Trojaner-Board - Befall mit sshnas21.dll und weiteren Trojanern

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Befall mit sshnas21.dll und weiteren Trojanern - erfolgreich entfernt? (https://www.trojaner-board.de/89324-befall-sshnas21-dll-weiteren-trojanern-erfolgreich-entfernt.html)

Befall mit sshnas21.dll und weiteren Trojanern - erfolgreich entfernt?

Hallo zusammen!

Ich hätte es euch liebend gern erspart, euch mit (m)einem Viren-Problem behelligen zu müssen. Aber mein Kaspersky Internet Security 11 hat kürzlich den Trojaner Trojan.Win32.FraudPack.bdud in der Datei sshnas21.dll auf meinem Rechner (unter users/***/AppData/Local/temp/sshnas21.dll) entdeckt und in die Quarantäne verschoben.

Inzwischen wird als Status "virenfrei" angezeigt und mir empfohlen, die Datei wiederherzustellen. Nachdem ich dies das erste Mal getan hatte, wurde der Trojaner wenig später wieder in der Datei entdeckt - jetzt liegt sie erneut in Quarantäne, obwohl der Status (nachdem desinfizieren nicht ging, sollte sie glaube ich gelöscht werden) wieder auf "virenfrei" geändert wurde.

Zudem wurde in teils alten Dateien, die auf meinem Rechner bzw. der externen Festplatte lagerten, die folgende Trojaner entdeckt (von der vorherigen Kaspersky-Version nicht aufgespürt):
Trojan.Win32.TDSS.bjff (in JB3MV2_PCWDRV_US_01_00.EXE und JB3MV2_PCWDRV_US_01_00.EXE//WISE0012.BIN), Backdoor.Win32.Psychward.dz (ET_Patch_2_60.exe - nicht ausgeführt), Packed.Win32.katusha.n.silent (in unlocker1.8.9.exe sowie den Dateien vj0.exe, vjz.exe, vj4.exe, vj3.exe, vj1.exe).

Bei den VJ-Dateien handelte es sich um einen vermeintlichen License-Key (ja, ich weiß: :pfui:) als exe-Datei, die ich vor anderthalb Wochen runtergeladen und ausgeführt habe ... :headbang: Nachdem die Dateien immer wieder von allein im Tasmanager unter Prozesse auftauchten und immer größer wurden, habe ich sie via Kaspersky unter Quarantäne gestellt. Dort geschieht jedoch nichts, wenn ich mit "rechte Maustaste --> Prüfen" eine Überprüfung veranlassen will :-/

Im Schutz-Center von Kaspersky werden die Trojaner in den verschiedenen vj.exe-Dateien bei jedem Durchlauf immer wieder aufgeführt mit rotem Warnschild, konkret: Trojan.Win32.FraudPack.bdud (in Vjz.exe) sowie Packed.Win32.Katusha.o (in vj0.exe, vj4.exe, vj3.exe, vj2.exe, vj1.exe). Als Fundort wird jeweils users/***/AppData/Local/Temp/) angegeben.

Neben der Tatsache, dass Kaspersky die sshnas21.dll potentiell wieder herstellen will, warnt er mich permanent vor einem legalen Programm auf meinem Rechner, das von einem Angreifer benutzt werden kann, um den Computer oder die Benutzerdaten zu beschädigen (er meint anscheinend Adware not-a-virus:AdWare.Win32.NSIS.a - da im Bericht (s.u.) ebenfalls aufgeführte rtmpdump habe ich bereits wieder entfernt). Klicke ich auf den Knopf "Korrigieren", passiert nichts - außer ab und an der Rat, die ein oder andere "virenfreie" Datei aus der Quarantäne wiederherzustellen. Probleme mit dem automatischen Öffnen des IE, wie sie andere User bei sshnas21.dll-Befall hatten, sind nie aufgetreten.

Allerdings läuft an meinem Rechner (Core2Duo T7500@2.20 Ghz, 3 GB Ram mit Vista SP2) sehr häufig der Lüfter. Auch dann, wenn im Tasmanager nur eine CPU-Auslastung von unter 10 Prozent angezeigt wird. Dafür ist der physikalische Speicher auch dann zu 40 Prozent ausgelastet. Nach einer gewissen Zeit nach dem Hochfahren beruhigt sich der Rechner bisweilen wieder.

Das Kaspersky Removal Tool hat beim Durchlaufen mit den Voreinstellungen nichts gefunden. Mit Einstellungen Dokumente, Computer, etc. durchsuchen ist es irgendwann abgestürzt, ich habe es deinstalliert.

Kaspersky zeigt unter "erkannte Bedrohungen" keine "akuten Bedrohungen" (rotes Warnschild) mehr an, nur noch mehrere (s.o.) mit gelbem Warnschild (u.a. die vermeintlich virenfreie sshnas21.dll), die aber auch bei der Auswahl "aktive erkannte Bedrohungen". "Neutralisierte erkannte Bedrohungen" ist hingegen leer, obwohl die sshnas21.dll ja erkannt und bearbeitet wurde.

Habe inzwischen Malwarebytes (5 Funde) und RSIT durchlaufen lassen, deren Logs ich zusammen mit dem Kaspersky-Bericht in die folgenden Posts packe.

Wäre äußerst dankbar, wenn mir jemand sagen könnte, ...

1.) wie gefährlich die gefundenen Trojaner sind
2.) ob der Rechner noch immer befallen ist
3.) was bei einem weiter bestehenden Befall noch zu tun ist
4.) wie ich den Warnhinweis bei Kaspersky entfernen (Sicherheit ist durch ein legales Programm bedroht) und
5.) mit der sshnas21.dll-Datei und denvj-Dateien in Quarantäne verfahren soll?

Vielen Dank im Voraus!
Moriarty

Befall mit sshnas21.dll und weiteren Trojanern - erfolgreich entfernt?

Anbei zunächst das Mbam-Log:

##############################

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4412

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

10.08.2010 02:18:57
mbam-log-2010-08-10 (02-18-57).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 130059
Laufzeit: 7 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\INCG9WP8HQ (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Befall mit sshnas21.dll und weiteren Trojanern - erfolgreich entfernt?

Hier nun die Logs der Analyse mit RSIT, zunächst die log.txt:

#################################

RSIT Logfile:

Code:

Logfile of random's system information tool 1.08 (written by random/random)

Run by *** at 2010-08-10 03:11:08

Microsoft® Windows Vista™ Business  Service Pack 2

System drive C: has 11 GB (18%) free of 60 GB

Total RAM: 3069 MB (64% free)
 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 03:11:26, on 10.08.2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18928)

Boot mode: Normal
 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Anwendungen\Visagesoft\eXPert PDF\vspdfprsrv.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Anwendungen\Eraser\Eraser.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Users\***\Desktop\RSIT.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\trend micro\***.exe
 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://search.conduit.com?SearchSource=10&ctid=CT2319825

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O1 - Hosts: ::1 localhost

O1 - Hosts: 217.27.3.154 cms.n-tv.de

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll

O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - 
 

C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\f3wcpij0.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.76.dll (file 
 

missing)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Program Files\Anwendungen\Visagesoft\eXPert PDF\vspdfprsrv.exe --background

O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s

O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Sicherheit\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [Eraser] C:\Program Files\Anwendungen\Eraser\Eraser.exe -hide

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')

O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ie_banner_deny.htm

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll

O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll

O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows 
 

Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - h**p://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab

O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - h**p://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - h**p://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - 
 

h**p://ccfiles.creative.com/Web/softwareupdate/su/ocx/15112/CTPID.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F808A7E5-5C90-4E27-BA74-424F821375ED}: NameServer = 192.168.2.1

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Anwendungen\Audio\Common\Database\bin\fbserver.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE

O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe

O23 - Service: OX - Unknown owner - C:\Users\CHRIST~1\AppData\Local\Temp\OX.exe (file missing)

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: UDGEFNO - Unknown owner - C:\Users\CHRIST~1\AppData\Local\Temp\UDGEFNO.exe (file missing)

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

O23 - Service: XTYGLT - Unknown owner - C:\Users\CHRIST~1\AppData\Local\Temp\XTYGLT.exe (file missing)
 

--

End of file - 8935 bytes
 

======Scheduled tasks folder======
 

C:\Windows\tasks\Ad-Aware Update (Weekly).job

C:\Windows\tasks\Google Software Updater.job
 

======Registry dump======
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}]

IE7Pro BHO - C:\Program Files\IEPro\iepro.dll [2009-07-03 777320]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]

IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll [2010-05-07 68280]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]

FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll [2010-07-04 191160]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - FireShot - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\f3wcpij0.default\extensions\{0b457cAA-602d-484a-
 

8fe7-c1d894a011ba}\library\fsaddin-0.76.dll []
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

"Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2007-10-09 3444736]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-04-27 857648]

"vspdfprsrv.exe"=C:\Program Files\Anwendungen\Visagesoft\eXPert PDF\vspdfprsrv.exe [2006-05-04 998912]

"DELL Webcam Manager"=C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [2007-07-27 118784]

"OEM02Mon.exe"=C:\Windows\OEM02Mon.exe [2007-05-10 36864]

"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2007-05-06 405504]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]

"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]

"UnlockerAssistant"=C:\Program Files\Sicherheit\Unlocker\UnlockerAssistant.exe []

"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [2010-05-07 344736]

"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]
 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Eraser"=C:\Program Files\Anwendungen\Eraser\Eraser.exe [2007-12-23 916240]

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dradio-Recorder]

C:\Program Files\Anwendungen\Audio\dradio-Recorder\phonostarStarter.exe [2009-07-28 112640]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dradio-RecorderTimer]

C:\Program Files\Anwendungen\Audio\dradio-Recorder\phonostarTimer.exe [2009-07-29 31744]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start 
 

Menu^Programs^Startup^HDDlife.lnk]

C:\Program Files\Sicherheit\BinarySense\HDDlife 3\HDDlifePro.exe []
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll"
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]

C:\Windows\system32\klogon.dll [2010-05-07 228024]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"BindDirectlyToPropertySetStorage"=0

"NoDriveTypeAutoRun"=28
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\Program Files\IEPro\MiniDM.exe"="C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM"

"C:\Program Files\Anwendungen\Internet\PPMate\ppmate.exe"="C:\Program Files\Anwendungen\Internet\PPMate\ppmate.exe:*:Enabled:PPMate"

"C:\Program Files\Anwendungen\Internet\PPMate\ppmnet.exe"="C:\Program Files\Anwendungen\Internet\PPMate\ppmnet.exe:*:Enabled:PPMate"
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
 

======File associations======
 

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*
 

======List of files/folders created in the last 1 months======
 

2010-08-10 03:11:08 ----D---- C:\rsit

2010-08-10 03:11:08 ----D---- C:\Program Files\trend micro

2010-08-10 02:06:37 ----D---- C:\Users\***\AppData\Roaming\Malwarebytes

2010-08-10 02:06:21 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys

2010-08-10 02:06:20 ----D---- C:\ProgramData\Malwarebytes

2010-08-10 02:06:20 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-08-10 02:06:20 ----A---- C:\Windows\system32\drivers\mbam.sys

2010-08-09 19:02:10 ----SHD---- C:\Config.Msi

2010-08-09 00:57:45 ----A---- C:\Windows\system32\pncrt.dll

2010-08-09 00:57:44 ----RSH---- C:\Windows\system32\nbDX.dll

2010-08-09 00:57:44 ----RSH---- C:\Windows\system32\msfDX.dll

2010-08-09 00:57:44 ----RSH---- C:\Windows\system32\flvDX.dll

2010-08-06 00:34:04 ----D---- C:\ProgramData\SecTaskMan

2010-08-06 00:33:59 ----D---- C:\Program Files\Security Task Manager

2010-08-02 20:59:34 ----A---- C:\Windows\system32\shell32.dll

2010-08-02 14:07:28 ----D---- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers

2010-08-02 00:55:33 ----D---- C:\Users\***\AppData\Roaming\Iggels
 

======List of files/folders modified in the last 1 months======
 

2010-08-10 03:11:18 ----D---- C:\Windows\Temp

2010-08-10 03:11:08 ----D---- C:\Program Files

2010-08-10 03:02:15 ----D---- C:\ProgramData\Kaspersky Lab

2010-08-10 02:28:38 ----D---- C:\Windows\Tasks

2010-08-10 02:21:37 ----SHD---- C:\System Volume Information

2010-08-10 02:06:21 ----D---- C:\Windows\system32\drivers

2010-08-10 02:06:20 ----D---- C:\ProgramData

2010-08-10 01:26:11 ----D---- C:\Program Files\Common Files\Adobe

2010-08-10 01:26:10 ----D---- C:\Windows\system32\Adobe

2010-08-10 01:24:18 ----D---- C:\Windows

2010-08-10 01:20:58 ----D---- C:\Users\***\AppData\Roaming\Skype

2010-08-10 01:09:06 ----SHD---- C:\Windows\Installer

2010-08-10 00:44:17 ----D---- C:\ProgramData\Google Updater

2010-08-09 23:54:09 ----D---- C:\Program Files\Common Files\Steam

2010-08-09 23:16:42 ----D---- C:\Program Files\Creative

2010-08-09 23:11:51 ----D---- C:\Windows\system32\Tasks

2010-08-09 23:03:23 ----D---- C:\Windows\pss

2010-08-09 21:50:20 ----HD---- C:\Program Files\InstallShield Installation Information

2010-08-09 21:50:20 ----D---- C:\Program Files\Spiele

2010-08-09 19:02:13 ----D---- C:\Program Files\Common Files\Ahead

2010-08-09 19:02:12 ----D---- C:\Windows\System32

2010-08-08 22:39:21 ----A---- C:\Windows\system32\PerfStringBackup.INI

2010-08-08 22:39:20 ----D---- C:\Windows\inf

2010-08-08 01:18:05 ----D---- C:\Users\***\AppData\Roaming\Flock

2010-08-08 01:17:26 ----D---- C:\Users\***\AppData\Roaming\Free Download Manager

2010-08-08 01:15:55 ----D---- C:\Program Files\Anwendungen

2010-08-08 01:15:54 ----D---- C:\Windows\Prefetch

2010-08-08 01:15:29 ----D---- C:\Program Files\OpenOffice.org 3

2010-08-08 01:15:13 ----RSD---- C:\Windows\assembly

2010-08-08 00:57:23 ----D---- C:\Program Files\Mozilla Sunbird

2010-08-08 00:35:49 ----D---- C:\Program Files\Common Files

2010-08-08 00:06:00 ----D---- C:\Windows\system32\catroot2

2010-08-05 00:38:06 ----SHD---- C:\$Recycle.Bin

2010-08-04 23:52:13 ----D---- C:\Windows\Debug

2010-08-04 23:15:28 ----D---- C:\Users\***\AppData\Roaming\gtk-2.0

2010-08-02 22:08:32 ----D---- C:\Windows\winsxs

2010-08-02 20:56:45 ----D---- C:\Windows\system32\catroot

2010-08-02 14:28:45 ----D---- C:\Windows\Minidump

2010-07-28 23:59:20 ----D---- C:\Program Files\Mozilla Firefox

2010-07-22 01:44:36 ----D---- C:\Program Files\Mozilla Thunderbird

2010-07-14 22:10:58 ----D---- C:\Program Files\Windows Mail
 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 

R0 KL1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2010-05-07 132184]

R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2008-11-20 43872]

R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2009-02-03 59000]

R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2006-06-14 13680]

R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\Windows\System32\drivers\sfvfs02.sys [2007-02-08 83320]

R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2008-03-27 717296]

R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2010-07-04 475224]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]

R1 uiwbrdr;uiwbrdr; C:\Windows\System32\DRIVERS\uiwbrdr.sys [2007-03-15 272384]

R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256]

R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-14 43520]

R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]

R3 BCM43XX;Treiber für Dell Wireless WLAN Karte; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-10-09 1044472]

R3 bcm4sbxp;Broadcom 440x 10/100-integrierter Controller-XP-Treiber; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]

R3 BthEnum;Bluetooth-Auflistungsdienst; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]

R3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-18 92160]

R3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]

R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]

R3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]

R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]

R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-06-16 9768640]

R3 OEM02Dev;Creative Camera OEM002 Driver; C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-10-10 235648]

R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 7424]

R3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]

R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]

R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-05-06 326656]

R3 StillCam;Treiber für serielle Digitalkamera; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-18 9216]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-04-27 182456]

R3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2008-11-19 25216]

R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]

S1 eeCtrl;eeCtrl; C:\Windows\system32\drivers\eeCtrl.sys []

S1 kl2;kl2; C:\Windows\system32\DRIVERS\kl2.sys [2010-05-07 132184]

S1 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys []

S3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys []

S3 BCM43XV;Broadcom Extensible 802.11-Netzwerkadaptertreiber; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-10-09 1044472]

S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]

S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]

S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]

S3 Jukebox3;Jukebox3; C:\Windows\system32\DRIVERS\ctpdusb.sys [2006-01-19 17280]

S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]

S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]

S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]

S3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]

S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]

S3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 

R2 AVP;Kaspersky Anti-Virus Service; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [2010-05-07 344736]

R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]

R2 LexBceS;LexBce Server; C:\Windows\System32\LEXBCES.EXE [2002-02-14 299008]

R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-05-06 94208]

R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2007-10-09 24064]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 
 

130384]

S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]

S3 aspnet_state;ASP.NET-Zustandsdienst; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\Anwendungen\Audio\Common\Database\bin\fbserver.exe [2005-11-17 1527900]

S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]

S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

S3 OpenVPNService;OpenVPN Service; C:\Program Files\OpenVPN\bin\openvpnserv.exe [2008-11-19 15872]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 OX;OX; C:\Users\CHRIST~1\AppData\Local\Temp\OX.exe []

S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-08-09 407336]

S3 UDGEFNO;UDGEFNO; C:\Users\CHRIST~1\AppData\Local\Temp\UDGEFNO.exe []

S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319
 

\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S3 XTYGLT;XTYGLT; C:\Users\CHRIST~1\AppData\Local\Temp\XTYGLT.exe []
 

-----------------EOF-----------------

--- --- ---

#####################################

Hier nun noch die info.txt

info.txtRSIT Logfile:

Code:

logfile of random's system information tool 1.08 2010-08-10 03:11:28
 

======Uninstall list======
 

*tmx englisch-->MsiExec.exe /X{A3CB2CF2-FB36-4A70-B9D3-31420DDBCEEB}

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x7 

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x7 

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x7 

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x7 

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x7 

7-Zip 4.57-->"C:\Program Files\Anwendungen\7-Zip\Uninstall.exe"

Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin

Adobe Reader 9.3.3 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001}

Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"

Advanced Audio FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x7  /remove

Advanced Video FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x7  /remove

Ashampoo Burning Studio 6-->"C:\Program Files\Anwendungen\Ashampoo\Ashampoo Burning Studio 6\Uninstall\BS6_Uninstall.EXE"

Ashampoo WinOptimizer 2008-->"C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2008\Uninstall\1806_Uninstall.exe"

CCleaner-->"C:\Program Files\Sicherheit\CCleaner\uninst.exe"

Cisco EAP-FAST Module-->MsiExec.exe /I{BF53252E-4AB2-4C7F-A0FD-6100755745E3}

Cisco LEAP Module-->MsiExec.exe /I{76F9CF97-FC4B-4E20-B363-D127C888448F}

Cisco PEAP Module-->MsiExec.exe /I{4E5386F5-C0F6-4532-A54A-374865AEAB71}

Citrix XenApp Web Plugin-->MsiExec.exe /X{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}

Condition Zero Deleted Scenes-->"C:\Program Files\Spiele\Steam\steam.exe" steam://uninstall/100

Condition Zero-->"C:\Program Files\Spiele\Steam\steam.exe" steam://uninstall/80

Cool Edit Pro 2.0-->C:\Program Files\Anwendungen\coolpro2\cep2unin.exe

Counter-Strike Steamworks Beta-->"C:\Program Files\Spiele\Steam\steam.exe" steam://uninstall/150

Counter-Strike-->"C:\Program Files\Spiele\Steam\steam.exe" steam://uninstall/10

Creative Jukebox Driver-->C:\Windows\UNWISE.EXE C:\Windows\JB3DRV.LOG

Cuttermaran 1.69a-->MsiExec.exe /I{01CEF48F-41F2-4A43-82F2-25D23D68C1D4}

Debugging Tools for Windows (x86)-->MsiExec.exe /I{D09605BE-5587-4B0C-86C8-69B5092CB80F}

Dell Resource CD-->MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}

Dell Touchpad-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

Dell Webcam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x7  /remove

Dell Webcam Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x7  /remove

Dell Wireless WLAN Karte-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"

dradio-Recorder Version 3.00.5-->"C:\Program Files\Anwendungen\Audio\dradio-Recorder\unins000.exe"

ElsterFormular 2006/2007-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}\setup.exe" -l0x7  -removeonly

ElsterFormular 2007/2008-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}\setup.exe" -l0x7  -removeonly

ElsterFormular 2008/2009-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}\setup.exe" -l0x7  -removeonly

ElsterFormular-->C:\Program Files\ElsterFormular\uninstall.exe

Englisch 201-->C:\Program Files\Sprachen\Strokes 3.0\ENG201geruninstall.exe

Eraser-->"C:\ProgramData\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.exe" REMOVE=TRUE MODIFY=FALSE

Eraser-->C:\ProgramData\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.exe

EVEREST Home Edition v2.20-->"C:\Program Files\Sicherheit\Lavalys\EVEREST Home Edition\unins000.exe"

eXPert PDF 4-->MsiExec.exe /X{A6E92CAB-9E63-46DC-8ABF-0CAFF7B7CD02}

f4 3.1.0-->C:\Program Files\f4\uninstall.exe

Firebird SQL Server - MAGIX Edition-->C:\Program Files\Anwendungen\Audio\Common\Database\unwise.exe

Français 100-->MsiExec.exe /I{8863206D-D100-4933-B852-1951C14D3EAD}

GetASFStream-->"C:\Program Files\Anwendungen\Audio\GetASFStream\epuninst.exe" /s

GIMP 2.6.10-->"C:\Program Files\Anwendungen\Grafik\GIMP-2.0\setup\unins000.exe"

Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall

GTK+ Runtime 2.14.7 rev a (nur entfernen)-->C:\Program Files\Common Files\GTK\2.0\uninst.exe

HD Tune 2.55-->"C:\Program Files\Anwendungen\HD Tune\unins000.exe"

HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

IE7Pro-->C:\Program Files\IEPro\uninst.exe

Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}

Kaspersky Anti-Virus 2011-->MsiExec.exe /I{66F1F013-008F-4875-B283-5A814B820347}

Kaspersky Internet Security 2011-->MsiExec.exe /I{66F1F013-008F-4875-B283-5A814B820347}

Laptop Integrated Webcam Driver (1.04.01.1011)  -->C:\Windows\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt -langid 0x0407

LeechFTP -->C:\Windows\eraser.exe KILL "C:\Program Files\Anwendungen\Internet\LeechFTP\uninstall.uif"

Macromedia Dreamweaver 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ABDA9912-5D00-11D4-BAE7-9367CA097955}\Setup.exe" mmUninstall

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe

Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}

Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}

Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}

Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL

Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}

Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}

Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2}

Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}

Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{6AFCA4E1-9B78-3640-8F72-A7BF33448200}

Mozilla ActiveX Control v1.7.12-->C:\Program Files\Anwendungen\Mozilla ActiveX Control v1.7.12\uninst.exe

Mozilla Firefox (3.6.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

Mozilla Thunderbird (3.0.6)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

NetLCR v4.10.405-->"C:\Program Files\Anwendungen\Internet\NetLCR\unins000.exe"

NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI

OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}

OpenVPN 2.1_rc15-->C:\Program Files\OpenVPN\Uninstall.exe

Opera 10.53-->MsiExec.exe /X{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}

PDF Blender-->C:\Program Files\Anwendungen\PDF Blender\uninstall.exe

Security Task Manager 1.7h-->C:\Program Files\Security Task Manager\Uninstal.exe "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager"

Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}

Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}

Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}

Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76}

Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}

Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}

Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}

Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}

Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}

Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}

Security Update for Microsoft Office Word 2007 (KB982135)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0112C750-A06F-4F92-9C40-E5C1EA9A70EB}

SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x7 -remove -removeonly

Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}

Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}

Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}

SUPER © Version 2010.bld.38 (May 2, 2010)-->C:\PROGRA~1\ANWEND~1\ERIGHT~1\SUPER\Setup.exe /remove /q0

tmx808-->MsiExec.exe /I{F765A6C2-1E03-4B0D-9484-2281A2942CA6}

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}

Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}

Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96}

Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1}

Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}

Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""

Visual C++ 9.0 CRT (x86) WinSXS MSM-->MsiExec.exe /I{0138F525-6C8A-333F-A105-14AE030B9A54}

WEB.DE Club SmartFax-->C:\Program Files\Anwendungen\WEB.DE\WEB.DE Club SmartFax\uninst.exe

WEB.DE SmartDrive Manager-->C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\uninst.exe

Windows Live installer-->MsiExec.exe /X{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}

Windows Live Writer-->MsiExec.exe /X{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}

Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
 

======Hosts File======
 

217.27.3.154 cms.n-tv.de
 

======Security center information======
 

AS: Lavasoft Ad-Watch Live! (disabled)

AS: Windows-Defender (disabled)
 

=====Application event log=====
 

Computer Name: ***-PC

Event Code: 900

Message: Der Softwarelizenzierungsdienst wird gestartet.
 

