Trojaner-Board - Virus-Problem

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Virus-Problem (https://www.trojaner-board.de/69072-virus-problem.html)

StefanH

24.01.2009 15:46

Virus-Problem

Hallo Zusammen,

folgendes Problem:

Habe Virus/Wurm auf PC. Wenn ich im Google links anklicke werde ich auf völlig andere Seiten geleitet (Werbeseiten). Kann auf keinerlei Virenschutz-Seiten zugreifen (Verbindung unterbrochen).

Combofix kann nicht gestartet werden.
Tools wie von f-secure, kaspersky, symantec, windows-tool zum entfernen schädlicher software finden nichts. hatte den avast-antivirus drauf kann sich aber seit dem 22.1. nicht mehr aktualisieren und findet auch nichts.

windows-tool läuft nur im abgesicherten modus, im normal-modus stürzt es nach ca. 1 min. ab.

system fährt nur noch gelegentlich hoch, nach der anmeldung kommt der blaue bildschirm (kein Bluescreen) und nichts geht mehr weiter - abgesicherter modus geht immer.

weiß mir keinen rat mehr.

nachfolgend log-file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:33:15, on 24.01.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Programme\ActivIdentity\ActivClient\accoca.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Gemeinsame Dateien\GtFlashSwitch\GtFlashSwitch.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\WINDOWS\system32\ifxspmgt.exe
c:\WINDOWS\system32\ifxtcs.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\LANCOM-Systems\Advanced VPN Client\ncpclcfg.exe
C:\Programme\LANCOM-Systems\Advanced VPN Client\ncprwsnt.exe
C:\Programme\LANCOM-Systems\Advanced VPN Client\ncpsec.exe
c:\WINDOWS\system32\IfxPsdSv.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\LANCOM-Systems\Advanced VPN Client\rwsrsu.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
c:\Programme\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Programme\Hp\HP Software Update\HPWuSchd2.exe
C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Programme\ActivIdentity\ActivClient\accrdsub.exe
C:\WINDOWS\system32\igfxsrvc.exe
c:\Programme\ActivIdentity\ActivClient\acevents.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe
c:\Programme\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programme\LANCOM-Systems\Advanced VPN Client\ncpbudgt.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Programme\LANCOM-Systems\Advanced VPN Client\ncpmon.exe
C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\F-Secure Internet Security\Common\FSM32.EXE
C:\Programme\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Microsoft ActiveSync\Wcescomm.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Programme\F-Secure Internet Security\Uninstall\uninstaller.exe
C:\Programme\Java\jre1.6.0_07\bin\jucheck.exe
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\german\setup.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\F-Secure Internet Security\FSGUI\PostInstall.exe
C:\Programme\F-Secure Internet Security\Uninstall\uninstaller.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:8080
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programme\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Programme\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [PTHOSTTR] c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [IFXSPMGT] c:\WINDOWS\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [accrdsub] "c:\Programme\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IAAnotif] "C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NcpBudget] "C:\Programme\LANCOM-Systems\Advanced VPN Client\ncpbudgt.exe"
O4 - HKLM\..\Run: [NcpPopup] "C:\Programme\LANCOM-Systems\Advanced VPN Client\ncppopup.exe" noerrmsg
O4 - HKLM\..\Run: [NcpMonitor] "C:\Programme\LANCOM-Systems\Advanced VPN Client\ncpmon.exe" autorun
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programme\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programme\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Office Groove.lnk = C:\Programme\Microsoft Office\Office12\GROOVE.EXE
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Dial selected number / URI - C:\Programme\LANCOM\LANCOM Advanced VoIP Client\IEDial.htm
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204628612421
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O18 - Protocol: t-mobile - (no CLSID) - (no file)
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: ackpbsc - c:\WINDOWS\system32\ackpbsc.dll
O20 - Winlogon Notify: acunlock - c:\Programme\ActivIdentity\ActivClient\acunlock.dll
O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll
O20 - Winlogon Notify: OneCard - c:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Programme\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Programme\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP ProtectTools Gerätesperre/Überwachung (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GtFlashSwitch - OptionNV - C:\Programme\Gemeinsame Dateien\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - c:\WINDOWS\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - c:\WINDOWS\system32\ifxtcs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: ncpclcfg - NCP engineering GmbH - C:\Programme\LANCOM-Systems\Advanced VPN Client\ncpclcfg.exe
O23 - Service: ncprwsnt - NCP Engineering GmbH - C:\Programme\LANCOM-Systems\Advanced VPN Client\ncprwsnt.exe
O23 - Service: NcpSec - Unknown owner - C:\Programme\LANCOM-Systems\Advanced VPN Client\ncpsec.exe
O23 - Service: Personal Secure Drive service for encrypted drives (PersonalSecureDriveService) - Infineon Technologies AG - c:\WINDOWS\system32\IfxPsdSv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RwsRsu (rwsrsu) - Unknown owner - C:\Programme\LANCOM-Systems\Advanced VPN Client\rwsrsu.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 19092 bytes

Vielleicht könnt ihr mir helfen - danke!

StefanH

24.01.2009 17:15

Virus-Problem

Nachtrag:

Konnte escan installieren, hat nichts gefunden!
Anti-Malware-Software wie z.B. Spybot u.a. werden nicht gestartet

schrauber

24.01.2009 20:40

hi und :hallo:

Gebe unter Start/Ausfuehren devmgmt.msc ein und druecke Enter, dann ueber "Ansicht", "Ausgeblendete Geraete anzeigen" waehlen, "nicht-PNP-Treiber" anzeigen lassen und dort den Treiber "TDSSserv.sys" oder aehnlich deaktivieren und neu starten.

===

Gmer scannen lassen

Lade dir Gmer von dieser Seite runter und entpacke es auf deinen Desktop.

Starte gmer.exe und gehe zum Tab Rootkit. Alle anderen Programme sollen geschlossen sein.

Stelle sicher, daß in der Leiste rechts alles von "System" bis "ADS" angehakt ist
(Wichtig: "Show all" darf nicht angehakt sein)

Starte den Durchlauf mit "Scan".

Mache nichts am Computer während der Scan läuft.

Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren. Mit "Ok" wird Gmer beendet.

Füge das Log aus der Zwischenablage in deine Antwort hier ein.

StefanH

24.01.2009 23:11

hallo schrauber,

danke für deine hilfe,

alles nach deiner anleitung gemacht, aber das prob ist, mein log hat 216539 zeichen und ich kann hier nur 25000 zeichen posten.

was nun?

schrauber

24.01.2009 23:34

log aufteilen und posten :)

StefanH

25.01.2009 08:36

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-25 08:24:50
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.14 ----

SSDT spso.sys ZwCreateKey [0xF73670E0] <-- ROOTKIT !!!
SSDT spso.sys ZwEnumerateKey [0xF7385CA2] <-- ROOTKIT !!!
SSDT spso.sys ZwEnumerateValueKey [0xF7386030] <-- ROOTKIT !!!
SSDT spso.sys ZwOpenKey [0xF73670C0] <-- ROOTKIT !!!
SSDT spso.sys ZwQueryKey [0xF7386108] <-- ROOTKIT !!!
SSDT spso.sys ZwQueryValueKey [0xF7385F88] <-- ROOTKIT !!!
SSDT spso.sys ZwSetValueKey [0xF738619A] <-- ROOTKIT !!!

INT 0x62 ? 8B1DABF8
INT 0x63 ? 8B24BBF8
INT 0x63 ? 8A738BF8
INT 0x73 ? 8A738BF8
INT 0x73 ? 8A738BF8
INT 0x73 ? 8A738BF8
INT 0x83 ? 8A738BF8
INT 0x94 ? 8A738BF8
INT 0xA4 ? 8A738BF8

---- Kernel code sections - GMER 1.0.14 ----

? spso.sys Das System kann die angegebene Datei nicht finden. !
.text USBPORT.SYS!DllUnload F4F988AC 5 Bytes JMP 8A7381D8
.text a481x64z.SYS F4C50386 35 Bytes [ 00, 00, 00, 00, 00, 00, 20, ... ]
.text a481x64z.SYS F4C503AA 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text a481x64z.SYS F4C503C4 3 Bytes [ 00, 70, 02 ]
.text a481x64z.SYS F4C503C9 1 Byte [ 2E ]
.text a481x64z.SYS F4C503CB 9 Bytes [ 00, 00, 5A, 02, 00, 00, 00, ... ]
.text ...

---- User code sections - GMER 1.0.14 ----

.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[240] kernel32.dll!FindNextFileW 7C80EFCA 13 Bytes [ 58, 68, CA, EF, C5, 02, 50, ... ]
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[240] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, C6, 02, 50 ]
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[240] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 09, C0, 5A, 02, C3 ]
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[240] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, C8, 02, 50 ]
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[240] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ 8E, C1, 5A, 02, C3 ]
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[240] ADVAPI32.dll!CryptDeriveKey 77DB9FDD 13 Bytes [ 58, 68, DD, 9F, E2, 02, 50, ... ]
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[240] ADVAPI32.dll!CryptImportKey 77DBA1D1 13 Bytes [ 58, 68, D1, A1, E2, 02, 50, ... ]
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[240] ADVAPI32.dll!CryptGenKey 77DE17D9 13 Bytes [ 58, 68, D9, 17, E5, 02, 50, ... ]
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[240] WININET.dll!HttpOpenRequestA 441F4399 13 Bytes [ 58, 68, 99, 43, FA, 02, 50, ... ]
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[240] WININET.dll!InternetConnectA 441F49F2 13 Bytes [ 58, 68, F2, 49, FA, 02, 50, ... ]
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[240] WININET.dll!HttpOpenRequestW 441F5DBA 13 Bytes [ 58, 68, BA, 5D, FA, 02, 50, ... ]
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[240] WININET.dll!InternetReadFile 441FABF4 13 Bytes [ 58, 68, F4, AB, FA, 02, 50, ... ]
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[240] WININET.dll!InternetQueryDataAvailable 441FAE35 13 Bytes [ 58, 68, 35, AE, FA, 02, 50, ... ]
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[240] WININET.dll!HttpSendRequestA 441FCD78 13 Bytes [ 58, 68, 78, CD, FA, 02, 50, ... ]
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[240] WININET.dll!InternetWriteFile 44203675 13 Bytes [ 58, 68, 75, 36, FB, 02, 50, ... ]
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[240] WININET.dll!CommitUrlCacheEntryA 4420FC82 13 Bytes [ 58, 68, 82, FC, FB, 02, 50, ... ]
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[240] WININET.dll!HttpSendRequestW 4421103D 13 Bytes [ 58, 68, 3D, 10, FC, 02, 50, ... ]
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[240] WININET.dll!InternetReadFileExW 442132C6 13 Bytes [ 58, 68, C6, 32, FC, 02, 50, ... ]
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[240] WININET.dll!InternetReadFileExA 442132FE 13 Bytes [ 58, 68, FE, 32, FC, 02, 50, ... ]
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[240] WININET.dll!InternetErrorDlg 4426C5EB 13 Bytes [ 58, 68, EB, C5, 01, 03, 50, ... ]
.text C:\WINDOWS\system32\spoolsv.exe[272] kernel32.dll!FindNextFileW 7C80EFCA 13 Bytes [ 58, 68, CA, EF, 01, 01, 50, ... ]
.text C:\WINDOWS\system32\spoolsv.exe[272] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 02, 01, 50 ]
.text C:\WINDOWS\system32\spoolsv.exe[272] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 09, C0, BB, 00, C3 ]
.text C:\WINDOWS\system32\spoolsv.exe[272] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, 04, 01, 50 ]
.text C:\WINDOWS\system32\spoolsv.exe[272] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ 8E, C1, BB, 00, C3 ]
.text C:\WINDOWS\system32\spoolsv.exe[272] ADVAPI32.dll!CryptDeriveKey 77DB9FDD 13 Bytes [ 58, 68, DD, 9F, 13, 01, 50, ... ]
.text C:\WINDOWS\system32\spoolsv.exe[272] ADVAPI32.dll!CryptImportKey 77DBA1D1 13 Bytes [ 58, 68, D1, A1, 13, 01, 50, ... ]
.text C:\WINDOWS\system32\spoolsv.exe[272] ADVAPI32.dll!CryptGenKey 77DE17D9 13 Bytes [ 58, 68, D9, 17, 16, 01, 50, ... ]
.text C:\WINDOWS\system32\spoolsv.exe[272] wininet.dll!HttpOpenRequestA 441F4399 13 Bytes [ 58, 68, 99, 43, 2B, 01, 50, ... ]
.text C:\WINDOWS\system32\spoolsv.exe[272] wininet.dll!InternetConnectA 441F49F2 13 Bytes [ 58, 68, F2, 49, 2B, 01, 50, ... ]
.text C:\WINDOWS\system32\spoolsv.exe[272] wininet.dll!HttpOpenRequestW 441F5DBA 13 Bytes [ 58, 68, BA, 5D, 2B, 01, 50, ... ]
.text C:\WINDOWS\system32\spoolsv.exe[272] wininet.dll!InternetReadFile 441FABF4 13 Bytes [ 58, 68, F4, AB, 2B, 01, 50, ... ]
.text C:\WINDOWS\system32\spoolsv.exe[272] wininet.dll!InternetQueryDataAvailable 441FAE35 13 Bytes [ 58, 68, 35, AE, 2B, 01, 50, ... ]
.text C:\WINDOWS\system32\spoolsv.exe[272] wininet.dll!HttpSendRequestA 441FCD78 13 Bytes [ 58, 68, 78, CD, 2B, 01, 50, ... ]
.text C:\WINDOWS\system32\spoolsv.exe[272] wininet.dll!InternetWriteFile 44203675 13 Bytes [ 58, 68, 75, 36, 2C, 01, 50, ... ]
.text C:\WINDOWS\system32\spoolsv.exe[272] wininet.dll!CommitUrlCacheEntryA 4420FC82 13 Bytes [ 58, 68, 82, FC, 2C, 01, 50, ... ]
.text C:\WINDOWS\system32\spoolsv.exe[272] wininet.dll!HttpSendRequestW 4421103D 13 Bytes [ 58, 68, 3D, 10, 2D, 01, 50, ... ]
.text C:\WINDOWS\system32\spoolsv.exe[272] wininet.dll!InternetReadFileExW 442132C6 13 Bytes [ 58, 68, C6, 32, 2D, 01, 50, ... ]
.text C:\WINDOWS\system32\spoolsv.exe[272] wininet.dll!InternetReadFileExA 442132FE 13 Bytes [ 58, 68, FE, 32, 2D, 01, 50, ... ]
.text C:\WINDOWS\system32\spoolsv.exe[272] wininet.dll!InternetErrorDlg 4426C5EB 13 Bytes [ 58, 68, EB, C5, 32, 01, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[732] kernel32.dll!FindNextFileW 7C80EFCA 13 Bytes [ 58, 68, CA, EF, 59, 01, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[732] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 5A, 01, 50 ]
.text C:\WINDOWS\system32\winlogon.exe[732] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 09, C0, 40, 01, C3 ]
.text C:\WINDOWS\system32\winlogon.exe[732] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, 5C, 01, 50 ]
.text C:\WINDOWS\system32\winlogon.exe[732] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ 8E, C1, 40, 01, C3 ]
.text C:\WINDOWS\system32\winlogon.exe[732] ADVAPI32.dll!CryptDeriveKey 77DB9FDD 13 Bytes [ 58, 68, DD, 9F, 76, 01, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[732] ADVAPI32.dll!CryptImportKey 77DBA1D1 13 Bytes [ 58, 68, D1, A1, 76, 01, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[732] ADVAPI32.dll!CryptGenKey 77DE17D9 13 Bytes [ 58, 68, D9, 17, 79, 01, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[732] wininet.dll!HttpOpenRequestA 441F4399 13 Bytes [ 58, 68, 99, 43, 8E, 01, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[732] wininet.dll!InternetConnectA 441F49F2 13 Bytes [ 58, 68, F2, 49, 8E, 01, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[732] wininet.dll!HttpOpenRequestW 441F5DBA 13 Bytes [ 58, 68, BA, 5D, 8E, 01, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[732] wininet.dll!InternetReadFile 441FABF4 13 Bytes [ 58, 68, F4, AB, 8E, 01, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[732] wininet.dll!InternetQueryDataAvailable 441FAE35 13 Bytes [ 58, 68, 35, AE, 8E, 01, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[732] wininet.dll!HttpSendRequestA 441FCD78 13 Bytes [ 58, 68, 78, CD, 8E, 01, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[732] wininet.dll!InternetWriteFile 44203675 13 Bytes [ 58, 68, 75, 36, 8F, 01, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[732] wininet.dll!CommitUrlCacheEntryA 4420FC82 13 Bytes [ 58, 68, 82, FC, 8F, 01, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[732] wininet.dll!HttpSendRequestW 4421103D 13 Bytes [ 58, 68, 3D, 10, 90, 01, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[732] wininet.dll!InternetReadFileExW 442132C6 13 Bytes [ 58, 68, C6, 32, 90, 01, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[732] wininet.dll!InternetReadFileExA 442132FE 13 Bytes [ 58, 68, FE, 32, 90, 01, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[732] wininet.dll!InternetErrorDlg 4426C5EB 13 Bytes [ 58, 68, EB, C5, 95, 01, 50, ... ]
.text C:\WINDOWS\system32\savedump.exe[1096] kernel32.dll!FindNextFileW 7C80EFCA 13 Bytes [ 58, 68, CA, EF, D5, 00, 50, ... ]

