Status: -

Name: klim6.sys
Image Path: C:\Windows\system32\DRIVERS\klim6.sys
Address: 0x933E7000	Size: 32768	File Visible: -	Signed: -
Status: -

Name: klmouflt.sys
Image Path: C:\Windows\system32\DRIVERS\klmouflt.sys
Address: 0x921DC000	Size: 36864	File Visible: -	Signed: -
Status: -

Name: ks.sys
Image Path: C:\Windows\system32\DRIVERS\ks.sys
Address: 0x9249C000	Size: 172032	File Visible: -	Signed: -
Status: -

Name: ksecdd.sys
Image Path: C:\Windows\System32\Drivers\ksecdd.sys
Address: 0x8BCFD000	Size: 462848	File Visible: -	Signed: -
Status: -

Name: lltdio.sys
Image Path: C:\Windows\system32\DRIVERS\lltdio.sys
Address: 0x93185000	Size: 65536	File Visible: -	Signed: -
Status: -

Name: luafv.sys
Image Path: C:\Windows\system32\drivers\luafv.sys
Address: 0x930B2000	Size: 110592	File Visible: -	Signed: -
Status: -

Name: mcupdate_GenuineIntel.dll
Image Path: C:\Windows\system32\mcupdate_GenuineIntel.dll
Address: 0x8040A000	Size: 458752	File Visible: -	Signed: -
Status: -

Name: modem.sys
Image Path: C:\Windows\system32\drivers\modem.sys
Address: 0x92BBB000	Size: 53248	File Visible: -	Signed: -
Status: -

Name: monitor.sys
Image Path: C:\Windows\system32\DRIVERS\monitor.sys
Address: 0x930A3000	Size: 61440	File Visible: -	Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\Windows\system32\DRIVERS\mouclass.sys
Address: 0x921E5000	Size: 45056	File Visible: -	Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\Windows\system32\DRIVERS\mouhid.sys
Address: 0x92F46000	Size: 32768	File Visible: -	Signed: -
Status: -

Name: mountmgr.sys
Image Path: C:\Windows\System32\drivers\mountmgr.sys
Address: 0x8BC72000	Size: 65536	File Visible: -	Signed: -
Status: -

Name: mpsdrv.sys
Image Path: C:\Windows\System32\drivers\mpsdrv.sys
Address: 0x9327F000	Size: 86016	File Visible: -	Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\Windows\system32\drivers\mrxdav.sys
Address: 0x93294000	Size: 135168	File Visible: -	Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys
Address: 0x932B5000	Size: 126976	File Visible: -	Signed: -
Status: -

Name: mrxsmb10.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Address: 0x932D4000	Size: 233472	File Visible: -	Signed: -
Status: -

Name: mrxsmb20.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Address: 0x9330D000	Size: 98304	File Visible: -	Signed: -
Status: -

Name: msahci.sys
Image Path: C:\Windows\system32\drivers\msahci.sys
Address: 0x8BCA8000	Size: 40960	File Visible: -	Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\Windows\System32\Drivers\Msfs.SYS
Address: 0x92CEE000	Size: 45056	File Visible: -	Signed: -
Status: -

Name: msisadrv.sys
Image Path: C:\Windows\system32\drivers\msisadrv.sys
Address: 0x805B4000	Size: 32768	File Visible: -	Signed: -
Status: -

Name: msiscsi.sys
Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys
Address: 0x8C1C4000	Size: 192512	File Visible: -	Signed: -
Status: -

Name: msrpc.sys
Image Path: C:\Windows\system32\drivers\msrpc.sys
Address: 0x8BF0C000	Size: 176128	File Visible: -	Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys
Address: 0x924C6000	Size: 40960	File Visible: -	Signed: -
Status: -

Name: mup.sys
Image Path: C:\Windows\System32\Drivers\mup.sys
Address: 0x8C38B000	Size: 61440	File Visible: -	Signed: -
Status: -

Name: ndis.sys
Image Path: C:\Windows\system32\drivers\ndis.sys
Address: 0x8BE01000	Size: 1093632	File Visible: -	Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys
Address: 0x8C3F0000	Size: 45056	File Visible: -	Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\Windows\system32\DRIVERS\ndisuio.sys
Address: 0x931BF000	Size: 40960	File Visible: -	Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys
Address: 0x8BFCA000	Size: 143360	File Visible: -	Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\Windows\System32\Drivers\NDProxy.SYS
Address: 0x92543000	Size: 69632	File Visible: -	Signed: -
Status: -

Name: netbios.sys
Image Path: C:\Windows\system32\DRIVERS\netbios.sys
Address: 0x933EF000	Size: 57344	File Visible: -	Signed: -
Status: -

Name: netbt.sys
Image Path: C:\Windows\System32\DRIVERS\netbt.sys
Address: 0x9339F000	Size: 204800	File Visible: -	Signed: -
Status: -

Name: NETIO.SYS
Image Path: C:\Windows\system32\drivers\NETIO.SYS
Address: 0x8BF37000	Size: 241664	File Visible: -	Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\Windows\System32\Drivers\Npfs.SYS
Address: 0x92CF9000	Size: 57344	File Visible: -	Signed: -
Status: -