Record Number: 7118

Source Name: Microsoft-Windows-Security-Licensing-SLC

Time Written: 20080630211842.000000-000

Event Type: Informationen

User: 
 

Computer Name: ***-PC

Event Code: 2

Message: Der Zertifikatdiensteclient wurde angehalten.

Record Number: 7117

Source Name: Microsoft-Windows-CertificateServicesClient

Time Written: 20080630100432.729800-000

Event Type: Informationen

User: NT-AUTORITÄT\SYSTEM
 

Computer Name: ***-PC

Event Code: 901

Message: Der Softwarelizenzierungsdienst wird beendet.
 

Record Number: 7116

Source Name: Microsoft-Windows-Security-Licensing-SLC

Time Written: 20080630100432.000000-000

Event Type: Informationen

User: 
 

Computer Name: ***-PC

Event Code: 1532

Message: Das Benutzerprofil wurde angehalten  
 
 

Record Number: 7115

Source Name: Microsoft-Windows-User Profiles Service

Time Written: 20080630100432.000000-000

Event Type: Informationen

User: NT-AUTORITÄT\SYSTEM
 

Computer Name: ***-PC

Event Code: 1530

Message: Es wurde festgestellt, dass Ihre Registrierungsdatei noch von anderen Anwendungen oder Diensten verwendet wird. Die Datei wird nun entladen. Die Anwendungen oder Dienste, die Ihre Registrierungsdatei anhalten, funktionieren anschließend u. U. nicht mehr ordnungsgemäß.  
 

 DETAIL - 

 1 user registry handles leaked from \Registry\User\S-1-5-21-1266740531-1925796205-1647025121-1000_Classes:

Process 1016 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1266740531-1925796205-1647025121-1000_CLASSES
 

Record Number: 7114

Source Name: Microsoft-Windows-User Profiles Service

Time Written: 20080630100430.000000-000

Event Type: Warnung

User: NT-AUTORITÄT\SYSTEM
 

=====Security event log=====
 

Computer Name: ***-PC

Event Code: 4672

Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.
 

Antragsteller:

        Sicherheits-ID:                S-1-5-18

        Kontoname:                SYSTEM

        Kontodomäne:                NT-AUTORITÄT

        Anmelde-ID:                0x3e7
 

Berechtigungen:                SeAssignPrimaryTokenPrivilege

                        SeTcbPrivilege

                        SeSecurityPrivilege

                        SeTakeOwnershipPrivilege

                        SeLoadDriverPrivilege

                        SeBackupPrivilege

                        SeRestorePrivilege

                        SeDebugPrivilege

                        SeAuditPrivilege

                        SeSystemEnvironmentPrivilege

                        SeImpersonatePrivilege

Record Number: 46981

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090430104631.497398-000

Event Type: Überwachung erfolgreich

User: 
 

Computer Name: ***-PC

Event Code: 4624

Message: Ein Konto wurde erfolgreich angemeldet.
 

Antragsteller:

        Sicherheits-ID:                S-1-5-18

        Kontoname:                ***-PC$

        Kontodomäne:                WORKGROUP

        Anmelde-ID:                0x3e7
 

Anmeldetyp:                        5
 

Neue Anmeldung:

        Sicherheits-ID:                S-1-5-18

        Kontoname:                SYSTEM

        Kontodomäne:                NT-AUTORITÄT

        Anmelde-ID:                0x3e7

        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}
 

Prozessinformationen:

        Prozess-ID:                0x2e0

        Prozessname:                C:\Windows\System32\services.exe
 

Netzwerkinformationen:

        Arbeitsstationsname:        

        Quellnetzwerkadresse:        -

        Quellport:                -
 

Detaillierte Authentifizierungsinformationen:

        Anmeldeprozess:                Advapi  

        Authentifizierungspaket:        Negotiate

        Übertragene Dienste:        -

        Paketname (nur NTLM):        -

        Schlüssellänge:                0
 

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.
 

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".
 

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).
 

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.
 

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.
 

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.

         - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.

        - Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.

        - Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.

        - Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.

Record Number: 46980

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090430104631.497398-000

Event Type: Überwachung erfolgreich

User: 
 

Computer Name: ***-PC

Event Code: 4648

Message: Anmeldeversuch mit expliziten Anmeldeinformationen.
 

Antragsteller:

        Sicherheits-ID:                S-1-5-18

        Kontoname:                ***-PC$

        Kontodomäne:                WORKGROUP

        Anmelde-ID:                0x3e7

        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}
 

Konto, dessen Anmeldeinformationen verwendet wurden:

        Kontoname:                SYSTEM

        Kontodomäne:                NT-AUTORITÄT

        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}
 

Zielserver:

        Zielservername:        localhost

        Weitere Informationen:        localhost
 

Prozessinformationen:

        Prozess-ID:                0x2e0

        Prozessname:                C:\Windows\System32\services.exe
 

Netzwerkinformationen:

        Netzwerkadresse:        -

        Port:                        -
 

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden.  Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.

Record Number: 46979

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090430104631.497398-000

Event Type: Überwachung erfolgreich

User: 
 

Computer Name: ***-PC

Event Code: 4672

Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.
 

Antragsteller:

        Sicherheits-ID:                S-1-5-19

        Kontoname:                LOKALER DIENST

        Kontodomäne:                NT-AUTORITÄT

        Anmelde-ID:                0x3e5
 

Berechtigungen:                SeAssignPrimaryTokenPrivilege

                        SeAuditPrivilege

                        SeImpersonatePrivilege

Record Number: 46978

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090430104631.419398-000

Event Type: Überwachung erfolgreich

User: 
 

Computer Name: ***-PC

Event Code: 4624

Message: Ein Konto wurde erfolgreich angemeldet.
 

Antragsteller:

        Sicherheits-ID:                S-1-5-18

        Kontoname:                ***-PC$

        Kontodomäne:                WORKGROUP

        Anmelde-ID:                0x3e7
 

Anmeldetyp:                        5
 

Neue Anmeldung:

        Sicherheits-ID:                S-1-5-19

        Kontoname:                LOKALER DIENST

        Kontodomäne:                NT-AUTORITÄT

        Anmelde-ID:                0x3e5

        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}
 

Prozessinformationen:

        Prozess-ID:                0x2e0

        Prozessname:                C:\Windows\System32\services.exe
 

Netzwerkinformationen:

        Arbeitsstationsname:        

        Quellnetzwerkadresse:        -

        Quellport:                -
 

Detaillierte Authentifizierungsinformationen:

        Anmeldeprozess:                Advapi  

        Authentifizierungspaket:        Negotiate

        Übertragene Dienste:        -

        Paketname (nur NTLM):        -

        Schlüssellänge:                0
 

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.
 

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".
 

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).
 

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.
 

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.
 

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.

         - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.

        - Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.

        - Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.

        - Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.

Record Number: 46977

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090430104631.419398-000

Event Type: Überwachung erfolgreich

User: 
 

======Environment variables======
 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Anwendungen\Smart Projects\IsoBuster;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel

"PROCESSOR_REVISION"=0f0b

"NUMBER_OF_PROCESSORS"=2
 

-----------------EOF-----------------

--- --- ---

Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Antwort auf Deine Frage:
Die Schädlinge hinterlassen immer "charakteristische Spuren" an ihrem "Tatort", sie vollkommen aufzuspüren und entfernen ist nicht immer möglich. Daher ist empfehlenswert, das stark komprimierte System komplett neu zu installieren, den Auslieferungszustand wieder so zu erreichen
Wenn du dich für eine umfassende Reinigung deines Systems entscheidest, so geht`s weiter:

1.
Bitte Versteckte - und Systemdateien sichtbar machen den Link hier anklicken:
System-Dateien und -Ordner unter XP und Vista sichtbar machen
Am Ende unserer Arbeit, kannst wieder rückgängig machen!

2.
→ besuche die Seite von virustotal und die Datei/en aus Codebox bitte prüfen lassen - inklusive Dateigröße und Name, MD5 und SHA1 auch mitkopieren:
→ Tipps für die Suche nach Dateien

Code:

C:\Users\CHRIST~1\AppData\Local\Temp\OX.exe

C:\Users\CHRIST~1\AppData\Local\Temp\UDGEFNO.exe

C:\Users\CHRIST~1\AppData\Local\Temp\XTYGLT.exe

→ Klicke auf "Durchsuchen"
→ Suche die Datei auf deinem Rechner→ Doppelklick auf die zu prüfende Datei (oder kopiere den Inhalt ab aus der Codebox)
→ "Senden der Datei" und Warte, bis der Scandurchlauf aller Virenscanner beendet ist
→ das Ergebnis wie Du es bekommst (NICHT AUSLASSEN!) da reinkoperen (inklusive <geprüfter Dateiname> + Dateigröße und Name, MD5 und SHA1)

** Beispiel - das zu Logfile von Virustotal soll so wie hier aussehen Also nicht auslassen, sondern wie Du es bekommst da reinkopieren!:

Code:

Datei <hier kommt die Dateiname> empfangen 2009.xx.xx xx:xx:xx (CET)

Antivirus        Version        letzte aktualisierung        Ergebnis

a-squared        4.0.0.73        2009.01.28        -

AhnLab-V3        5.0.0.2        2009.01.28        -

AntiVir        7.9.0.60        2009.01.28        -

Authentium        5.1.0.4        2009.01.27        -
 

...über 40 Virenscannern...also Geduld!!

3.
→ Lade Dir HJTscanlist.zip herunter
→ entpacke die Datei auf deinem Desktop
→ Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren
→ per Doppelklick starten
→ Wähle dein Betriebsystem aus - Vista
→ Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen
→ Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren
→ Bitte kopiere den Inhalt hier in Deinen Thread.

4.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool ccleaner herunter
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

5.
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :

- also lade Dir Gmer herunter und entpacke es auf deinen Desktop
- starte gmer.exe
- [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
- bitte nichts am Pc machen während der Scan läuft!
- klicke auf "Scan", um das Tool zu starten
- wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
- mit "Ok" wird Gmer beendet.
- das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!

6.
Lade und installiere das Tool RootRepeal herunter

setze einen Hacken bei: "Drivers"-> "Scan"-> Save Report"...
"Stealth Objects" -> "Scan"-> Save Report"...
"Hidden Services" -> "Scan"-> Save Report"...
speichere das Logfile als "RootRepeal.txt" auf dem Desktop und Kopiere den Inhalt hier in den Thread

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein log schreibst du:[code]
hier kommt dein logfile rein
→ dahinter:[/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
Coverflow

Hallo Coverflow und vielen Dank, dass Du dich der Sache annimmst.

Beim Abarbeiten deiner To-Do-Liste bin allerdings schon beim Finden der drei genannten exe-Dateien gescheitert. Ich habe die Suchtipps befolgt, trotzdem wurde die Datei nicht entdeckt.

Bei der Suche nach ox.exe auf dem gesamten Rechner und der externen Festplatte wurden mir lediglich diverse pdf-Dateien angezeigt. Die Suche im Temp-Ordner blieb erfolglos.

Deshalb anbei zunächst die Übersichten von hjtscanlist und CCleaner:

Code:

 

                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 

                        º                                    º 

                                    hjtscanlist v2.0              

                        º                                    º 

                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
 

Microsoft Windows [Version 6.0.6002]

 

 

C:
 

  10.08.2010 12:26     C:\Windows --------- 28672   

       C:\hiberfil.sys ---------    

       C:\pagefile.sys ---------    

  10.08.2010 04:59     C:\System Volume Information --------- 24576   

  10.08.2010 04:40     C:\rsit --------- 4096   

  10.08.2010 03:11     C:\Program Files --------- 24576   

  10.08.2010 02:06     C:\ProgramData --------- 12288   

  10.08.2010 01:24     C:\Config.Msi --------- 0   

  05.08.2010 00:38     C:\$Recycle.Bin --------- 0   

  04.07.2010 02:33     C:\aaw7boot.log --------- 95868   

  25.06.2010 16:52     C:\3c767e736e4a17d0946ee37b37 --------- 4096   

  08.05.2010 00:55     C:\WinDDK --------- 0   

  08.05.2010 00:39     C:\CTSUFile.txt --------- 19706   

  07.09.2009 16:38     C:\Boot --------- 4096   

  24.04.2009 16:06     C:\temp_phw --------- 0   

  11.04.2009 08:36     C:\bootmgr --------- 333257   

  01.10.2008 11:44     C:\MSOCache --------- 0   

  20.09.2008 00:04     C:\test.txt --------- 943   

  20.09.2008 00:03     C:\ppmaterecord --------- 0   

  24.04.2008 18:30     C:\MSDOS.SYS --------- 0   

  24.04.2008 18:30     C:\IO.SYS --------- 0   

  16.04.2008 21:36     C:\ElsterFormular --------- 0   

  25.03.2008 14:50     C:\PerfLogs --------- 0   

  25.03.2008 13:54     C:\5c3ab949edb764837f89435098 --------- 0   

  18.03.2008 11:25     C:\newfile.enc --------- 21469   

  18.03.2008 11:25     C:\newkey --------- 21469   

  18.03.2008 11:16     C:\Intel --------- 0   

  18.03.2008 11:15     C:\dell --------- 0   

  18.03.2008 11:12     C:\Users --------- 4096   

  18.03.2008 11:12     C:\Programme --------- 0   

  18.03.2008 11:12     C:\Dokumente und Einstellungen --------- 0   

  18.03.2008 11:04     C:\BOOTSECT.BAK --------- 8192   

  07.11.2007 08:12     C:\VC_RED.MSI --------- 232960   

  07.11.2007 08:09     C:\VC_RED.cab --------- 1442522   

  07.11.2007 08:03     C:\install.res.2052.dll --------- 75792   

  07.11.2007 08:03     C:\install.res.3082.dll --------- 96272   

  07.11.2007 08:03     C:\install.res.1033.dll --------- 91152   

  07.11.2007 08:03     C:\install.res.1036.dll --------- 97296   

  07.11.2007 08:03     C:\install.res.1041.dll --------- 81424   

  07.11.2007 08:03     C:\install.res.1040.dll --------- 95248   

  07.11.2007 08:03     C:\install.res.1028.dll --------- 76304   

  07.11.2007 08:03     C:\install.res.1031.dll --------- 96272   

  07.11.2007 08:03     C:\install.exe --------- 562688   

  07.11.2007 08:03     C:\install.res.1042.dll --------- 79888   

  07.11.2007 08:00     C:\install.ini --------- 843   

  07.11.2007 08:00     C:\globdata.ini --------- 1110   

  07.11.2007 08:00     C:\eula.1028.txt --------- 17734   

  07.11.2007 08:00     C:\eula.3082.txt --------- 17734   

  07.11.2007 08:00     C:\eula.2052.txt --------- 17734   

  07.11.2007 08:00     C:\eula.1042.txt --------- 17734   

  07.11.2007 08:00     C:\eula.1041.txt --------- 118   

  07.11.2007 08:00     C:\eula.1040.txt --------- 17734   

  07.11.2007 08:00     C:\eula.1036.txt --------- 17734   

  07.11.2007 08:00     C:\eula.1033.txt --------- 10134   

  07.11.2007 08:00     C:\vcredist.bmp --------- 5686   

  07.11.2007 08:00     C:\eula.1031.txt --------- 17734   

  02.11.2006 15:02     C:\Documents and Settings --------- 0   

  18.09.2006 23:43     C:\config.sys --------- 10   

  18.09.2006 23:43     C:\autoexec.bat --------- 24   

----------------------------------------
 

 

C:\Windows
 

  10.08.2010 13:05     C:\Windows\WindowsUpdate.log --------- 2038933   

  10.08.2010 05:05     C:\Windows\bthservsdp.dat --------- 2140   

  10.08.2010 01:24     C:\Windows\PFRO.log --------- 578   

  08.05.2010 02:52     C:\Windows\QTFont.qfn --------- 54156   

  08.05.2010 02:39     C:\Windows\QTFont.for --------- 1409   

  15.01.2010 23:40     C:\Windows\bootstat.dat --------- 67584   

  06.07.2009 13:12     C:\Windows\_MSRSTRT.EXE --------- 2560   

  11.04.2009 08:27     C:\Windows\explorer.exe --------- 2926592   

  18.02.2009 02:23     C:\Windows\mgxoschk.ini --------- 7119   

  30.10.2008 17:10     C:\Windows\VPNInstall.MIF --------- 1615   

  20.09.2008 00:04     C:\Windows\psnetwork.ini --------- 382   

  30.07.2008 15:25     C:\Windows\win.ini --------- 174   

  30.07.2008 15:25     C:\Windows\system.ini --------- 247   

  25.03.2008 14:57     C:\Windows\WindowsShell.Manifest --------- 749   

  25.03.2008 14:27     C:\Windows\SPInstall.etl --------- 196608   

  19.03.2008 01:23     C:\Windows\Adobereg.db --------- 135   

  18.03.2008 12:12     C:\Windows\nsreg.dat --------- 0   

  19.01.2008 00:33     C:\Windows\regedit.exe --------- 134656   

  19.01.2008 00:33     C:\Windows\notepad.exe --------- 151040   

  19.01.2008 00:33     C:\Windows\HelpPane.exe --------- 498176   

  19.01.2008 00:33     C:\Windows\fveupdate.exe --------- 13312   

  19.01.2008 00:33     C:\Windows\bfsvc.exe --------- 58880   

  10.10.2007 17:02     C:\Windows\OEM02Cfg.exe --------- 28672   

  18.07.2007 20:51     C:\Windows\CtDrvIns.exe --------- 90112   

  10.05.2007 02:01     C:\Windows\OEM02Mon.exe --------- 36864   

  05.04.2007 12:52     C:\Windows\OEM002.uns --------- 4510   

  22.02.2007 04:06     C:\Windows\DELL_VERSION --------- 32   

  02.11.2006 14:36     C:\Windows\WMSysPr9.prx --------- 316640   

  02.11.2006 14:35     C:\Windows\twunk_32.exe --------- 31232   

  02.11.2006 14:35     C:\Windows\twunk_16.exe --------- 49680   

  02.11.2006 14:35     C:\Windows\twain_32.dll --------- 50688   

  02.11.2006 14:35     C:\Windows\twain.dll --------- 94784   

  02.11.2006 11:45     C:\Windows\winhlp32.exe --------- 9216   

  02.11.2006 11:45     C:\Windows\hh.exe --------- 14848   

  02.11.2006 09:46     C:\Windows\mib.bin --------- 43131   

  19.09.2006 13:41     C:\Windows\Business.xml --------- 4261   

  18.09.2006 23:43     C:\Windows\_default.pif --------- 707   

  18.09.2006 23:43     C:\Windows\winhelp.exe --------- 256192   

  18.09.2006 23:30     C:\Windows\msdfmap.ini --------- 1405   

  03.05.2006 00:38     C:\Windows\SetBrowser.exe --------- 72444   

  03.05.2006 00:38     C:\Windows\SetBrowser.ini --------- 748   

  19.01.2006 02:01     C:\Windows\ctpdusb.uns --------- 3635   

  11.05.2003 16:51     C:\Windows\RunUnDrv.exe --------- 26112   

  05.01.2000 00:20     C:\Windows\unvise32qt.exe --------- 86016   

  10.10.1999 19:00     C:\Windows\Ctregrun.exe --------- 41984   

  25.06.1999 10:55     C:\Windows\UNWISE.EXE --------- 149504   

  02.12.1998 10:11     C:\Windows\vbuzip10.Dll --------- 143360   

  21.10.1998 19:43     C:\Windows\IsUn0407.exe --------- 328704   

  08.07.1998 18:30     C:\Windows\eraser.exe --------- 18944   

  13.10.1997 20:55     C:\Windows\unin0407.exe --------- 299008   

----------------------------------------
 

 

C:\Windows\System
 

 02.11.2006 14:35      C:\Windows\System\mciseq.drv --------- 25264 

 02.11.2006 14:35      C:\Windows\System\mciwave.drv --------- 28160 

 02.11.2006 14:35      C:\Windows\System\avifile.dll --------- 109456 

 02.11.2006 14:35      C:\Windows\System\mciavi.drv --------- 73376 

 02.11.2006 14:35      C:\Windows\System\avicap.dll --------- 69584 

 02.11.2006 14:35      C:\Windows\System\msvideo.dll --------- 126912 

 02.11.2006 09:10      C:\Windows\System\OLESVR.DLL --------- 24064 

 02.11.2006 09:10      C:\Windows\System\WFWNET.DRV --------- 12704 

 02.11.2006 09:10      C:\Windows\System\COMMDLG.DLL --------- 32816 

 02.11.2006 09:10      C:\Windows\System\TIMER.DRV --------- 4048 

 02.11.2006 09:10      C:\Windows\System\MMSYSTEM.DLL --------- 68992 

 02.11.2006 09:10      C:\Windows\System\mmtask.tsk --------- 1152 

 02.11.2006 09:10      C:\Windows\System\mouse.drv --------- 2032 

 02.11.2006 09:10      C:\Windows\System\vga.drv --------- 2176 

 02.11.2006 09:10      C:\Windows\System\sound.drv --------- 1744 

 02.11.2006 09:10      C:\Windows\System\keyboard.drv --------- 2000 

 02.11.2006 09:10      C:\Windows\System\SHELL.DLL --------- 5120 

 02.11.2006 09:10      C:\Windows\System\system.drv --------- 3360 

 18.09.2006 23:43      C:\Windows\System\ver.dll --------- 9008 

 18.09.2006 23:43      C:\Windows\System\olecli.dll --------- 82944 

 18.09.2006 23:43      C:\Windows\System\lzexpand.dll --------- 9936 

 18.09.2006 23:35      C:\Windows\System\stdole.tlb --------- 5532 

----------------------------------------
 

 