StefanH

25.01.2009 08:38

.text C:\WINDOWS\system32\savedump.exe[1096] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, D6, 00, 50 ]
.text C:\WINDOWS\system32\savedump.exe[1096] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 09, C0, A7, 00, C3 ]
.text C:\WINDOWS\system32\savedump.exe[1096] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, D8, 00, 50 ]
.text C:\WINDOWS\system32\savedump.exe[1096] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ 8E, C1, A7, 00, C3 ]
.text C:\WINDOWS\system32\savedump.exe[1096] ADVAPI32.dll!CryptDeriveKey 77DB9FDD 13 Bytes [ 58, 68, DD, 9F, F2, 00, 50, ... ]
.text C:\WINDOWS\system32\savedump.exe[1096] ADVAPI32.dll!CryptImportKey 77DBA1D1 13 Bytes [ 58, 68, D1, A1, F2, 00, 50, ... ]
.text C:\WINDOWS\system32\savedump.exe[1096] ADVAPI32.dll!CryptGenKey 77DE17D9 13 Bytes [ 58, 68, D9, 17, F5, 00, 50, ... ]
.text C:\WINDOWS\system32\savedump.exe[1096] wininet.dll!HttpOpenRequestA 441F4399 13 Bytes [ 58, 68, 99, 43, 0F, 01, 50, ... ]
.text C:\WINDOWS\system32\savedump.exe[1096] wininet.dll!InternetConnectA 441F49F2 13 Bytes [ 58, 68, F2, 49, 0F, 01, 50, ... ]
.text C:\WINDOWS\system32\savedump.exe[1096] wininet.dll!HttpOpenRequestW 441F5DBA 13 Bytes [ 58, 68, BA, 5D, 0F, 01, 50, ... ]
.text C:\WINDOWS\system32\savedump.exe[1096] wininet.dll!InternetReadFile 441FABF4 13 Bytes [ 58, 68, F4, AB, 0F, 01, 50, ... ]
.text C:\WINDOWS\system32\savedump.exe[1096] wininet.dll!InternetQueryDataAvailable 441FAE35 13 Bytes [ 58, 68, 35, AE, 0F, 01, 50, ... ]
.text C:\WINDOWS\system32\savedump.exe[1096] wininet.dll!HttpSendRequestA 441FCD78 13 Bytes [ 58, 68, 78, CD, 0F, 01, 50, ... ]
.text C:\WINDOWS\system32\savedump.exe[1096] wininet.dll!InternetWriteFile 44203675 13 Bytes [ 58, 68, 75, 36, 10, 01, 50, ... ]
.text C:\WINDOWS\system32\savedump.exe[1096] wininet.dll!CommitUrlCacheEntryA 4420FC82 13 Bytes [ 58, 68, 82, FC, 10, 01, 50, ... ]
.text C:\WINDOWS\system32\savedump.exe[1096] wininet.dll!HttpSendRequestW 4421103D 13 Bytes [ 58, 68, 3D, 10, 11, 01, 50, ... ]
.text C:\WINDOWS\system32\savedump.exe[1096] wininet.dll!InternetReadFileExW 442132C6 13 Bytes [ 58, 68, C6, 32, 11, 01, 50, ... ]
.text C:\WINDOWS\system32\savedump.exe[1096] wininet.dll!InternetReadFileExA 442132FE 13 Bytes [ 58, 68, FE, 32, 11, 01, 50, ... ]
.text C:\WINDOWS\system32\savedump.exe[1096] wininet.dll!InternetErrorDlg 4426C5EB 13 Bytes [ 58, 68, EB, C5, 16, 01, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!FindNextFileW 7C80EFCA 13 Bytes [ 58, 68, CA, EF, 01, 01, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 02, 01, 50 ]
.text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 09, C0, 97, 00, C3 ]
.text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, 04, 01, 50 ]
.text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ 8E, C1, 97, 00, C3 ]
.text C:\WINDOWS\system32\lsass.exe[1116] ADVAPI32.dll!CryptDeriveKey 77DB9FDD 13 Bytes [ 58, 68, DD, 9F, 1E, 01, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[1116] ADVAPI32.dll!CryptImportKey 77DBA1D1 13 Bytes [ 58, 68, D1, A1, 1E, 01, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[1116] ADVAPI32.dll!CryptGenKey 77DE17D9 13 Bytes [ 58, 68, D9, 17, 21, 01, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[1116] wininet.dll!HttpOpenRequestA 441F4399 13 Bytes [ 58, 68, 99, 43, 36, 01, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[1116] wininet.dll!InternetConnectA 441F49F2 13 Bytes [ 58, 68, F2, 49, 36, 01, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[1116] wininet.dll!HttpOpenRequestW 441F5DBA 13 Bytes [ 58, 68, BA, 5D, 36, 01, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[1116] wininet.dll!InternetReadFile 441FABF4 13 Bytes [ 58, 68, F4, AB, 36, 01, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[1116] wininet.dll!InternetQueryDataAvailable 441FAE35 13 Bytes [ 58, 68, 35, AE, 36, 01, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[1116] wininet.dll!HttpSendRequestA 441FCD78 13 Bytes [ 58, 68, 78, CD, 36, 01, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[1116] wininet.dll!InternetWriteFile 44203675 13 Bytes [ 58, 68, 75, 36, 37, 01, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[1116] wininet.dll!CommitUrlCacheEntryA 4420FC82 13 Bytes [ 58, 68, 82, FC, 37, 01, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[1116] wininet.dll!HttpSendRequestW 4421103D 13 Bytes [ 58, 68, 3D, 10, 38, 01, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[1116] wininet.dll!InternetReadFileExW 442132C6 13 Bytes [ 58, 68, C6, 32, 38, 01, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[1116] wininet.dll!InternetReadFileExA 442132FE 13 Bytes [ 58, 68, FE, 32, 38, 01, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[1116] wininet.dll!InternetErrorDlg 4426C5EB 13 Bytes [ 58, 68, EB, C5, 3D, 01, 50, ... ]
.text C:\Programme\LANCOM-Systems\Advanced VPN Client\ncprwsnt.exe[1404] kernel32.dll!FindNextFileW 7C80EFCA 13 Bytes [ 58, 68, CA, EF, 7B, 04, 50, ... ]
.text C:\Programme\LANCOM-Systems\Advanced VPN Client\ncprwsnt.exe[1404] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 7C, 04, 50 ]
.text C:\Programme\LANCOM-Systems\Advanced VPN Client\ncprwsnt.exe[1404] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 09, C0, 52, 04, C3 ]
.text C:\Programme\LANCOM-Systems\Advanced VPN Client\ncprwsnt.exe[1404] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, 7E, 04, 50 ]
.text C:\Programme\LANCOM-Systems\Advanced VPN Client\ncprwsnt.exe[1404] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ 8E, C1, 52, 04, C3 ]
.text C:\Programme\LANCOM-Systems\Advanced VPN Client\ncprwsnt.exe[1404] ADVAPI32.dll!CryptDeriveKey 77DB9FDD 13 Bytes [ 58, 68, DD, 9F, 98, 04, 50, ... ]
.text C:\Programme\LANCOM-Systems\Advanced VPN Client\ncprwsnt.exe[1404] ADVAPI32.dll!CryptImportKey 77DBA1D1 13 Bytes [ 58, 68, D1, A1, 98, 04, 50, ... ]
.text C:\Programme\LANCOM-Systems\Advanced VPN Client\ncprwsnt.exe[1404] ADVAPI32.dll!CryptGenKey 77DE17D9 13 Bytes [ 58, 68, D9, 17, 9B, 04, 50, ... ]
.text C:\Programme\LANCOM-Systems\Advanced VPN Client\ncprwsnt.exe[1404] wininet.dll!HttpOpenRequestA 441F4399 13 Bytes [ 58, 68, 99, 43, B0, 04, 50, ... ]
.text C:\Programme\LANCOM-Systems\Advanced VPN Client\ncprwsnt.exe[1404] wininet.dll!InternetConnectA 441F49F2 13 Bytes [ 58, 68, F2, 49, B0, 04, 50, ... ]
.text C:\Programme\LANCOM-Systems\Advanced VPN Client\ncprwsnt.exe[1404] wininet.dll!HttpOpenRequestW 441F5DBA 13 Bytes [ 58, 68, BA, 5D, B0, 04, 50, ... ]
.text C:\Programme\LANCOM-Systems\Advanced VPN Client\ncprwsnt.exe[1404] wininet.dll!InternetReadFile 441FABF4 13 Bytes [ 58, 68, F4, AB, B0, 04, 50, ... ]
.text C:\Programme\LANCOM-Systems\Advanced VPN Client\ncprwsnt.exe[1404] wininet.dll!InternetQueryDataAvailable 441FAE35 13 Bytes [ 58, 68, 35, AE, B0, 04, 50, ... ]
.text C:\Programme\LANCOM-Systems\Advanced VPN Client\ncprwsnt.exe[1404] wininet.dll!HttpSendRequestA 441FCD78 13 Bytes [ 58, 68, 78, CD, B0, 04, 50, ... ]
.text C:\Programme\LANCOM-Systems\Advanced VPN Client\ncprwsnt.exe[1404] wininet.dll!InternetWriteFile 44203675 13 Bytes [ 58, 68, 75, 36, B1, 04, 50, ... ]
.text C:\Programme\LANCOM-Systems\Advanced VPN Client\ncprwsnt.exe[1404] wininet.dll!CommitUrlCacheEntryA 4420FC82 13 Bytes [ 58, 68, 82, FC, B1, 04, 50, ... ]
.text C:\Programme\LANCOM-Systems\Advanced VPN Client\ncprwsnt.exe[1404] wininet.dll!HttpSendRequestW 4421103D 13 Bytes [ 58, 68, 3D, 10, B2, 04, 50, ... ]
.text C:\Programme\LANCOM-Systems\Advanced VPN Client\ncprwsnt.exe[1404] wininet.dll!InternetReadFileExW 442132C6 13 Bytes [ 58, 68, C6, 32, B2, 04, 50, ... ]
.text C:\Programme\LANCOM-Systems\Advanced VPN Client\ncprwsnt.exe[1404] wininet.dll!InternetReadFileExA 442132FE 13 Bytes [ 58, 68, FE, 32, B2, 04, 50, ... ]
.text C:\Programme\LANCOM-Systems\Advanced VPN Client\ncprwsnt.exe[1404] wininet.dll!InternetErrorDlg 4426C5EB 13 Bytes [ 58, 68, EB, C5, B7, 04, 50, ... ]
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1412] kernel32.dll!FindNextFileW 7C80EFCA 13 Bytes [ 58, 68, CA, EF, 90, 01, 50, ... ]
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1412] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 91, 01, 50 ]
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1412] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 09, C0, 6B, 01, C3 ]
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1412] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, 93, 01, 50 ]
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1412] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ 8E, C1, 6B, 01, C3 ]
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1412] ADVAPI32.dll!CryptDeriveKey 77DB9FDD 13 Bytes [ 58, 68, DD, 9F, AD, 01, 50, ... ]
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1412] ADVAPI32.dll!CryptImportKey 77DBA1D1 13 Bytes [ 58, 68, D1, A1, AD, 01, 50, ... ]
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1412] ADVAPI32.dll!CryptGenKey 77DE17D9 13 Bytes [ 58, 68, D9, 17, B0, 01, 50, ... ]
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1412] WININET.dll!HttpOpenRequestA 441F4399 13 Bytes [ 58, 68, 99, 43, C5, 01, 50, ... ]
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1412] WININET.dll!InternetConnectA 441F49F2 13 Bytes [ 58, 68, F2, 49, C5, 01, 50, ... ]
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1412] WININET.dll!HttpOpenRequestW 441F5DBA 13 Bytes [ 58, 68, BA, 5D, C5, 01, 50, ... ]
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1412] WININET.dll!InternetReadFile 441FABF4 13 Bytes [ 58, 68, F4, AB, C5, 01, 50, ... ]
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1412] WININET.dll!InternetQueryDataAvailable 441FAE35 13 Bytes [ 58, 68, 35, AE, C5, 01, 50, ... ]
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1412] WININET.dll!HttpSendRequestA 441FCD78 13 Bytes [ 58, 68, 78, CD, C5, 01, 50, ... ]
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1412] WININET.dll!InternetWriteFile 44203675 13 Bytes [ 58, 68, 75, 36, C6, 01, 50, ... ]
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1412] WININET.dll!CommitUrlCacheEntryA 4420FC82 13 Bytes [ 58, 68, 82, FC, C6, 01, 50, ... ]
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1412] WININET.dll!HttpSendRequestW 4421103D 13 Bytes [ 58, 68, 3D, 10, C7, 01, 50, ... ]
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1412] WININET.dll!InternetReadFileExW 442132C6 13 Bytes [ 58, 68, C6, 32, C7, 01, 50, ... ]
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1412] WININET.dll!InternetReadFileExA 442132FE 13 Bytes [ 58, 68, FE, 32, C7, 01, 50, ... ]
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1412] WININET.dll!InternetErrorDlg 4426C5EB 13 Bytes [ 58, 68, EB, C5, CC, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!FindNextFileW 7C80EFCA 13 Bytes [ 58, 68, CA, EF, 01, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 02, 01, 50 ]
.text C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 09, C0, A7, 00, C3 ]
.text C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, 04, 01, 50 ]
.text C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ 8E, C1, A7, 00, C3 ]