Name: nsiproxy.sys
Image Path: C:\Windows\system32\drivers\nsiproxy.sys
Address: 0x92E97000	Size: 40960	File Visible: -	Signed: -
Status: -

Name: Ntfs.sys
Image Path: C:\Windows\System32\Drivers\Ntfs.sys
Address: 0x8C207000	Size: 1114112	File Visible: -	Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\Windows\system32\ntkrnlpa.exe
Address: 0x8361A000	Size: 3903488	File Visible: -	Signed: -
Status: -

Name: Null.SYS
Image Path: C:\Windows\System32\Drivers\Null.SYS
Address: 0x92C93000	Size: 28672	File Visible: -	Signed: -
Status: -

Name: nvBridge.kmd
Image Path: C:\Windows\system32\DRIVERS\nvBridge.kmd
Address: 0x91F5B000	Size: 8192	File Visible: -	Signed: -
Status: -

Name: nvlddmkm.sys
Image Path: C:\Windows\system32\DRIVERS\nvlddmkm.sys
Address: 0x9160A000	Size: 9768640	File Visible: -	Signed: -
Status: -

Name: nwifi.sys
Image Path: C:\Windows\system32\DRIVERS\nwifi.sys
Address: 0x93195000	Size: 172032	File Visible: -	Signed: -
Status: -

Name: OEM02Dev.sys
Image Path: C:\Windows\system32\DRIVERS\OEM02Dev.sys
Address: 0x93013000	Size: 235648	File Visible: -	Signed: -
Status: -

Name: OEM02Vfx.sys
Image Path: C:\Windows\system32\DRIVERS\OEM02Vfx.sys
Address: 0x9304D000	Size: 7424	File Visible: -	Signed: -
Status: -

Name: ohci1394.sys
Image Path: C:\Windows\system32\DRIVERS\ohci1394.sys
Address: 0x9211C000	Size: 62208	File Visible: -	Signed: -
Status: -

Name: pacer.sys
Image Path: C:\Windows\system32\DRIVERS\pacer.sys
Address: 0x933D1000	Size: 90112	File Visible: -	Signed: -
Status: -

Name: partmgr.sys
Image Path: C:\Windows\System32\drivers\partmgr.sys
Address: 0x805E3000	Size: 61440	File Visible: -	Signed: -
Status: -

Name: pci.sys
Image Path: C:\Windows\system32\drivers\pci.sys
Address: 0x805BC000	Size: 159744	File Visible: -	Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\Windows\system32\drivers\PCIIDEX.SYS
Address: 0x8BC64000	Size: 57344	File Visible: -	Signed: -
Status: -

Name: peauth.sys
Image Path: C:\Windows\system32\drivers\peauth.sys
Address: 0xA3209000	Size: 909312	File Visible: -	Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x8361A000	Size: 3903488	File Visible: -	Signed: -
Status: -

Name: portcls.sys
Image Path: C:\Windows\system32\drivers\portcls.sys
Address: 0x925A7000	Size: 184320	File Visible: -	Signed: -
Status: -

Name: PSHED.dll
Image Path: C:\Windows\system32\PSHED.dll
Address: 0x8047A000	Size: 69632	File Visible: -	Signed: -
Status: -

Name: PxHelp20.sys
Image Path: C:\Windows\System32\Drivers\PxHelp20.sys
Address: 0x8BCF4000	Size: 36320	File Visible: -	Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\Windows\System32\DRIVERS\rasacd.sys
Address: 0x92D07000	Size: 36864	File Visible: -	Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys
Address: 0x8BFB3000	Size: 94208	File Visible: -	Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys
Address: 0x8BFED000	Size: 61440	File Visible: -	Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\Windows\system32\DRIVERS\raspptp.sys
Address: 0x8BD6E000	Size: 81920	File Visible: -	Signed: -
Status: -

Name: rassstp.sys
Image Path: C:\Windows\system32\DRIVERS\rassstp.sys
Address: 0x8BD82000	Size: 86016	File Visible: -	Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x8361A000	Size: 3903488	File Visible: -	Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\Windows\system32\DRIVERS\rdbss.sys
Address: 0x92E5B000	Size: 245760	File Visible: -	Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\Windows\System32\DRIVERS\RDPCDD.sys
Address: 0x92CDE000	Size: 32768	File Visible: -	Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:\Windows\system32\DRIVERS\rdpdr.sys
Address: 0x92401000	Size: 561152	File Visible: -	Signed: -
Status: -

Name: rdpencdd.sys
Image Path: C:\Windows\system32\drivers\rdpencdd.sys
Address: 0x92CE6000	Size: 32768	File Visible: -	Signed: -
Status: -

Name: rfcomm.sys
Image Path: C:\Windows\system32\DRIVERS\rfcomm.sys
Address: 0xA33B7000	Size: 167936	File Visible: -	Signed: -
Status: -

Name: rimmptsk.sys
Image Path: C:\Windows\system32\DRIVERS\rimmptsk.sys
Address: 0x92154000	Size: 57344	File Visible: -	Signed: -
Status: -