C:\Windows\System32
 

 10.08.2010 13:20     C:\Windows\system32\hjtscanlist.txt --------- 8842  

 10.08.2010 12:24     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-
 

601632D005A0 --------- 3776  

 10.08.2010 12:24     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-
 

601632D005A0 --------- 3776  

 10.08.2010 05:00     C:\Windows\system32\drivers --------- 53248  

 10.08.2010 05:00     C:\Windows\system32\catroot --------- 4096  

 10.08.2010 01:26     C:\Windows\system32\Adobe --------- 4096  

 09.08.2010 23:11     C:\Windows\system32\Tasks --------- 8192  

 08.08.2010 22:39     C:\Windows\system32\perfh009.dat --------- 629724  

 08.08.2010 22:39     C:\Windows\system32\perfc009.dat --------- 119088  

 08.08.2010 22:39     C:\Windows\system32\perfh007.dat --------- 669120  

 08.08.2010 22:39     C:\Windows\system32\perfc007.dat --------- 144964  

 08.08.2010 22:39     C:\Windows\system32\PerfStringBackup.INI --------- 1555612  

 08.08.2010 00:06     C:\Windows\system32\catroot2 --------- 12288  

 26.07.2010 17:51     C:\Windows\system32\shell32.dll --------- 11584512  

 04.07.2010 03:32     C:\Windows\system32\DRVSTORE --------- 0  

 02.07.2010 21:39     C:\Windows\system32\mrt.exe --------- 34045896  

 25.06.2010 16:50     C:\Windows\system32\en-US --------- 8192  

 11.06.2010 16:29     C:\Windows\system32\FNTCACHE.DAT --------- 337576  

 11.06.2010 16:20     C:\Windows\system32\migration --------- 4096  

 11.06.2010 16:20     C:\Windows\system32\wbem --------- 61440  

 27.05.2010 03:04     C:\Windows\system32\de-DE --------- 204800  

 26.05.2010 19:06     C:\Windows\system32\atmlib.dll --------- 34304  

 26.05.2010 16:47     C:\Windows\system32\atmfd.dll --------- 289792  

 21.05.2010 14:14     C:\Windows\system32\MpSigStub.exe --------- 221568  

 11.05.2010 03:22     C:\Windows\system32\jupdate-1.6.0_20-b02.log --------- 3217  

 08.05.2010 03:24     C:\Windows\system32\MAGIX --------- 0  

 08.05.2010 01:37     C:\Windows\system32\WindowsPowerShell --------- 0  

 07.05.2010 12:37     C:\Windows\system32\klogon.dll --------- 228024  

 04.05.2010 07:59     C:\Windows\system32\wininet.dll --------- 916480  

 04.05.2010 07:59     C:\Windows\system32\urlmon.dll --------- 1209344  

 04.05.2010 07:58     C:\Windows\system32\occache.dll --------- 206848  

 04.05.2010 07:56     C:\Windows\system32\mstime.dll --------- 611840  

 04.05.2010 07:56     C:\Windows\system32\mshtml.dll --------- 5950976  

 04.05.2010 07:56     C:\Windows\system32\msfeedsbs.dll --------- 55296  

 04.05.2010 07:56     C:\Windows\system32\msfeeds.dll --------- 599040  

 04.05.2010 07:55     C:\Windows\system32\jsproxy.dll --------- 25600  

 04.05.2010 07:55     C:\Windows\system32\inetcpl.cpl --------- 1469440  

 04.05.2010 07:55     C:\Windows\system32\ieui.dll --------- 164352  

 04.05.2010 07:55     C:\Windows\system32\iesysprep.dll --------- 109056  

 04.05.2010 07:55     C:\Windows\system32\iesetup.dll --------- 71680  

 04.05.2010 07:55     C:\Windows\system32\iertutil.dll --------- 1985536  

 04.05.2010 07:55     C:\Windows\system32\iernonce.dll --------- 55808  

 04.05.2010 07:55     C:\Windows\system32\iepeers.dll --------- 184320  

 04.05.2010 07:55     C:\Windows\system32\ieframe.dll --------- 11076096  

 04.05.2010 07:55     C:\Windows\system32\iedkcs32.dll --------- 387584  

 04.05.2010 06:31     C:\Windows\system32\ieUnatt.exe --------- 133632  

 04.05.2010 06:30     C:\Windows\system32\ie4uinit.exe --------- 173056  

 04.05.2010 06:30     C:\Windows\system32\msfeedssync.exe --------- 13312  

 04.05.2010 06:30     C:\Windows\system32\mshtml.tlb --------- 1638912  

 01.05.2010 16:13     C:\Windows\system32\win32k.sys --------- 2037248  

 23.04.2010 16:13     C:\Windows\system32\tzres.dll --------- 2048  

 16.04.2010 18:43     C:\Windows\system32\Apphlpdm.dll --------- 28672  

 16.04.2010 16:39     C:\Windows\system32\GameUXLegacyGDFs.dll --------- 4240384  

 12.04.2010 17:29     C:\Windows\system32\javaws.exe --------- 153376  

 12.04.2010 17:29     C:\Windows\system32\javaw.exe --------- 145184  

 12.04.2010 17:29     C:\Windows\system32\java.exe --------- 145184  

 12.04.2010 17:29     C:\Windows\system32\deployJava1.dll --------- 411368  

 05.04.2010 19:01     C:\Windows\system32\asycfilt.dll --------- 67072  

 01.04.2010 13:05     C:\Windows\system32\jupdate-1.6.0_19-b04.log --------- 4423  

 18.03.2010 13:16     C:\Windows\system32\msvcr100_clr0400.dll --------- 771424  

 05.03.2010 16:01     C:\Windows\system32\vbscript.dll --------- 420352  

 21.02.2010 01:06     C:\Windows\system32\nshhttp.dll --------- 24064  

 21.02.2010 01:05     C:\Windows\system32\httpapi.dll --------- 30720  

 18.02.2010 16:07     C:\Windows\system32\ntkrnlpa.exe --------- 3600776  

 18.02.2010 16:07     C:\Windows\system32\ntoskrnl.exe --------- 3548040  

 18.02.2010 15:30     C:\Windows\system32\iphlpsvc.dll --------- 200704  

 12.02.2010 12:32     C:\Windows\system32\browserchoice.exe --------- 293376  

 08.02.2010 03:30     C:\Windows\system32\Macromed --------- 0  

 29.01.2010 17:40     C:\Windows\system32\inetcomm.dll --------- 738816  

 27.01.2010 14:23     C:\Windows\system32\WDI --------- 8192  

 25.01.2010 14:00     C:\Windows\system32\secproc_ssp_isv.dll --------- 152576  

 25.01.2010 14:00     C:\Windows\system32\secproc_ssp.dll --------- 152064  

 25.01.2010 14:00     C:\Windows\system32\secproc_isv.dll --------- 471552  

 25.01.2010 14:00     C:\Windows\system32\secproc.dll --------- 471552  

 25.01.2010 13:58     C:\Windows\system32\msdrm.dll --------- 332288  

 25.01.2010 10:21     C:\Windows\system32\RMActivate_ssp_isv.exe --------- 346624  

 25.01.2010 10:21     C:\Windows\system32\RMActivate_isv.exe --------- 526336  

 25.01.2010 10:21     C:\Windows\system32\RMActivate_ssp.exe --------- 347136  

 25.01.2010 10:21     C:\Windows\system32\RMActivate.exe --------- 518144  

 21.01.2010 17:05     C:\Windows\system32\l3codeca.acm --------- 62464  

 17.01.2010 20:41     C:\Windows\system32\LogFiles --------- 4096  

 13.01.2010 19:34     C:\Windows\system32\cabview.dll --------- 98304  

 06.01.2010 17:39     C:\Windows\system32\gameux.dll --------- 1696256  

 27.12.2009 12:29     C:\Windows\system32\QuickTime --------- 0  

 27.12.2009 12:29     C:\Windows\system32\qtplugin.log --------- 4492  

 23.12.2009 13:33     C:\Windows\system32\wintrust.dll --------- 172032  

 04.12.2009 20:30     C:\Windows\system32\tsbyuv.dll --------- 12288  

 04.12.2009 20:29     C:\Windows\system32\quartz.dll --------- 1314816  

 04.12.2009 20:28     C:\Windows\system32\msyuv.dll --------- 22528  

 04.12.2009 20:28     C:\Windows\system32\msvidc32.dll --------- 31744  

 04.12.2009 20:28     C:\Windows\system32\msvfw32.dll --------- 123904  

 04.12.2009 20:28     C:\Windows\system32\msrle32.dll --------- 13312  

 04.12.2009 20:28     C:\Windows\system32\mciavi32.dll --------- 82944  

 04.12.2009 20:28     C:\Windows\system32\iyuv_32.dll --------- 50176  

 04.12.2009 20:27     C:\Windows\system32\avifil32.dll --------- 91136  

 04.12.2009 09:19     C:\Windows\system32\jscript.dll --------- 726528  

 17.11.2009 18:18     C:\Windows\system32\pt-BR --------- 0  

 17.11.2009 18:18     C:\Windows\system32\bg-BG --------- 0  

 17.11.2009 18:18     C:\Windows\system32\it-IT --------- 0  

 17.11.2009 18:18     C:\Windows\system32\he-IL --------- 0  

----------------------------------------
 

 

C:\Windows\Prefetch
 

 10.08.2010 13:20     C:\Windows\Prefetch\CONIME.EXE-B273009A.pf --------- 13530  

 10.08.2010 13:20     C:\Windows\Prefetch\DLLHOST.EXE-893DDF55.pf --------- 20572  

 10.08.2010 13:19     C:\Windows\Prefetch\CONSENT.EXE-65F6206D.pf --------- 85586  

 10.08.2010 13:19     C:\Windows\Prefetch\VERCLSID.EXE-4D95F5A7.pf --------- 13566  

 10.08.2010 13:16     C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-AA7A1FDD.pf --------- 18572  

 10.08.2010 13:16     C:\Windows\Prefetch\DLLHOST.EXE-71214090.pf --------- 20682  

 10.08.2010 13:14     C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-AFAD3EF9.pf --------- 35656  

 10.08.2010 13:03     C:\Windows\Prefetch\WMIPRVSE.EXE-43972D0F.pf --------- 33634  

 10.08.2010 13:02     C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-031B6478.pf --------- 234072  

 10.08.2010 13:00     C:\Windows\Prefetch\JAVAW.EXE-C4EA16F0.pf --------- 231802  

 10.08.2010 12:59     C:\Windows\Prefetch\CONTROL.EXE-9459D5A0.pf --------- 38580  

 10.08.2010 12:59     C:\Windows\Prefetch\CCLEANER.EXE-BC1F1F57.pf --------- 141526  

 10.08.2010 12:58     C:\Windows\Prefetch\NOTEPAD.EXE-EB1B961A.pf --------- 19160  

 10.08.2010 12:48     C:\Windows\Prefetch\TASKMGR.EXE-72398DC0.pf --------- 48762  

 10.08.2010 12:47     C:\Windows\Prefetch\LOGONUI.EXE-1BEE4A84.pf --------- 36162  

 10.08.2010 12:39     C:\Windows\Prefetch\WERCON.EXE-FE5CD389.pf --------- 215012  

 10.08.2010 12:39     C:\Windows\Prefetch\WERMGR.EXE-2A1BCBC7.pf --------- 21128  

 10.08.2010 12:39     C:\Windows\Prefetch\AVP.EXE-3E677F5B.pf --------- 262774  

 10.08.2010 12:39     C:\Windows\Prefetch\TASKENG.EXE-5BAF290C.pf --------- 47974  

 10.08.2010 12:34     C:\Windows\Prefetch\SVCHOST.EXE-F59CA9BD.pf --------- 28818  

 10.08.2010 12:34     C:\Windows\Prefetch\RUNDLL32.EXE-C050E39E.pf --------- 155828  

 10.08.2010 12:33     C:\Windows\Prefetch\IEXPLORE.EXE-1B894AFB.pf --------- 178602  

 10.08.2010 12:33     C:\Windows\Prefetch\IEPROCX.EXE-969CE5B6.pf --------- 15090  

 10.08.2010 12:29     C:\Windows\Prefetch\WMPNSCFG.EXE-DF1DD51A.pf --------- 20318  

 10.08.2010 12:28     C:\Windows\Prefetch\KLWTBLFS.EXE-3E51A105.pf --------- 20356  

 10.08.2010 12:28     C:\Windows\Prefetch\FIREFOX.EXE-E60C0AA7.pf --------- 245410  

 10.08.2010 12:28     C:\Windows\Prefetch\WMIADAP.EXE-369DF1CD.pf --------- 215320  

 10.08.2010 12:27     C:\Windows\Prefetch\ACRORD32INFO.EXE-E3F62CBD.pf --------- 100826  

 10.08.2010 12:27     C:\Windows\Prefetch\SYNTPENH.EXE-4361DC86.pf --------- 21214  

 10.08.2010 12:27     C:\Windows\Prefetch\EXPLORER.EXE-7A3328DA.pf --------- 224540  

 10.08.2010 12:27     C:\Windows\Prefetch\DWM.EXE-AEABE78B.pf --------- 34274  

 10.08.2010 12:27     C:\Windows\Prefetch\USERINIT.EXE-F39AB672.pf --------- 18320  

 10.08.2010 12:26     C:\Windows\Prefetch\MPNOTIFY.EXE-55171BA9.pf --------- 35474  

 10.08.2010 12:26     C:\Windows\Prefetch\GOOGLEUPDATERSERVICE.EXE-600E0B48.pf --------- 25112  

 10.08.2010 12:26     C:\Windows\Prefetch\MSCORSVW.EXE-FAA88858.pf --------- 11890  

 10.08.2010 12:25     C:\Windows\Prefetch\ReadyBoot --------- 0  

 10.08.2010 12:25     C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf --------- 4061676  

 10.08.2010 05:05     C:\Windows\Prefetch\AgGlFgAppHistory.db --------- 2312992  

 10.08.2010 05:05     C:\Windows\Prefetch\AgGlFaultHistory.db --------- 920286  

 10.08.2010 05:05     C:\Windows\Prefetch\AgGlGlobalHistory.db --------- 5083810  

 10.08.2010 05:05     C:\Windows\Prefetch\AgRobust.db --------- 355604  

 10.08.2010 05:05     C:\Windows\Prefetch\PfSvPerfStats.bin --------- 508  

 10.08.2010 05:00     C:\Windows\Prefetch\MOBSYNC.EXE-D8BC6ED2.pf --------- 36506  

 10.08.2010 04:58     C:\Windows\Prefetch\SVCHOST.EXE-8FD92526.pf --------- 20076  

 10.08.2010 04:58     C:\Windows\Prefetch\VSSVC.EXE-04D079CC.pf --------- 30528  

 10.08.2010 03:09     C:\Windows\Prefetch\WERFAULT.EXE-B7E27BE5.pf --------- 64582  

 10.08.2010 02:51     C:\Windows\Prefetch\PLUGIN-CONTAINER.EXE-1D5F6C6B.pf --------- 50148  

 10.08.2010 02:28     C:\Windows\Prefetch\WMPNETWK.EXE-BD0344CA.pf --------- 120518  

 10.08.2010 02:27     C:\Windows\Prefetch\PRESENTATIONSETTINGS.EXE-6F4C5E34.pf --------- 21192  

 10.08.2010 02:07     C:\Windows\Prefetch\MPCMDRUN.EXE-BB72ED6F.pf --------- 594  

 10.08.2010 02:07     C:\Windows\Prefetch\MPAS-D_BD1.EXE-B82677C3.pf --------- 26930  

 10.08.2010 02:07     C:\Windows\Prefetch\MPSIGSTUB.EXE-7C60A359.pf --------- 81906  

 10.08.2010 02:07     C:\Windows\Prefetch\WUAUCLT.EXE-830BCC14.pf --------- 155408  

 10.08.2010 02:06     C:\Windows\Prefetch\REGSVR32.EXE-55A4EE79.pf --------- 43978  

 10.08.2010 01:57     C:\Windows\Prefetch\THUNDERBIRD.EXE-EDED9AF7.pf --------- 205514  

 10.08.2010 01:57     C:\Windows\Prefetch\RUNDLL32.EXE-A828B5A0.pf --------- 65404  

 10.08.2010 01:20     C:\Windows\Prefetch\DLLHOST.EXE-928474CF.pf --------- 25546  

 10.08.2010 01:07     C:\Windows\Prefetch\MSIEXEC.EXE-B5AFA339.pf --------- 125016  

 10.08.2010 01:01     C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-1266740531-1925796205-1647025121-1000.db --------- 
 

1147054  

 10.08.2010 01:01     C:\Windows\Prefetch\AgGlUAD_S-1-5-21-1266740531-1925796205-1647025121-1000.db --------- 
 

2182904  

 10.08.2010 00:49     C:\Windows\Prefetch\LOGON.SCR-7C80CA1C.pf --------- 33122  

 10.08.2010 00:44     C:\Windows\Prefetch\GOOGLEUPDATER.EXE-746F6782.pf --------- 52314  

 10.08.2010 00:18     C:\Windows\Prefetch\DREAMWEAVER.EXE-B6A4BC90.pf --------- 103274  

 10.08.2010 00:04     C:\Windows\Prefetch\WMPSHARE.EXE-73C9F24C.pf --------- 33782  

 10.08.2010 00:04     C:\Windows\Prefetch\WMPLAYER.EXE-9DE758AE.pf --------- 66732  

 09.08.2010 22:41     C:\Windows\Prefetch\SKYPE.EXE-30E88FB5.pf --------- 85696  

 09.08.2010 22:33     C:\Windows\Prefetch\_IU14D2N.TMP-A4C09231.pf --------- 36370  

 09.08.2010 19:04     C:\Windows\Prefetch\JAVAWS.EXE-25FD1E0F.pf --------- 22082  

 09.08.2010 19:02     C:\Windows\Prefetch\NMINDEXINGSERVICE.EXE-F0985361.pf --------- 39654  

 09.08.2010 19:02     C:\Windows\Prefetch\NMINDEXSTORESVR.EXE-57A64E06.pf --------- 53078  

 09.08.2010 18:54     C:\Windows\Prefetch\HIJACKTHIS.EXE-86839AE8.pf --------- 39238  

 09.08.2010 18:07     C:\Windows\Prefetch\WUDFHOST.EXE-81420B07.pf --------- 23556  

 09.08.2010 17:41     C:\Windows\Prefetch\RUNDLL32.EXE-77934D94.pf --------- 31780  

 09.08.2010 03:09     C:\Windows\Prefetch\ADOBEARM.EXE-ACA00A4A.pf --------- 55648  

 09.08.2010 03:09     C:\Windows\Prefetch\ACRORD32.EXE-C2658FE9.pf --------- 82984  

 09.08.2010 01:09     C:\Windows\Prefetch\UNLOCKER.EXE-4D035D23.pf --------- 25562  

 09.08.2010 01:03     C:\Windows\Prefetch\AU_.EXE-2CDE59EC.pf --------- 43764  

 08.08.2010 21:12     C:\Windows\Prefetch\DFRGNTFS.EXE-4F838A89.pf --------- 107162  

 08.08.2010 21:12     C:\Windows\Prefetch\DEFRAG.EXE-738093E8.pf --------- 15280  

 08.08.2010 21:12     C:\Windows\Prefetch\Layout.ini --------- 2040740  

 08.08.2010 19:11     C:\Windows\Prefetch\AgCx_SC2.db --------- 936058  

 08.08.2010 03:23     C:\Windows\Prefetch\SVCHOST.EXE-E2D30E5C.pf --------- 31846  

 08.08.2010 03:23     C:\Windows\Prefetch\RUNDLL32.EXE-9A2E6957.pf --------- 29646  

 08.08.2010 01:17     C:\Windows\Prefetch\FDM.EXE-CFE8D74C.pf --------- 77718  

 08.08.2010 01:15     C:\Windows\Prefetch\UNINS000.EXE-9D48C8BA.pf --------- 26698  

 08.08.2010 01:05     C:\Windows\Prefetch\UNOPKG.EXE-4DF1690C.pf --------- 23818  

 08.08.2010 01:05     C:\Windows\Prefetch\UNOPKG.BIN-417F81E7.pf --------- 125210  

 08.08.2010 01:03     C:\Windows\Prefetch\SONGBIRD-UNINSTALL.EXE-7F7170C0.pf --------- 20582  

 08.08.2010 01:03     C:\Windows\Prefetch\UNINSTALL.EXE-BC710168.pf --------- 25420  

 08.08.2010 00:58     C:\Windows\Prefetch\UNINST.EXE-C010A9C1.pf --------- 24328  

 08.08.2010 00:58     C:\Windows\Prefetch\UNINST.EXE-8E8F59E4.pf --------- 23084  

 08.08.2010 00:57     C:\Windows\Prefetch\UNINST.EXE-0FA1486F.pf --------- 25808  

 08.08.2010 00:57     C:\Windows\Prefetch\UNINSTALLER.EXE-B8EF4F7F.pf --------- 24164  

 08.08.2010 00:56     C:\Windows\Prefetch\UNINSTALL.EXE-6C397AF0.pf --------- 25056  

 08.08.2010 00:46     C:\Windows\Prefetch\IMAGEREADY.EXE-0DAAD494.pf --------- 46444  

 08.08.2010 00:46     C:\Windows\Prefetch\ISUN0407.EXE-E0680D8F.pf --------- 32382  

 08.08.2010 00:45     C:\Windows\Prefetch\UNINS003.EXE-A90F369D.pf --------- 20806  

 08.08.2010 00:37     C:\Windows\Prefetch\UNINSTALL.EXE-CD5B5B20.pf --------- 24820  

 08.08.2010 00:35     C:\Windows\Prefetch\UNINS000.EXE-1AF141B9.pf --------- 27688  

 08.08.2010 00:35     C:\Windows\Prefetch\UNINSTALL.EXE-E9C7CD30.pf --------- 23030  

 08.08.2010 00:34     C:\Windows\Prefetch\GLB1A2B.EXE-5F1F62EF.pf --------- 21744  

 08.08.2010 00:34     C:\Windows\Prefetch\RUNDLL32.EXE-C3CCC034.pf --------- 51408  

 08.08.2010 00:34     C:\Windows\Prefetch\UNWISE.EXE-40409D49.pf --------- 27330  

 07.08.2010 23:08     C:\Windows\Prefetch\DLLHOST.EXE-9523903C.pf --------- 21730  

 07.08.2010 22:57     C:\Windows\Prefetch\DELLTPAD.EXE-F2CBC24B.pf --------- 26614  

 07.08.2010 22:48     C:\Windows\Prefetch\HELPPANE.EXE-D1016F9E.pf --------- 71266  

 07.08.2010 22:48     C:\Windows\Prefetch\RUNDLL32.EXE-45B0383E.pf --------- 25744  

 06.08.2010 02:45     C:\Windows\Prefetch\ORBITDOWNLOADERSETUP4001.TMP-1E8CB260.pf --------- 41056  

 06.08.2010 02:45     C:\Windows\Prefetch\ORBITDOWNLOADERSETUP4001.EXE-1EA02554.pf --------- 19362  

 06.08.2010 02:45     C:\Windows\Prefetch\ORBITDOWNLOADERSETUP4001.TMP-A0BE913E.pf --------- 25250  

 06.08.2010 02:40     C:\Windows\Prefetch\RUNDLL32.EXE-C40E3719.pf --------- 36900  

 06.08.2010 02:39     C:\Windows\Prefetch\RTMPDUMP.EXE-DC9ADC7A.pf --------- 11206  

 06.08.2010 02:38     C:\Windows\Prefetch\SVCHOST.EXE-2FFE0083.pf --------- 16856  

 06.08.2010 02:38     C:\Windows\Prefetch\SVCHOST.EXE-F5AA802A.pf --------- 13534  

 06.08.2010 02:38     C:\Windows\Prefetch\SBSTART.EXE-87929347.pf --------- 40280  

 06.08.2010 02:33     C:\Windows\Prefetch\WINLOA~1.EXE-9BA60487.pf --------- 19448  

 06.08.2010 02:29     C:\Windows\Prefetch\VLC.EXE-84DE547F.pf --------- 107224  

 06.08.2010 02:00     C:\Windows\Prefetch\RUNDLL32.EXE-982A72D8.pf --------- 37758  

 06.08.2010 01:58     C:\Windows\Prefetch\RUNDLL32.EXE-FCBAD65D.pf --------- 37566  

 06.08.2010 01:58     C:\Windows\Prefetch\FLVSTREAMER-2.1C_WIN32.EXE-E8FFEB14.pf --------- 19510  

 06.08.2010 01:52     C:\Windows\Prefetch\FLVSTREAMER_WIN32_LATEST.EXE-936E6BFB.pf --------- 32300  

 06.08.2010 01:10     C:\Windows\Prefetch\UNINSTALL.EXE-224B4D25.pf --------- 19558  

 06.08.2010 01:01     C:\Windows\Prefetch\WINLOAD.EXE-6196CC56.pf --------- 20908  

 06.08.2010 01:01     C:\Windows\Prefetch\GLB5F11.TMP-CE83B82D.pf --------- 82350  

 06.08.2010 01:01     C:\Windows\Prefetch\MEDIATHEK-SETUP.EXE-E1F5F26D.pf --------- 46694  

 06.08.2010 01:01     C:\Windows\Prefetch\WINLOAD_TB.EXE-DC293A4F.pf --------- 81758  

 06.08.2010 00:42     C:\Windows\Prefetch\RUNDLL32.EXE-6F158C28.pf --------- 47798  

 06.08.2010 00:34     C:\Windows\Prefetch\TASKMAN.EXE-AF1AA752.pf --------- 33886  

 06.08.2010 00:33     C:\Windows\Prefetch\SETUP.EXE-6F7CB629.pf --------- 24212  

 06.08.2010 00:33     C:\Windows\Prefetch\TASKMANAGER17.EXE-E773F829.pf --------- 46440  

 06.08.2010 00:24     C:\Windows\Prefetch\ROUTE.EXE-AA5DBD7E.pf --------- 10564  

 06.08.2010 00:08     C:\Windows\Prefetch\AgCx_S1_S-1-5-21-1266740531-1925796205-1647025121-1000.snp.db --------- 
 

4884908  

 06.08.2010 00:08     C:\Windows\Prefetch\UI0DETECT.EXE-B742F20E.pf --------- 22976  

 06.08.2010 00:08     C:\Windows\Prefetch\OX.EXE-9664C4FB.pf --------- 21838  

 06.08.2010 00:08     C:\Windows\Prefetch\ROOTKITREVEALER.EXE-BD9EE12B.pf --------- 20402  

 06.08.2010 00:03     C:\Windows\Prefetch\XTYGLT.EXE-56E0CFE4.pf --------- 24764  

 05.08.2010 23:54     C:\Windows\Prefetch\OPENVPN.EXE-51BE6D5E.pf --------- 26320  

 05.08.2010 23:54     C:\Windows\Prefetch\OPENVPN-GUI-1.0.3.EXE-DC0E9B91.pf --------- 18350  

 05.08.2010 23:47     C:\Windows\Prefetch\MPMINISIGSTUB.EXE-168F3172.pf --------- 6478  

 05.08.2010 23:46     C:\Windows\Prefetch\RUNDLL32.EXE-BF913C5E.pf --------- 44296  