StefanH

25.01.2009 08:39

.text C:\WINDOWS\System32\svchost.exe[1476] ADVAPI32.dll!CryptDeriveKey 77DB9FDD 13 Bytes [ 58, 68, DD, 9F, 13, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1476] ADVAPI32.dll!CryptImportKey 77DBA1D1 13 Bytes [ 58, 68, D1, A1, 13, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1476] ADVAPI32.dll!CryptGenKey 77DE17D9 13 Bytes [ 58, 68, D9, 17, 16, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1476] wininet.dll!HttpOpenRequestA 441F4399 13 Bytes [ 58, 68, 99, 43, 2B, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1476] wininet.dll!InternetConnectA 441F49F2 13 Bytes [ 58, 68, F2, 49, 2B, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1476] wininet.dll!HttpOpenRequestW 441F5DBA 13 Bytes [ 58, 68, BA, 5D, 2B, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1476] wininet.dll!InternetReadFile 441FABF4 13 Bytes [ 58, 68, F4, AB, 2B, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1476] wininet.dll!InternetQueryDataAvailable 441FAE35 13 Bytes [ 58, 68, 35, AE, 2B, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1476] wininet.dll!HttpSendRequestA 441FCD78 13 Bytes [ 58, 68, 78, CD, 2B, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1476] wininet.dll!InternetWriteFile 44203675 13 Bytes [ 58, 68, 75, 36, 2C, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1476] wininet.dll!CommitUrlCacheEntryA 4420FC82 13 Bytes [ 58, 68, 82, FC, 2C, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1476] wininet.dll!HttpSendRequestW 4421103D 13 Bytes [ 58, 68, 3D, 10, 2D, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1476] wininet.dll!InternetReadFileExW 442132C6 13 Bytes [ 58, 68, C6, 32, 2D, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1476] wininet.dll!InternetReadFileExA 442132FE 13 Bytes [ 58, 68, FE, 32, 2D, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1476] wininet.dll!InternetErrorDlg 4426C5EB 13 Bytes [ 58, 68, EB, C5, 32, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!FindNextFileW 7C80EFCA 13 Bytes [ 58, 68, CA, EF, 12, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 13, 01, 50 ]
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 09, C0, A7, 00, C3 ]
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, 15, 01, 50 ]
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ 8E, C1, A7, 00, C3 ]
.text C:\WINDOWS\system32\svchost.exe[1620] ADVAPI32.dll!CryptDeriveKey 77DB9FDD 13 Bytes [ 58, 68, DD, 9F, 2F, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[1620] ADVAPI32.dll!CryptImportKey 77DBA1D1 13 Bytes [ 58, 68, D1, A1, 2F, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[1620] ADVAPI32.dll!CryptGenKey 77DE17D9 13 Bytes [ 58, 68, D9, 17, 32, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[1620] wininet.dll!HttpOpenRequestA 441F4399 13 Bytes [ 58, 68, 99, 43, 47, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[1620] wininet.dll!InternetConnectA 441F49F2 13 Bytes [ 58, 68, F2, 49, 47, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[1620] wininet.dll!HttpOpenRequestW 441F5DBA 13 Bytes [ 58, 68, BA, 5D, 47, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[1620] wininet.dll!InternetReadFile 441FABF4 13 Bytes [ 58, 68, F4, AB, 47, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[1620] wininet.dll!InternetQueryDataAvailable 441FAE35 13 Bytes [ 58, 68, 35, AE, 47, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[1620] wininet.dll!HttpSendRequestA 441FCD78 13 Bytes [ 58, 68, 78, CD, 47, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[1620] wininet.dll!InternetWriteFile 44203675 13 Bytes [ 58, 68, 75, 36, 48, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[1620] wininet.dll!CommitUrlCacheEntryA 4420FC82 13 Bytes [ 58, 68, 82, FC, 48, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[1620] wininet.dll!HttpSendRequestW 4421103D 13 Bytes [ 58, 68, 3D, 10, 49, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[1620] wininet.dll!InternetReadFileExW 442132C6 13 Bytes [ 58, 68, C6, 32, 49, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[1620] wininet.dll!InternetReadFileExA 442132FE 13 Bytes [ 58, 68, FE, 32, 49, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[1620] wininet.dll!InternetErrorDlg 4426C5EB 13 Bytes [ 58, 68, EB, C5, 4E, 01, 50, ... ]
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1816] kernel32.dll!FindNextFileW 7C80EFCA 13 Bytes [ 58, 68, CA, EF, 08, 01, 50, ... ]
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1816] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 09, 01, 50 ]
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1816] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 09, C0, B4, 00, C3 ]
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1816] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, 0B, 01, 50 ]
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1816] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ 8E, C1, B4, 00, C3 ]
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1816] ADVAPI32.dll!CryptDeriveKey 77DB9FDD 13 Bytes [ 58, 68, DD, 9F, 25, 01, 50, ... ]
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1816] ADVAPI32.dll!CryptImportKey 77DBA1D1 13 Bytes [ 58, 68, D1, A1, 25, 01, 50, ... ]
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1816] ADVAPI32.dll!CryptGenKey 77DE17D9 13 Bytes [ 58, 68, D9, 17, 28, 01, 50, ... ]
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1816] WININET.dll!HttpOpenRequestA 441F4399 13 Bytes [ 58, 68, 99, 43, 3D, 01, 50, ... ]
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1816] WININET.dll!InternetConnectA 441F49F2 13 Bytes [ 58, 68, F2, 49, 3D, 01, 50, ... ]
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1816] WININET.dll!HttpOpenRequestW 441F5DBA 13 Bytes [ 58, 68, BA, 5D, 3D, 01, 50, ... ]
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1816] WININET.dll!InternetReadFile 441FABF4 13 Bytes [ 58, 68, F4, AB, 3D, 01, 50, ... ]
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1816] WININET.dll!InternetQueryDataAvailable 441FAE35 13 Bytes [ 58, 68, 35, AE, 3D, 01, 50, ... ]
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1816] WININET.dll!HttpSendRequestA 441FCD78 13 Bytes [ 58, 68, 78, CD, 3D, 01, 50, ... ]
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1816] WININET.dll!InternetWriteFile 44203675 13 Bytes [ 58, 68, 75, 36, 3E, 01, 50, ... ]
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1816] WININET.dll!CommitUrlCacheEntryA 4420FC82 13 Bytes [ 58, 68, 82, FC, 3E, 01, 50, ... ]
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1816] WININET.dll!HttpSendRequestW 4421103D 13 Bytes [ 58, 68, 3D, 10, 3F, 01, 50, ... ]
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1816] WININET.dll!InternetReadFileExW 442132C6 13 Bytes [ 58, 68, C6, 32, 3F, 01, 50, ... ]
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1816] WININET.dll!InternetReadFileExA 442132FE 13 Bytes [ 58, 68, FE, 32, 3F, 01, 50, ... ]
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1816] WININET.dll!InternetErrorDlg 4426C5EB 13 Bytes [ 58, 68, EB, C5, 44, 01, 50, ... ]
.text C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[1856] kernel32.dll!FindNextFileW 7C80EFCA 13 Bytes [ 58, 68, CA, EF, 0B, 01, 50, ... ]
.text C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[1856] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 0C, 01, 50 ]
.text C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[1856] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 09, C0, E6, 00, C3 ]
.text C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[1856] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, 0E, 01, 50 ]
.text C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[1856] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ 8E, C1, E6, 00, C3 ]
.text C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[1856] ADVAPI32.dll!CryptDeriveKey 77DB9FDD 13 Bytes [ 58, 68, DD, 9F, 28, 01, 50, ... ]
.text C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[1856] ADVAPI32.dll!CryptImportKey 77DBA1D1 13 Bytes [ 58, 68, D1, A1, 28, 01, 50, ... ]
.text C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[1856] ADVAPI32.dll!CryptGenKey 77DE17D9 13 Bytes [ 58, 68, D9, 17, 2B, 01, 50, ... ]
.text C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[1856] wininet.dll!HttpOpenRequestA 441F4399 13 Bytes [ 58, 68, 99, 43, 40, 01, 50, ... ]
.text C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[1856] wininet.dll!InternetConnectA 441F49F2 13 Bytes [ 58, 68, F2, 49, 40, 01, 50, ... ]
.text C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[1856] wininet.dll!HttpOpenRequestW 441F5DBA 13 Bytes [ 58, 68, BA, 5D, 40, 01, 50, ... ]
.text C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[1856] wininet.dll!InternetReadFile 441FABF4 13 Bytes [ 58, 68, F4, AB, 40, 01, 50, ... ]
.text C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[1856] wininet.dll!InternetQueryDataAvailable 441FAE35 13 Bytes [ 58, 68, 35, AE, 40, 01, 50, ... ]
.text C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[1856] wininet.dll!HttpSendRequestA 441FCD78 13 Bytes [ 58, 68, 78, CD, 40, 01, 50, ... ]
.text C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[1856] wininet.dll!InternetWriteFile 44203675 13 Bytes [ 58, 68, 75, 36, 41, 01, 50, ... ]
.text C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[1856] wininet.dll!CommitUrlCacheEntryA 4420FC82 13 Bytes [ 58, 68, 82, FC, 41, 01, 50, ... ]
.text C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[1856] wininet.dll!HttpSendRequestW 4421103D 13 Bytes [ 58, 68, 3D, 10, 42, 01, 50, ... ]
.text C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[1856] wininet.dll!InternetReadFileExW 442132C6 13 Bytes [ 58, 68, C6, 32, 42, 01, 50, ... ]
.text C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[1856] wininet.dll!InternetReadFileExA 442132FE 13 Bytes [ 58, 68, FE, 32, 42, 01, 50, ... ]
.text C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[1856] wininet.dll!InternetErrorDlg 4426C5EB 13 Bytes [ 58, 68, EB, C5, 47, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1916] kernel32.dll!FindNextFileW 7C80EFCA 13 Bytes [ 58, 68, CA, EF, 18, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1916] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 19, 01, 50 ]
.text C:\WINDOWS\System32\svchost.exe[1916] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 09, C0, A7, 00, C3 ]
.text C:\WINDOWS\System32\svchost.exe[1916] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, 1B, 01, 50 ]
.text C:\WINDOWS\System32\svchost.exe[1916] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ 8E, C1, A7, 00, C3 ]
.text C:\WINDOWS\System32\svchost.exe[1916] ADVAPI32.dll!CryptDeriveKey 77DB9FDD 13 Bytes [ 58, 68, DD, 9F, 35, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1916] ADVAPI32.dll!CryptImportKey 77DBA1D1 13 Bytes [ 58, 68, D1, A1, 35, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1916] ADVAPI32.dll!CryptGenKey 77DE17D9 13 Bytes [ 58, 68, D9, 17, 38, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1916] wininet.dll!HttpOpenRequestA 441F4399 13 Bytes [ 58, 68, 99, 43, 4D, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1916] wininet.dll!InternetConnectA 441F49F2 13 Bytes [ 58, 68, F2, 49, 4D, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1916] wininet.dll!HttpOpenRequestW 441F5DBA 13 Bytes [ 58, 68, BA, 5D, 4D, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1916] wininet.dll!InternetReadFile 441FABF4 13 Bytes [ 58, 68, F4, AB, 4D, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1916] wininet.dll!InternetQueryDataAvailable 441FAE35 13 Bytes [ 58, 68, 35, AE, 4D, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1916] wininet.dll!HttpSendRequestA 441FCD78 13 Bytes [ 58, 68, 78, CD, 4D, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1916] wininet.dll!InternetWriteFile 44203675 13 Bytes [ 58, 68, 75, 36, 4E, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1916] wininet.dll!CommitUrlCacheEntryA 4420FC82 13 Bytes [ 58, 68, 82, FC, 4E, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1916] wininet.dll!HttpSendRequestW 4421103D 13 Bytes [ 58, 68, 3D, 10, 4F, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1916] wininet.dll!InternetReadFileExW 442132C6 13 Bytes [ 58, 68, C6, 32, 4F, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1916] wininet.dll!InternetReadFileExA 442132FE 13 Bytes [ 58, 68, FE, 32, 4F, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1916] wininet.dll!InternetErrorDlg 4426C5EB 13 Bytes [ 58, 68, EB, C5, 54, 01, 50, ... ]