Name: rimsptsk.sys
Image Path: C:\Windows\system32\DRIVERS\rimsptsk.sys
Address: 0x92162000	Size: 81920	File Visible: -	Signed: -
Status: -

Name: rixdptsk.sys
Image Path: C:\Windows\system32\DRIVERS\rixdptsk.sys
Address: 0x92176000	Size: 331776	File Visible: -	Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x92F4E000	Size: 49152	File Visible: No	Signed: -
Status: -

Name: rspndr.sys
Image Path: C:\Windows\system32\DRIVERS\rspndr.sys
Address: 0x931C9000	Size: 77824	File Visible: -	Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: C:\Windows\System32\Drivers\SCSIPORT.SYS
Address: 0x80792000	Size: 155648	File Visible: -	Signed: -
Status: -

Name: sdbus.sys
Image Path: C:\Windows\system32\DRIVERS\sdbus.sys
Address: 0x9213A000	Size: 106496	File Visible: -	Signed: -
Status: -

Name: secdrv.SYS
Image Path: C:\Windows\System32\Drivers\secdrv.SYS
Address: 0xA32E7000	Size: 40960	File Visible: -	Signed: -
Status: -

Name: serscan.sys
Image Path: C:\Windows\system32\DRIVERS\serscan.sys
Address: 0x91600000	Size: 32768	File Visible: -	Signed: -
Status: -

Name: sfdrv01.sys
Image Path: C:\Windows\System32\drivers\sfdrv01.sys
Address: 0x8C378000	Size: 77824	File Visible: -	Signed: -
Status: -

Name: sfhlp02.sys
Image Path: C:\Windows\System32\drivers\sfhlp02.sys
Address: 0x8C370000	Size: 32768	File Visible: -	Signed: -
Status: -

Name: sfvfs02.sys
Image Path: C:\Windows\System32\drivers\sfvfs02.sys
Address: 0x8C358000	Size: 98304	File Visible: -	Signed: -
Status: -

Name: smb.sys
Image Path: C:\Windows\system32\DRIVERS\smb.sys
Address: 0x93343000	Size: 81920	File Visible: -	Signed: -
Status: -

Name: spldr.sys
Image Path: C:\Windows\System32\Drivers\spldr.sys
Address: 0x8C350000	Size: 32768	File Visible: -	Signed: -
Status: -

Name: sppj.sys
Image Path: C:\Windows\System32\Drivers\sppj.sys
Address: 0x80689000	Size: 1048576	File Visible: No	Signed: -
Status: -

Name: spsys.sys
Image Path: C:\Windows\system32\drivers\spsys.sys
Address: 0x930D5000	Size: 720896	File Visible: -	Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000	Size: 0	File Visible: No	Signed: -
Status: -

Name: srv.sys
Image Path: C:\Windows\System32\DRIVERS\srv.sys
Address: 0x92D4D000	Size: 319488	File Visible: -	Signed: -
Status: -

Name: srv2.sys
Image Path: C:\Windows\System32\DRIVERS\srv2.sys
Address: 0x92D26000	Size: 159744	File Visible: -	Signed: -
Status: -

Name: srvnet.sys
Image Path: C:\Windows\System32\DRIVERS\srvnet.sys
Address: 0x93249000	Size: 118784	File Visible: -	Signed: -
Status: -

Name: storport.sys
Image Path: C:\Windows\system32\DRIVERS\storport.sys
Address: 0x8BF72000	Size: 266240	File Visible: -	Signed: -
Status: -

Name: stwrt.sys
Image Path: C:\Windows\system32\drivers\stwrt.sys
Address: 0x92554000	Size: 339968	File Visible: -	Signed: -
Status: -

Name: swenum.sys
Image Path: C:\Windows\system32\DRIVERS\swenum.sys
Address: 0x9249A000	Size: 4992	File Visible: -	Signed: -
Status: -

Name: SynTP.sys
Image Path: C:\Windows\system32\DRIVERS\SynTP.sys
Address: 0x8C199000	Size: 175488	File Visible: -	Signed: -
Status: -

Name: tap0901.sys
Image Path: C:\Windows\system32\DRIVERS\tap0901.sys
Address: 0x8C200000	Size: 25216	File Visible: -	Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\Windows\System32\drivers\tcpip.sys
Address: 0x8C007000	Size: 958464	File Visible: -	Signed: -
Status: -

Name: tcpipreg.sys
Image Path: C:\Windows\System32\drivers\tcpipreg.sys
Address: 0xA32F1000	Size: 49152	File Visible: -	Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\Windows\system32\DRIVERS\TDI.SYS
Address: 0x8C400000	Size: 45056	File Visible: -	Signed: -
Status: -

Name: tdx.sys
Image Path: C:\Windows\system32\DRIVERS\tdx.sys
Address: 0x92D10000	Size: 90112	File Visible: -	Signed: -
Status: -

Name: termdd.sys
Image Path: C:\Windows\system32\DRIVERS\termdd.sys
Address: 0x9248A000	Size: 65536	File Visible: -	Signed: -
Status: -