 01.08.2010 22:59     C:\Windows\Prefetch\AgCx_SC1.db --------- 707399  

 01.08.2010 05:30     C:\Windows\Prefetch\AgCx_SC1.db.trx --------- 113028  

 18.03.2008 11:07     C:\Windows\Prefetch\AgAppLaunch.db --------- 332116  

----------------------------------------
 

 

C:\Windows\Tasks
 

 10.08.2010 12:26     C:\Windows\Tasks\Google Software Updater.job --------- 1052  

 10.08.2010 12:24     C:\Windows\Tasks\SA.DAT --------- 6  

 10.08.2010 05:05     C:\Windows\Tasks\SCHEDLGU.TXT --------- 32558  

 09.08.2010 03:16     C:\Windows\Tasks\Ad-Aware Update (Weekly).job --------- 474  

----------------------------------------
 

 

C:\Windows\Temp
 

 10.08.2010 02:07     C:\Windows\Temp\MpCmdRun.log --------- 2310  

 10.08.2010 02:07     C:\Windows\Temp\MpSigStub.log --------- 3268  

 09.08.2010 23:01     C:\Windows\Temp\History --------- 0  

 09.08.2010 23:01     C:\Windows\Temp\Cookies --------- 0  

 09.08.2010 23:01     C:\Windows\Temp\Temporary Internet Files --------- 0  

 02.08.2010 12:36     C:\Windows\Temp\klsBF38.tmp --------- 91240  

 09.10.2009 13:27     C:\Windows\Temp\Low --------- 0  

----------------------------------------
 

 

C:\Users\***~1\AppData\Local\Temp
 

 10.08.2010 13:05     C:\Users\***~1\AppData\Local\Temp\Temp1_avp.zip --------- 0  

 10.08.2010 13:05     C:\Users\***~1\AppData\Local\Temp\Temp1_avp-6.zip --------- 0  

 10.08.2010 13:05     C:\Users\***~1\AppData\Local\Temp\Temp1_avp-5.zip --------- 0  

 10.08.2010 13:05     C:\Users\***~1\AppData\Local\Temp\Temp1_avp-2.zip --------- 0  

 10.08.2010 13:05     C:\Users\***~1\AppData\Local\Temp\Temp1_avp-1.zip --------- 4096  

 10.08.2010 13:05     C:\Users\***~1\AppData\Local\Temp\***.bmp --------- 31832  

 10.08.2010 13:01     C:\Users\***~1\AppData\Local\Temp\hsperfdata_*** --------- 0  

 10.08.2010 12:33     C:\Users\***~1\AppData\Local\Temp\Low --------- 0  

 10.08.2010 12:32     C:\Users\***~1\AppData\Local\Temp\jusched.log --------- 1820  

 10.08.2010 12:28     C:\Users\***~1\AppData\Local\Temp\ima1A06.tmp --------- 262144  

 10.08.2010 12:28     C:\Users\***~1\AppData\Local\Temp\ima19F5.tmp --------- 262144  

 10.08.2010 12:27     C:\Users\***~1\AppData\Local\Temp\AdobeARM.log --------- 3806  

 10.08.2010 12:27     C:\Users\***~1\AppData\Local\Temp\WPDNSE --------- 0  

 10.08.2010 05:01     C:\Users\***~1\AppData\Local\Temp\{04948FB6-86C9-42BF-90A0-E8910E194B61} --------- 0  

 10.08.2010 05:01     C:\Users\***~1\AppData\Local\Temp\{76486921-7354-4973-AF4A-6DC7FECC1FBC} --------- 4096  

 10.08.2010 02:50     C:\Users\***~1\AppData\Local\Temp\FAP9C10.tmp --------- 4  

 10.08.2010 02:29     C:\Users\***~1\AppData\Local\Temp\~DFF896.tmp --------- 114688  

 10.08.2010 01:57     C:\Users\***~1\AppData\Local\Temp\moz_mapi --------- 4096  

 10.08.2010 01:47     C:\Users\***~1\AppData\Local\Temp\FAPF805.tmp --------- 4  

 10.08.2010 01:26     C:\Users\***~1\AppData\Local\Temp\Log --------- 0  

 09.08.2010 23:48     C:\Users\***~1\AppData\Local\Temp\FAP6408.tmp --------- 4  

 09.08.2010 23:48     C:\Users\***~1\AppData\Local\Temp\FAPFCBB.tmp --------- 4  

 09.08.2010 23:47     C:\Users\***~1\AppData\Local\Temp\FAP5422.tmp --------- 4  

 09.08.2010 23:11     C:\Users\***~1\AppData\Local\Temp\{e26c84d8-a44b-40eb-bbfb-1ff72fa4c133} --------- 0  

 09.08.2010 19:04     C:\Users\***~1\AppData\Local\Temp\AUCHECK_PARSER.txt --------- 74  

 09.08.2010 19:04     C:\Users\***~1\AppData\Local\Temp\AUCHECK_CORE.txt --------- 302  

 09.08.2010 19:01     C:\Users\***~1\AppData\Local\Temp\nro.log --------- 0  

 09.08.2010 02:53     C:\Users\***~1\AppData\Local\Temp\WERDDEB.tmp.version.txt --------- 462  

 09.08.2010 01:06     C:\Users\***~1\AppData\Local\Temp\WLZ375E.tmp --------- 16384  

 18.03.2008 11:12     C:\Users\***~1\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0  

 10.11.2003 13:55     C:\Users\***~1\AppData\Local\Temp\setFC9C.tmp --------- 116880  

 02.12.2002 15:33     C:\Users\***~1\AppData\Local\Temp\SetD443.tmp --------- 107512  

----------------------------------------
 

 

C:\Program Files
 

 10.08.2010 04:59     C:\Program Files\InstallShield Installation Information --------- 12288  

 10.08.2010 04:59     C:\Program Files\trend micro --------- 4096  

 10.08.2010 02:16     C:\Program Files\Malwarebytes' Anti-Malware --------- 4096  

 09.08.2010 23:16     C:\Program Files\Creative --------- 4096  

 09.08.2010 21:50     C:\Program Files\Spiele --------- 4096  

 08.08.2010 01:15     C:\Program Files\Anwendungen --------- 8192  

 08.08.2010 01:15     C:\Program Files\OpenOffice.org 3 --------- 4096  

 08.08.2010 00:57     C:\Program Files\Mozilla Sunbird --------- 8192  

 08.08.2010 00:35     C:\Program Files\Common Files --------- 8192  

 06.08.2010 00:34     C:\Program Files\Security Task Manager --------- 32768  

 28.07.2010 23:59     C:\Program Files\Mozilla Firefox --------- 28672  

 22.07.2010 01:44     C:\Program Files\Mozilla Thunderbird --------- 28672  

 14.07.2010 22:10     C:\Program Files\Windows Mail --------- 4096  

 04.07.2010 03:41     C:\Program Files\Windows Sidebar --------- 4096  

 04.07.2010 03:39     C:\Program Files\Kaspersky Lab --------- 0  

 04.07.2010 03:34     C:\Program Files\Lavasoft --------- 0  

 25.06.2010 16:50     C:\Program Files\Microsoft.NET --------- 0  

 11.06.2010 16:20     C:\Program Files\Internet Explorer --------- 4096  

 11.06.2010 11:55     C:\Program Files\Microsoft Silverlight --------- 4096  

 11.05.2010 16:12     C:\Program Files\ElsterFormular --------- 4096  

 11.05.2010 03:22     C:\Program Files\Java --------- 4096  

 08.05.2010 03:15     C:\Program Files\Sicherheit --------- 4096  

 15.03.2010 16:32     C:\Program Files\f4 --------- 8192  

 12.03.2010 06:40     C:\Program Files\Movie Maker --------- 4096  

 27.01.2010 16:10     C:\Program Files\Adobe --------- 4096  

 24.12.2009 16:15     C:\Program Files\Google --------- 4096  

 17.11.2009 18:18     C:\Program Files\Windows Portable Devices --------- 0  

 28.10.2009 04:19     C:\Program Files\Windows Media Player --------- 4096  

 07.09.2009 21:44     C:\Program Files\IEPro --------- 4096  

 07.09.2009 16:28     C:\Program Files\Windows Calendar --------- 0  

 07.09.2009 16:28     C:\Program Files\Windows Collaboration --------- 4096  

 07.09.2009 16:28     C:\Program Files\Windows Journal --------- 4096  

 07.09.2009 16:28     C:\Program Files\Windows Photo Gallery --------- 4096  

 07.09.2009 16:28     C:\Program Files\Windows Defender --------- 4096  

 05.07.2009 00:50     C:\Program Files\Softi Software --------- 0  

 04.06.2009 12:57     C:\Program Files\Microsoft Works --------- 4096  

 11.05.2009 01:22     C:\Program Files\Ashampoo --------- 0  

 24.04.2009 14:53     C:\Program Files\OpenVPN --------- 4096  

 10.04.2009 22:07     C:\Program Files\Panasonic --------- 0  

 17.02.2009 03:33     C:\Program Files\AviSynth 2.5 --------- 0  

 11.02.2009 19:31     C:\Program Files\Sprachen --------- 0  

 01.02.2009 04:05     C:\Program Files\Windows Live --------- 0  

 12.12.2008 17:04     C:\Program Files\OpenOffice.org 2.4 --------- 4096  

 01.10.2008 11:50     C:\Program Files\Microsoft Office --------- 4096  

 08.09.2008 16:58     C:\Program Files\Games --------- 0  

 22.08.2008 13:04     C:\Program Files\Winamp --------- 0  

 19.07.2008 18:36     C:\Program Files\Sun --------- 0  

 26.05.2008 18:49     C:\Program Files\Creative Live Cam --------- 0  

 26.05.2008 18:48     C:\Program Files\Dell --------- 4096  

 25.04.2008 01:43     C:\Program Files\Creative Installation Information --------- 4096  

 16.04.2008 22:25     C:\Program Files\WEB.DE --------- 0  

 25.03.2008 14:57     C:\Program Files\desktop.ini --------- 174  

 19.03.2008 17:27     C:\Program Files\MSXML 4.0 --------- 0  

 18.03.2008 15:42     C:\Program Files\Internet --------- 0  

 18.03.2008 12:32     C:\Program Files\Synaptics --------- 0  

 18.03.2008 12:18     C:\Program Files\Real --------- 0  

 18.03.2008 11:30     C:\Program Files\SigmaTel --------- 0  

 18.03.2008 11:26     C:\Program Files\Cisco --------- 0  

 18.03.2008 11:16     C:\Program Files\Intel --------- 0  

 18.03.2008 11:12     C:\Program Files\Windows NT --------- 4096  

 18.03.2008 11:12     C:\Program Files\Gemeinsame Dateien --------- 0  

 02.11.2006 15:01     C:\Program Files\Uninstall Information --------- 0  

 02.11.2006 14:37     C:\Program Files\Reference Assemblies --------- 0  

 02.11.2006 14:37     C:\Program Files\MSBuild --------- 0  

----------------------------------------
 

 

C:\ProgramData\.. 
 

***    

Public    

desktop.ini    

Default    

Default User    

All Users    

----------------------------------------
 

 

C:\Windows\system32\drivers\etc\hosts
 

::1             localhost

217.27.3.154 cms.n-tv.de
 

----------------------------------------
 

 
 

Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung

========================= ======== ================ =========== ===============

System Idle Process              0 Services                   0            24 K

System                           4 Services                   0         9.492 K

smss.exe                       524 Services                   0           736 K

csrss.exe                      664 Services                   0         5.340 K

wininit.exe                    716 Services                   0         4.100 K

csrss.exe                      728 Console                    1        16.492 K

services.exe                   768 Services                   0         6.936 K

lsass.exe                      784 Services                   0         8.348 K

lsm.exe                        792 Services                   0         3.880 K

svchost.exe                    952 Services                   0         6.628 K

svchost.exe                   1024 Services                   0         6.440 K

svchost.exe                   1092 Services                   0        43.328 K

svchost.exe                   1132 Services                   0        12.548 K

svchost.exe                   1172 Services                   0        99.036 K

svchost.exe                   1196 Services                   0        59.500 K

audiodg.exe                   1292 Services                   0        15.544 K

svchost.exe                   1320 Services                   0         4.908 K

SLsvc.exe                     1368 Services                   0        11.276 K

svchost.exe                   1432 Services                   0        12.868 K

winlogon.exe                  1552 Console                    1         5.648 K

svchost.exe                   1632 Services                   0        15.056 K

WLTRYSVC.EXE                  1768 Services                   0         2.536 K

BCMWLTRY.EXE                  1788 Services                   0        21.004 K

wlanext.exe                   1876 Services                   0         5.332 K

LEXBCES.EXE                   1908 Services                   0         4.756 K

LEXPPS.EXE                    1980 Services                   0         4.272 K

spoolsv.exe                    124 Services                   0        12.388 K

svchost.exe                    540 Services                   0        16.884 K

avp.exe                       2228 Services                   0       138.224 K

svchost.exe                   2292 Services                   0         3.572 K

svchost.exe                   2396 Services                   0         4.932 K

TMRUBotted.exe                2476 Services                   0         9.436 K

stacsv.exe                    2704 Services                   0         6.452 K

svchost.exe                   2788 Services                   0         7.704 K

svchost.exe                   2820 Services                   0         2.160 K

SearchIndexer.exe             2844 Services                   0        34.948 K

taskeng.exe                   3532 Services                   0         5.792 K

taskeng.exe                   2900 Console                    1        12.336 K

dwm.exe                       1860 Console                    1         4.140 K

explorer.exe                  3612 Console                    1       238.992 K

MSASCui.exe                   1588 Console                    1         8.924 K

WLTRAY.EXE                    2052 Console                    1        20.240 K

SynTPEnh.exe                  4060 Console                    1         7.252 K

vspdfprsrv.exe                3736 Console                    1        34.076 K

OEM02Mon.exe                  1448 Console                    1         5.028 K

sttray.exe                    3032 Console                    1        10.324 K

wmpnscfg.exe                  3568 Console                    1         5.244 K

wmpnetwk.exe                  3912 Services                   0        28.160 K

jusched.exe                    216 Console                    1         3.932 K

avp.exe                       2216 Console                    1         6.232 K

TMRUBottedTray.exe            2948 Console                    1         4.108 K

Eraser.exe                    1744 Console                    1         9.324 K

firefox.exe                   2940 Console                    1       106.792 K

klwtblfs.exe                  3600 Console                    1         5.120 K

taskeng.exe                   4900 Console                    1         4.680 K

sdclt.exe                     5156 Console                    1         9.512 K

svchost.exe                   1144 Services                   0         6.888 K

notepad.exe                   1848 Console                    1         5.992 K

cmd.exe                       3088 Console                    1         2.916 K

conime.exe                    4884 Console                    1         3.628 K

tasklist.exe                  3980 Console                    1         5.008 K

WmiPrvSE.exe                  5548 Services                   0         6.036 K
 

 

***** Ende des Scans 10.08.2010 um 13:20:46,71 ***

####################################

Hier die von CCleaner erstellte Übersicht:

Code:



*tmx englisch        *tmx communications        10.08.2008        149,9MB        5.00.0000

7-Zip 4.57                18.07.2008        2,86MB        

Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        06.09.2009                10.0.32.18

Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        01.08.2010                10.1.53.64

Adobe Reader 9.3.3 - Deutsch        Adobe Systems Incorporated        30.06.2010        162,6MB        9.3.3

Adobe Shockwave Player 11.5        Adobe Systems, Inc.        18.07.2010        7,48MB        11.5.7.609

Advanced Audio FX Engine                25.05.2008                

Advanced Video FX Engine                25.05.2008                

Ashampoo Burning Studio 6        ashampoo Technology GmbH & Co. KG        17.02.2009        27,6MB        

Ashampoo WinOptimizer 2008        ashampoo GmbH & Co. KG        10.05.2009        21,6MB        

CCleaner        Piriform        08.08.2010        1,05MB        2.34

Cisco EAP-FAST Module        Cisco Systems, Inc.        17.03.2008        2,98MB        2.0.26

Cisco LEAP Module        Cisco Systems, Inc.        17.03.2008        1,04MB        1.0.11

Cisco PEAP Module        Cisco Systems, Inc.        17.03.2008        0,84MB        1.0.12

Condition Zero        Valve        28.09.2008        2.656,6MB        

Condition Zero Deleted Scenes        Ritual        28.09.2008        2.656,6MB                

Cool Edit Pro 2.0                29.07.2008        27,1MB        

Counter-Strike        Valve        28.09.2008        16,3MB        

Counter-Strike Steamworks Beta        Valve        28.09.2008                

Creative Jukebox Driver                24.04.2008                

Cuttermaran 1.69a        toarnold        05.04.2008        5,12MB        1.6.92

Debugging Tools for Windows (x86)        Microsoft Corporation        07.05.2010        41,7MB        6.12.2.633

Dell Resource CD        Ihr Firmenname        17.03.2008        3,04MB        1.00.0000

Dell Touchpad        Synaptics        09.04.2008        17,2MB        9.1.18.6

Dell Webcam Center                25.05.2008        14,1MB        

Dell Webcam Manager                25.05.2008        0,77MB        

Dell Wireless WLAN Karte        Dell Inc.        17.03.2008        23,8MB        4.170.25.12

dradio-Recorder Version 3.00.5                05.08.2009        22,6MB        

ElsterFormular        Landesfinanzdirektion Thüringen        10.05.2010        302,6MB        11.4.1.4323

ElsterFormular 2006/2007        Steuerverwaltung des Bundes und der Länder        15.04.2008        63,7MB        8.3.1.0

ElsterFormular 2007/2008        Steuerverwaltung des Bundes und der Länder        15.04.2008        65,5MB        9.2.0.0

ElsterFormular 2008/2009        Steuerverwaltung des Bundes und der Länder        07.04.2009        168,0MB        10.2.0.0

Englisch 201                17.06.2009                

Eraser        Heidi Computers Ltd.        05.04.2008        3,71MB                

EVEREST Home Edition v2.20        Lavalys Inc        17.03.2008        6,58MB        2.20

eXPert PDF 4        Visage Software        25.03.2008        33,2MB        4.1.670.404

f4 3.1.0        MAXqda        14.03.2010        8,18MB        3.1.0

Firebird SQL Server - MAGIX Edition        MAGIX AG        17.02.2009        6,22MB        2.0.1.13

Français 100        Strokes        09.02.2009        358,6MB        40.03.100

GetASFStream                21.09.2008        1,37MB        

GIMP 2.6.10        The GIMP Team        18.07.2010        112,7MB        2.6.10

Google Updater        Google Inc.        23.03.2009        2,48MB        2.4.1536.6592

GTK+ Runtime 2.14.7 rev a (nur entfernen)                23.03.2009                

HD Tune 2.55        EFD Software        31.01.2009        1,27MB        

HiJackThis        Trend Micro        09.08.2010        0,36MB        1.0.0

IE7Pro        IE7Pro Team        06.09.2009        7,99MB        2.4.6

Java(TM) 6 Update 20        Sun Microsystems, Inc.        12.12.2008        94,4MB        6.0.200

Kaspersky Internet Security 2011        Kaspersky Lab        03.07.2010        60,5MB        11.0.0.232

Laptop Integrated Webcam Driver (1.04.01.1011)                18.03.2008                

LeechFTP                20.03.2008                

Macromedia Dreamweaver 4        Macromedia        19.03.2008        60,0MB        4.0

Malwarebytes' Anti-Malware        Malwarebytes Corporation        09.08.2010        3,91MB        

Microsoft .NET Framework 1.1                10.02.2009                

Microsoft .NET Framework 3.5 Language Pack SP1 - DEU        Microsoft Corporation        15.02.2009        37,0MB        

Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        11.02.2009        37,0MB        

Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        24.06.2010        120,3MB        4.0.30319

Microsoft Office Home and Student 2007        Microsoft Corporation        03.06.2009        294,1MB        12.0.6425.1000

Microsoft Silverlight        Microsoft Corporation        05.06.2010        14,9MB        4.0.50524.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        29.07.2009        
 

0,25MB        8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        05.04.2008        2,38MB        8.0.56336

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148        Microsoft Corporation        29.07.2009        
 

0,19MB        9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022        Microsoft Corporation        27.10.2008        2,06MB        
 

9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729        Microsoft Corporation        10.05.2010        0,58MB        
 

9.0.30729

Mozilla ActiveX Control v1.7.12                31.01.2009        11,9MB        

Mozilla Firefox (3.6.8)        Mozilla        27.07.2010        32,4MB        3.6.8 (de)

Mozilla Thunderbird (3.0.6)        Mozilla        21.07.2010        31,5MB        3.0.6 (de)

MSXML 4.0 SP2 (KB936181)        Microsoft Corporation        18.03.2008        1,27MB        4.20.9848.0

MSXML 4.0 SP2 (KB941833)        Microsoft Corporation        19.03.2008        1,27MB        4.20.9849.0

MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        11.11.2008        1,28MB        4.20.9870.0

MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        24.11.2009        1,34MB        4.20.9876.0

neroxml        Nero AG        13.11.2008        1,24MB        1.0.0

NetLCR v4.10.405        Oleco GmbH        20.03.2008        1,78MB        

NVIDIA Drivers        NVIDIA Corporation        07.05.2010                1.3

OpenVPN 2.1_rc15                23.04.2009        3,85MB        2.1_rc15

Opera 10.53        Opera Software ASA        04.05.2010        28,3MB        10.53

PDF Blender                27.01.2010        1,28MB        

Security Task Manager 1.7h        Neuber GmbH        05.08.2010        2,45MB        1.7h

SigmaTel Audio        SigmaTel        17.03.2008        14,1MB        5.10.5102.0

Skype™ 4.2        Skype Technologies S.A.        24.07.2010        25,0MB        4.2.169

Spelling Dictionaries Support For Adobe Reader 8        Adobe Systems        24.06.2008        32,5MB        8.0.0

Steam        Valve        28.09.2008        1,31MB        1.0.0.0

SUPER © Version 2010.bld.38 (May 2, 2010)        eRightSoft        08.08.2010        120,7MB        Version 2010.bld.38 (May 2, 
 

2010)

tmx808        tmx communications        09.08.2008        147,5MB        1.30.0000

Trend Micro RUBotted        TrendMicro        09.08.2010        7,54MB        1.5.1011

WEB.DE Club SmartFax        WEB.DE GmbH        19.03.2008        9,47MB        2.00.165

WEB.DE SmartDrive Manager        WEB.DE GmbH        15.04.2008        6,40MB        1.0.360

Windows Live installer        Microsoft Corporation        31.01.2009        1,71MB        12.0.1471.1025

Windows Live Writer        Microsoft Corporation        01.02.2009        11,4MB        12.0.1370.0325

Windows Media Player Firefox Plugin        Microsoft Corp        01.07.2008        0,29MB        1.0.0.8

Ich habe Germ durchlaufen lassen, allerdings hat sich nach einer gewissen Zeit bei folgender Datei nichts mehr

getan:

C:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\f3wcpij0.default\ScrapBo

Anbei deshalb das Log (Teil 1) bis zum Stopp durch mich:

Code:



GMER 1.0.15.15281 - hxxp://www.gmer.net

Rootkit scan 2010-08-10 18:01:11

Windows 6.0.6002 Service Pack 2

Running: yrhwe1ck.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\kglyruod.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwAdjustPrivilegesToken [0x92C34992]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwAlpcConnectPort [0x92C363FA]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwAlpcCreatePort [0x92C36674]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwAlpcSendWaitReceivePort [0x92C368E6]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwClose [0x92C352AA]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwConnectPort [0x92C35A52]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwCreateEvent [0x92C35E4E]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwCreateFile [0x92C354C8]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwCreateMutant [0x92C35D34]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwCreateNamedPipeFile [0x92C34582]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwCreatePort [0x92C35C08]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwCreateSection [0x92C3472A]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwCreateSemaphore [0x92C35F6E]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwCreateThread [0x92C34F32]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwCreateWaitablePort [0x92C35C9E]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwDebugActiveProcess [0x92C37596]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwDuplicateObject [0x92C38716]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwFsControlFile [0x92C35694]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwLoadDriver [0x92C37688]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwMapViewOfSection [0x92C37D62]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwOpenEvent [0x92C35EE4]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwOpenFile [0x92C35336]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwOpenMutant [0x92C35DC4]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwOpenProcess [0x92C34BDC]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwOpenSection [0x92C37AFC]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwOpenSemaphore [0x92C36004]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwOpenThread [0x92C34AD0]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwQueryDirectoryObject [0x92C36B30]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwQuerySection [0x92C3809C]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwQueueApcThread [0x92C3798E]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwReplyPort [0x92C36368]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwReplyWaitReceivePort [0x92C3622E]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwRequestWaitReplyPort [0x92C37330]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwResumeThread [0x92C385B8]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwSecureConnectPort [0x92C3579C]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwSetContextThread [0x92C3514C]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwSetInformationToken [0x92C36BD2]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwSetSecurityObject [0x92C37790]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwSetSystemInformation [0x92C381EC]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwSuspendProcess [0x92C382DE]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwSuspendThread [0x92C38418]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwSystemDebugControl [0x92C374BA]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwTerminateProcess [0x92C34D7C]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwTerminateThread [0x92C34CD2]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwUnmapViewOfSection [0x92C37F40]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwWriteVirtualMemory [0x92C34E68]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                
 

                                                  ZwCreateThreadEx [0x92C35030]
 

INT 0x52        ?                                                                                                   
 

                                                  86685BF8

INT 0x52        ?                                                                                                   
 

                                                  86685BF8

INT 0x52        ?                                                                                                   
 

                                                  86685BF8

INT 0x62        ?                                                                                                   
 

                                                  86685BF8

INT 0x72        ?                                                                                                   
 

                                                  86685BF8

INT 0x72        ?                                                                                                   
 

                                                  86685BF8

INT 0x72        ?                                                                                                   
 

                                                  86685BF8

INT 0x72        ?                                                                                                   
 

                                                  86685BF8

INT 0x92        ?                                                                                                   
 

                                                  8659ABF8

INT 0xB2        ?                                                                                                   
 

                                                  8659ABF8

INT 0xB2        ?                                                                                                   
 

                                                  8659ABF8
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntkrnlpa.exe!KeSetEvent + 119                                                                       
 

                                                  836C687C 4 Bytes  [92, 49, C3, 92] {XCHG EDX, EAX; DEC ECX; RET ; 
 

XCHG EDX, EAX}

.text           ntkrnlpa.exe!KeSetEvent + 13D                                                                       
 

                                                  836C68A0 8 Bytes  [FA, 63, C3, 92, 74, 66, C3, ...] {CLI ; ARPL 
 

BX, AX; XCHG EDX, EAX; JZ 0x6c; RET ; XCHG EDX, EAX}

.text           ntkrnlpa.exe!KeSetEvent + 181                                                                       
 

                                                  836C68E4 4 Bytes  [E6, 68, C3, 92] {OUT 0x68, AL; RET ; XCHG EDX, 
 

EAX}

.text           ntkrnlpa.exe!KeSetEvent + 1A9                                                                       
 

                                                  836C690C 4 Bytes  [AA, 52, C3, 92] {STOSB ; PUSH EDX; RET ; XCHG 
 

EDX, EAX}

.text           ntkrnlpa.exe!KeSetEvent + 1C1                                                                       
 

                                                  836C6924 4 Bytes  [52, 5A, C3, 92] {PUSH EDX; POP EDX; RET ; XCHG 
 

EDX, EAX}

.text           ...                                                                                                 
 

                                                  

?               System32\Drivers\sppj.sys                                                                           
 

                                                  Das System kann den angegebenen Pfad nicht finden. !