StefanH

25.01.2009 08:40

.text c:\Programme\Hewlett-Packard\IAM\bin\asghost.exe[2044] kernel32.dll!FindNextFileW 7C80EFCA 13 Bytes [ 58, 68, CA, EF, 2F, 01, 50, ... ]
.text c:\Programme\Hewlett-Packard\IAM\bin\asghost.exe[2044] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 30, 01, 50 ]
.text c:\Programme\Hewlett-Packard\IAM\bin\asghost.exe[2044] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 09, C0, E4, 00, C3 ]
.text c:\Programme\Hewlett-Packard\IAM\bin\asghost.exe[2044] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, 32, 01, 50 ]
.text c:\Programme\Hewlett-Packard\IAM\bin\asghost.exe[2044] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ 8E, C1, E4, 00, C3 ]
.text c:\Programme\Hewlett-Packard\IAM\bin\asghost.exe[2044] ADVAPI32.dll!CryptDeriveKey 77DB9FDD 13 Bytes [ 58, 68, DD, 9F, 4C, 01, 50, ... ]
.text c:\Programme\Hewlett-Packard\IAM\bin\asghost.exe[2044] ADVAPI32.dll!CryptImportKey 77DBA1D1 13 Bytes [ 58, 68, D1, A1, 4C, 01, 50, ... ]
.text c:\Programme\Hewlett-Packard\IAM\bin\asghost.exe[2044] ADVAPI32.dll!CryptGenKey 77DE17D9 13 Bytes [ 58, 68, D9, 17, 4F, 01, 50, ... ]
.text c:\Programme\Hewlett-Packard\IAM\bin\asghost.exe[2044] wininet.dll!HttpOpenRequestA 441F4399 13 Bytes [ 58, 68, 99, 43, 65, 01, 50, ... ]
.text c:\Programme\Hewlett-Packard\IAM\bin\asghost.exe[2044] wininet.dll!InternetConnectA 441F49F2 13 Bytes [ 58, 68, F2, 49, 65, 01, 50, ... ]
.text c:\Programme\Hewlett-Packard\IAM\bin\asghost.exe[2044] wininet.dll!HttpOpenRequestW 441F5DBA 13 Bytes [ 58, 68, BA, 5D, 65, 01, 50, ... ]
.text c:\Programme\Hewlett-Packard\IAM\bin\asghost.exe[2044] wininet.dll!InternetReadFile 441FABF4 13 Bytes [ 58, 68, F4, AB, 65, 01, 50, ... ]
.text c:\Programme\Hewlett-Packard\IAM\bin\asghost.exe[2044] wininet.dll!InternetQueryDataAvailable 441FAE35 13 Bytes [ 58, 68, 35, AE, 65, 01, 50, ... ]
.text c:\Programme\Hewlett-Packard\IAM\bin\asghost.exe[2044] wininet.dll!HttpSendRequestA 441FCD78 13 Bytes [ 58, 68, 78, CD, 65, 01, 50, ... ]
.text c:\Programme\Hewlett-Packard\IAM\bin\asghost.exe[2044] wininet.dll!InternetWriteFile 44203675 13 Bytes [ 58, 68, 75, 36, 66, 01, 50, ... ]
.text c:\Programme\Hewlett-Packard\IAM\bin\asghost.exe[2044] wininet.dll!CommitUrlCacheEntryA 4420FC82 13 Bytes [ 58, 68, 82, FC, 66, 01, 50, ... ]
.text c:\Programme\Hewlett-Packard\IAM\bin\asghost.exe[2044] wininet.dll!HttpSendRequestW 4421103D 13 Bytes [ 58, 68, 3D, 10, 67, 01, 50, ... ]
.text c:\Programme\Hewlett-Packard\IAM\bin\asghost.exe[2044] wininet.dll!InternetReadFileExW 442132C6 13 Bytes [ 58, 68, C6, 32, 67, 01, 50, ... ]
.text c:\Programme\Hewlett-Packard\IAM\bin\asghost.exe[2044] wininet.dll!InternetReadFileExA 442132FE 13 Bytes [ 58, 68, FE, 32, 67, 01, 50, ... ]
.text c:\Programme\Hewlett-Packard\IAM\bin\asghost.exe[2044] wininet.dll!InternetErrorDlg 4426C5EB 13 Bytes [ 58, 68, EB, C5, 6C, 01, 50, ... ]
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2144] kernel32.dll!FindNextFileW 7C80EFCA 13 Bytes [ 58, 68, CA, EF, 2C, 01, 50, ... ]
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2144] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 2D, 01, 50 ]
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2144] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 09, C0, F7, 00, C3 ]
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2144] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, 2F, 01, 50 ]
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2144] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ 8E, C1, F7, 00, C3 ]
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2144] ADVAPI32.dll!CryptDeriveKey 77DB9FDD 13 Bytes [ 58, 68, DD, 9F, 3E, 01, 50, ... ]
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2144] ADVAPI32.dll!CryptImportKey 77DBA1D1 13 Bytes [ 58, 68, D1, A1, 3E, 01, 50, ... ]
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2144] ADVAPI32.dll!CryptGenKey 77DE17D9 13 Bytes [ 58, 68, D9, 17, 41, 01, 50, ... ]
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2144] wininet.dll!HttpOpenRequestA 441F4399 13 Bytes [ 58, 68, 99, 43, 56, 01, 50, ... ]
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2144] wininet.dll!InternetConnectA 441F49F2 13 Bytes [ 58, 68, F2, 49, 56, 01, 50, ... ]
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2144] wininet.dll!HttpOpenRequestW 441F5DBA 13 Bytes [ 58, 68, BA, 5D, 56, 01, 50, ... ]
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2144] wininet.dll!InternetReadFile 441FABF4 13 Bytes [ 58, 68, F4, AB, 56, 01, 50, ... ]
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2144] wininet.dll!InternetQueryDataAvailable 441FAE35 13 Bytes [ 58, 68, 35, AE, 56, 01, 50, ... ]
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2144] wininet.dll!HttpSendRequestA 441FCD78 13 Bytes [ 58, 68, 78, CD, 56, 01, 50, ... ]
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2144] wininet.dll!InternetWriteFile 44203675 13 Bytes [ 58, 68, 75, 36, 57, 01, 50, ... ]
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2144] wininet.dll!CommitUrlCacheEntryA 4420FC82 13 Bytes [ 58, 68, 82, FC, 57, 01, 50, ... ]
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2144] wininet.dll!HttpSendRequestW 4421103D 13 Bytes [ 58, 68, 3D, 10, 58, 01, 50, ... ]
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2144] wininet.dll!InternetReadFileExW 442132C6 13 Bytes [ 58, 68, C6, 32, 58, 01, 50, ... ]
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2144] wininet.dll!InternetReadFileExA 442132FE 13 Bytes [ 58, 68, FE, 32, 58, 01, 50, ... ]
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2144] wininet.dll!InternetErrorDlg 4426C5EB 13 Bytes [ 58, 68, EB, C5, 5D, 01, 50, ... ]
.text C:\Programme\Messenger\msmsgs.exe[2188] kernel32.dll!FindNextFileW 7C80EFCA 13 Bytes [ 58, 68, CA, EF, D6, 00, 50, ... ]
.text C:\Programme\Messenger\msmsgs.exe[2188] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, D7, 00, 50 ]
.text C:\Programme\Messenger\msmsgs.exe[2188] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 09, C0, A1, 00, C3 ]
.text C:\Programme\Messenger\msmsgs.exe[2188] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, D9, 00, 50 ]
.text C:\Programme\Messenger\msmsgs.exe[2188] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ 8E, C1, A1, 00, C3 ]
.text C:\Programme\Messenger\msmsgs.exe[2188] ADVAPI32.dll!CryptDeriveKey 77DB9FDD 13 Bytes [ 58, 68, DD, 9F, F3, 00, 50, ... ]
.text C:\Programme\Messenger\msmsgs.exe[2188] ADVAPI32.dll!CryptImportKey 77DBA1D1 13 Bytes [ 58, 68, D1, A1, F3, 00, 50, ... ]
.text C:\Programme\Messenger\msmsgs.exe[2188] ADVAPI32.dll!CryptGenKey 77DE17D9 13 Bytes [ 58, 68, D9, 17, F6, 00, 50, ... ]
.text C:\Programme\Messenger\msmsgs.exe[2188] WININET.dll!HttpOpenRequestA 441F4399 13 Bytes [ 58, 68, 99, 43, 29, 01, 50, ... ]
.text C:\Programme\Messenger\msmsgs.exe[2188] WININET.dll!InternetConnectA 441F49F2 13 Bytes [ 58, 68, F2, 49, 29, 01, 50, ... ]
.text C:\Programme\Messenger\msmsgs.exe[2188] WININET.dll!HttpOpenRequestW 441F5DBA 13 Bytes [ 58, 68, BA, 5D, 29, 01, 50, ... ]
.text C:\Programme\Messenger\msmsgs.exe[2188] WININET.dll!InternetReadFile 441FABF4 13 Bytes [ 58, 68, F4, AB, 29, 01, 50, ... ]
.text C:\Programme\Messenger\msmsgs.exe[2188] WININET.dll!InternetQueryDataAvailable 441FAE35 13 Bytes [ 58, 68, 35, AE, 29, 01, 50, ... ]
.text C:\Programme\Messenger\msmsgs.exe[2188] WININET.dll!HttpSendRequestA 441FCD78 13 Bytes [ 58, 68, 78, CD, 29, 01, 50, ... ]
.text C:\Programme\Messenger\msmsgs.exe[2188] WININET.dll!InternetWriteFile 44203675 13 Bytes [ 58, 68, 75, 36, 2A, 01, 50, ... ]
.text C:\Programme\Messenger\msmsgs.exe[2188] WININET.dll!CommitUrlCacheEntryA 4420FC82 13 Bytes [ 58, 68, 82, FC, 2A, 01, 50, ... ]
.text C:\Programme\Messenger\msmsgs.exe[2188] WININET.dll!HttpSendRequestW 4421103D 13 Bytes [ 58, 68, 3D, 10, 2B, 01, 50, ... ]
.text C:\Programme\Messenger\msmsgs.exe[2188] WININET.dll!InternetReadFileExW 442132C6 13 Bytes [ 58, 68, C6, 32, 2B, 01, 50, ... ]
.text C:\Programme\Messenger\msmsgs.exe[2188] WININET.dll!InternetReadFileExA 442132FE 13 Bytes [ 58, 68, FE, 32, 2B, 01, 50, ... ]
.text C:\Programme\Messenger\msmsgs.exe[2188] WININET.dll!InternetErrorDlg 4426C5EB 13 Bytes [ 58, 68, EB, C5, 30, 01, 50, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[2352] kernel32.dll!FindNextFileW 7C80EFCA 13 Bytes [ 58, 68, CA, EF, 44, 01, 50, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[2352] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 45, 01, 50 ]
.text C:\WINDOWS\system32\wuauclt.exe[2352] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 09, C0, 95, 00, C3 ]
.text C:\WINDOWS\system32\wuauclt.exe[2352] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, 47, 01, 50 ]
.text C:\WINDOWS\system32\wuauclt.exe[2352] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ 8E, C1, 95, 00, C3 ]
.text C:\WINDOWS\system32\wuauclt.exe[2352] ADVAPI32.dll!CryptDeriveKey 77DB9FDD 13 Bytes [ 58, 68, DD, 9F, 61, 01, 50, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[2352] ADVAPI32.dll!CryptImportKey 77DBA1D1 13 Bytes [ 58, 68, D1, A1, 61, 01, 50, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[2352] ADVAPI32.dll!CryptGenKey 77DE17D9 13 Bytes [ 58, 68, D9, 17, 64, 01, 50, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[2352] wininet.dll!HttpOpenRequestA 441F4399 13 Bytes [ 58, 68, 99, 43, 98, 01, 50, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[2352] wininet.dll!InternetConnectA 441F49F2 13 Bytes [ 58, 68, F2, 49, 98, 01, 50, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[2352] wininet.dll!HttpOpenRequestW 441F5DBA 13 Bytes [ 58, 68, BA, 5D, 98, 01, 50, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[2352] wininet.dll!InternetReadFile 441FABF4 13 Bytes [ 58, 68, F4, AB, 98, 01, 50, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[2352] wininet.dll!InternetQueryDataAvailable 441FAE35 13 Bytes [ 58, 68, 35, AE, 98, 01, 50, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[2352] wininet.dll!HttpSendRequestA 441FCD78 13 Bytes [ 58, 68, 78, CD, 98, 01, 50, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[2352] wininet.dll!InternetWriteFile 44203675 13 Bytes [ 58, 68, 75, 36, 99, 01, 50, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[2352] wininet.dll!CommitUrlCacheEntryA 4420FC82 13 Bytes [ 58, 68, 82, FC, 99, 01, 50, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[2352] wininet.dll!HttpSendRequestW 4421103D 13 Bytes [ 58, 68, 3D, 10, 9A, 01, 50, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[2352] wininet.dll!InternetReadFileExW 442132C6 13 Bytes [ 58, 68, C6, 32, 9A, 01, 50, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[2352] wininet.dll!InternetReadFileExA 442132FE 13 Bytes [ 58, 68, FE, 32, 9A, 01, 50, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[2352] wininet.dll!InternetErrorDlg 4426C5EB 13 Bytes [ 58, 68, EB, C5, 9F, 01, 50, ... ]
.text C:\Programme\Microsoft Office\Office12\GROOVE.EXE[2388] kernel32.dll!FindNextFileW 7C80EFCA 13 Bytes [ 58, 68, CA, EF, A0, 02, 50, ... ]
.text C:\Programme\Microsoft Office\Office12\GROOVE.EXE[2388] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, A1, 02, 50 ]
.text C:\Programme\Microsoft Office\Office12\GROOVE.EXE[2388] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 09, C0, 46, 02, C3 ]
.text C:\Programme\Microsoft Office\Office12\GROOVE.EXE[2388] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, A3, 02, 50 ]
.text C:\Programme\Microsoft Office\Office12\GROOVE.EXE[2388] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ 8E, C1, 46, 02, C3 ]
.text C:\Programme\Microsoft Office\Office12\GROOVE.EXE[2388] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 32605629 C:\Programme\Gemeinsame Dateien\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Programme\Microsoft Office\Office12\GROOVE.EXE[2388] ADVAPI32.dll!CryptDeriveKey 77DB9FDD 13 Bytes [ 58, 68, DD, 9F, BD, 02, 50, ... ]
.text C:\Programme\Microsoft Office\Office12\GROOVE.EXE[2388] ADVAPI32.dll!CryptImportKey 77DBA1D1 13 Bytes [ 58, 68, D1, A1, BD, 02, 50, ... ]
.text C:\Programme\Microsoft Office\Office12\GROOVE.EXE[2388] ADVAPI32.dll!CryptGenKey 77DE17D9 13 Bytes [ 58, 68, D9, 17, C0, 02, 50, ... ]
.text C:\Programme\Microsoft Office\Office12\GROOVE.EXE[2388] WININET.dll!HttpOpenRequestA 441F4399 13 Bytes [ 58, 68, 99, 43, D5, 02, 50, ... ]
.text C:\Programme\Microsoft Office\Office12\GROOVE.EXE[2388] WININET.dll!InternetConnectA 441F49F2 13 Bytes [ 58, 68, F2, 49, D5, 02, 50, ... ]
.text C:\Programme\Microsoft Office\Office12\GROOVE.EXE[2388] WININET.dll!HttpOpenRequestW 441F5DBA 13 Bytes [ 58, 68, BA, 5D, D5, 02, 50, ... ]
.text C:\Programme\Microsoft Office\Office12\GROOVE.EXE[2388] WININET.dll!InternetReadFile 441FABF4 13 Bytes [ 58, 68, F4, AB, D5, 02, 50, ... ]
.text C:\Programme\Microsoft Office\Office12\GROOVE.EXE[2388] WININET.dll!InternetQueryDataAvailable 441FAE35 13 Bytes [ 58, 68, 35, AE, D5, 02, 50, ... ]
.text C:\Programme\Microsoft Office\Office12\GROOVE.EXE[2388] WININET.dll!HttpSendRequestA 441FCD78 13 Bytes [ 58, 68, 78, CD, D5, 02, 50, ... ]
.text C:\Programme\Microsoft Office\Office12\GROOVE.EXE[2388] WININET.dll!InternetWriteFile 44203675 13 Bytes [ 58, 68, 75, 36, D6, 02, 50, ... ]
.text C:\Programme\Microsoft Office\Office12\GROOVE.EXE[2388] WININET.dll!CommitUrlCacheEntryA 4420FC82 13 Bytes [ 58, 68, 82, FC, D6, 02, 50, ... ]
.text C:\Programme\Microsoft Office\Office12\GROOVE.EXE[2388] WININET.dll!HttpSendRequestW 4421103D 13 Bytes [ 58, 68, 3D, 10, D7, 02, 50, ... ]
.text C:\Programme\Microsoft Office\Office12\GROOVE.EXE[2388] WININET.dll!InternetReadFileExW 442132C6 13 Bytes [ 58, 68, C6, 32, D7, 02, 50, ... ]
.text C:\Programme\Microsoft Office\Office12\GROOVE.EXE[2388] WININET.dll!InternetReadFileExA 442132FE 13 Bytes [ 58, 68, FE, 32, D7, 02, 50, ... ]
.text C:\Programme\Microsoft Office\Office12\GROOVE.EXE[2388] WININET.dll!InternetErrorDlg 4426C5EB 13 Bytes [ 58, 68, EB, C5, DC, 02, 50, ... ]