Name: TMPassthru.sys
Image Path: C:\Windows\system32\DRIVERS\TMPassthru.sys
Address: 0x924D0000	Size: 199936	File Visible: -	Signed: -
Status: -

Name: TSDDD.dll
Image Path: C:\Windows\System32\TSDDD.dll
Address: 0x81700000	Size: 36864	File Visible: -	Signed: -
Status: -

Name: tunmp.sys
Image Path: C:\Windows\system32\DRIVERS\tunmp.sys
Address: 0x8C9CC000	Size: 36864	File Visible: -	Signed: -
Status: -

Name: tunnel.sys
Image Path: C:\Windows\system32\DRIVERS\tunnel.sys
Address: 0x8C9AF000	Size: 45056	File Visible: -	Signed: -
Status: -

Name: uiwbrdr.sys
Image Path: C:\Windows\System32\DRIVERS\uiwbrdr.sys
Address: 0x92E13000	Size: 294912	File Visible: -	Signed: -
Status: -

Name: umbus.sys
Image Path: C:\Windows\system32\DRIVERS\umbus.sys
Address: 0x92501000	Size: 53248	File Visible: -	Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\Windows\system32\DRIVERS\usbccgp.sys
Address: 0x92FED000	Size: 94208	File Visible: -	Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\Windows\system32\DRIVERS\USBD.SYS
Address: 0x921DA000	Size: 8192	File Visible: -	Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\Windows\system32\DRIVERS\usbehci.sys
Address: 0x8C9BA000	Size: 61440	File Visible: -	Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\Windows\system32\DRIVERS\usbhub.sys
Address: 0x9250E000	Size: 217088	File Visible: -	Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS
Address: 0x8C39A000	Size: 253952	File Visible: -	Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Address: 0x9332E000	Size: 86016	File Visible: -	Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\Windows\system32\DRIVERS\usbuhci.sys
Address: 0x8C9F0000	Size: 45056	File Visible: -	Signed: -
Status: -

Name: vga.sys
Image Path: C:\Windows\System32\drivers\vga.sys
Address: 0x92CB1000	Size: 49152	File Visible: -	Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\Windows\System32\drivers\VIDEOPRT.SYS
Address: 0x92CBD000	Size: 135168	File Visible: -	Signed: -
Status: -

Name: volmgr.sys
Image Path: C:\Windows\system32\drivers\volmgr.sys
Address: 0x8BC04000	Size: 61440	File Visible: -	Signed: -
Status: -

Name: volmgrx.sys
Image Path: C:\Windows\System32\drivers\volmgrx.sys
Address: 0x8BC13000	Size: 303104	File Visible: -	Signed: -
Status: -

Name: volsnap.sys
Image Path: C:\Windows\system32\drivers\volsnap.sys
Address: 0x8C317000	Size: 233472	File Visible: -	Signed: -
Status: -

Name: VSTAZL3.SYS
Image Path: C:\Windows\system32\DRIVERS\VSTAZL3.SYS
Address: 0x8BD97000	Size: 245760	File Visible: -	Signed: -
Status: -

Name: VSTCNXT3.SYS
Image Path: C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
Address: 0x92B08000	Size: 733184	File Visible: -	Signed: -
Status: -

Name: VSTDPV3.SYS
Image Path: C:\Windows\system32\DRIVERS\VSTDPV3.SYS
Address: 0x92A04000	Size: 1064960	File Visible: -	Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\Windows\system32\DRIVERS\wanarp.sys
Address: 0x92E00000	Size: 77824	File Visible: -	Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\Windows\System32\drivers\watchdog.sys
Address: 0x8C9E4000	Size: 49152	File Visible: -	Signed: -
Status: -

Name: Wdf01000.sys
Image Path: C:\Windows\system32\drivers\Wdf01000.sys
Address: 0x80600000	Size: 507904	File Visible: -	Signed: -
Status: -

Name: WDFLDR.SYS
Image Path: C:\Windows\system32\drivers\WDFLDR.SYS
Address: 0x8067C000	Size: 53248	File Visible: -	Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0x814E0000	Size: 2109440	File Visible: -	Signed: -
Status: -

Name: win32k.sys
Image Path: C:\Windows\System32\win32k.sys
Address: 0x814E0000	Size: 2109440	File Visible: -	Signed: -
Status: -

Name: wmiacpi.sys
Image Path: C:\Windows\system32\DRIVERS\wmiacpi.sys
Address: 0x92000000	Size: 36864	File Visible: -	Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\Windows\System32\Drivers\WMILIB.SYS
Address: 0x80789000	Size: 36864	File Visible: -	Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x8361A000	Size: 3903488	File Visible: -	Signed: -
Status: -
         

Hier vom Scan nach Stealth Objects

Code: Alles auswählenAufklappen

ATTFilter

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:		2010/08/10 18:34
Program Version:		Version 1.3.5.0
Windows Version:		Windows Vista SP2
==================================================