.text           USBPORT.SYS!DllUnload                                                                               
 

                                                  8C3CA41B 5 Bytes  JMP 866851D8 
 

---- User code sections - GMER 1.0.15 ----
 

?               C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] C:\Windows\system32
 

\ntdll.dll                                                  time/date stamp mismatch; 

?               C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] C:\Windows\system32
 

\kernel32.dll                                               time/date stamp mismatch; 

.text           C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] USER32.dll!SetScrollInfo + 
 

7A8                                                 75EB7980 4 Bytes  JMP 46117075 

?               C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] C:\Windows\system32
 

\ntdll.dll                                                  time/date stamp mismatch; 

?               C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] C:\Windows\system32
 

\kernel32.dll                                               time/date stamp mismatch; 

.text           C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] USER32.dll!SetScrollInfo + 
 

7A8                                                 75EB7980 4 Bytes  JMP 46117075 
 

---- Kernel IAT/EAT - GMER 1.0.15 ----
 

IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                           
 

                                                  [8068B6D2] \SystemRoot\System32\Drivers\sppj.sys

IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                            
 

                                                  [8068B040] \SystemRoot\System32\Drivers\sppj.sys

IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                    
 

                                                  [8068B7FC] \SystemRoot\System32\Drivers\sppj.sys

IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort]                           
 

                                                  [8068B0BE] \SystemRoot\System32\Drivers\sppj.sys

IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                     
 

                                                  [8068B13C] \SystemRoot\System32\Drivers\sppj.sys

IAT             \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                  
 

                                                  [8069B048] \SystemRoot\System32\Drivers\sppj.sys
 

---- User IAT/EAT - GMER 1.0.15 ----
 

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\kernel32.dll [ntdll.dll!RtlAllocateHeap]                 00610240

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\kernel32.dll [ntdll.dll!RtlFreeHeap]                     006102B0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\kernel32.dll [ntdll.dll!RtlSizeHeap]                     00610320

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\kernel32.dll [ntdll.dll!RtlReAllocateHeap]               00610390

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\msvcrt.dll [KERNEL32.dll!SetErrorMode]                   01CD07F0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\msvcrt.dll [KERNEL32.dll!GetModuleHandleW]               01CD0860

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\msvcrt.dll [KERNEL32.dll!GetProcAddress]                 01CD08D0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\msvcrt.dll [KERNEL32.dll!LoadLibraryA]                   01CD0940

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\msvcrt.dll [KERNEL32.dll!FreeLibrary]                    01CD09B0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\msvcrt.dll [KERNEL32.dll!CreateProcessA]                 01CD0A20

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\msvcrt.dll [KERNEL32.dll!CreateProcessW]                 01CD0A90

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\msvcrt.dll [KERNEL32.dll!HeapDestroy]                    006104E0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\msvcrt.dll [KERNEL32.dll!VirtualFree]                    00610550

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\msvcrt.dll [KERNEL32.dll!HeapFree]                       006105C0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\msvcrt.dll [KERNEL32.dll!VirtualAlloc]                   006106A0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\msvcrt.dll [KERNEL32.dll!GetModuleFileNameA]             01CD0B00

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\msvcrt.dll [KERNEL32.dll!GetModuleFileNameW]             01CD0B70

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    01CD0BE0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\msvcrt.dll [KERNEL32.dll!LoadLibraryW]                   01CD0C50

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\msvcrt.dll [KERNEL32.dll!GetModuleHandleA]               01CD0CC0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\msvcrt.dll [KERNEL32.dll!CreateThread]                   00610780

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\ADVAPI32.dll [ntdll.dll!RtlFreeHeap]                     006107F0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap]                 00610860

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]               01CD0EF0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA]                 01CD0F60

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\ADVAPI32.dll [KERNEL32.dll!HeapFree]                     006108D0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA]             75A60630

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\ADVAPI32.dll [KERNEL32.dll!FreeLibrary]                  75A606A0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW]               75A60710

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW]           75A60780

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\ADVAPI32.dll [KERNEL32.dll!SetErrorMode]                 75A607F0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\ADVAPI32.dll [KERNEL32.dll!VirtualFree]                  00610A20

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\ADVAPI32.dll [KERNEL32.dll!CreateThread]                 00610B00

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW]             75A60860

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  75A608D0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW]                 75A60940

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\RPCRT4.dll [ntdll.dll!RtlFreeHeap]                       00610B70

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\RPCRT4.dll [ntdll.dll!RtlAllocateHeap]                   00610BE0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    75A609B0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA]             75A60A20

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\RPCRT4.dll [KERNEL32.dll!GetProcAddress]                 75A60A90

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\RPCRT4.dll [KERNEL32.dll!FreeLibrary]                    75A60B00

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\RPCRT4.dll [KERNEL32.dll!LoadLibraryA]                   75A60B70

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\RPCRT4.dll [KERNEL32.dll!LoadLibraryW]                   75A60BE0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\RPCRT4.dll [KERNEL32.dll!VirtualFree]                    00610CC0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\RPCRT4.dll [KERNEL32.dll!VirtualAlloc]                   00610D30

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\RPCRT4.dll [KERNEL32.dll!HeapFree]                       00610E10

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\RPCRT4.dll [KERNEL32.dll!CreateThread]                   00610E80

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\RPCRT4.dll [KERNEL32.dll!GetModuleHandleW]               75A60C50

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\USER32.dll [ntdll.dll!RtlSizeHeap]                       00610EF0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\USER32.dll [ntdll.dll!RtlReAllocateHeap]                 00610F60

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\USER32.dll [ntdll.dll!RtlAllocateHeap]                   772C0400

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\USER32.dll [ntdll.dll!RtlFreeHeap]                       772C0470

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\USER32.dll [KERNEL32.dll!LoadLibraryExW]                 75A60CC0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\USER32.dll [KERNEL32.dll!CreateThread]                   772C04E0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\USER32.dll [KERNEL32.dll!CreateProcessW]                 75A60D30

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\USER32.dll [KERNEL32.dll!GetModuleFileNameA]             75A60DA0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\USER32.dll [KERNEL32.dll!GetModuleHandleA]               75A60E10

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\USER32.dll [KERNEL32.dll!LoadLibraryA]                   75A60E80

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    75A60EF0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\USER32.dll [KERNEL32.dll!GetModuleHandleW]               75A60F60

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\USER32.dll [KERNEL32.dll!GetModuleFileNameW]             01CE0010

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\USER32.dll [KERNEL32.dll!LoadLibraryW]                   01CE0080

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\USER32.dll [KERNEL32.dll!GetProcAddress]                 01CE00F0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\USER32.dll [KERNEL32.dll!FreeLibrary]                    01CE0160

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\GDI32.dll [ntdll.dll!RtlAllocateHeap]                    772C0550

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\GDI32.dll [ntdll.dll!RtlFreeHeap]                        772C05C0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     01CE01D0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\GDI32.dll [KERNEL32.dll!LoadLibraryExW]                  01CE0240

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\GDI32.dll [KERNEL32.dll!LoadLibraryA]                    01CE02B0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\GDI32.dll [KERNEL32.dll!FreeLibrary]                     01CE0320

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\GDI32.dll [KERNEL32.dll!GetProcAddress]                  01CE0390

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\GDI32.dll [KERNEL32.dll!LoadLibraryW]                    01CE0400

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\SHELL32.dll [KERNEL32.dll!VirtualFree]                   772C0630

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\SHELL32.dll [KERNEL32.dll!VirtualAlloc]                  772C06A0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   01CE0470

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\SHELL32.dll [KERNEL32.dll!LoadLibraryExW]                01CE04E0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\SHELL32.dll [KERNEL32.dll!HeapDestroy]                   772C0710

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\SHELL32.dll [KERNEL32.dll!CreateThread]                  772C0780

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\SHELL32.dll [KERNEL32.dll!CreateProcessW]                01CE0550

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\SHELL32.dll [KERNEL32.dll!GetModuleFileNameA]            01CE05C0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\SHELL32.dll [KERNEL32.dll!SetErrorMode]                  01CE0630

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\SHELL32.dll [KERNEL32.dll!GetModuleHandleW]              01CE06A0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\SHELL32.dll [KERNEL32.dll!GetProcAddress]                01CE0710

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\SHELL32.dll [KERNEL32.dll!GetModuleFileNameW]            01CE0780

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\SHELL32.dll [KERNEL32.dll!LoadLibraryW]                  01CE07F0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\SHELL32.dll [KERNEL32.dll!FreeLibrary]                   01CE0860

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\SHELL32.dll [KERNEL32.dll!HeapFree]                      772C07F0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                  01CE08D0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\SHELL32.dll [ntdll.dll!RtlFreeHeap]                      772C0940

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW]                  01CE0940

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW]            01CE09B0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\SHLWAPI.dll [KERNEL32.dll!HeapFree]                      772C09B0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\SHLWAPI.dll [KERNEL32.dll!CreateThread]                  772C0A90

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA]            01CE0A20

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW]              01CE0A90

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   01CE0B00

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA]              01CE0B70

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW]                01CE0BE0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\SHLWAPI.dll [KERNEL32.dll!SetErrorMode]                  01CE0C50

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]                  01CE0CC0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\SHLWAPI.dll [KERNEL32.dll!FreeLibrary]                   01CE0D30

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                01CE0DA0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   01D006A0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW]              01D00710

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\CRYPT32.dll [KERNEL32.dll!VirtualAlloc]                  01C20A20

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\CRYPT32.dll [KERNEL32.dll!FreeLibrary]                   01D00780

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\CRYPT32.dll [KERNEL32.dll!GetProcAddress]                01D007F0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\CRYPT32.dll [KERNEL32.dll!LoadLibraryA]                  01D00860

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\CRYPT32.dll [KERNEL32.dll!CreateThread]                  01C20A90

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW]                01D008D0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW]            01D00940

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA]              01D009B0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\CRYPT32.dll [ntdll.dll!RtlFreeHeap]                      01C20B00

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\CRYPT32.dll [ntdll.dll!RtlAllocateHeap]                  01C20B70

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\USERENV.dll [ntdll.dll!RtlFreeHeap]                      01C20BE0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\USERENV.dll [KERNEL32.dll!HeapFree]                      01C20CC0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\USERENV.dll [KERNEL32.dll!CreateThread]                  01C20D30

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\USERENV.dll [KERNEL32.dll!SetErrorMode]                  01D00A90

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\USERENV.dll [KERNEL32.dll!GetProcAddress]                01D00B00

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\USERENV.dll [KERNEL32.dll!FreeLibrary]                   01D00B70

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\USERENV.dll [KERNEL32.dll!LoadLibraryA]                  01D00BE0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   01D00C50

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\USERENV.dll [KERNEL32.dll!GetModuleFileNameW]            01D00CC0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\Secur32.dll [ntdll.dll!RtlAllocateHeap]                  01C20DA0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\Secur32.dll [ntdll.dll!RtlFreeHeap]                      01C20E10

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   01D00D30

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\Secur32.dll [KERNEL32.dll!LoadLibraryA]                  01D00DA0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\Secur32.dll [KERNEL32.dll!GetModuleHandleW]              01D00E10

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\Secur32.dll [KERNEL32.dll!LoadLibraryW]                  01D00E80

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\Secur32.dll [KERNEL32.dll!GetModuleFileNameW]            01D00EF0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\Secur32.dll [KERNEL32.dll!GetProcAddress]                01D00F60

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\Secur32.dll [KERNEL32.dll!FreeLibrary]                   01D10010

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     01D105C0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\WS2_32.dll [KERNEL32.dll!GetModuleFileNameA]             01D10E10

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\WS2_32.dll [KERNEL32.dll!GetModuleHandleA]               01D10E80

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    01D10EF0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\WS2_32.dll [KERNEL32.dll!FreeLibrary]                    01D10F60

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\WS2_32.dll [KERNEL32.dll!CreateThread]                   01C30B70

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\WS2_32.dll [KERNEL32.dll!GetProcAddress]                 01D20010

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\WS2_32.dll [KERNEL32.dll!LoadLibraryA]                   01D20080

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\WS2_32.dll [KERNEL32.dll!LoadLibraryExW]                 01D200F0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\WS2_32.dll [KERNEL32.dll!HeapDestroy]                    01C30BE0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32

GMER-Log, Teil 2

Code:



\WS2_32.dll [KERNEL32.dll!GetModuleFileNameW]             01D20160

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\WS2_32.dll [KERNEL32.dll!LoadLibraryW]                   01D201D0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\WS2_32.dll [KERNEL32.dll!HeapFree]                       01C30C50

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\SAMLIB.dll [ntdll.dll!RtlFreeHeap]                       01C30E10

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\SAMLIB.dll [KERNEL32.dll!LoadLibraryA]                   01D20240

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\SAMLIB.dll [KERNEL32.dll!FreeLibrary]                    01D202B0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\SAMLIB.dll [KERNEL32.dll!GetProcAddress]                 01D20320

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    01D20390

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\ole32.dll [KERNEL32.dll!GetModuleHandleW]                01D20400

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\ole32.dll [KERNEL32.dll!HeapFree]                        01C30EF0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\ole32.dll [KERNEL32.dll!CreateThread]                    01C40080

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\ole32.dll [KERNEL32.dll!LoadLibraryExW]                  01D20470

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\ole32.dll [KERNEL32.dll!HeapDestroy]                     01C400F0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\ole32.dll [KERNEL32.dll!CreateProcessW]                  01D204E0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\ole32.dll [KERNEL32.dll!VirtualAlloc]                    01C40160

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     01D20550

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\ole32.dll [KERNEL32.dll!LoadLibraryW]                    01D205C0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\ole32.dll [KERNEL32.dll!GetModuleFileNameW]              01D20630

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\ole32.dll [KERNEL32.dll!LoadLibraryA]                    01D206A0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\ole32.dll [KERNEL32.dll!FreeLibrary]                     01D20710

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\ole32.dll [KERNEL32.dll!GetProcAddress]                  01D20780

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\ole32.dll [KERNEL32.dll!GetModuleFileNameA]              01D207F0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\ole32.dll [ntdll.dll!RtlFreeHeap]                        01C401D0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\ole32.dll [ntdll.dll!RtlAllocateHeap]                    01C40240

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\ole32.dll [ntdll.dll!RtlReAllocateHeap]                  01C402B0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\NETAPI32.dll [ntdll.dll!RtlAllocateHeap]                 01C40630

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\NETAPI32.dll [ntdll.dll!RtlFreeHeap]                     01C406A0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\NETAPI32.dll [KERNEL32.dll!LoadLibraryW]                 01D30010

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\NETAPI32.dll [KERNEL32.dll!LoadLibraryA]                 01D30080

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\NETAPI32.dll [KERNEL32.dll!FreeLibrary]                  01D300F0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\NETAPI32.dll [KERNEL32.dll!GetProcAddress]               01D30160

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  01D301D0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\NETAPI32.dll [KERNEL32.dll!GetModuleFileNameA]           01D30240

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\NETAPI32.dll [KERNEL32.dll!HeapFree]                     01C40710

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2216] @ C:\Windows\system32
 

\NETAPI32.dll [KERNEL32.dll!CreateThread]                 01C407F0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\kernel32.dll [ntdll.dll!RtlAllocateHeap]                 00960240

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\kernel32.dll [ntdll.dll!RtlFreeHeap]                     009602B0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\kernel32.dll [ntdll.dll!RtlSizeHeap]                     00960320

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\kernel32.dll [ntdll.dll!RtlReAllocateHeap]               00960390

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\msvcrt.dll [KERNEL32.dll!SetErrorMode]                   011E07F0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\msvcrt.dll [KERNEL32.dll!GetModuleHandleW]               011E0860

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\msvcrt.dll [KERNEL32.dll!GetProcAddress]                 011E08D0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\msvcrt.dll [KERNEL32.dll!LoadLibraryA]                   011E0940

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\msvcrt.dll [KERNEL32.dll!FreeLibrary]                    011E09B0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\msvcrt.dll [KERNEL32.dll!CreateProcessA]                 011E0A20

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\msvcrt.dll [KERNEL32.dll!CreateProcessW]                 011E0A90

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\msvcrt.dll [KERNEL32.dll!HeapDestroy]                    009604E0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\msvcrt.dll [KERNEL32.dll!VirtualFree]                    00960550

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\msvcrt.dll [KERNEL32.dll!HeapFree]                       009605C0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\msvcrt.dll [KERNEL32.dll!VirtualAlloc]                   009606A0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\msvcrt.dll [KERNEL32.dll!GetModuleFileNameA]             011E0B00

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\msvcrt.dll [KERNEL32.dll!GetModuleFileNameW]             011E0B70

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    011E0BE0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\msvcrt.dll [KERNEL32.dll!LoadLibraryW]                   011E0C50

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\msvcrt.dll [KERNEL32.dll!GetModuleHandleA]               011E0CC0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\msvcrt.dll [KERNEL32.dll!CreateThread]                   00960780

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\ADVAPI32.dll [ntdll.dll!RtlFreeHeap]                     009607F0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap]                 00960860

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]               011E0EF0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA]                 011E0F60

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\ADVAPI32.dll [KERNEL32.dll!HeapFree]                     009608D0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA]             75A60630

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\ADVAPI32.dll [KERNEL32.dll!FreeLibrary]                  75A606A0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW]               75A60710

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW]           75A60780

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\ADVAPI32.dll [KERNEL32.dll!SetErrorMode]                 75A607F0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\ADVAPI32.dll [KERNEL32.dll!VirtualFree]                  00960A20

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\ADVAPI32.dll [KERNEL32.dll!CreateThread]                 00960B00

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW]             75A60860

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  75A608D0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW]                 75A60940

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\RPCRT4.dll [ntdll.dll!RtlFreeHeap]                       00960B70

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\RPCRT4.dll [ntdll.dll!RtlAllocateHeap]                   00960BE0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    75A609B0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA]             75A60A20

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\RPCRT4.dll [KERNEL32.dll!GetProcAddress]                 75A60A90

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\RPCRT4.dll [KERNEL32.dll!FreeLibrary]                    75A60B00

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\RPCRT4.dll [KERNEL32.dll!LoadLibraryA]                   75A60B70

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\RPCRT4.dll [KERNEL32.dll!LoadLibraryW]                   75A60BE0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\RPCRT4.dll [KERNEL32.dll!VirtualFree]                    00960CC0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\RPCRT4.dll [KERNEL32.dll!VirtualAlloc]                   00960D30

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\RPCRT4.dll [KERNEL32.dll!HeapFree]                       00960E10

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\RPCRT4.dll [KERNEL32.dll!CreateThread]                   00960E80

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\RPCRT4.dll [KERNEL32.dll!GetModuleHandleW]               75A60C50

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\USER32.dll [ntdll.dll!RtlSizeHeap]                       00960EF0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\USER32.dll [ntdll.dll!RtlReAllocateHeap]                 00960F60

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\USER32.dll [ntdll.dll!RtlAllocateHeap]                   772C0400

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\USER32.dll [ntdll.dll!RtlFreeHeap]                       772C0470

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\USER32.dll [KERNEL32.dll!LoadLibraryExW]                 75A60CC0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\USER32.dll [KERNEL32.dll!CreateThread]                   772C04E0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\USER32.dll [KERNEL32.dll!CreateProcessW]                 75A60D30

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\USER32.dll [KERNEL32.dll!GetModuleFileNameA]             75A60DA0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\USER32.dll [KERNEL32.dll!GetModuleHandleA]               75A60E10

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\USER32.dll [KERNEL32.dll!LoadLibraryA]                   75A60E80

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    75A60EF0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\USER32.dll [KERNEL32.dll!GetModuleHandleW]               75A60F60

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\USER32.dll [KERNEL32.dll!GetModuleFileNameW]             011F0010

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\USER32.dll [KERNEL32.dll!LoadLibraryW]                   011F0080

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\USER32.dll [KERNEL32.dll!GetProcAddress]                 011F00F0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\USER32.dll [KERNEL32.dll!FreeLibrary]                    011F0160

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\GDI32.dll [ntdll.dll!RtlAllocateHeap]                    772C0550

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\GDI32.dll [ntdll.dll!RtlFreeHeap]                        772C05C0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     011F01D0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\GDI32.dll [KERNEL32.dll!LoadLibraryExW]                  011F0240

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\GDI32.dll [KERNEL32.dll!LoadLibraryA]                    011F02B0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\GDI32.dll [KERNEL32.dll!FreeLibrary]                     011F0320

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\GDI32.dll [KERNEL32.dll!GetProcAddress]                  011F0390

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\GDI32.dll [KERNEL32.dll!LoadLibraryW]                    011F0400

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\SHELL32.dll [KERNEL32.dll!VirtualFree]                   772C0630

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\SHELL32.dll [KERNEL32.dll!VirtualAlloc]                  772C06A0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   011F0470

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\SHELL32.dll [KERNEL32.dll!LoadLibraryExW]                011F04E0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\SHELL32.dll [KERNEL32.dll!HeapDestroy]                   772C0710

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\SHELL32.dll [KERNEL32.dll!CreateThread]                  772C0780

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\SHELL32.dll [KERNEL32.dll!CreateProcessW]                011F0550

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\SHELL32.dll [KERNEL32.dll!GetModuleFileNameA]            011F05C0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\SHELL32.dll [KERNEL32.dll!SetErrorMode]                  011F0630

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\SHELL32.dll [KERNEL32.dll!GetModuleHandleW]              011F06A0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\SHELL32.dll [KERNEL32.dll!GetProcAddress]                011F0710

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\SHELL32.dll [KERNEL32.dll!GetModuleFileNameW]            011F0780

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\SHELL32.dll [KERNEL32.dll!LoadLibraryW]                  011F07F0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\SHELL32.dll [KERNEL32.dll!FreeLibrary]                   011F0860

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\SHELL32.dll [KERNEL32.dll!HeapFree]                      772C07F0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                  011F08D0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\SHELL32.dll [ntdll.dll!RtlFreeHeap]                      772C0940

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW]                  011F0940