StefanH

25.01.2009 08:42

.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2592] kernel32.dll!FindNextFileW 7C80EFCA 13 Bytes [ 58, 68, CA, EF, 79, 01, 50, ... ]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2592] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 7A, 01, 50 ]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2592] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 09, C0, 07, 01, C3 ]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2592] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, 7C, 01, 50 ]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2592] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ 8E, C1, 07, 01, C3 ]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2592] ADVAPI32.dll!CryptDeriveKey 77DB9FDD 13 Bytes [ 58, 68, DD, 9F, 96, 01, 50, ... ]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2592] ADVAPI32.dll!CryptImportKey 77DBA1D1 13 Bytes [ 58, 68, D1, A1, 96, 01, 50, ... ]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2592] ADVAPI32.dll!CryptGenKey 77DE17D9 13 Bytes [ 58, 68, D9, 17, 99, 01, 50, ... ]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2592] wininet.dll!HttpOpenRequestA 441F4399 13 Bytes [ 58, 68, 99, 43, AF, 01, 50, ... ]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2592] wininet.dll!InternetConnectA 441F49F2 13 Bytes [ 58, 68, F2, 49, AF, 01, 50, ... ]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2592] wininet.dll!HttpOpenRequestW 441F5DBA 13 Bytes [ 58, 68, BA, 5D, AF, 01, 50, ... ]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2592] wininet.dll!InternetReadFile 441FABF4 13 Bytes [ 58, 68, F4, AB, AF, 01, 50, ... ]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2592] wininet.dll!InternetQueryDataAvailable 441FAE35 13 Bytes [ 58, 68, 35, AE, AF, 01, 50, ... ]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2592] wininet.dll!HttpSendRequestA 441FCD78 13 Bytes [ 58, 68, 78, CD, AF, 01, 50, ... ]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2592] wininet.dll!InternetWriteFile 44203675 13 Bytes [ 58, 68, 75, 36, B0, 01, 50, ... ]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2592] wininet.dll!CommitUrlCacheEntryA 4420FC82 13 Bytes [ 58, 68, 82, FC, B0, 01, 50, ... ]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2592] wininet.dll!HttpSendRequestW 4421103D 13 Bytes [ 58, 68, 3D, 10, B1, 01, 50, ... ]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2592] wininet.dll!InternetReadFileExW 442132C6 13 Bytes [ 58, 68, C6, 32, B1, 01, 50, ... ]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2592] wininet.dll!InternetReadFileExA 442132FE 13 Bytes [ 58, 68, FE, 32, B1, 01, 50, ... ]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2592] wininet.dll!InternetErrorDlg 4426C5EB 13 Bytes [ 58, 68, EB, C5, B6, 01, 50, ... ]
.text C:\Programme\Microsoft ActiveSync\Wcescomm.exe[2720] kernel32.dll!FindNextFileW 7C80EFCA 13 Bytes [ 58, 68, CA, EF, 63, 01, 50, ... ]
.text C:\Programme\Microsoft ActiveSync\Wcescomm.exe[2720] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 64, 01, 50 ]
.text C:\Programme\Microsoft ActiveSync\Wcescomm.exe[2720] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 09, C0, EA, 00, C3 ]
.text C:\Programme\Microsoft ActiveSync\Wcescomm.exe[2720] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, 66, 01, 50 ]
.text C:\Programme\Microsoft ActiveSync\Wcescomm.exe[2720] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ 8E, C1, EA, 00, C3 ]
.text C:\Programme\Microsoft ActiveSync\Wcescomm.exe[2720] ADVAPI32.dll!CryptDeriveKey 77DB9FDD 13 Bytes [ 58, 68, DD, 9F, 80, 01, 50, ... ]
.text C:\Programme\Microsoft ActiveSync\Wcescomm.exe[2720] ADVAPI32.dll!CryptImportKey 77DBA1D1 13 Bytes [ 58, 68, D1, A1, 80, 01, 50, ... ]
.text C:\Programme\Microsoft ActiveSync\Wcescomm.exe[2720] ADVAPI32.dll!CryptGenKey 77DE17D9 13 Bytes [ 58, 68, D9, 17, 83, 01, 50, ... ]
.text C:\Programme\Microsoft ActiveSync\Wcescomm.exe[2720] wininet.dll!HttpOpenRequestA 441F4399 13 Bytes [ 58, 68, 99, 43, 98, 01, 50, ... ]
.text C:\Programme\Microsoft ActiveSync\Wcescomm.exe[2720] wininet.dll!InternetConnectA 441F49F2 13 Bytes [ 58, 68, F2, 49, 98, 01, 50, ... ]
.text C:\Programme\Microsoft ActiveSync\Wcescomm.exe[2720] wininet.dll!HttpOpenRequestW 441F5DBA 13 Bytes [ 58, 68, BA, 5D, 98, 01, 50, ... ]
.text C:\Programme\Microsoft ActiveSync\Wcescomm.exe[2720] wininet.dll!InternetReadFile 441FABF4 13 Bytes [ 58, 68, F4, AB, 98, 01, 50, ... ]
.text C:\Programme\Microsoft ActiveSync\Wcescomm.exe[2720] wininet.dll!InternetQueryDataAvailable 441FAE35 13 Bytes [ 58, 68, 35, AE, 98, 01, 50, ... ]
.text C:\Programme\Microsoft ActiveSync\Wcescomm.exe[2720] wininet.dll!HttpSendRequestA 441FCD78 13 Bytes [ 58, 68, 78, CD, 98, 01, 50, ... ]
.text C:\Programme\Microsoft ActiveSync\Wcescomm.exe[2720] wininet.dll!InternetWriteFile 44203675 13 Bytes [ 58, 68, 75, 36, 99, 01, 50, ... ]
.text C:\Programme\Microsoft ActiveSync\Wcescomm.exe[2720] wininet.dll!CommitUrlCacheEntryA 4420FC82 13 Bytes [ 58, 68, 82, FC, 99, 01, 50, ... ]
.text C:\Programme\Microsoft ActiveSync\Wcescomm.exe[2720] wininet.dll!HttpSendRequestW 4421103D 13 Bytes [ 58, 68, 3D, 10, 9A, 01, 50, ... ]
.text C:\Programme\Microsoft ActiveSync\Wcescomm.exe[2720] wininet.dll!InternetReadFileExW 442132C6 13 Bytes [ 58, 68, C6, 32, 9A, 01, 50, ... ]
.text C:\Programme\Microsoft ActiveSync\Wcescomm.exe[2720] wininet.dll!InternetReadFileExA 442132FE 13 Bytes [ 58, 68, FE, 32, 9A, 01, 50, ... ]
.text C:\Programme\Microsoft ActiveSync\Wcescomm.exe[2720] wininet.dll!InternetErrorDlg 4426C5EB 13 Bytes [ 58, 68, EB, C5, 9F, 01, 50, ... ]
.text C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe[2916] kernel32.dll!FindNextFileW 7C80EFCA 13 Bytes [ 58, 68, CA, EF, 19, 01, 50, ... ]
.text C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe[2916] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 1A, 01, 50 ]
.text C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe[2916] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 09, C0, E4, 00, C3 ]
.text C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe[2916] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, 1C, 01, 50 ]
.text C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe[2916] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ 8E, C1, E4, 00, C3 ]
.text C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe[2916] ADVAPI32.dll!CryptDeriveKey 77DB9FDD 13 Bytes [ 58, 68, DD, 9F, 36, 01, 50, ... ]
.text C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe[2916] ADVAPI32.dll!CryptImportKey 77DBA1D1 13 Bytes [ 58, 68, D1, A1, 36, 01, 50, ... ]
.text C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe[2916] ADVAPI32.dll!CryptGenKey 77DE17D9 13 Bytes [ 58, 68, D9, 17, 39, 01, 50, ... ]
.text C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe[2916] wininet.dll!HttpOpenRequestA 441F4399 13 Bytes [ 58, 68, 99, 43, 4E, 01, 50, ... ]
.text C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe[2916] wininet.dll!InternetConnectA 441F49F2 13 Bytes [ 58, 68, F2, 49, 4E, 01, 50, ... ]
.text C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe[2916] wininet.dll!HttpOpenRequestW 441F5DBA 13 Bytes [ 58, 68, BA, 5D, 4E, 01, 50, ... ]
.text C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe[2916] wininet.dll!InternetReadFile 441FABF4 13 Bytes [ 58, 68, F4, AB, 4E, 01, 50, ... ]
.text C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe[2916] wininet.dll!InternetQueryDataAvailable 441FAE35 13 Bytes [ 58, 68, 35, AE, 4E, 01, 50, ... ]
.text C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe[2916] wininet.dll!HttpSendRequestA 441FCD78 13 Bytes [ 58, 68, 78, CD, 4E, 01, 50, ... ]
.text C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe[2916] wininet.dll!InternetWriteFile 44203675 13 Bytes [ 58, 68, 75, 36, 4F, 01, 50, ... ]
.text C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe[2916] wininet.dll!CommitUrlCacheEntryA 4420FC82 13 Bytes [ 58, 68, 82, FC, 4F, 01, 50, ... ]
.text C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe[2916] wininet.dll!HttpSendRequestW 4421103D 13 Bytes [ 58, 68, 3D, 10, 50, 01, 50, ... ]
.text C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe[2916] wininet.dll!InternetReadFileExW 442132C6 13 Bytes [ 58, 68, C6, 32, 50, 01, 50, ... ]
.text C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe[2916] wininet.dll!InternetReadFileExA 442132FE 13 Bytes [ 58, 68, FE, 32, 50, 01, 50, ... ]
.text C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe[2916] wininet.dll!InternetErrorDlg 4426C5EB 13 Bytes [ 58, 68, EB, C5, 55, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[2980] kernel32.dll!FindNextFileW 7C80EFCA 13 Bytes [ 58, 68, CA, EF, D5, 00, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[2980] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, D6, 00, 50 ]
.text C:\WINDOWS\system32\svchost.exe[2980] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 09, C0, A7, 00, C3 ]
.text C:\WINDOWS\system32\svchost.exe[2980] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, D8, 00, 50 ]
.text C:\WINDOWS\system32\svchost.exe[2980] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ 8E, C1, A7, 00, C3 ]
.text C:\WINDOWS\system32\svchost.exe[2980] ADVAPI32.dll!CryptDeriveKey 77DB9FDD 13 Bytes [ 58, 68, DD, 9F, F2, 00, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[2980] ADVAPI32.dll!CryptImportKey 77DBA1D1 13 Bytes [ 58, 68, D1, A1, F2, 00, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[2980] ADVAPI32.dll!CryptGenKey 77DE17D9 13 Bytes [ 58, 68, D9, 17, F5, 00, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[2980] wininet.dll!HttpOpenRequestA 441F4399 13 Bytes [ 58, 68, 99, 43, 0F, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[2980] wininet.dll!InternetConnectA 441F49F2 13 Bytes [ 58, 68, F2, 49, 0F, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[2980] wininet.dll!HttpOpenRequestW 441F5DBA 13 Bytes [ 58, 68, BA, 5D, 0F, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[2980] wininet.dll!InternetReadFile 441FABF4 13 Bytes [ 58, 68, F4, AB, 0F, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[2980] wininet.dll!InternetQueryDataAvailable 441FAE35 13 Bytes [ 58, 68, 35, AE, 0F, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[2980] wininet.dll!HttpSendRequestA 441FCD78 13 Bytes [ 58, 68, 78, CD, 0F, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[2980] wininet.dll!InternetWriteFile 44203675 13 Bytes [ 58, 68, 75, 36, 10, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[2980] wininet.dll!CommitUrlCacheEntryA 4420FC82 13 Bytes [ 58, 68, 82, FC, 10, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[2980] wininet.dll!HttpSendRequestW 4421103D 13 Bytes [ 58, 68, 3D, 10, 11, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[2980] wininet.dll!InternetReadFileExW 442132C6 13 Bytes [ 58, 68, C6, 32, 11, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[2980] wininet.dll!InternetReadFileExA 442132FE 13 Bytes [ 58, 68, FE, 32, 11, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[2980] wininet.dll!InternetErrorDlg 4426C5EB 13 Bytes [ 58, 68, EB, C5, 16, 01, 50, ... ]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3348] kernel32.dll!FindNextFileW 7C80EFCA 13 Bytes [ 58, 68, CA, EF, 74, 01, 50, ... ]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3348] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 75, 01, 50 ]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3348] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 09, C0, ED, 00, C3 ]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3348] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, 77, 01, 50 ]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3348] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ 8E, C1, ED, 00, C3 ]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3348] ADVAPI32.dll!CryptDeriveKey 77DB9FDD 13 Bytes [ 58, 68, DD, 9F, 91, 01, 50, ... ]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3348] ADVAPI32.dll!CryptImportKey 77DBA1D1 13 Bytes [ 58, 68, D1, A1, 91, 01, 50, ... ]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3348] ADVAPI32.dll!CryptGenKey 77DE17D9 13 Bytes [ 58, 68, D9, 17, 94, 01, 50, ... ]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3348] wininet.dll!HttpOpenRequestA 441F4399 13 Bytes [ 58, 68, 99, 43, A9, 01, 50, ... ]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3348] wininet.dll!InternetConnectA 441F49F2 13 Bytes [ 58, 68, F2, 49, A9, 01, 50, ... ]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3348] wininet.dll!HttpOpenRequestW 441F5DBA 13 Bytes [ 58, 68, BA, 5D, A9, 01, 50, ... ]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3348] wininet.dll!InternetReadFile 441FABF4 13 Bytes [ 58, 68, F4, AB, A9, 01, 50, ... ]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3348] wininet.dll!InternetQueryDataAvailable 441FAE35 13 Bytes [ 58, 68, 35, AE, A9, 01, 50, ... ]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3348] wininet.dll!HttpSendRequestA 441FCD78 13 Bytes [ 58, 68, 78, CD, A9, 01, 50, ... ]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3348] wininet.dll!InternetWriteFile 44203675 13 Bytes [ 58, 68, 75, 36, AA, 01, 50, ... ]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3348] wininet.dll!CommitUrlCacheEntryA 4420FC82 13 Bytes [ 58, 68, 82, FC, AA, 01, 50, ... ]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3348] wininet.dll!HttpSendRequestW 4421103D 13 Bytes [ 58, 68, 3D, 10, AB, 01, 50, ... ]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3348] wininet.dll!InternetReadFileExW 442132C6 13 Bytes [ 58, 68, C6, 32, AB, 01, 50, ... ]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3348] wininet.dll!InternetReadFileExA 442132FE 13 Bytes [ 58, 68, FE, 32, AB, 01, 50, ... ]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3348] wininet.dll!InternetErrorDlg 4426C5EB 13 Bytes [ 58, 68, EB, C5, B0, 01, 50, ... ]
.text C:\WINDOWS\Explorer.EXE[3512] kernel32.dll!FindNextFileW 7C80EFCA 13 Bytes [ 58, 68, CA, EF, 6F, 01, 50, ... ]
.text C:\WINDOWS\Explorer.EXE[3512] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 70, 01, 50 ]
.text C:\WINDOWS\Explorer.EXE[3512] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 09, C0, D5, 00, C3 ]
.text C:\WINDOWS\Explorer.EXE[3512] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, 72, 01, 50 ]
.text C:\WINDOWS\Explorer.EXE[3512] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ 8E, C1, D5, 00, C3 ]
.text C:\WINDOWS\Explorer.EXE[3512] ADVAPI32.dll!CryptDeriveKey 77DB9FDD 13 Bytes [ 58, 68, DD, 9F, 8C, 01, 50, ... ]
.text C:\WINDOWS\Explorer.EXE[3512] ADVAPI32.dll!CryptImportKey 77DBA1D1 13 Bytes [ 58, 68, D1, A1, 8C, 01, 50, ... ]
.text C:\WINDOWS\Explorer.EXE[3512] ADVAPI32.dll!CryptGenKey 77DE17D9 13 Bytes [ 58, 68, D9, 17, 8F, 01, 50, ... ]