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System	Address: 0x86f301f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System	Address: 0x86f301f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System	Address: 0x86f301f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System	Address: 0x86f301f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x86f301f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x86f301f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System	Address: 0x86f301f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System	Address: 0x86f301f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x86f301f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x86f301f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x86f301f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x86f301f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x86f301f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x86f301f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x86f301f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x86f301f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System	Address: 0x86f301f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System	Address: 0x86f301f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System	Address: 0x86f301f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System	Address: 0x86f301f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System	Address: 0x86f301f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System	Address: 0x86f301f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System	Address: 0x86f2e1f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System	Address: 0x86f2e1f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x86f2e1f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x86f2e1f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System	Address: 0x86f2e1f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x86f2e1f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System	Address: 0x86f2e1f8	Size: 121

Object: Hidden Code [Driver: cdroma
, IRP_MJ_CREATE]
Process: System	Address: 0x87f801f8	Size: 121

Object: Hidden Code [Driver: cdroma
, IRP_MJ_CLOSE]
Process: System	Address: 0x87f801f8	Size: 121

Object: Hidden Code [Driver: cdroma
, IRP_MJ_READ]
Process: System	Address: 0x87f801f8	Size: 121

Object: Hidden Code [Driver: cdroma
, IRP_MJ_WRITE]
Process: System	Address: 0x87f801f8	Size: 121

Object: Hidden Code [Driver: cdroma
, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x87f801f8	Size: 121

Object: Hidden Code [Driver: cdroma
, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x87f801f8	Size: 121

Object: Hidden Code [Driver: cdroma
, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x87f801f8	Size: 121

Object: Hidden Code [Driver: cdroma
, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x87f801f8	Size: 121

Object: Hidden Code [Driver: cdroma
, IRP_MJ_POWER]
Process: System	Address: 0x87f801f8	Size: 121

Object: Hidden Code [Driver: cdroma
, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x87f801f8	Size: 121

Object: Hidden Code [Driver: cdroma
, IRP_MJ_PNP]
Process: System	Address: 0x87f801f8	Size: 121

Object: Hidden Code [Driver: USBSTORᮿ慖⁤瞈駍腐蚙Ѕ捓䙌㙘蛐, IRP_MJ_CREATE]
Process: System	Address: 0x8850d1f8	Size: 121

Object: Hidden Code [Driver: USBSTORᮿ慖⁤瞈駍腐蚙Ѕ捓䙌㙘蛐, IRP_MJ_CLOSE]
Process: System	Address: 0x8850d1f8	Size: 121

Object: Hidden Code [Driver: USBSTORᮿ慖⁤瞈駍腐蚙Ѕ捓䙌㙘蛐, IRP_MJ_READ]
Process: System	Address: 0x8850d1f8	Size: 121

Object: Hidden Code [Driver: USBSTORᮿ慖⁤瞈駍腐蚙Ѕ捓䙌㙘蛐, IRP_MJ_WRITE]
Process: System	Address: 0x8850d1f8	Size: 121

Object: Hidden Code [Driver: USBSTORᮿ慖⁤瞈駍腐蚙Ѕ捓䙌㙘蛐, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8850d1f8	Size: 121

Object: Hidden Code [Driver: USBSTORᮿ慖⁤瞈駍腐蚙Ѕ捓䙌㙘蛐, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8850d1f8	Size: 121

Object: Hidden Code [Driver: USBSTORᮿ慖⁤瞈駍腐蚙Ѕ捓䙌㙘蛐, IRP_MJ_POWER]
Process: System	Address: 0x8850d1f8	Size: 121

Object: Hidden Code [Driver: USBSTORᮿ慖⁤瞈駍腐蚙Ѕ捓䙌㙘蛐, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8850d1f8	Size: 121

Object: Hidden Code [Driver: USBSTORᮿ慖⁤瞈駍腐蚙Ѕ捓䙌㙘蛐, IRP_MJ_PNP]
Process: System	Address: 0x8850d1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System	Address: 0x87f4c1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System	Address: 0x87f4c1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x87f4c1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x87f4c1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System	Address: 0x87f4c1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x87f4c1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System	Address: 0x87f4c1f8	Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_CREATE]
Process: System	Address: 0x884fb1f8	Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_CLOSE]
Process: System	Address: 0x884fb1f8	Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x884fb1f8	Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x884fb1f8	Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_CLEANUP]
Process: System	Address: 0x884fb1f8	Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_PNP]
Process: System	Address: 0x884fb1f8	Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_CREATE]
Process: System	Address: 0x88621500	Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_CLOSE]
Process: System	Address: 0x88621500	Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x88621500	Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x88621500	Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_CLEANUP]
Process: System	Address: 0x88621500	Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_PNP]
Process: System	Address: 0x88621500	Size: 121

Object: Hidden Code [Driver: iScsiPrt, IRP_MJ_CREATE]
Process: System	Address: 0x880ce1f8	Size: 121

Object: Hidden Code [Driver: iScsiPrt, IRP_MJ_CLOSE]
Process: System	Address: 0x880ce1f8	Size: 121

Object: Hidden Code [Driver: iScsiPrt, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x880ce1f8	Size: 121

Object: Hidden Code [Driver: iScsiPrt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x880ce1f8	Size: 121

Object: Hidden Code [Driver: iScsiPrt, IRP_MJ_POWER]
Process: System	Address: 0x880ce1f8	Size: 121