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW]            011F09B0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\SHLWAPI.dll [KERNEL32.dll!HeapFree]                      772C09B0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\SHLWAPI.dll [KERNEL32.dll!CreateThread]                  772C0A90

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA]            011F0A20

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW]              011F0A90

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   011F0B00

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA]              011F0B70

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW]                011F0BE0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\SHLWAPI.dll [KERNEL32.dll!SetErrorMode]                  011F0C50

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]                  011F0CC0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\SHLWAPI.dll [KERNEL32.dll!FreeLibrary]                   011F0D30

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                011F0DA0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   012106A0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW]              01210710

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\CRYPT32.dll [KERNEL32.dll!VirtualAlloc]                  00970A20

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\CRYPT32.dll [KERNEL32.dll!FreeLibrary]                   01210780

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\CRYPT32.dll [KERNEL32.dll!GetProcAddress]                012107F0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\CRYPT32.dll [KERNEL32.dll!LoadLibraryA]                  01210860

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\CRYPT32.dll [KERNEL32.dll!CreateThread]                  00970A90

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW]                012108D0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW]            01210940

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA]              012109B0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\CRYPT32.dll [ntdll.dll!RtlFreeHeap]                      00970B00

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\CRYPT32.dll [ntdll.dll!RtlAllocateHeap]                  00970B70

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\USERENV.dll [ntdll.dll!RtlFreeHeap]                      00970BE0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\USERENV.dll [KERNEL32.dll!HeapFree]                      00970CC0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\USERENV.dll [KERNEL32.dll!CreateThread]                  00970D30

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\USERENV.dll [KERNEL32.dll!SetErrorMode]                  01210A90

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\USERENV.dll [KERNEL32.dll!GetProcAddress]                01210B00

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\USERENV.dll [KERNEL32.dll!FreeLibrary]                   01210B70

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\USERENV.dll [KERNEL32.dll!LoadLibraryA]                  01210BE0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   01210C50

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\USERENV.dll [KERNEL32.dll!GetModuleFileNameW]            01210CC0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\Secur32.dll [ntdll.dll!RtlAllocateHeap]                  00970DA0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\Secur32.dll [ntdll.dll!RtlFreeHeap]                      00970E10

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   01210D30

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\Secur32.dll [KERNEL32.dll!LoadLibraryA]                  01210DA0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\Secur32.dll [KERNEL32.dll!GetModuleHandleW]              01210E10

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\Secur32.dll [KERNEL32.dll!LoadLibraryW]                  01210E80

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\Secur32.dll [KERNEL32.dll!GetModuleFileNameW]            01210EF0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\Secur32.dll [KERNEL32.dll!GetProcAddress]                01210F60

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\Secur32.dll [KERNEL32.dll!FreeLibrary]                   01220010

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     012205C0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\WS2_32.dll [KERNEL32.dll!GetModuleFileNameA]             01220E10

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\WS2_32.dll [KERNEL32.dll!GetModuleHandleA]               01220E80

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    01220EF0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\WS2_32.dll [KERNEL32.dll!FreeLibrary]                    01220F60

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\WS2_32.dll [KERNEL32.dll!CreateThread]                   00980B70

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\WS2_32.dll [KERNEL32.dll!GetProcAddress]                 01230010

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\WS2_32.dll [KERNEL32.dll!LoadLibraryA]                   01230080

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\WS2_32.dll [KERNEL32.dll!LoadLibraryExW]                 012300F0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\WS2_32.dll [KERNEL32.dll!HeapDestroy]                    00980BE0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\WS2_32.dll [KERNEL32.dll!GetModuleFileNameW]             01230160

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\WS2_32.dll [KERNEL32.dll!LoadLibraryW]                   012301D0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\WS2_32.dll [KERNEL32.dll!HeapFree]                       00980C50

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\SAMLIB.dll [ntdll.dll!RtlFreeHeap]                       00980E10

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\SAMLIB.dll [KERNEL32.dll!LoadLibraryA]                   01230240

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\SAMLIB.dll [KERNEL32.dll!FreeLibrary]                    012302B0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\SAMLIB.dll [KERNEL32.dll!GetProcAddress]                 01230320

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    01230390

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\ole32.dll [KERNEL32.dll!GetModuleHandleW]                01230400

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\ole32.dll [KERNEL32.dll!HeapFree]                        00980EF0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\ole32.dll [KERNEL32.dll!CreateThread]                    00F20080

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\ole32.dll [KERNEL32.dll!LoadLibraryExW]                  01230470

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\ole32.dll [KERNEL32.dll!HeapDestroy]                     00F200F0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\ole32.dll [KERNEL32.dll!CreateProcessW]                  012304E0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\ole32.dll [KERNEL32.dll!VirtualAlloc]                    00F20160

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     01230550

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\ole32.dll [KERNEL32.dll!LoadLibraryW]                    012305C0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\ole32.dll [KERNEL32.dll!GetModuleFileNameW]              01230630

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\ole32.dll [KERNEL32.dll!LoadLibraryA]                    012306A0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\ole32.dll [KERNEL32.dll!FreeLibrary]                     01230710

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\ole32.dll [KERNEL32.dll!GetProcAddress]                  01230780

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\ole32.dll [KERNEL32.dll!GetModuleFileNameA]              012307F0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\ole32.dll [ntdll.dll!RtlFreeHeap]                        00F201D0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\ole32.dll [ntdll.dll!RtlAllocateHeap]                    00F20240

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\ole32.dll [ntdll.dll!RtlReAllocateHeap]                  00F202B0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\NETAPI32.dll [ntdll.dll!RtlAllocateHeap]                 00F20630

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\NETAPI32.dll [ntdll.dll!RtlFreeHeap]                     00F206A0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\NETAPI32.dll [KERNEL32.dll!LoadLibraryW]                 01240010

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\NETAPI32.dll [KERNEL32.dll!LoadLibraryA]                 01240080

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\NETAPI32.dll [KERNEL32.dll!FreeLibrary]                  012400F0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\NETAPI32.dll [KERNEL32.dll!GetProcAddress]               01240160

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  012401D0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\NETAPI32.dll [KERNEL32.dll!GetModuleFileNameA]           01240240

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\NETAPI32.dll [KERNEL32.dll!HeapFree]                     00F20710

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\NETAPI32.dll [KERNEL32.dll!CreateThread]                 00F207F0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\iphlpapi.dll [ntdll.dll!RtlFreeHeap]                     772C0080

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\iphlpapi.dll [ntdll.dll!RtlAllocateHeap]                 772C0010

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\iphlpapi.dll [KERNEL32.dll!HeapFree]                     772C02B0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  75A605C0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\iphlpapi.dll [KERNEL32.dll!LoadLibraryA]                 75A60390

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\iphlpapi.dll [KERNEL32.dll!FreeLibrary]                  75A600F0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\iphlpapi.dll [KERNEL32.dll!GetProcAddress]               75A60320

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\iphlpapi.dll [KERNEL32.dll!GetModuleHandleW]             75A602B0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\WININET.dll [KERNEL32.dll!LoadLibraryW]                  75A604E0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\WININET.dll [KERNEL32.dll!CreateThread]                  772C01D0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\WININET.dll [KERNEL32.dll!SetErrorMode]                  75A60550

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\WININET.dll [KERNEL32.dll!GetModuleHandleA]              75A60240

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\WININET.dll [KERNEL32.dll!GetModuleHandleW]              75A602B0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\WININET.dll [KERNEL32.dll!GetModuleFileNameA]            75A60160

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\WININET.dll [KERNEL32.dll!HeapFree]                      772C02B0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   75A605C0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\WININET.dll [KERNEL32.dll!LoadLibraryExW]                75A60470

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\WININET.dll [KERNEL32.dll!GetProcAddress]                75A60320

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\WININET.dll [KERNEL32.dll!LoadLibraryA]                  75A60390

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\WININET.dll [KERNEL32.dll!FreeLibrary]                   75A600F0

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2228] @ C:\Windows\system32
 

\WININET.dll [KERNEL32.dll!GetModuleFileNameW]            75A601D0
 

---- Devices - GMER 1.0.15 ----
 

Device          \FileSystem\Ntfs \Ntfs                                                                              
 

                                                  86F301F8
 

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                             
 

                                                  Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
 

Device          \Driver\volmgr \Device\VolMgrControl                                                                
 

                                                  8659C1F8
 

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                             
 

                                                  Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
 

Device          \Driver\usbuhci \Device\USBPDO-0                                                                    
 

                                                  87F4C1F8

Device          \Driver\usbuhci \Device\USBPDO-1                                                                    
 

                                                  87F4C1F8

Device          \Driver\usbehci \Device\USBPDO-2                                                                    
 

                                                  87F571F8

Device          \Driver\netbt \Device\NetBT_Tcpip_{45CA579C-89F4-46A3-905E-5F78C8604FD7}                            
 

                                                  88621500

Device          \Driver\usbuhci \Device\USBPDO-3                                                                    
 

                                                  87F4C1F8

Device          \Driver\usbuhci \Device\USBPDO-4                                                                    
 

                                                  87F4C1F8
 

AttachedDevice  \Driver\tdx \Device\Tcp                                                                             
 

                                                  kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
 

Device          \Driver\usbuhci \Device\USBPDO-5                                                                    
 

                                                  87F4C1F8

Device          \Driver\usbehci \Device\USBPDO-6                                                                    
 

                                                  87F571F8

Device          \Driver\volmgr \Device\HarddiskVolume1                                                              
 

                                                  8659C1F8

Device          \Driver\volmgr \Device\HarddiskVolume2                                                              
 

                                                  8659C1F8

Device          \Driver\cdrom \Device\CdRom0                                                                        
 

                                                  87F801F8

Device          \Driver\volmgr \Device\HarddiskVolume3                                                              
 

                                                  8659C1F8

Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                         
 

                                                  86F2E1F8

Device          \Driver\atapi \Device\Ide\IdePort0                                                                  
 

                                                  86F2E1F8

Device          \Driver\atapi \Device\Ide\IdePort1                                                                  
 

                                                  86F2E1F8

Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1                                                         
 

                                                  86F2E1F8

Device          \Driver\volmgr \Device\HarddiskVolume4                                                              
 

                                                  8659C1F8

Device          \Driver\netbt \Device\NetBt_Wins_Export                                                             
 

                                                  88621500

Device          \Driver\USBSTOR \Device\00000084                                                                    
 

                                                  8850D1F8

Device          \Driver\netbt \Device\NetBT_Tcpip_{4434B8AD-3DEB-40BC-8D02-48A1755F9C62}                            
 

                                                  88621500

Device          \Driver\Smb \Device\NetbiosSmb                                                                      
 

                                                  884FB1F8

Device          \Driver\USBSTOR \Device\00000085                                                                    
 

                                                  8850D1F8

Device          \Driver\iScsiPrt \Device\RaidPort0                                                                  
 

                                                  880CE1F8
 

AttachedDevice  \Driver\tdx \Device\Udp                                                                             
 

                                                  kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

AttachedDevice  \Driver\tdx \Device\RawIp                                                                           
 

                                                  kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
 

Device          \Driver\netbt \Device\NetBT_Tcpip_{F808A7E5-5C90-4E27-BA74-424F821375ED}                            
 

                                                  88621500

Device          \Driver\usbuhci \Device\USBFDO-0                                                                    
 

                                                  87F4C1F8

Device          \Driver\usbuhci \Device\USBFDO-1                                                                    
 

                                                  87F4C1F8

Device          \Driver\usbehci \Device\USBFDO-2                                                                    
 

                                                  87F571F8

Device          \Driver\netbt \Device\NetBT_Tcpip_{C7F0FFAA-7E51-4B75-9B9D-3441F898A782}                            
 

                                                  88621500

Device          \Driver\usbuhci \Device\USBFDO-3                                                                    
 

                                                  87F4C1F8

Device          \Driver\usbuhci \Device\USBFDO-4                                                                    
 

                                                  87F4C1F8

Device          \Driver\usbuhci \Device\USBFDO-5                                                                    
 

                                                  87F4C1F8

Device          \Driver\usbehci \Device\USBFDO-6                                                                    
 

                                                  87F571F8

Device          \FileSystem\cdfs \Cdfs                                                                              
 

                                                  86B021F8
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001e4ce115ba (not active ControlSet)     
 

                                                  

Reg             HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001e4ce115ba@f4fc32626834                
 

                                                  0xF0 0x1C 0xAA 0x7D ...

Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active 
 

ControlSet)                                                  

Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                     
 

                                                  0

Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                  
 

                                                  0xC5 0xE3 0x23 0x49 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4ce115ba (not active ControlSet)     
 

                                                  

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active 
 

ControlSet)                                                  

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                     
 

                                                  0

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                  
 

                                                  0xC5 0xE3 0x23 0x49 ...

Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e4ce115ba (not active ControlSet)     
 

                                                  

Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e4ce115ba@f4fc32626834                
 

                                                  0xF0 0x1C 0xAA 0x7D ...

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active 
 

ControlSet)                                                  

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                     
 

                                                  0

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                  
 

                                                  0xC5 0xE3 0x23 0x49 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4ce115ba                         
 

                                                  

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4ce115ba@f4fc32626834            
 

                                                  0xF0 0x1C 0xAA 0x7D ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                  
 

                                                  771343423

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                  
 

                                                  285507792

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                  
 

                                                  1

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                    
 

                                                  

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                 
 

                                                  0

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh              
 

                                                  0xC5 0xE3 0x23 0x49 ...

Reg             HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001e4ce115ba (not active ControlSet)     
 

                                                  

Reg             HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001e4ce115ba@f4fc32626834                
 

                                                  0xF0 0x1C 0xAA 0x7D ...

Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active 
 

ControlSet)                                                  

Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                     
 

                                                  0

Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                  
 

                                                  0xC5 0xE3 0x23 0x49 ...

Reg             HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001e4ce115ba (not active ControlSet)     
 

                                                  

Reg             HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001e4ce115ba@f4fc32626834                
 

                                                  0xF0 0x1C 0xAA 0x7D ...

Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active 
 

ControlSet)                                                  

Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                     
 

                                                  0

Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                  
 

                                                  0xC5 0xE3 0x23 0x49 ...

Reg             HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\001e4ce115ba (not active ControlSet)     
 

                                                  

Reg             HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\001e4ce115ba@f4fc32626834                
 

                                                  0xF0 0x1C 0xAA 0x7D ...

Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active 
 

ControlSet)                                                  

Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                     
 

                                                  0

Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                  
 

                                                  0xC5 0xE3 0x23 0x49 ...

Hier die Logs von RootRepeal, zunächst vom Scan:

Code:



ROOTREPEAL (c) AD, 2007-2009

==================================================

Scan Start Time:                2010/08/10 18:33

Program Version:                Version 1.3.5.0

Windows Version:                Windows Vista SP2

==================================================
 

Drivers

-------------------

Name: 1394BUS.SYS

Image Path: C:\Windows\system32\DRIVERS\1394BUS.SYS

Address: 0x9212C000        Size: 57344        File Visible: -        Signed: -

Status: -
 

Name: acpi.sys

Image Path: C:\Windows\system32\drivers\acpi.sys

Address: 0x807B8000        Size: 286720        File Visible: -        Signed: -

Status: -
 

Name: ACPI_HAL

Image Path: \Driver\ACPI_HAL

Address: 0x8361A000        Size: 3903488        File Visible: -        Signed: -

Status: -
 

Name: afd.sys

Image Path: C:\Windows\system32\drivers\afd.sys

Address: 0x93357000        Size: 294912        File Visible: -        Signed: -

Status: -
 

Name: atapi.sys

Image Path: C:\Windows\system32\drivers\atapi.sys

Address: 0x8BC82000        Size: 32768        File Visible: -        Signed: -

Status: -
 

Name: ataport.SYS

Image Path: C:\Windows\system32\drivers\ataport.SYS

Address: 0x8BC8A000        Size: 122880        File Visible: -        Signed: -

Status: -
 

Name: BATTC.SYS

Image Path: C:\Windows\system32\DRIVERS\BATTC.SYS

Address: 0x805F5000        Size: 40960        File Visible: -        Signed: -

Status: -
 

Name: bcm4sbxp.sys

Image Path: C:\Windows\system32\DRIVERS\bcm4sbxp.sys

Address: 0x9210B000        Size: 69632        File Visible: -        Signed: -

Status: -
 

Name: bcmwl6.sys

Image Path: C:\Windows\system32\DRIVERS\bcmwl6.sys

Address: 0x9200A000        Size: 1052672        File Visible: -        Signed: -

Status: -
 

Name: Beep.SYS

Image Path: C:\Windows\System32\Drivers\Beep.SYS

Address: 0x92C9A000        Size: 28672        File Visible: -        Signed: -

Status: -
 

Name: BOOTVID.dll

Image Path: C:\Windows\system32\BOOTVID.dll

Address: 0x8048B000        Size: 32768        File Visible: -        Signed: -

Status: -
 

Name: bowser.sys

Image Path: C:\Windows\system32\DRIVERS\bowser.sys

Address: 0x93266000        Size: 102400        File Visible: -        Signed: -

Status: -
 

Name: BthEnum.sys

Image Path: C:\Windows\system32\DRIVERS\BthEnum.sys

Address: 0xA33E0000        Size: 40960        File Visible: -        Signed: -

Status: -
 

Name: bthmodem.sys

Image Path: C:\Windows\system32\DRIVERS\bthmodem.sys

Address: 0xA33EA000        Size: 61440        File Visible: -        Signed: -

Status: -
 

Name: bthpan.sys

Image Path: C:\Windows\system32\DRIVERS\bthpan.sys

Address: 0x92F13000        Size: 106496        File Visible: -        Signed: -

Status: -
 

Name: bthport.sys

Image Path: C:\Windows\System32\Drivers\bthport.sys

Address: 0xA3337000        Size: 524288        File Visible: -        Signed: -

Status: -
 

Name: BTHUSB.sys

Image Path: C:\Windows\System32\Drivers\BTHUSB.sys

Address: 0xA332A000        Size: 53248        File Visible: -        Signed: -

Status: -
 

Name: cdd.dll

Image Path: C:\Windows\System32\cdd.dll

Address: 0x81720000        Size: 57344        File Visible: -        Signed: -

Status: -
 

Name: cdfs.sys

Image Path: C:\Windows\system32\DRIVERS\cdfs.sys

Address: 0xA32FD000        Size: 90112        File Visible: -        Signed: -

Status: -
 

Name: cdrom.sys

Image Path: C:\Windows\system32\DRIVERS\cdrom.sys

Address: 0x8C3D8000        Size: 98304        File Visible: -        Signed: -

Status: -
 

Name: CI.dll

Image Path: C:\Windows\system32\CI.dll

Address: 0x804D4000        Size: 917504        File Visible: -        Signed: -

Status: -
 

Name: CLASSPNP.SYS

Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS

Address: 0x8C965000        Size: 135168        File Visible: -        Signed: -

Status: -
 

Name: CLFS.SYS

Image Path: C:\Windows\system32\CLFS.SYS

Address: 0x80493000        Size: 266240        File Visible: -        Signed: -

Status: -
 

Name: CmBatt.sys

Image Path: C:\Windows\system32\DRIVERS\CmBatt.sys

Address: 0x921FB000        Size: 14208        File Visible: -        Signed: -

Status: -
 

Name: compbatt.sys

Image Path: C:\Windows\system32\DRIVERS\compbatt.sys

Address: 0x805F2000        Size: 10496        File Visible: -        Signed: -

Status: -
 

Name: crashdmp.sys

Image Path: C:\Windows\System32\Drivers\crashdmp.sys

Address: 0x93079000        Size: 53248        File Visible: -        Signed: -

Status: -
 

Name: crcdisk.sys

Image Path: C:\Windows\system32\drivers\crcdisk.sys

Address: 0x8C986000        Size: 36864        File Visible: -        Signed: -

Status: -
 

Name: csc.sys

Image Path: C:\Windows\system32\drivers\csc.sys

Address: 0x92EA1000        Size: 372736        File Visible: -        Signed: -

Status: -
 

Name: dfsc.sys

Image Path: C:\Windows\System32\Drivers\dfsc.sys

Address: 0x92EFC000        Size: 94208        File Visible: -        Signed: -

Status: -
 

Name: disk.sys

Image Path: C:\Windows\system32\drivers\disk.sys

Address: 0x8C954000        Size: 69632        File Visible: -        Signed: -

Status: -
 

Name: drmk.sys

Image Path: C:\Windows\system32\drivers\drmk.sys

Address: 0x925D4000        Size: 151552        File Visible: -        Signed: -

Status: -
 

Name: dump_atapi.sys

Image Path: C:\Windows\System32\Drivers\dump_atapi.sys

Address: 0x93091000        Size: 32768        File Visible: No        Signed: -

Status: -
 

Name: dump_dumpata.sys

Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys

Address: 0x93086000        Size: 45056        File Visible: No        Signed: -

Status: -
 

Name: Dxapi.sys

Image Path: C:\Windows\System32\drivers\Dxapi.sys

Address: 0x93099000        Size: 40960        File Visible: -        Signed: -

Status: -
 

Name: dxgkrnl.sys

Image Path: C:\Windows\System32\drivers\dxgkrnl.sys

Address: 0x91F5D000        Size: 659456        File Visible: -        Signed: -

Status: -
 

Name: ecache.sys

Image Path: C:\Windows\System32\drivers\ecache.sys

Address: 0x8C92D000        Size: 159744        File Visible: -        Signed: -

Status: -
 

Name: fileinfo.sys

Image Path: C:\Windows\system32\drivers\fileinfo.sys

Address: 0x8BCE4000        Size: 65536        File Visible: -        Signed: -

Status: -
 

Name: fltmgr.sys

Image Path: C:\Windows\system32\drivers\fltmgr.sys

Address: 0x8BCB2000        Size: 204800        File Visible: -        Signed: -

Status: -
 

Name: Fs_Rec.SYS

Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS

Address: 0x92C8A000        Size: 36864        File Visible: -        Signed: -

Status: -
 

Name: fwpkclnt.sys

Image Path: C:\Windows\System32\drivers\fwpkclnt.sys

Address: 0x8C0F1000        Size: 110592        File Visible: -        Signed: -

Status: -
 

Name: hal.dll

Image Path: C:\Windows\system32\hal.dll

Address: 0x839D3000        Size: 208896        File Visible: -        Signed: -

Status: -
 

Name: HDAudBus.sys

Image Path: C:\Windows\system32\DRIVERS\HDAudBus.sys

Address: 0x8C10C000        Size: 577536        File Visible: -        Signed: -

Status: -
 

Name: HIDCLASS.SYS

Image Path: C:\Windows\system32\DRIVERS\HIDCLASS.SYS

Address: 0x92F2D000        Size: 65536        File Visible: -        Signed: -

Status: -
 

Name: HIDPARSE.SYS

Image Path: C:\Windows\system32\DRIVERS\HIDPARSE.SYS

Address: 0x92CAA000        Size: 28672        File Visible: -        Signed: -

Status: -
 

Name: hidusb.sys

Image Path: C:\Windows\system32\DRIVERS\hidusb.sys

Address: 0xA3200000        Size: 36864        File Visible: -        Signed: -

Status: -
 

Name: HTTP.sys

Image Path: C:\Windows\system32\drivers\HTTP.sys

Address: 0x931DC000        Size: 446464        File Visible: -        Signed: -

Status: -
 

Name: i8042prt.sys

Image Path: C:\Windows\system32\DRIVERS\i8042prt.sys

Address: 0x921C7000        Size: 77824        File Visible: -        Signed: -

Status: -
 

Name: intelide.sys

Image Path: C:\Windows\system32\drivers\intelide.sys

Address: 0x8BC5D000        Size: 28672        File Visible: -        Signed: -

Status: -
 

Name: intelppm.sys

Image Path: C:\Windows\system32\DRIVERS\intelppm.sys

Address: 0x8C9D5000        Size: 61440        File Visible: -        Signed: -

Status: -
 

Name: kbdclass.sys

Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys

Address: 0x921F0000        Size: 45056        File Visible: -        Signed: -

Status: -
 

Name: kbdhid.sys

Image Path: C:\Windows\system32\DRIVERS\kbdhid.sys

Address: 0x92F3D000        Size: 36864        File Visible: -        Signed: -

Status: -
 

Name: kdcom.dll

Image Path: C:\Windows\system32\kdcom.dll

Address: 0x80403000        Size: 28672        File Visible: -        Signed: -

Status: -
 

Name: kglyruod.sys

Image Path: C:\Users\***~1\AppData\Local\Temp\kglyruod.sys

Address: 0xA3313000        Size: 93056        File Visible: No        Signed: -

Status: -
 

Name: kl1.sys

Image Path: C:\Windows\system32\DRIVERS\kl1.sys

Address: 0x8C40B000        Size: 5382144        File Visible: -        Signed: -

Status: -
 

Name: klif.sys

Image Path: C:\Windows\system32\DRIVERS\klif.sys

Address: 0x92C0A000        Size: 524288        File Visible: -        Signed: -

Status: -
 

Name: klim6.sys

Image Path: C:\Windows\system32\DRIVERS\klim6.sys

Address: 0x933E7000        Size: 32768        File Visible: -        Signed: -

Status: -
 

Name: klmouflt.sys

Image Path: C:\Windows\system32\DRIVERS\klmouflt.sys

Address: 0x921DC000        Size: 36864        File Visible: -        Signed: -

Status: -
 

Name: ks.sys

Image Path: C:\Windows\system32\DRIVERS\ks.sys

Address: 0x9249C000        Size: 172032        File Visible: -        Signed: -

Status: -
 

Name: ksecdd.sys

Image Path: C:\Windows\System32\Drivers\ksecdd.sys

Address: 0x8BCFD000        Size: 462848        File Visible: -        Signed: -

Status: -
 

Name: lltdio.sys

Image Path: C:\Windows\system32\DRIVERS\lltdio.sys

Address: 0x93185000        Size: 65536        File Visible: -        Signed: -

Status: -
 

Name: luafv.sys

Image Path: C:\Windows\system32\drivers\luafv.sys

Address: 0x930B2000        Size: 110592        File Visible: -        Signed: -

Status: -
 

Name: mcupdate_GenuineIntel.dll

Image Path: C:\Windows\system32\mcupdate_GenuineIntel.dll

Address: 0x8040A000        Size: 458752        File Visible: -        Signed: -

Status: -
 

Name: modem.sys

Image Path: C:\Windows\system32\drivers\modem.sys

Address: 0x92BBB000        Size: 53248        File Visible: -        Signed: -

Status: -
 

Name: monitor.sys

Image Path: C:\Windows\system32\DRIVERS\monitor.sys

Address: 0x930A3000        Size: 61440        File Visible: -        Signed: -

Status: -
 

Name: mouclass.sys

Image Path: C:\Windows\system32\DRIVERS\mouclass.sys

Address: 0x921E5000        Size: 45056        File Visible: -        Signed: -

Status: -
 

Name: mouhid.sys

Image Path: C:\Windows\system32\DRIVERS\mouhid.sys

Address: 0x92F46000        Size: 32768        File Visible: -        Signed: -

Status: -
 

Name: mountmgr.sys

Image Path: C:\Windows\System32\drivers\mountmgr.sys

Address: 0x8BC72000        Size: 65536        File Visible: -        Signed: -

Status: -
 

Name: mpsdrv.sys

Image Path: C:\Windows\System32\drivers\mpsdrv.sys

Address: 0x9327F000        Size: 86016        File Visible: -        Signed: -

Status: -
 

Name: mrxdav.sys

Image Path: C:\Windows\system32\drivers\mrxdav.sys

Address: 0x93294000        Size: 135168        File Visible: -        Signed: -

Status: -
 

Name: mrxsmb.sys

Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys

Address: 0x932B5000        Size: 126976        File Visible: -        Signed: -

Status: -
 

Name: mrxsmb10.sys

Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys

Address: 0x932D4000        Size: 233472        File Visible: -        Signed: -

Status: -
 

Name: mrxsmb20.sys

Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys

Address: 0x9330D000        Size: 98304        File Visible: -        Signed: -

Status: -
 

Name: msahci.sys

Image Path: C:\Windows\system32\drivers\msahci.sys

Address: 0x8BCA8000        Size: 40960        File Visible: -        Signed: -

Status: -
 

Name: Msfs.SYS

Image Path: C:\Windows\System32\Drivers\Msfs.SYS

Address: 0x92CEE000        Size: 45056        File Visible: -        Signed: -

Status: -
 

Name: msisadrv.sys

Image Path: C:\Windows\system32\drivers\msisadrv.sys

Address: 0x805B4000        Size: 32768        File Visible: -        Signed: -

Status: -
 

Name: msiscsi.sys

Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys

Address: 0x8C1C4000        Size: 192512        File Visible: -        Signed: -

Status: -
 

Name: msrpc.sys

Image Path: C:\Windows\system32\drivers\msrpc.sys

Address: 0x8BF0C000        Size: 176128        File Visible: -        Signed: -

Status: -
 

Name: mssmbios.sys

Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys

Address: 0x924C6000        Size: 40960        File Visible: -        Signed: -

Status: -
 

Name: mup.sys

Image Path: C:\Windows\System32\Drivers\mup.sys

Address: 0x8C38B000        Size: 61440        File Visible: -        Signed: -

Status: -
 

Name: ndis.sys

Image Path: C:\Windows\system32\drivers\ndis.sys

Address: 0x8BE01000        Size: 1093632        File Visible: -        Signed: -

Status: -
 

Name: ndistapi.sys

Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys

Address: 0x8C3F0000        Size: 45056        File Visible: -        Signed: -

Status: -
 

Name: ndisuio.sys

Image Path: C:\Windows\system32\DRIVERS\ndisuio.sys

Address: 0x931BF000        Size: 40960        File Visible: -        Signed: -

Status: -
 

Name: ndiswan.sys

Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys

Address: 0x8BFCA000        Size: 143360        File Visible: -        Signed: -

Status: -
 

Name: NDProxy.SYS

Image Path: C:\Windows\System32\Drivers\NDProxy.SYS

Address: 0x92543000        Size: 69632        File Visible: -        Signed: -

Status: -
 

Name: netbios.sys

Image Path: C:\Windows\system32\DRIVERS\netbios.sys

Address: 0x933EF000        Size: 57344        File Visible: -        Signed: -

Status: -
 

Name: netbt.sys

Image Path: C:\Windows\System32\DRIVERS\netbt.sys

Address: 0x9339F000        Size: 204800        File Visible: -        Signed: -

Status: -
 

Name: NETIO.SYS

Image Path: C:\Windows\system32\drivers\NETIO.SYS

Address: 0x8BF37000        Size: 241664        File Visible: -        Signed: -

Status: -
 

Name: Npfs.SYS

Image Path: C:\Windows\System32\Drivers\Npfs.SYS

Address: 0x92CF9000        Size: 57344        File Visible: -        Signed: -

Status: -
 

Name: nsiproxy.sys

Image Path: C:\Windows\system32\drivers\nsiproxy.sys

Address: 0x92E97000        Size: 40960        File Visible: -        Signed: -

Status: -
 

Name: Ntfs.sys

Image Path: C:\Windows\System32\Drivers\Ntfs.sys

Address: 0x8C207000        Size: 1114112        File Visible: -        Signed: -

Status: -
 

Name: ntkrnlpa.exe

Image Path: C:\Windows\system32\ntkrnlpa.exe

Address: 0x8361A000        Size: 3903488        File Visible: -        Signed: -

Status: -
 

Name: Null.SYS

Image Path: C:\Windows\System32\Drivers\Null.SYS

Address: 0x92C93000        Size: 28672        File Visible: -        Signed: -

Status: -
 

Name: nvBridge.kmd

Image Path: C:\Windows\system32\DRIVERS\nvBridge.kmd

Address: 0x91F5B000        Size: 8192        File Visible: -        Signed: -

Status: -
 

Name: nvlddmkm.sys

Image Path: C:\Windows\system32\DRIVERS\nvlddmkm.sys

Address: 0x9160A000        Size: 9768640        File Visible: -        Signed: -

Status: -
 

Name: nwifi.sys

Image Path: C:\Windows\system32\DRIVERS\nwifi.sys

Address: 0x93195000        Size: 172032        File Visible: -        Signed: -

Status: -
 

Name: OEM02Dev.sys

Image Path: C:\Windows\system32\DRIVERS\OEM02Dev.sys

Address: 0x93013000        Size: 235648        File Visible: -        Signed: -

Status: -
 

Name: OEM02Vfx.sys

Image Path: C:\Windows\system32\DRIVERS\OEM02Vfx.sys

Address: 0x9304D000        Size: 7424        File Visible: -        Signed: -

Status: -
 

Name: ohci1394.sys

Image Path: C:\Windows\system32\DRIVERS\ohci1394.sys

Address: 0x9211C000        Size: 62208        File Visible: -        Signed: -

Status: -
 

Name: pacer.sys

Image Path: C:\Windows\system32\DRIVERS\pacer.sys

Address: 0x933D1000        Size: 90112        File Visible: -        Signed: -

Status: -
 

Name: partmgr.sys

Image Path: C:\Windows\System32\drivers\partmgr.sys

Address: 0x805E3000        Size: 61440        File Visible: -        Signed: -

Status: -
 

Name: pci.sys

Image Path: C:\Windows\system32\drivers\pci.sys

Address: 0x805BC000        Size: 159744        File Visible: -        Signed: -

Status: -
 

Name: PCIIDEX.SYS

Image Path: C:\Windows\system32\drivers\PCIIDEX.SYS

Address: 0x8BC64000        Size: 57344        File Visible: -        Signed: -

Status: -
 

Name: peauth.sys

Image Path: C:\Windows\system32\drivers\peauth.sys

Address: 0xA3209000        Size: 909312        File Visible: -        Signed: -

Status: -
 

Name: PnpManager

Image Path: \Driver\PnpManager

Address: 0x8361A000        Size: 3903488        File Visible: -        Signed: -

Status: -
 

Name: portcls.sys

Image Path: C:\Windows\system32\drivers\portcls.sys

Address: 0x925A7000        Size: 184320        File Visible: -        Signed: -

Status: -
 

Name: PSHED.dll

Image Path: C:\Windows\system32\PSHED.dll

Address: 0x8047A000        Size: 69632        File Visible: -        Signed: -

Status: -
 

Name: PxHelp20.sys

Image Path: C:\Windows\System32\Drivers\PxHelp20.sys

Address: 0x8BCF4000        Size: 36320        File Visible: -        Signed: -

Status: -
 

Name: rasacd.sys

Image Path: C:\Windows\System32\DRIVERS\rasacd.sys

Address: 0x92D07000        Size: 36864        File Visible: -        Signed: -

Status: -
 

Name: rasl2tp.sys

Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys

Address: 0x8BFB3000        Size: 94208        File Visible: -        Signed: -

Status: -
 

Name: raspppoe.sys

Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys

Address: 0x8BFED000        Size: 61440        File Visible: -        Signed: -

Status: -
 

Name: raspptp.sys

Image Path: C:\Windows\system32\DRIVERS\raspptp.sys

Address: 0x8BD6E000        Size: 81920        File Visible: -        Signed: -

Status: -
 

Name: rassstp.sys

Image Path: C:\Windows\system32\DRIVERS\rassstp.sys

Address: 0x8BD82000        Size: 86016        File Visible: -        Signed: -

Status: -
 

Name: RAW

Image Path: \FileSystem\RAW

Address: 0x8361A000        Size: 3903488        File Visible: -        Signed: -

Status: -
 

Name: rdbss.sys

Image Path: C:\Windows\system32\DRIVERS\rdbss.sys

Address: 0x92E5B000        Size: 245760        File Visible: -        Signed: -

Status: -
 

Name: RDPCDD.sys

Image Path: C:\Windows\System32\DRIVERS\RDPCDD.sys

Address: 0x92CDE000        Size: 32768        File Visible: -        Signed: -

Status: -
 

Name: rdpdr.sys

Image Path: C:\Windows\system32\DRIVERS\rdpdr.sys

Address: 0x92401000        Size: 561152        File Visible: -        Signed: -

Status: -
 

Name: rdpencdd.sys

Image Path: C:\Windows\system32\drivers\rdpencdd.sys

Address: 0x92CE6000        Size: 32768        File Visible: -        Signed: -

Status: -
 

Name: rfcomm.sys

Image Path: C:\Windows\system32\DRIVERS\rfcomm.sys

Address: 0xA33B7000        Size: 167936        File Visible: -        Signed: -

Status: -
 

Name: rimmptsk.sys

Image Path: C:\Windows\system32\DRIVERS\rimmptsk.sys

Address: 0x92154000        Size: 57344        File Visible: -        Signed: -

Status: -
 

Name: rimsptsk.sys

Image Path: C:\Windows\system32\DRIVERS\rimsptsk.sys

Address: 0x92162000        Size: 81920        File Visible: -        Signed: -

Status: -
 

Name: rixdptsk.sys

Image Path: C:\Windows\system32\DRIVERS\rixdptsk.sys

Address: 0x92176000        Size: 331776        File Visible: -        Signed: -

Status: -
 

Name: rootrepeal.sys

Image Path: C:\Windows\system32\drivers\rootrepeal.sys

Address: 0x92F4E000        Size: 49152        File Visible: No        Signed: -

Status: -
 

Name: rspndr.sys

Image Path: C:\Windows\system32\DRIVERS\rspndr.sys

Address: 0x931C9000        Size: 77824        File Visible: -        Signed: -

Status: -
 

Name: SCSIPORT.SYS

Image Path: C:\Windows\System32\Drivers\SCSIPORT.SYS

Address: 0x80792000        Size: 155648        File Visible: -        Signed: -

Status: -
 

Name: sdbus.sys

Image Path: C:\Windows\system32\DRIVERS\sdbus.sys

Address: 0x9213A000        Size: 106496        File Visible: -        Signed: -

Status: -
 

Name: secdrv.SYS

Image Path: C:\Windows\System32\Drivers\secdrv.SYS

Address: 0xA32E7000        Size: 40960        File Visible: -        Signed: -

Status: -
 

Name: serscan.sys

Image Path: C:\Windows\system32\DRIVERS\serscan.sys

Address: 0x91600000        Size: 32768        File Visible: -        Signed: -

Status: -
 

Name: sfdrv01.sys

Image Path: C:\Windows\System32\drivers\sfdrv01.sys

Address: 0x8C378000        Size: 77824        File Visible: -        Signed: -

Status: -
 

Name: sfhlp02.sys

Image Path: C:\Windows\System32\drivers\sfhlp02.sys

Address: 0x8C370000        Size: 32768        File Visible: -        Signed: -

Status: -
 

Name: sfvfs02.sys

Image Path: C:\Windows\System32\drivers\sfvfs02.sys

Address: 0x8C358000        Size: 98304        File Visible: -        Signed: -

Status: -
 

Name: smb.sys

Image Path: C:\Windows\system32\DRIVERS\smb.sys

Address: 0x93343000        Size: 81920        File Visible: -        Signed: -

Status: -
 

Name: spldr.sys

Image Path: C:\Windows\System32\Drivers\spldr.sys

Address: 0x8C350000        Size: 32768        File Visible: -        Signed: -

Status: -
 

Name: sppj.sys

Image Path: C:\Windows\System32\Drivers\sppj.sys

Address: 0x80689000        Size: 1048576        File Visible: No        Signed: -

Status: -
 

Name: spsys.sys

Image Path: C:\Windows\system32\drivers\spsys.sys

Address: 0x930D5000        Size: 720896        File Visible: -        Signed: -

Status: -
 

Name: sptd

Image Path: \Driver\sptd

Address: 0x00000000        Size: 0        File Visible: No        Signed: -

Status: -
 

Name: srv.sys

Image Path: C:\Windows\System32\DRIVERS\srv.sys

Address: 0x92D4D000        Size: 319488        File Visible: -        Signed: -

Status: -
 

Name: srv2.sys

Image Path: C:\Windows\System32\DRIVERS\srv2.sys

Address: 0x92D26000        Size: 159744        File Visible: -        Signed: -

Status: -
 

Name: srvnet.sys

Image Path: C:\Windows\System32\DRIVERS\srvnet.sys

Address: 0x93249000        Size: 118784        File Visible: -        Signed: -

Status: -
 

Name: storport.sys

Image Path: C:\Windows\system32\DRIVERS\storport.sys

Address: 0x8BF72000        Size: 266240        File Visible: -        Signed: -

Status: -
 

Name: stwrt.sys

Image Path: C:\Windows\system32\drivers\stwrt.sys

Address: 0x92554000        Size: 339968        File Visible: -        Signed: -

Status: -
 

Name: swenum.sys

Image Path: C:\Windows\system32\DRIVERS\swenum.sys

Address: 0x9249A000        Size: 4992        File Visible: -        Signed: -

Status: -
 

Name: SynTP.sys

Image Path: C:\Windows\system32\DRIVERS\SynTP.sys

Address: 0x8C199000        Size: 175488        File Visible: -        Signed: -

Status: -
 

Name: tap0901.sys

Image Path: C:\Windows\system32\DRIVERS\tap0901.sys

Address: 0x8C200000        Size: 25216        File Visible: -        Signed: -

Status: -
 

Name: tcpip.sys

Image Path: C:\Windows\System32\drivers\tcpip.sys

Address: 0x8C007000        Size: 958464        File Visible: -        Signed: -

Status: -
 

Name: tcpipreg.sys

Image Path: C:\Windows\System32\drivers\tcpipreg.sys

Address: 0xA32F1000        Size: 49152        File Visible: -        Signed: -

Status: -
 

Name: TDI.SYS

Image Path: C:\Windows\system32\DRIVERS\TDI.SYS

Address: 0x8C400000        Size: 45056        File Visible: -        Signed: -

Status: -
 

Name: tdx.sys

Image Path: C:\Windows\system32\DRIVERS\tdx.sys

Address: 0x92D10000        Size: 90112        File Visible: -        Signed: -

Status: -
 

Name: termdd.sys

Image Path: C:\Windows\system32\DRIVERS\termdd.sys

Address: 0x9248A000        Size: 65536        File Visible: -        Signed: -

Status: -
 

Name: TMPassthru.sys

Image Path: C:\Windows\system32\DRIVERS\TMPassthru.sys

Address: 0x924D0000        Size: 199936        File Visible: -        Signed: -

Status: -
 

Name: TSDDD.dll

Image Path: C:\Windows\System32\TSDDD.dll

Address: 0x81700000        Size: 36864        File Visible: -        Signed: -

Status: -
 

Name: tunmp.sys

Image Path: C:\Windows\system32\DRIVERS\tunmp.sys

Address: 0x8C9CC000        Size: 36864        File Visible: -        Signed: -

Status: -
 

Name: tunnel.sys

Image Path: C:\Windows\system32\DRIVERS\tunnel.sys

Address: 0x8C9AF000        Size: 45056        File Visible: -        Signed: -

Status: -
 

Name: uiwbrdr.sys

Image Path: C:\Windows\System32\DRIVERS\uiwbrdr.sys

Address: 0x92E13000        Size: 294912        File Visible: -        Signed: -

Status: -
 

Name: umbus.sys

Image Path: C:\Windows\system32\DRIVERS\umbus.sys

Address: 0x92501000        Size: 53248        File Visible: -        Signed: -

Status: -
 

Name: usbccgp.sys

Image Path: C:\Windows\system32\DRIVERS\usbccgp.sys

Address: 0x92FED000        Size: 94208        File Visible: -        Signed: -

Status: -
 

Name: USBD.SYS

Image Path: C:\Windows\system32\DRIVERS\USBD.SYS

Address: 0x921DA000        Size: 8192        File Visible: -        Signed: -

Status: -
 

Name: usbehci.sys

Image Path: C:\Windows\system32\DRIVERS\usbehci.sys

Address: 0x8C9BA000        Size: 61440        File Visible: -        Signed: -

Status: -
 

Name: usbhub.sys

Image Path: C:\Windows\system32\DRIVERS\usbhub.sys

Address: 0x9250E000        Size: 217088        File Visible: -        Signed: -

Status: -
 

Name: USBPORT.SYS

Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS

Address: 0x8C39A000        Size: 253952        File Visible: -        Signed: -

Status: -
 

Name: USBSTOR.SYS

Image Path: C:\Windows\system32\DRIVERS\USBSTOR.SYS

Address: 0x9332E000        Size: 86016        File Visible: -        Signed: -

Status: -
 

Name: usbuhci.sys

Image Path: C:\Windows\system32\DRIVERS\usbuhci.sys

Address: 0x8C9F0000        Size: 45056        File Visible: -        Signed: -

Status: -
 

Name: vga.sys

Image Path: C:\Windows\System32\drivers\vga.sys

Address: 0x92CB1000        Size: 49152        File Visible: -        Signed: -

Status: -
 

Name: VIDEOPRT.SYS

Image Path: C:\Windows\System32\drivers\VIDEOPRT.SYS

Address: 0x92CBD000        Size: 135168        File Visible: -        Signed: -

Status: -
 

Name: volmgr.sys

Image Path: C:\Windows\system32\drivers\volmgr.sys

Address: 0x8BC04000        Size: 61440        File Visible: -        Signed: -

Status: -
 

Name: volmgrx.sys

Image Path: C:\Windows\System32\drivers\volmgrx.sys

Address: 0x8BC13000        Size: 303104        File Visible: -        Signed: -

Status: -
 

Name: volsnap.sys

Image Path: C:\Windows\system32\drivers\volsnap.sys

Address: 0x8C317000        Size: 233472        File Visible: -        Signed: -

Status: -
 

Name: VSTAZL3.SYS

Image Path: C:\Windows\system32\DRIVERS\VSTAZL3.SYS

Address: 0x8BD97000        Size: 245760        File Visible: -        Signed: -

Status: -
 

Name: VSTCNXT3.SYS

Image Path: C:\Windows\system32\DRIVERS\VSTCNXT3.SYS

Address: 0x92B08000        Size: 733184        File Visible: -        Signed: -

Status: -
 

Name: VSTDPV3.SYS

Image Path: C:\Windows\system32\DRIVERS\VSTDPV3.SYS

Address: 0x92A04000        Size: 1064960        File Visible: -        Signed: -

Status: -
 

Name: wanarp.sys

Image Path: C:\Windows\system32\DRIVERS\wanarp.sys

Address: 0x92E00000        Size: 77824        File Visible: -        Signed: -

Status: -
 

Name: watchdog.sys

Image Path: C:\Windows\System32\drivers\watchdog.sys

Address: 0x8C9E4000        Size: 49152        File Visible: -        Signed: -

Status: -
 

Name: Wdf01000.sys

Image Path: C:\Windows\system32\drivers\Wdf01000.sys

Address: 0x80600000        Size: 507904        File Visible: -        Signed: -

Status: -
 

Name: WDFLDR.SYS

Image Path: C:\Windows\system32\drivers\WDFLDR.SYS

Address: 0x8067C000        Size: 53248        File Visible: -        Signed: -

Status: -
 

Name: Win32k

Image Path: \Driver\Win32k

Address: 0x814E0000        Size: 2109440        File Visible: -        Signed: -

Status: -
 

Name: win32k.sys

Image Path: C:\Windows\System32\win32k.sys

Address: 0x814E0000        Size: 2109440        File Visible: -        Signed: -

Status: -
 

Name: wmiacpi.sys

Image Path: C:\Windows\system32\DRIVERS\wmiacpi.sys

Address: 0x92000000        Size: 36864        File Visible: -        Signed: -

Status: -
 

Name: WMILIB.SYS

Image Path: C:\Windows\System32\Drivers\WMILIB.SYS

Address: 0x80789000        Size: 36864        File Visible: -        Signed: -

Status: -
 

Name: WMIxWDM

Image Path: \Driver\WMIxWDM

Address: 0x8361A000        Size: 3903488        File Visible: -        Signed: -

Status: -

Hier vom Scan nach Stealth Objects

Code:



ROOTREPEAL (c) AD, 2007-2009

==================================================

Scan Start Time:                2010/08/10 18:34

Program Version:                Version 1.3.5.0

Windows Version:                Windows Vista SP2

==================================================
 

Stealth Objects

-------------------

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]

Process: System        Address: 0x86f301f8        Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]

Process: System        Address: 0x86f301f8        Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]

Process: System        Address: 0x86f301f8        Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]

Process: System        Address: 0x86f301f8        Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]

Process: System        Address: 0x86f301f8        Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]

Process: System        Address: 0x86f301f8        Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]

Process: System        Address: 0x86f301f8        Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]

Process: System        Address: 0x86f301f8        Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]

Process: System        Address: 0x86f301f8        Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System        Address: 0x86f301f8        Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System        Address: 0x86f301f8        Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]

Process: System        Address: 0x86f301f8        Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System        Address: 0x86f301f8        Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]

Process: System        Address: 0x86f301f8        Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]

Process: System        Address: 0x86f301f8        Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]

Process: System        Address: 0x86f301f8        Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]

Process: System        Address: 0x86f301f8        Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]

Process: System        Address: 0x86f301f8        Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]

Process: System        Address: 0x86f301f8        Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]

Process: System        Address: 0x86f301f8        Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]

Process: System        Address: 0x86f301f8        Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]

Process: System        Address: 0x86f301f8        Size: 121
 

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]

Process: System        Address: 0x86f2e1f8        Size: 121
 

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]

Process: System        Address: 0x86f2e1f8        Size: 121
 

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]

Process: System        Address: 0x86f2e1f8        Size: 121
 

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System        Address: 0x86f2e1f8        Size: 121
 

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]

Process: System        Address: 0x86f2e1f8        Size: 121
 

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]