StefanH

25.01.2009 08:43

.text C:\WINDOWS\system32\ctfmon.exe[3564] kernel32.dll!FindNextFileW 7C80EFCA 13 Bytes [ 58, 68, CA, EF, EE, 00, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[3564] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, EF, 00, 50 ]
.text C:\WINDOWS\system32\ctfmon.exe[3564] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 09, C0, BE, 00, C3 ]
.text C:\WINDOWS\system32\ctfmon.exe[3564] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, F1, 00, 50 ]
.text C:\WINDOWS\system32\ctfmon.exe[3564] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ 8E, C1, BE, 00, C3 ]
.text C:\WINDOWS\system32\ctfmon.exe[3564] ADVAPI32.dll!CryptDeriveKey 77DB9FDD 13 Bytes [ 58, 68, DD, 9F, 0B, 01, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[3564] ADVAPI32.dll!CryptImportKey 77DBA1D1 13 Bytes [ 58, 68, D1, A1, 0B, 01, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[3564] ADVAPI32.dll!CryptGenKey 77DE17D9 13 Bytes [ 58, 68, D9, 17, 0E, 01, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[3564] wininet.dll!HttpOpenRequestA 441F4399 13 Bytes [ 58, 68, 99, 43, 23, 01, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[3564] wininet.dll!InternetConnectA 441F49F2 13 Bytes [ 58, 68, F2, 49, 23, 01, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[3564] wininet.dll!HttpOpenRequestW 441F5DBA 13 Bytes [ 58, 68, BA, 5D, 23, 01, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[3564] wininet.dll!InternetReadFile 441FABF4 13 Bytes [ 58, 68, F4, AB, 23, 01, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[3564] wininet.dll!InternetQueryDataAvailable 441FAE35 13 Bytes [ 58, 68, 35, AE, 23, 01, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[3564] wininet.dll!HttpSendRequestA 441FCD78 13 Bytes [ 58, 68, 78, CD, 23, 01, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[3564] wininet.dll!InternetWriteFile 44203675 13 Bytes [ 58, 68, 75, 36, 24, 01, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[3564] wininet.dll!CommitUrlCacheEntryA 4420FC82 13 Bytes [ 58, 68, 82, FC, 24, 01, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[3564] wininet.dll!HttpSendRequestW 4421103D 13 Bytes [ 58, 68, 3D, 10, 25, 01, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[3564] wininet.dll!InternetReadFileExW 442132C6 13 Bytes [ 58, 68, C6, 32, 25, 01, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[3564] wininet.dll!InternetReadFileExA 442132FE 13 Bytes [ 58, 68, FE, 32, 25, 01, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[3564] wininet.dll!InternetErrorDlg 4426C5EB 13 Bytes [ 58, 68, EB, C5, 2A, 01, 50, ... ]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3664] kernel32.dll!FindNextFileW 7C80EFCA 13 Bytes [ 58, 68, CA, EF, 25, 01, 50, ... ]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3664] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 26, 01, 50 ]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3664] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 09, C0, A3, 00, C3 ]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3664] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, 28, 01, 50 ]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3664] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ 8E, C1, A3, 00, C3 ]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3664] ADVAPI32.dll!CryptDeriveKey 77DB9FDD 13 Bytes [ 58, 68, DD, 9F, 42, 01, 50, ... ]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3664] ADVAPI32.dll!CryptImportKey 77DBA1D1 13 Bytes [ 58, 68, D1, A1, 42, 01, 50, ... ]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3664] ADVAPI32.dll!CryptGenKey 77DE17D9 13 Bytes [ 58, 68, D9, 17, 45, 01, 50, ... ]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3664] wininet.dll!HttpOpenRequestA 441F4399 13 Bytes [ 58, 68, 99, 43, 5A, 01, 50, ... ]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3664] wininet.dll!InternetConnectA 441F49F2 13 Bytes [ 58, 68, F2, 49, 5A, 01, 50, ... ]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3664] wininet.dll!HttpOpenRequestW 441F5DBA 13 Bytes [ 58, 68, BA, 5D, 5A, 01, 50, ... ]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3664] wininet.dll!InternetReadFile 441FABF4 13 Bytes [ 58, 68, F4, AB, 5A, 01, 50, ... ]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3664] wininet.dll!InternetQueryDataAvailable 441FAE35 13 Bytes [ 58, 68, 35, AE, 5A, 01, 50, ... ]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3664] wininet.dll!HttpSendRequestA 441FCD78 13 Bytes [ 58, 68, 78, CD, 5A, 01, 50, ... ]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3664] wininet.dll!InternetWriteFile 44203675 13 Bytes [ 58, 68, 75, 36, 5B, 01, 50, ... ]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3664] wininet.dll!CommitUrlCacheEntryA 4420FC82 13 Bytes [ 58, 68, 82, FC, 5B, 01, 50, ... ]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3664] wininet.dll!HttpSendRequestW 4421103D 13 Bytes [ 58, 68, 3D, 10, 5C, 01, 50, ... ]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3664] wininet.dll!InternetReadFileExW 442132C6 13 Bytes [ 58, 68, C6, 32, 5C, 01, 50, ... ]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3664] wininet.dll!InternetReadFileExA 442132FE 13 Bytes [ 58, 68, FE, 32, 5C, 01, 50, ... ]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3664] wininet.dll!InternetErrorDlg 4426C5EB 13 Bytes [ 58, 68, EB, C5, 61, 01, 50, ... ]
.text C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3676] kernel32.dll!FindNextFileW 7C80EFCA 13 Bytes [ 58, 68, CA, EF, B8, 01, 50, ... ]
.text C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3676] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, B9, 01, 50 ]
.text C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3676] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 09, C0, 88, 01, C3 ]
.text C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3676] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, BB, 01, 50 ]
.text C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3676] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ 8E, C1, 88, 01, C3 ]
.text C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3676] ADVAPI32.dll!CryptDeriveKey 77DB9FDD 13 Bytes [ 58, 68, DD, 9F, 29, 02, 50, ... ]
.text C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3676] ADVAPI32.dll!CryptImportKey 77DBA1D1 13 Bytes [ 58, 68, D1, A1, 29, 02, 50, ... ]
.text C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3676] ADVAPI32.dll!CryptGenKey 77DE17D9 13 Bytes [ 58, 68, D9, 17, 2C, 02, 50, ... ]
.text C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3676] wininet.dll!HttpOpenRequestA 441F4399 13 Bytes [ 58, 68, 99, 43, 51, 02, 50, ... ]
.text C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3676] wininet.dll!InternetConnectA 441F49F2 13 Bytes [ 58, 68, F2, 49, 51, 02, 50, ... ]
.text C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3676] wininet.dll!HttpOpenRequestW 441F5DBA 13 Bytes [ 58, 68, BA, 5D, 51, 02, 50, ... ]
.text C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3676] wininet.dll!InternetReadFile 441FABF4 13 Bytes [ 58, 68, F4, AB, 51, 02, 50, ... ]
.text C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3676] wininet.dll!InternetQueryDataAvailable 441FAE35 13 Bytes [ 58, 68, 35, AE, 51, 02, 50, ... ]
.text C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3676] wininet.dll!HttpSendRequestA 441FCD78 13 Bytes [ 58, 68, 78, CD, 51, 02, 50, ... ]
.text C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3676] wininet.dll!InternetWriteFile 44203675 13 Bytes [ 58, 68, 75, 36, 52, 02, 50, ... ]
.text C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3676] wininet.dll!CommitUrlCacheEntryA 4420FC82 13 Bytes [ 58, 68, 82, FC, 52, 02, 50, ... ]
.text C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3676] wininet.dll!HttpSendRequestW 4421103D 13 Bytes [ 58, 68, 3D, 10, 53, 02, 50, ... ]
.text C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3676] wininet.dll!InternetReadFileExW 442132C6 13 Bytes [ 58, 68, C6, 32, 53, 02, 50, ... ]
.text C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3676] wininet.dll!InternetReadFileExA 442132FE 13 Bytes [ 58, 68, FE, 32, 53, 02, 50, ... ]
.text C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3676] wininet.dll!InternetErrorDlg 4426C5EB 13 Bytes [ 58, 68, EB, C5, 58, 02, 50, ... ]
.text C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE[3836] kernel32.dll!FindNextFileW 7C80EFCA 13 Bytes [ 58, 68, CA, EF, 19, 02, 50, ... ]
.text C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE[3836] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 1A, 02, 50 ]
.text C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE[3836] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 09, C0, F4, 01, C3 ]
.text C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE[3836] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, 1C, 02, 50 ]
.text C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE[3836] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ 8E, C1, F4, 01, C3 ]
.text C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE[3836] ADVAPI32.dll!CryptDeriveKey 77DB9FDD 13 Bytes [ 58, 68, DD, 9F, 36, 02, 50, ... ]
.text C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE[3836] ADVAPI32.dll!CryptImportKey 77DBA1D1 13 Bytes [ 58, 68, D1, A1, 36, 02, 50, ... ]
.text C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE[3836] ADVAPI32.dll!CryptGenKey 77DE17D9 13 Bytes [ 58, 68, D9, 17, 39, 02, 50, ... ]
.text C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE[3836] wininet.dll!HttpOpenRequestA 441F4399 13 Bytes [ 58, 68, 99, 43, 4E, 02, 50, ... ]
.text C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE[3836] wininet.dll!InternetConnectA 441F49F2 13 Bytes [ 58, 68, F2, 49, 4E, 02, 50, ... ]
.text C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE[3836] wininet.dll!HttpOpenRequestW 441F5DBA 13 Bytes [ 58, 68, BA, 5D, 4E, 02, 50, ... ]
.text C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE[3836] wininet.dll!InternetReadFile 441FABF4 13 Bytes [ 58, 68, F4, AB, 4E, 02, 50, ... ]
.text C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE[3836] wininet.dll!InternetQueryDataAvailable 441FAE35 13 Bytes [ 58, 68, 35, AE, 4E, 02, 50, ... ]
.text C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE[3836] wininet.dll!HttpSendRequestA 441FCD78 13 Bytes [ 58, 68, 78, CD, 4E, 02, 50, ... ]
.text C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE[3836] wininet.dll!InternetWriteFile 44203675 13 Bytes [ 58, 68, 75, 36, 4F, 02, 50, ... ]
.text C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE[3836] wininet.dll!CommitUrlCacheEntryA 4420FC82 13 Bytes [ 58, 68, 82, FC, 4F, 02, 50, ... ]
.text C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE[3836] wininet.dll!HttpSendRequestW 4421103D 13 Bytes [ 58, 68, 3D, 10, 50, 02, 50, ... ]
.text C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE[3836] wininet.dll!InternetReadFileExW 442132C6 13 Bytes [ 58, 68, C6, 32, 50, 02, 50, ... ]
.text C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE[3836] wininet.dll!InternetReadFileExA 442132FE 13 Bytes [ 58, 68, FE, 32, 50, 02, 50, ... ]
.text C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE[3836] wininet.dll!InternetErrorDlg 4426C5EB 13 Bytes [ 58, 68, EB, C5, 55, 02, 50, ... ]

StefanH

25.01.2009 08:44

.text C:\Programme\Analog Devices\Core\smax4pnp.exe[3872] kernel32.dll!FindNextFileW 7C80EFCA 13 Bytes [ 58, 68, CA, EF, A6, 01, 50, ... ]
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[3872] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, A7, 01, 50 ]
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[3872] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 09, C0, ED, 00, C3 ]
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[3872] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, A9, 01, 50 ]
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[3872] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ 8E, C1, ED, 00, C3 ]