Object: Hidden Code [Driver: iScsiPrt, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x880ce1f8	Size: 121

Object: Hidden Code [Driver: iScsiPrt, IRP_MJ_PNP]
Process: System	Address: 0x880ce1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE]
Process: System	Address: 0x8659c1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_READ]
Process: System	Address: 0x8659c1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE]
Process: System	Address: 0x8659c1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x8659c1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8659c1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8659c1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x8659c1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP]
Process: System	Address: 0x8659c1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER]
Process: System	Address: 0x8659c1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8659c1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP]
Process: System	Address: 0x8659c1f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System	Address: 0x87f571f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System	Address: 0x87f571f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x87f571f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x87f571f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System	Address: 0x87f571f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x87f571f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System	Address: 0x87f571f8	Size: 121

Object: Hidden Code [Driver: msahci, IRP_MJ_POWER]
Process: System	Address: 0x86f2f1f8	Size: 121

Object: Hidden Code [Driver: msahci, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x86f2f1f8	Size: 121

Object: Hidden Code [Driver: msahci, IRP_MJ_PNP]
Process: System	Address: 0x86f2f1f8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE]
Process: System	Address: 0x8a4ff3e8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System	Address: 0x8a4ff3e8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CLOSE]
Process: System	Address: 0x8a4ff3e8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_READ]
Process: System	Address: 0x8a4ff3e8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_WRITE]
Process: System	Address: 0x8a4ff3e8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x8a4ff3e8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x8a4ff3e8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_EA]
Process: System	Address: 0x8a4ff3e8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_EA]
Process: System	Address: 0x8a4ff3e8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x8a4ff3e8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x8a4ff3e8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x8a4ff3e8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x8a4ff3e8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x8a4ff3e8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8a4ff3e8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8a4ff3e8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x8a4ff3e8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x8a4ff3e8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CLEANUP]
Process: System	Address: 0x8a4ff3e8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE_MAILSLOT]
Process: System	Address: 0x8a4ff3e8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_SECURITY]
Process: System	Address: 0x8a4ff3e8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_SECURITY]
Process: System	Address: 0x8a4ff3e8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_POWER]
Process: System	Address: 0x8a4ff3e8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8a4ff3e8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DEVICE_CHANGE]
Process: System	Address: 0x8a4ff3e8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_QUOTA]
Process: System	Address: 0x8a4ff3e8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_QUOTA]
Process: System	Address: 0x8a4ff3e8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_PNP]
Process: System	Address: 0x8a4ff3e8	Size: 121

Object: Hidden Code [Driver: cdfsЅ慖卤캘請, IRP_MJ_CREATE]
Process: System	Address: 0x86b021f8	Size: 121

Object: Hidden Code [Driver: cdfsЅ慖卤캘請, IRP_MJ_CLOSE]
Process: System	Address: 0x86b021f8	Size: 121

Object: Hidden Code [Driver: cdfsЅ慖卤캘請, IRP_MJ_READ]
Process: System	Address: 0x86b021f8	Size: 121

Object: Hidden Code [Driver: cdfsЅ慖卤캘請, IRP_MJ_WRITE]
Process: System	Address: 0x86b021f8	Size: 121

Object: Hidden Code [Driver: cdfsЅ慖卤캘請, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x86b021f8	Size: 121

Object: Hidden Code [Driver: cdfsЅ慖卤캘請, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x86b021f8	Size: 121

Object: Hidden Code [Driver: cdfsЅ慖卤캘請, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x86b021f8	Size: 121

Object: Hidden Code [Driver: cdfsЅ慖卤캘請, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x86b021f8	Size: 121

Object: Hidden Code [Driver: cdfsЅ慖卤캘請, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x86b021f8	Size: 121

Object: Hidden Code [Driver: cdfsЅ慖卤캘請, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x86b021f8	Size: 121

Object: Hidden Code [Driver: cdfsЅ慖卤캘請, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x86b021f8	Size: 121

Object: Hidden Code [Driver: cdfsЅ慖卤캘請, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x86b021f8	Size: 121

Object: Hidden Code [Driver: cdfsЅ慖卤캘請, IRP_MJ_CLEANUP]
Process: System	Address: 0x86b021f8	Size: 121

Object: Hidden Code [Driver: cdfsЅ慖卤캘請, IRP_MJ_PNP]
Process: System	Address: 0x86b021f8	Size: 121
         

Bei Hidden Objects wurde von RootRepeal nix entdeckt:

Code: Alles auswählenAufklappen

ATTFilter

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:		2010/08/10 18:35
Program Version:		Version 1.3.5.0
Windows Version:		Windows Vista SP2
==================================================

Hidden Services
-------------------
         

Hi Coverflow,

habe zwischenzeitlich noch einmal Mbam durchlaufen lassen. Grund war, dass ich noch einmal nach den zuvor nicht gefundenen exe-Dateien gesucht hatte und mir dabei zwei von CCleaner gesicherte reg-Dateien angezeigt worden waren. Als ich die reg-Dateien öffnen wollte und dort nach ox.exe suchen wollte (geht das überhaupt?!?!?), wurden sie automatisch wiederhergestellt

Anschließend habe ich deshalb mit CCleaner die Registry noch einmal bereinigt und Mbam noch einmal angeschmissen, da ja beim letzten Scan zwei Registrierungsschlüssel infiziert waren.