Process: System        Address: 0x86f2e1f8        Size: 121
 

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]

Process: System        Address: 0x86f2e1f8        Size: 121
 

Object: Hidden Code [Driver: cdroma, IRP_MJ_CREATE]

Process: System        Address: 0x87f801f8        Size: 121
 

Object: Hidden Code [Driver: cdroma, IRP_MJ_CLOSE]

Process: System        Address: 0x87f801f8        Size: 121
 

Object: Hidden Code [Driver: cdroma, IRP_MJ_READ]

Process: System        Address: 0x87f801f8        Size: 121
 

Object: Hidden Code [Driver: cdroma, IRP_MJ_WRITE]

Process: System        Address: 0x87f801f8        Size: 121
 

Object: Hidden Code [Driver: cdroma, IRP_MJ_FLUSH_BUFFERS]

Process: System        Address: 0x87f801f8        Size: 121
 

Object: Hidden Code [Driver: cdroma, IRP_MJ_DEVICE_CONTROL]

Process: System        Address: 0x87f801f8        Size: 121
 

Object: Hidden Code [Driver: cdroma, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System        Address: 0x87f801f8        Size: 121
 

Object: Hidden Code [Driver: cdroma, IRP_MJ_SHUTDOWN]

Process: System        Address: 0x87f801f8        Size: 121
 

Object: Hidden Code [Driver: cdroma, IRP_MJ_POWER]

Process: System        Address: 0x87f801f8        Size: 121
 

Object: Hidden Code [Driver: cdroma, IRP_MJ_SYSTEM_CONTROL]

Process: System        Address: 0x87f801f8        Size: 121
 

Object: Hidden Code [Driver: cdroma, IRP_MJ_PNP]

Process: System        Address: 0x87f801f8        Size: 121
 

Object: Hidden Code [Driver: USBSTORᮿ慖⁤瞈駍腐蚙Ѕ捓䙌㙘蛐, IRP_MJ_CREATE]

Process: System        Address: 0x8850d1f8        Size: 121
 

Object: Hidden Code [Driver: USBSTORᮿ慖⁤瞈駍腐蚙Ѕ捓䙌㙘蛐, IRP_MJ_CLOSE]

Process: System        Address: 0x8850d1f8        Size: 121
 

Object: Hidden Code [Driver: USBSTORᮿ慖⁤瞈駍腐蚙Ѕ捓䙌㙘蛐, IRP_MJ_READ]

Process: System        Address: 0x8850d1f8        Size: 121
 

Object: Hidden Code [Driver: USBSTORᮿ慖⁤瞈駍腐蚙Ѕ捓䙌㙘蛐, IRP_MJ_WRITE]

Process: System        Address: 0x8850d1f8        Size: 121
 

Object: Hidden Code [Driver: USBSTORᮿ慖⁤瞈駍腐蚙Ѕ捓䙌㙘蛐, IRP_MJ_DEVICE_CONTROL]

Process: System        Address: 0x8850d1f8        Size: 121
 

Object: Hidden Code [Driver: USBSTORᮿ慖⁤瞈駍腐蚙Ѕ捓䙌㙘蛐, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System        Address: 0x8850d1f8        Size: 121
 

Object: Hidden Code [Driver: USBSTORᮿ慖⁤瞈駍腐蚙Ѕ捓䙌㙘蛐, IRP_MJ_POWER]

Process: System        Address: 0x8850d1f8        Size: 121
 

Object: Hidden Code [Driver: USBSTORᮿ慖⁤瞈駍腐蚙Ѕ捓䙌㙘蛐, IRP_MJ_SYSTEM_CONTROL]

Process: System        Address: 0x8850d1f8        Size: 121
 

Object: Hidden Code [Driver: USBSTORᮿ慖⁤瞈駍腐蚙Ѕ捓䙌㙘蛐, IRP_MJ_PNP]

Process: System        Address: 0x8850d1f8        Size: 121
 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]

Process: System        Address: 0x87f4c1f8        Size: 121
 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]

Process: System        Address: 0x87f4c1f8        Size: 121
 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]

Process: System        Address: 0x87f4c1f8        Size: 121
 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System        Address: 0x87f4c1f8        Size: 121
 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]

Process: System        Address: 0x87f4c1f8        Size: 121
 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]

Process: System        Address: 0x87f4c1f8        Size: 121
 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]

Process: System        Address: 0x87f4c1f8        Size: 121
 

Object: Hidden Code [Driver: Smb, IRP_MJ_CREATE]

Process: System        Address: 0x884fb1f8        Size: 121
 

Object: Hidden Code [Driver: Smb, IRP_MJ_CLOSE]

Process: System        Address: 0x884fb1f8        Size: 121
 

Object: Hidden Code [Driver: Smb, IRP_MJ_DEVICE_CONTROL]

Process: System        Address: 0x884fb1f8        Size: 121
 

Object: Hidden Code [Driver: Smb, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System        Address: 0x884fb1f8        Size: 121
 

Object: Hidden Code [Driver: Smb, IRP_MJ_CLEANUP]

Process: System        Address: 0x884fb1f8        Size: 121
 

Object: Hidden Code [Driver: Smb, IRP_MJ_PNP]

Process: System        Address: 0x884fb1f8        Size: 121
 

Object: Hidden Code [Driver: netbt, IRP_MJ_CREATE]

Process: System        Address: 0x88621500        Size: 121
 

Object: Hidden Code [Driver: netbt, IRP_MJ_CLOSE]

Process: System        Address: 0x88621500        Size: 121
 

Object: Hidden Code [Driver: netbt, IRP_MJ_DEVICE_CONTROL]

Process: System        Address: 0x88621500        Size: 121
 

Object: Hidden Code [Driver: netbt, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System        Address: 0x88621500        Size: 121
 

Object: Hidden Code [Driver: netbt, IRP_MJ_CLEANUP]

Process: System        Address: 0x88621500        Size: 121
 

Object: Hidden Code [Driver: netbt, IRP_MJ_PNP]

Process: System        Address: 0x88621500        Size: 121
 

Object: Hidden Code [Driver: iScsiPrt, IRP_MJ_CREATE]

Process: System        Address: 0x880ce1f8        Size: 121
 

Object: Hidden Code [Driver: iScsiPrt, IRP_MJ_CLOSE]

Process: System        Address: 0x880ce1f8        Size: 121
 

Object: Hidden Code [Driver: iScsiPrt, IRP_MJ_DEVICE_CONTROL]

Process: System        Address: 0x880ce1f8        Size: 121
 

Object: Hidden Code [Driver: iScsiPrt, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System        Address: 0x880ce1f8        Size: 121
 

Object: Hidden Code [Driver: iScsiPrt, IRP_MJ_POWER]

Process: System        Address: 0x880ce1f8        Size: 121
 

Object: Hidden Code [Driver: iScsiPrt, IRP_MJ_SYSTEM_CONTROL]

Process: System        Address: 0x880ce1f8        Size: 121
 

Object: Hidden Code [Driver: iScsiPrt, IRP_MJ_PNP]

Process: System        Address: 0x880ce1f8        Size: 121
 

Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE]

Process: System        Address: 0x8659c1f8        Size: 121
 

Object: Hidden Code [Driver: volmgr, IRP_MJ_READ]

Process: System        Address: 0x8659c1f8        Size: 121
 

Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE]

Process: System        Address: 0x8659c1f8        Size: 121
 

Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS]

Process: System        Address: 0x8659c1f8        Size: 121
 

Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL]

Process: System        Address: 0x8659c1f8        Size: 121
 

Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System        Address: 0x8659c1f8        Size: 121
 

Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN]

Process: System        Address: 0x8659c1f8        Size: 121
 

Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP]

Process: System        Address: 0x8659c1f8        Size: 121
 

Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER]

Process: System        Address: 0x8659c1f8        Size: 121
 

Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL]

Process: System        Address: 0x8659c1f8        Size: 121
 

Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP]

Process: System        Address: 0x8659c1f8        Size: 121
 

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]

Process: System        Address: 0x87f571f8        Size: 121
 

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]

Process: System        Address: 0x87f571f8        Size: 121
 

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]

Process: System        Address: 0x87f571f8        Size: 121
 

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System        Address: 0x87f571f8        Size: 121
 

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]

Process: System        Address: 0x87f571f8        Size: 121
 

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]

Process: System        Address: 0x87f571f8        Size: 121
 

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]

Process: System        Address: 0x87f571f8        Size: 121
 

Object: Hidden Code [Driver: msahci, IRP_MJ_POWER]

Process: System        Address: 0x86f2f1f8        Size: 121
 

Object: Hidden Code [Driver: msahci, IRP_MJ_SYSTEM_CONTROL]

Process: System        Address: 0x86f2f1f8        Size: 121
 

Object: Hidden Code [Driver: msahci, IRP_MJ_PNP]

Process: System        Address: 0x86f2f1f8        Size: 121
 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE]

Process: System        Address: 0x8a4ff3e8        Size: 121
 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE_NAMED_PIPE]

Process: System        Address: 0x8a4ff3e8        Size: 121
 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CLOSE]

Process: System        Address: 0x8a4ff3e8        Size: 121
 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_READ]

Process: System        Address: 0x8a4ff3e8        Size: 121
 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_WRITE]

Process: System        Address: 0x8a4ff3e8        Size: 121
 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_INFORMATION]

Process: System        Address: 0x8a4ff3e8        Size: 121
 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_INFORMATION]

Process: System        Address: 0x8a4ff3e8        Size: 121
 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_EA]

Process: System        Address: 0x8a4ff3e8        Size: 121
 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_EA]

Process: System        Address: 0x8a4ff3e8        Size: 121
 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_FLUSH_BUFFERS]

Process: System        Address: 0x8a4ff3e8        Size: 121
 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System        Address: 0x8a4ff3e8        Size: 121
 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System        Address: 0x8a4ff3e8        Size: 121
 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DIRECTORY_CONTROL]

Process: System        Address: 0x8a4ff3e8        Size: 121
 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System        Address: 0x8a4ff3e8        Size: 121
 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DEVICE_CONTROL]

Process: System        Address: 0x8a4ff3e8        Size: 121
 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System        Address: 0x8a4ff3e8        Size: 121
 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SHUTDOWN]

Process: System        Address: 0x8a4ff3e8        Size: 121
 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_LOCK_CONTROL]

Process: System        Address: 0x8a4ff3e8        Size: 121
 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CLEANUP]

Process: System        Address: 0x8a4ff3e8        Size: 121
 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE_MAILSLOT]

Process: System        Address: 0x8a4ff3e8        Size: 121
 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_SECURITY]

Process: System        Address: 0x8a4ff3e8        Size: 121
 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_SECURITY]

Process: System        Address: 0x8a4ff3e8        Size: 121
 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_POWER]

Process: System        Address: 0x8a4ff3e8        Size: 121
 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SYSTEM_CONTROL]

Process: System        Address: 0x8a4ff3e8        Size: 121
 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DEVICE_CHANGE]

Process: System        Address: 0x8a4ff3e8        Size: 121
 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_QUOTA]

Process: System        Address: 0x8a4ff3e8        Size: 121
 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_QUOTA]

Process: System        Address: 0x8a4ff3e8        Size: 121
 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_PNP]

Process: System        Address: 0x8a4ff3e8        Size: 121
 

Object: Hidden Code [Driver: cdfsЅ慖卤캘請, IRP_MJ_CREATE]

Process: System        Address: 0x86b021f8        Size: 121
 

Object: Hidden Code [Driver: cdfsЅ慖卤캘請, IRP_MJ_CLOSE]

Process: System        Address: 0x86b021f8        Size: 121
 

Object: Hidden Code [Driver: cdfsЅ慖卤캘請, IRP_MJ_READ]

Process: System        Address: 0x86b021f8        Size: 121
 

Object: Hidden Code [Driver: cdfsЅ慖卤캘請, IRP_MJ_WRITE]

Process: System        Address: 0x86b021f8        Size: 121
 

Object: Hidden Code [Driver: cdfsЅ慖卤캘請, IRP_MJ_QUERY_INFORMATION]

Process: System        Address: 0x86b021f8        Size: 121
 

Object: Hidden Code [Driver: cdfsЅ慖卤캘請, IRP_MJ_SET_INFORMATION]

Process: System        Address: 0x86b021f8        Size: 121
 

Object: Hidden Code [Driver: cdfsЅ慖卤캘請, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System        Address: 0x86b021f8        Size: 121
 

Object: Hidden Code [Driver: cdfsЅ慖卤캘請, IRP_MJ_DIRECTORY_CONTROL]

Process: System        Address: 0x86b021f8        Size: 121
 

Object: Hidden Code [Driver: cdfsЅ慖卤캘請, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System        Address: 0x86b021f8        Size: 121
 

Object: Hidden Code [Driver: cdfsЅ慖卤캘請, IRP_MJ_DEVICE_CONTROL]

Process: System        Address: 0x86b021f8        Size: 121
 

Object: Hidden Code [Driver: cdfsЅ慖卤캘請, IRP_MJ_SHUTDOWN]

Process: System        Address: 0x86b021f8        Size: 121
 

Object: Hidden Code [Driver: cdfsЅ慖卤캘請, IRP_MJ_LOCK_CONTROL]

Process: System        Address: 0x86b021f8        Size: 121
 

Object: Hidden Code [Driver: cdfsЅ慖卤캘請, IRP_MJ_CLEANUP]

Process: System        Address: 0x86b021f8        Size: 121
 

Object: Hidden Code [Driver: cdfsЅ慖卤캘請, IRP_MJ_PNP]

Process: System        Address: 0x86b021f8        Size: 121

Bei Hidden Objects wurde von RootRepeal nix entdeckt:

Code:



ROOTREPEAL (c) AD, 2007-2009

==================================================

Scan Start Time:                2010/08/10 18:35

Program Version:                Version 1.3.5.0

Windows Version:                Windows Vista SP2

==================================================
 

Hidden Services

-------------------

Befall mit sshnas21.dll und weiteren Trojanern - erfolgreich entfernt?

Hi Coverflow,

habe zwischenzeitlich noch einmal Mbam durchlaufen lassen. Grund war, dass ich noch einmal nach den zuvor nicht gefundenen exe-Dateien gesucht hatte und mir dabei zwei von CCleaner gesicherte reg-Dateien angezeigt worden waren. Als ich die reg-Dateien öffnen wollte und dort nach ox.exe suchen wollte (geht das überhaupt?!?!?), wurden sie automatisch wiederhergestellt :crazy:

Anschließend habe ich deshalb mit CCleaner die Registry noch einmal bereinigt und Mbam noch einmal angeschmissen, da ja beim letzten Scan zwei Registrierungsschlüssel infiziert waren.

Diesmal habe ich einen kompletten Scan gemacht, dies ist das Ergebnis:

Code:

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Datenbank Version: 4414

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18928

 

11.08.2010 02:13:12

mbam-log-2010-08-11 (02-13-12).txt

 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|H:\|)

Durchsuchte Objekte: 430972

Laufzeit: 4 Stunde(n), 29 Minute(n), 38 Sekunde(n)

 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 1

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0

 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)

 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)

 

Infizierte Registrierungsschlüssel:

HKEY_CURRENT_USER\SOFTWARE\XTF1BQO4MU (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)

 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)

 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)

 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

Hoffe, durch den erneuten Scan sind die zwischenzeitlich geposteten Logfiles nicht alle hinfällig. Falls doch, beginne ich morgen nochmal von vorn.

Auf jeden Fall danke für deine Hilfe!
Moriarty

Noch eine Frage zu Mbam. Habe eben gesehen, dass die gefundenen Dateien und laut log gelöschten Dateien ("Quarantined and deleted successfully") unter "Quarantäne" noch aufgeführt werden. Soll/muss ich sie dort löschen?

Ist die Annahme abwegig, dass der Registrierungsschlüssel durch das unbeabsichtigte Wiederherstellen wieder infiziert worden sein könnte? Bei einem Quickscan nach dem Komplettscan wurde mit aktualisierter Datenbank nix mehr entdeckt - aber das sollte direkt nach einem Komplettscan ohne Neustart des Rechners wohl auch ohnehin so sein ...

Aber trotzdem auch noch dieses Log zur Durchsicht:

Code:

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Datenbank Version: 4417

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18928

 

11.08.2010 02:47:25

mbam-log-2010-08-11 (02-47-25).txt

 

Art des Suchlaufs: Quick-Scan

Durchsuchte Objekte: 130252

Laufzeit: 6 Minute(n), 9 Sekunde(n)

 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0

 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)

 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)

 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)

 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)

 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)

 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)

 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

hi

"Quarantined and deleted successfully." - nachdem Du einmal auf "Löschen" geklickt hast, die Sache erledigt, weiter hast nicht mehr zu tun

Systemreinigung und Prüfung:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen

1.
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählen→ Häckhen setzen→ "Fix checked" klicken→ PC neu aufstarten):
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen

Code:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://search.conduit.com?SearchSource=10&ctid=CT2319825

O23 - Service: OX - Unknown owner - C:\Users\CHRIST~1\AppData\Local\Temp\OX.exe (file missing)

O23 - Service: UDGEFNO - Unknown owner - C:\Users\CHRIST~1\AppData\Local\Temp\UDGEFNO.exe (file missing)

O23 - Service: XTYGLT - Unknown owner - C:\Users\CHRIST~1\AppData\Local\Temp\XTYGLT.exe (file missing)

2.
alle Anwendungen schließen → Ordner für temporäre Dateien bitte leeren
lösche nur den Inhalt der Ordner, nicht die Ordner selbst! - Dateien, die noch in Benutzung sind,nicht löschbar.
c:\windows\temp
- anschließend den Papierkorb leeren

3.
reinige dein System mit Ccleaner:

"Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

lade Dir SUPERAntiSpyware FREE Edition herunter.
installiere das Programm und update online.
starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

5.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.► [Sicherheit] Autorun Funktion für mehr Sicherheit auf allen Laufwerken deaktivieren /Avira Support Forum
Führe dann einen Komplett-Systemcheck mit Nod32 durch
- folgendes bitte anhaken > "Remove found threads" und "Scan archives"
- die Scanergebnis als *.txt Dateien speichern)
- meistens "C:\Programme\Eset\EsetOnlineScanner\log.txt"
- (ESET Online Scanner
Vor dem Scan Einstellungen im Internet Explorer:
- "Extras→ Internetoptionen→ Sicherheit":
- alles auf Standardstufe stellen
- Active X erlauben

** wie verhält sich den dein System?

Hallo Coverflow!

Anbei das Log des SUPERAntiSpyware Scans. Hat ewig gedauert, aber immerhin nicht ganz so lang wie der vollständige Mbam-Scan.

Code:



SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 08/11/2010 at 04:28 PM
 

Application Version : 4.41.1000
 

Core Rules Database Version : 5344

Trace Rules Database Version: 3156
 

Scan type       : Complete Scan

Total Scan Time : 03:16:45
 

Memory items scanned      : 676

Memory threats detected   : 0

Registry items scanned    : 11478

Registry threats detected : 0

File items scanned        : 333893

File threats detected     : 3
 

Trojan.Agent/Gen-Cryptor[Egun]

        C:\PROGRAM FILES\SPRACHEN\STROKES 3.0\ENG201GERUNINSTALL.EXE

        C:\PROGRAM FILES\SPRACHEN\STROKES 3.0\SEKORTS.EXE

        C:\PROGRAM FILES\SPRACHEN\STROKES 3.0\SPA100GERUNINSTALL.EXE

Falls sich die Frage stellt: Bei den kompromittierten Programmen handelt es sich NICHT um illegale Downloads bzw. mit heruntergeladenen Keys aktivierte Programme!

Zum Verhalten des Rechners: Ist manchmal sehr langsam, bei den geöffneten Programmen steht dann im oberen Balken "keine Rückmeldung". Irgendwann geht es dann wieder.

Gerade eben ist der Lüfter angesprungen, obwohl ich den Rechner erst vor fünf Minuten hochgefahren habe, anschließend nur SUPERAntispyware geöffnet (war eh per Autostart an) und das Log kopiert und dieses dann in Firefox eingefügt habe. Via Autostart laufen noch Kaspersky und RUbotted. Kaspersky wird eben geupdatet, für "alle Benutzer" zeigt der Taskmanager eine CPU-Auslastung von 100 Prozent an (physikalischer Speicher: 45 %), wobei avp allein 50 Prozent beansprucht. Die avp.exe Datei ist auch zweimal geöffnet. Außerdem springt die wmpnetwk.exe immer wieder mal auf über 10 Prozent, obwohl der Media Player nicht läuft. Eine der mehreren offenen svchost.exe-Dateien springt auch immer mal auf über 10 Prozent. Inzwischen, nach Ende des Updates, ist die CPU-Auslastung wieder gesunken und schwankt zwischen 9 und 22 Prozent. Der Lüfter läuft jedoch zunächst weiter :-( Ist es normal, dass das Kaspersky-Update den Rechner so auslastet?!?

Mache jetzt mal den Nod32-Scan. Bis denne!

Zitat:

Zitat von Moriarty (Beitrag 553734)

...( Ist es normal, dass das Kaspersky-Update den Rechner so auslastet?!?

Kann gut möglich sein, nicht jeder Computer ist geeignet für. Manche Virenscanner beansprucht weniger Systemleistung, andere wieder mehr. Können anspruchsvolle Virenscanner ohne Performance-Einbußen im Hintergrund betrieben werden, aber das ist immer mit allen allgemeine technische Daten zu tun. Bei Updates, wenn der Wert der CPU zu hoch ist, werden möglicherweise zu viele Ressourcen verwendet. Abhängig auch von die Datenmenge für Virendefinitionen
Ich würde Dir empfehlen, alle Programme zu beenden, wenn ein Update durchgeführt wird!

Hallo Coverflow,

hier nun der ESET-Online-Scan. Entschuldige die Verzögerung, aber der Scan hat über 10 Stunden gedauert - daher bin ich nicht eher dazu gekommen.

Hier das Log:

Code:



esets_scanner_update returned -1 esets_gle=53251

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=d01cb4bc7579d740ae5c0a25ba02dde4

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-08-18 09:19:50

# local_time=2010-08-18 11:19:50 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1031

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 718934 718934 0 0

# compatibility_mode=1280 16777215 100 0 3085334 3085334 0 0

# compatibility_mode=5892 16776573 100 100 92233 119660795 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=353658

# found=0

# cleaned=0

# scan_time=38296

Wie nun weiter?

Besten Dank im Voraus
Moriarty

1.
poste erneut - nach der vorgenommenen Reinigungsaktion:
► TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!

2.
wenn alles gut verlaufen ist und dein System läuft stabil, mache folgendes:
Erstelle manuell einen Wiederherstellungspunkt: Aktivieren und Deaktivieren der Systemwiederherstellung

Hallo Coverflow,

anbei das HTJ-Log:

HiJackthis Logfile:

Code:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:31:51, on 19.08.2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18943)

Boot mode: Normal
 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Anwendungen\Visagesoft\eXPert PDF\vspdfprsrv.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Anwendungen\Eraser\Eraser.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\sdclt.exe

C:\Program Files\Anwendungen\Sicherheit\Trend Micro\HiJackThis\HiJackThis.exe
 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?
 

LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O1 - Hosts: ::1 localhost

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common 
 

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 
 

2011\ievkbd.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6
 

\bin\jp2ssv.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti
 

-Virus 2011\klwtbbho.dll

O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - 
 

C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\f3wcpij0.default\extensions\{0b457cAA-602d-484a-8fe7-
 

c1d894a011ba}\library\fsaddin-0.76.dll (file missing)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Program Files\Anwendungen\Visagesoft\eXPert PDF\vspdfprsrv.exe --background

O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s

O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" 
 

/runcleanupscript

O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [Eraser] C:\Program Files\Anwendungen\Eraser\Eraser.exe -hide

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER 
 

DIENST')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')

O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011
 

\ie_banner_deny.htm

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program 
 

Files\IEPro\iepro.dll

O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program 
 

Files\IEPro\iepro.dll

O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows 
 

Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-
 

D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12
 

\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1
 

\Office12\ONBttnIE.dll

O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky 
 

Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky 
 

Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - 
 

h**p://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab

O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - 
 

h**p://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - 
 

h**p://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - 
 

h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - h**p://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - 
 

h**p://ccfiles.creative.com/Web/softwareupdate/su/ocx/15112/CTPID.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F808A7E5-5C90-4E27-BA74-424F821375ED}: NameServer = 192.168.2.1

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - 
 

C:\Windows\system32\browseui.dll

O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky 
 

Anti-Virus 2011\avp.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program 
 

Files\Anwendungen\Audio\Common\Database\bin\fbserver.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google 
 

Updater\GoogleUpdaterService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE

O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe 
 

(file missing)

O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe

O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend 
 

Micro\RUBotted\TMRUBotted.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
 

--

End of file - 8770 bytes

--- --- ---