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[3872] ADVAPI32.dll!CryptDeriveKey 77DB9FDD 13 Bytes [ 58, 68, DD, 9F, C3, 01, 50, ... ]
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[3872] ADVAPI32.dll!CryptImportKey 77DBA1D1 13 Bytes [ 58, 68, D1, A1, C3, 01, 50, ... ]
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[3872] ADVAPI32.dll!CryptGenKey 77DE17D9 13 Bytes [ 58, 68, D9, 17, C6, 01, 50, ... ]
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[3872] wininet.dll!HttpOpenRequestA 441F4399 13 Bytes [ 58, 68, 99, 43, DB, 01, 50, ... ]
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[3872] wininet.dll!InternetConnectA 441F49F2 13 Bytes [ 58, 68, F2, 49, DB, 01, 50, ... ]
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[3872] wininet.dll!HttpOpenRequestW 441F5DBA 13 Bytes [ 58, 68, BA, 5D, DB, 01, 50, ... ]
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[3872] wininet.dll!InternetReadFile 441FABF4 13 Bytes [ 58, 68, F4, AB, DB, 01, 50, ... ]
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[3872] wininet.dll!InternetQueryDataAvailable 441FAE35 13 Bytes [ 58, 68, 35, AE, DB, 01, 50, ... ]
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[3872] wininet.dll!HttpSendRequestA 441FCD78 13 Bytes [ 58, 68, 78, CD, DB, 01, 50, ... ]
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[3872] wininet.dll!InternetWriteFile 44203675 13 Bytes [ 58, 68, 75, 36, DC, 01, 50, ... ]
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[3872] wininet.dll!CommitUrlCacheEntryA 4420FC82 13 Bytes [ 58, 68, 82, FC, DC, 01, 50, ... ]
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[3872] wininet.dll!HttpSendRequestW 4421103D 13 Bytes [ 58, 68, 3D, 10, DD, 01, 50, ... ]
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[3872] wininet.dll!InternetReadFileExW 442132C6 13 Bytes [ 58, 68, C6, 32, DD, 01, 50, ... ]
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[3872] wininet.dll!InternetReadFileExA 442132FE 13 Bytes [ 58, 68, FE, 32, DD, 01, 50, ... ]
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[3872] wininet.dll!InternetErrorDlg 4426C5EB 13 Bytes [ 58, 68, EB, C5, E2, 01, 50, ... ]
.text C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[4080] kernel32.dll!FindNextFileW 7C80EFCA 13 Bytes [ 58, 68, CA, EF, 1A, 02, 50, ... ]
.text C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[4080] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 1B, 02, 50 ]
.text C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[4080] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ 09, C0, 0B, 01, C3 ]
.text C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[4080] kernel32.dll!FindNextFileA 7C834EC9 7 Bytes [ 58, 68, C9, 4E, 1D, 02, 50 ]
.text C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[4080] kernel32.dll!FindNextFileA + 8 7C834ED1 5 Bytes [ 8E, C1, 0B, 01, C3 ]
.text C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[4080] ADVAPI32.dll!CryptDeriveKey 77DB9FDD 13 Bytes [ 58, 68, DD, 9F, 37, 02, 50, ... ]
.text C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[4080] ADVAPI32.dll!CryptImportKey 77DBA1D1 13 Bytes [ 58, 68, D1, A1, 37, 02, 50, ... ]
.text C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[4080] ADVAPI32.dll!CryptGenKey 77DE17D9 13 Bytes [ 58, 68, D9, 17, 3A, 02, 50, ... ]
.text C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[4080] wininet.dll!HttpOpenRequestA 441F4399 13 Bytes [ 58, 68, 99, 43, 4F, 02, 50, ... ]
.text C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[4080] wininet.dll!InternetConnectA 441F49F2 13 Bytes [ 58, 68, F2, 49, 4F, 02, 50, ... ]
.text C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[4080] wininet.dll!HttpOpenRequestW 441F5DBA 13 Bytes [ 58, 68, BA, 5D, 4F, 02, 50, ... ]
.text C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[4080] wininet.dll!InternetReadFile 441FABF4 13 Bytes [ 58, 68, F4, AB, 4F, 02, 50, ... ]
.text C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[4080] wininet.dll!InternetQueryDataAvailable 441FAE35 13 Bytes [ 58, 68, 35, AE, 4F, 02, 50, ... ]
.text C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[4080] wininet.dll!HttpSendRequestA 441FCD78 13 Bytes [ 58, 68, 78, CD, 4F, 02, 50, ... ]
.text C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[4080] wininet.dll!InternetWriteFile 44203675 13 Bytes [ 58, 68, 75, 36, 50, 02, 50, ... ]
.text C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[4080] wininet.dll!CommitUrlCacheEntryA 4420FC82 13 Bytes [ 58, 68, 82, FC, 50, 02, 50, ... ]
.text C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[4080] wininet.dll!HttpSendRequestW 4421103D 13 Bytes [ 58, 68, 3D, 10, 51, 02, 50, ... ]
.text C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[4080] wininet.dll!InternetReadFileExW 442132C6 13 Bytes [ 58, 68, C6, 32, 51, 02, 50, ... ]
.text C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[4080] wininet.dll!InternetReadFileExA 442132FE 13 Bytes [ 58, 68, FE, 32, 51, 02, 50, ... ]
.text C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[4080] wininet.dll!InternetErrorDlg 4426C5EB 13 Bytes [ 58, 68, EB, C5, 56, 02, 50, ... ]

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8B1DD2D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7398C4C] spso.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7398CA0] spso.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7368040] spso.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F736813C] spso.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73680BE] spso.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73687FC] spso.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73686D2] spso.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A7382D8
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7378048] spso.sys
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!RtlInitUnicodeString] F44D8B48
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!swprintf] C1815753
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!KeSetEvent] 00002590
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 467C8D51
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 76F6E84A
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] D88BFFFF
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!MmFreeMappingAddress] 8504C483
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 5F0A75DB
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 5B08438D
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!MmUnmapIoSpace] 5DE58B5E
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 259068C3
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!IofCompleteRequest] 006A0000
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 88F0E853
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!IofCallDriver] 558DFFFF
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 90838DF8
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 52000025
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!IoConnectInterrupt] 03895750
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!IoDetachDevice] FFF363E8
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!KeWaitForSingleObject] 0C458AFF
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!KeInitializeEvent] 8B104D8B
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!KeCancelTimer] 43881855
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 1C458B08
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!RtlInitAnsiString] 0F544389
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 89FF45B6
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!IoQueueWorkItem] 4D8B0C4B
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!MmMapIoSpace] 50538920
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 8924558B
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!IoReportDetectedDevice] 5389584B
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!IoReportResourceForDetection] 0A43885C
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 0646B60F
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!NlsMbCodePageTag] A818C483
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!PoRequestPowerIrp] 8D7F743F
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001A8C8B
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] E0835100
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!sprintf] 7E8D503F
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] B9E85728
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!ObfDereferenceObject] 0F0000D1
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 8D0646B6
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 001B8093
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!ZwClose] E0835200
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E857503F
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 0000EBB4
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 026B938D
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!PoStartNextPowerIrp] C6830000
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!IoCreateDevice] 0008B908
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!RtlCopyUnicodeString] FA8B0000
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 758BA5F3
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 064E8A08
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!ZwOpenKey] 883FE180
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 0002688B
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!IoStartTimer] 06468A00
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!KeInitializeTimer] 8306E8C0
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!IoInitializeTimer] 023C18C4
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!KeInitializeDpc] 02698388
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!KeInitializeSpinLock] 19750000
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!IoInitializeIrp] 028C838D
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!ZwCreateKey] 52500000
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 00C143E8
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 08C48300
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!ZwSetValueKey] 0575C085
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!KeInsertQueueDpc] EB08708D
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 074E8A54
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!IoStartPacket] 026A8B88
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 83660000
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 7601487E
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!IoFreeMdl] 4AC68305
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!MmUnlockPages] F63302EB
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 5614558B
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 75E85352
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 8BFFFFF4
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 0CC483F0
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!KeSynchronizeExecution] 2075F685
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!IoStartNextPacket] 050C7D80
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!KeBugCheckEx] 0092850F
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 458B0000
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!KeSetTimer] E85350F8
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!_allmul] FFFFF848
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!MmProbeAndLockPages] 8408C483
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!_except_handler3] BE7875C0
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!PoSetPowerState] 00000008
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] F346E853
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!RtlWriteRegistryValue] C483FFFF
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 00F46804
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!_aulldiv] 838D0000