Diesmal habe ich einen kompletten Scan gemacht, dies ist das Ergebnis:

Code: Alles auswählenAufklappen

ATTFilter

 
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
 
Datenbank Version: 4414
 
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928
 
11.08.2010 02:13:12
mbam-log-2010-08-11 (02-13-12).txt
 
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|H:\|)
Durchsuchte Objekte: 430972
Laufzeit: 4 Stunde(n), 29 Minute(n), 38 Sekunde(n)
 
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
 
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\XTF1BQO4MU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
 
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         

Hoffe, durch den erneuten Scan sind die zwischenzeitlich geposteten Logfiles nicht alle hinfällig. Falls doch, beginne ich morgen nochmal von vorn.

Auf jeden Fall danke für deine Hilfe!
Moriarty

Noch eine Frage zu Mbam. Habe eben gesehen, dass die gefundenen Dateien und laut log gelöschten Dateien ("Quarantined and deleted successfully") unter "Quarantäne" noch aufgeführt werden. Soll/muss ich sie dort löschen?

Ist die Annahme abwegig, dass der Registrierungsschlüssel durch das unbeabsichtigte Wiederherstellen wieder infiziert worden sein könnte? Bei einem Quickscan nach dem Komplettscan wurde mit aktualisierter Datenbank nix mehr entdeckt - aber das sollte direkt nach einem Komplettscan ohne Neustart des Rechners wohl auch ohnehin so sein ...

Aber trotzdem auch noch dieses Log zur Durchsicht:

Code: Alles auswählenAufklappen

ATTFilter

 
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
 
Datenbank Version: 4417
 
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928
 
11.08.2010 02:47:25
mbam-log-2010-08-11 (02-47-25).txt
 
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 130252
Laufzeit: 6 Minute(n), 9 Sekunde(n)
 
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
 
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
 
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         

hi

"Quarantined and deleted successfully." - nachdem Du einmal auf "Löschen" geklickt hast, die Sache erledigt, weiter hast nicht mehr zu tun

Systemreinigung und Prüfung:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen

1.
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählen→ Häckhen setzen→ "Fix checked" klicken→ PC neu aufstarten):
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen

Code: Alles auswählenAufklappen

ATTFilter

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://search.conduit.com?SearchSource=10&ctid=CT2319825
O23 - Service: OX - Unknown owner - C:\Users\CHRIST~1\AppData\Local\Temp\OX.exe (file missing)
O23 - Service: UDGEFNO - Unknown owner - C:\Users\CHRIST~1\AppData\Local\Temp\UDGEFNO.exe (file missing)
O23 - Service: XTYGLT - Unknown owner - C:\Users\CHRIST~1\AppData\Local\Temp\XTYGLT.exe (file missing)
         

2.
alle Anwendungen schließen → Ordner für temporäre Dateien bitte leeren
lösche nur den Inhalt der Ordner, nicht die Ordner selbst! - Dateien, die noch in Benutzung sind,nicht löschbar.
c:\windows\temp
- anschließend den Papierkorb leeren

3.
reinige dein System mit Ccleaner:

• "Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
• "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
• Starte dein System neu auf

4.

• lade Dir SUPERAntiSpyware FREE Edition herunter.
• installiere das Programm und update online.
• starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
• setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
• anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
• auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
• um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
• drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

5.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.► [Sicherheit] Autorun Funktion für mehr Sicherheit auf allen Laufwerken deaktivieren /Avira Support Forum
Führe dann einen Komplett-Systemcheck mit Nod32 durch
- folgendes bitte anhaken > "Remove found threads" und "Scan archives"
- die Scanergebnis als *.txt Dateien speichern)
- meistens "C:\Programme\Eset\EsetOnlineScanner\log.txt"
- (ESET Online Scanner
Vor dem Scan Einstellungen im Internet Explorer:
- "Extras→ Internetoptionen→ Sicherheit":
- alles auf Standardstufe stellen
- Active X erlauben

** wie verhält sich den dein System?

Hallo Coverflow!

Anbei das Log des SUPERAntiSpyware Scans. Hat ewig gedauert, aber immerhin nicht ganz so lang wie der vollständige Mbam-Scan.

Code: Alles auswählenAufklappen

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 08/11/2010 at 04:28 PM

Application Version : 4.41.1000

Core Rules Database Version : 5344
Trace Rules Database Version: 3156

Scan type       : Complete Scan
Total Scan Time : 03:16:45

Memory items scanned      : 676
Memory threats detected   : 0
Registry items scanned    : 11478
Registry threats detected : 0
File items scanned        : 333893
File threats detected     : 3

Trojan.Agent/Gen-Cryptor[Egun]
	C:\PROGRAM FILES\SPRACHEN\STROKES 3.0\ENG201GERUNINSTALL.EXE
	C:\PROGRAM FILES\SPRACHEN\STROKES 3.0\SEKORTS.EXE
	C:\PROGRAM FILES\SPRACHEN\STROKES 3.0\SPA100GERUNINSTALL.EXE
         

Falls sich die Frage stellt: Bei den kompromittierten Programmen handelt es sich NICHT um illegale Downloads bzw. mit heruntergeladenen Keys aktivierte Programme!