StefanH

25.01.2009 08:45

IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!strstr] 00001A8C
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!_strupr] E850006A
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!KeQuerySystemTime] FFFF87CA
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 0000F468
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!KeTickCount] 808B8D00
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 6A00001B
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!IoDeleteDevice] B7E85100
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 33FFFF87
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!IoAllocateWorkItem] 6B8389C0
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!IoAllocateIrp] 89000002
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!IoAllocateMdl] 00026F83
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 73838900
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!MmLockPagableDataSection] 89000002
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 00027783
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 7B838900
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!ExFreePoolWithTag] 89000002
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!IoFreeIrp] 00027F83
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!IoFreeWorkItem] 83838900
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!InitSafeBootMode] 53000002
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!RtlCompareMemory] 02878389
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!PoCallDriver] 7FE80000
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!memmove] 83FFFF68
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[ntoskrnl.exe!MmHighestUserAddress] 8B5F1CC4
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[HAL.dll!KfAcquireSpinLock] C0840CEC
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[HAL.dll!READ_PORT_UCHAR] 053C0D74
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[HAL.dll!KeGetCurrentIrql] 57B80974
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[HAL.dll!KfRaiseIrql] 8B000000
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[HAL.dll!KfLowerIrql] 56C35DE5
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[HAL.dll!HalGetInterruptVector] 8D08758B
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[HAL.dll!HalTranslateBusAddress] 8D51FC4D
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[HAL.dll!KeStallExecutionProcessor] 8D52FD55
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[HAL.dll!KfReleaseSpinLock] 8D51FE4D
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 8D52FF55
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[HAL.dll!READ_PORT_USHORT] 8D51F84D
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 5052F455
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[HAL.dll!WRITE_PORT_UCHAR] EACAE856
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[WMILIB.SYS!WmiSystemControl] 0FC08520
IAT \SystemRoot\System32\Drivers\a481x64z.SYS[WMILIB.SYS!WmiCompleteRequest] 0001B185

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 8B24A1F8

AttachedDevice \Driver\Tcpip \Device\Ip mdvrmng.sys
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Ip ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\usbuhci \Device\USBPDO-0 8A74A1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8B24C1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8B24C1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8B24C1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8B24C1F8
Device \Driver\usbuhci \Device\USBPDO-1 8A74A1F8
Device \Driver\usbehci \Device\USBPDO-2 8A6031F8
Device \Driver\usbuhci \Device\USBPDO-3 8A74A1F8
Device \Driver\sptd \Device\2513101418 spso.sys
Device \Driver\usbuhci \Device\USBPDO-4 8A74A1F8

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp tcpipBM.SYS (Bytemobile Kernel Network Provider/Bytemobile, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mdvrmng.sys

Device \Driver\usbuhci \Device\USBPDO-5 8A74A1F8
Device \Driver\usbehci \Device\USBPDO-6 8A6031F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8B1DB1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8B1DB1F8
Device \Driver\Cdrom \Device\CdRom0 8A6BC1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{AB001425-C016-4FDF-B041-C0B300C48943} 8A4331F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8B1DB1F8
Device \Driver\Cdrom \Device\CdRom1 8A6BC1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{90475D3A-1B0A-4345-ADD0-10B47271D974} 8A4331F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A4331F8
Device \Driver\NetBT \Device\NetbiosSmb 8A4331F8
Device \Driver\PCI_PNP1418 \Device\00000085 spso.sys

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp tcpipBM.SYS (Bytemobile Kernel Network Provider/Bytemobile, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mdvrmng.sys

Device \Driver\NetBT \Device\NetBT_Tcpip_{3771DC0F-9ED3-4776-95DB-A1484266DE55} 8A4331F8

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp tcpipBM.SYS (Bytemobile Kernel Network Provider/Bytemobile, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mdvrmng.sys

Device \Driver\usbuhci \Device\USBFDO-0 8A74A1F8
Device \Driver\usbuhci \Device\USBFDO-1 8A74A1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 886581F8
Device \Driver\usbehci \Device\USBFDO-2 8A6031F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 886581F8
Device \Driver\usbuhci \Device\USBFDO-3 8A74A1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{F258271B-736B-4CBA-8A04-9F6411EC3FEB} 8A4331F8
Device \Driver\usbuhci \Device\USBFDO-4 8A74A1F8
Device \Driver\Ftdisk \Device\FtControl 8B1DB1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{7A216C89-B618-4B3E-A222-89C1D16CB8A8} 8A4331F8
Device \Driver\usbuhci \Device\USBFDO-5 8A74A1F8
Device \Driver\usbehci \Device\USBFDO-6 8A6031F8
Device \Driver\a481x64z \Device\Scsi\a481x64z1 8A6BB1F8
Device \Driver\a481x64z \Device\Scsi\a481x64z1Port2Path0Target0Lun0 8A6BB1F8
Device \FileSystem\Cdfs \Cdfs 886BA500

StefanH

25.01.2009 08:46

---- Services - GMER 1.0.14 ----

Service system32\drivers\TDSSmqlt.sys (*** hidden *** ) [SYSTEM] TDSSserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6A 0xEA 0x70 0x6E ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x32 0xD1 0x08 0x44 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x26 0x30 0xF7 0x44 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF4 0x39 0xE7 0xE9 ...
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoiqh.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSbrsr.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSxfum.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSlxwp.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsihc.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdu.log
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6A 0xEA 0x70 0x6E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x32 0xD1 0x08 0x44 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x26 0x30 0xF7 0x44 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF4 0x39 0xE7 0xE9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6A 0xEA 0x70 0x6E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x32 0xD1 0x08 0x44 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x26 0x30 0xF7 0x44 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF4 0x39 0xE7 0xE9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoiqh.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSbrsr.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSxfum.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSlxwp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsihc.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdu.log
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6A 0xEA 0x70 0x6E ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x32 0xD1 0x08 0x44 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x26 0x30 0xF7 0x44 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF4 0x39 0xE7 0xE9 ...
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoiqh.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSbrsr.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSxfum.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSlxwp.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsihc.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdu.log
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6A 0xEA 0x70 0x6E ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x32 0xD1 0x08 0x44 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x26 0x30 0xF7 0x44 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF4 0x39 0xE7 0xE9 ...

StefanH

25.01.2009 08:47

Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoiqh.dll
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSbrsr.dll
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSxfum.dll
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSlxwp.dll
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsihc.dll
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdu.log
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6A 0xEA 0x70 0x6E ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x32 0xD1 0x08 0x44 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x26 0x30 0xF7 0x44 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF4 0x39 0xE7 0xE9 ...
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoiqh.dll
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSbrsr.dll
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSxfum.dll
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSlxwp.dll
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsihc.dll
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdu.log
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6A 0xEA 0x70 0x6E ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x32 0xD1 0x08 0x44 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x26 0x30 0xF7 0x44 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF4 0x39 0xE7 0xE9 ...
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoiqh.dll
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSbrsr.dll
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSxfum.dll
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSlxwp.dll
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsihc.dll
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdu.log
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6A 0xEA 0x70 0x6E ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x32 0xD1 0x08 0x44 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x26 0x30 0xF7 0x44 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF4 0x39 0xE7 0xE9 ...
Reg HKLM\SYSTEM\ControlSet008\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet008\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet008\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet008\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet008\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet008\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet008\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoiqh.dll
Reg HKLM\SYSTEM\ControlSet008\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat
Reg HKLM\SYSTEM\ControlSet008\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSbrsr.dll
Reg HKLM\SYSTEM\ControlSet008\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
Reg HKLM\SYSTEM\ControlSet008\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSxfum.dll
Reg HKLM\SYSTEM\ControlSet008\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSlxwp.dll
Reg HKLM\SYSTEM\ControlSet008\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet008\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsihc.dll
Reg HKLM\SYSTEM\ControlSet008\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log
Reg HKLM\SYSTEM\ControlSet008\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdu.log
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6A 0xEA 0x70 0x6E ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x32 0xD1 0x08 0x44 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x26 0x30 0xF7 0x44 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF4 0x39 0xE7 0xE9 ...
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoiqh.dll
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSbrsr.dll
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSxfum.dll
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSlxwp.dll
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsihc.dll
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdu.log

StefanH

25.01.2009 08:49

Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6A 0xEA 0x70 0x6E ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x32 0xD1 0x08 0x44 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x26 0x30 0xF7 0x44 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF4 0x39 0xE7 0xE9 ...
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoiqh.dll
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSbrsr.dll
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSxfum.dll
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSlxwp.dll
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsihc.dll
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdu.log
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6A 0xEA 0x70 0x6E ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x32 0xD1 0x08 0x44 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x26 0x30 0xF7 0x44 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF4 0x39 0xE7 0xE9 ...
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoiqh.dll
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSbrsr.dll
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSxfum.dll
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSlxwp.dll
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsihc.dll
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdu.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6A 0xEA 0x70 0x6E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x32 0xD1 0x08 0x44 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x26 0x30 0xF7 0x44 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF4 0x39 0xE7 0xE9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoiqh.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSbrsr.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSxfum.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSlxwp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsihc.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdu.log
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6A 0xEA 0x70 0x6E ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x32 0xD1 0x08 0x44 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x26 0x30 0xF7 0x44 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF4 0x39 0xE7 0xE9 ...
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoiqh.dll
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSbrsr.dll
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSxfum.dll
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSlxwp.dll
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsihc.dll
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdu.log

StefanH

25.01.2009 08:50

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D58B3F948A7E6CB44AE547DBAAD2A4D8\Usage@NewFeature1 976764424
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- EOF - GMER 1.0.14 ----

StefanH

25.01.2009 09:17

Problem gelöst

Habe mir über Chip.de von AVG den Atnivirus geladen.

Antivir deinstalliert, und AVG installiert. Mit zweiten PC (nicht infiziert) über die AVG-Homepage die akutelle Datenbank geladen und auf CD gebrannt. AVG über Tools aus verzeichnis aktualisieren auf den neuesten Stand gebracht.

Es ist der Generic10.xxxx

Trotzdem Danke!

schrauber

25.01.2009 11:44

wurde auch der backdoor/rootkit gelöscht, der auf deinem system ist? oder ist angeblich nur ruhe, weil du den dienst deaktiviert hast?

StefanH

25.01.2009 11:55

hmm wohl kaum, das logfile wurde nach dem virenscan erstellt

schrauber

25.01.2009 12:52

tja, dann machen wir hier mal weiter ;)

Anleitung Avenger (by swandog46)

1.) Lade den Avenger herunter und entzippe ihn auf den Desktop. Nicht gezippt direkt als EXE ist der Avenger hier erhältlich.

Starte die avenger.exe durch Doppelklick und akzeptiere mit OK die Nutzungsbedingungen. Füge den Inhalt der folgenden Codebox vollständig und unverändert bei "Input script here" ein und klicke auf "Execute". Beantworte die Frage, ob Du sicher bist, dass das Skript ausgeführt werden soll mit "Ja".

Code:

Drivers to delete:

TDSSserv.sys

Files to delete:

c:\windows\system32\drivers\TDSSmqlt.sys

Beantworte die Frage zum Neustart des Rechners (Reboot now?) ebenfalls mit "Ja". Nachdem der Rechner neu gestartet ist (das kann auch zweimal nötig sein und passieren!) und das DOS-Fenster, das der Avenger geöffnet hat, wieder geschlossen ist, öffnet Avenger Deinen Editor mit dem Avengerlog, zu finden auch unter C:\avenger.txt. Den Inhalt bitte posten. Ein Backup der entfernten Objekte wurde als C:\avenger\backup.zip angelegt.

=======

ab jetzt alle externen medien anklemmen und für immer dran lassen!

ComboFix

Lade dir das Tool hier herunter auf den Desktop -> KLICK

Das Programm jedoch noch nicht starten sondern zuerst folgendes tun:

Schliesse alle Anwendungen und Programme, vor allem deine Antiviren-Software und andere Hintergrundwächter, sowie deinen Internetbrowser.
Vermeide es auch explizit während das Combofix läuft die Maus und Tastatur zu benutzen.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Starte nun die combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen und lass dein System durchsuchen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte abkopieren und in deinen Beitrag einfügen. Das log findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten.

(ausführliche Anleitung -> Ein Leitfaden und Tutorium zur Nutzung von ComboFix)

StefanH

25.01.2009 18:14

ja, weiter geht´s...

Avenger:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "TDSSserv.sys" deleted successfully.

Error: file "c:\windows\system32\drivers\TDSSmqlt.sys" not found!
Deletion of file "c:\windows\system32\drivers\TDSSmqlt.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

Alle Zeitangaben in WEZ +1. Es ist jetzt 00:19 Uhr.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131