Zum Verhalten des Rechners: Ist manchmal sehr langsam, bei den geöffneten Programmen steht dann im oberen Balken "keine Rückmeldung". Irgendwann geht es dann wieder.

Gerade eben ist der Lüfter angesprungen, obwohl ich den Rechner erst vor fünf Minuten hochgefahren habe, anschließend nur SUPERAntiSpyware geöffnet (war eh per Autostart an) und das Log kopiert und dieses dann in Firefox eingefügt habe. Via Autostart laufen noch Kaspersky und RUbotted. Kaspersky wird eben geupdatet, für "alle Benutzer" zeigt der Taskmanager eine CPU-Auslastung von 100 Prozent an (physikalischer Speicher: 45 %), wobei avp allein 50 Prozent beansprucht. Die avp.exe Datei ist auch zweimal geöffnet. Außerdem springt die wmpnetwk.exe immer wieder mal auf über 10 Prozent, obwohl der Media Player nicht läuft. Eine der mehreren offenen svchost.exe-Dateien springt auch immer mal auf über 10 Prozent. Inzwischen, nach Ende des Updates, ist die CPU-Auslastung wieder gesunken und schwankt zwischen 9 und 22 Prozent. Der Lüfter läuft jedoch zunächst weiter :-( Ist es normal, dass das Kaspersky-Update den Rechner so auslastet?!?

Mache jetzt mal den Nod32-Scan. Bis denne!

Zitat:

Zitat von Moriarty

...( Ist es normal, dass das Kaspersky-Update den Rechner so auslastet?!?

Kann gut möglich sein, nicht jeder Computer ist geeignet für. Manche Virenscanner beansprucht weniger Systemleistung, andere wieder mehr. Können anspruchsvolle Virenscanner ohne Performance-Einbußen im Hintergrund betrieben werden, aber das ist immer mit allen allgemeine technische Daten zu tun. Bei Updates, wenn der Wert der CPU zu hoch ist, werden möglicherweise zu viele Ressourcen verwendet. Abhängig auch von die Datenmenge für Virendefinitionen
Ich würde Dir empfehlen, alle Programme zu beenden, wenn ein Update durchgeführt wird!

Hallo Coverflow,

hier nun der ESET-Online-Scan. Entschuldige die Verzögerung, aber der Scan hat über 10 Stunden gedauert - daher bin ich nicht eher dazu gekommen.

Hier das Log:

Code: Alles auswählenAufklappen

ATTFilter

esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=d01cb4bc7579d740ae5c0a25ba02dde4
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-08-18 09:19:50
# local_time=2010-08-18 11:19:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 718934 718934 0 0
# compatibility_mode=1280 16777215 100 0 3085334 3085334 0 0
# compatibility_mode=5892 16776573 100 100 92233 119660795 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=353658
# found=0
# cleaned=0
# scan_time=38296
         

Wie nun weiter?

Besten Dank im Voraus
Moriarty

1.
poste erneut - nach der vorgenommenen Reinigungsaktion:
► TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!

2.
wenn alles gut verlaufen ist und dein System läuft stabil, mache folgendes:
Erstelle manuell einen Wiederherstellungspunkt: Aktivieren und Deaktivieren der Systemwiederherstellung

Hallo Coverflow,

anbei das HTJ-Log:

HiJackthis Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:31:51, on 19.08.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Anwendungen\Visagesoft\eXPert PDF\vspdfprsrv.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Anwendungen\Eraser\Eraser.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Anwendungen\Sicherheit\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?

LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common 

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 

2011\ievkbd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6

\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti

-Virus 2011\klwtbbho.dll
O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - 

C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\f3wcpij0.default\extensions\{0b457cAA-602d-484a-8fe7-

c1d894a011ba}\library\fsaddin-0.76.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Program Files\Anwendungen\Visagesoft\eXPert PDF\vspdfprsrv.exe --background
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware  (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" 

/runcleanupscript
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Anwendungen\Eraser\Eraser.exe -hide
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER 

DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011

\ie_banner_deny.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program 

Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program 

Files\IEPro\iepro.dll
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows 

Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-

D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12

\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1

\Office12\ONBttnIE.dll
O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky 

Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky 

Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - 

h**p://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - 

h**p://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - 

h**p://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - 

h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - h**p://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - 

h**p://ccfiles.creative.com/Web/softwareupdate/su/ocx/15112/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F808A7E5-5C90-4E27-BA74-424F821375ED}: NameServer = 192.168.2.1
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - 

C:\Windows\system32\browseui.dll
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky 

Anti-Virus 2011\avp.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program 

Files\Anwendungen\Audio\Common\Database\bin\fbserver.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google 

Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe 

(file missing)
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend 

Micro\RUBotted\TMRUBotted.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 8770 bytes
         

--- --- ---