| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Logs sauber? Bitte überprüfenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
13.05.2010, 10:13
| #1 |
 |  Logs sauber? Bitte überprüfen weiter mit den logs vom notebook ekelhaft: --> \Driver\atapi \Device\Harddisk0\DR0 da hat tdss ganze arbeit geleistet.MBR Rootkit. warum moniert GMER das nicht als rootkit oder reicht der pfeil davor schon? Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-05-07 16:17:13
Windows 6.1.7600
Running: 6vh6rgwu.exe; Driver: C:\Users\me\AppData\Local\Temp\ugldypow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x8B1A7BD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x8B1A952C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x8B1A9782]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x8B1A99FC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x8B1A8450]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x8B1A8B32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x8B1A8F3C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x8B1A85F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x8B1A8E14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x8B1A77D6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x8B1A8CD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x8B1A7992]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x8B1A906E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0x8B1AACB0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x8B1A80EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x8B1A81EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x8B1A8D72]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x8B1AA6A2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x8B1AB672]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x8B1A8752]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x8B1AA734]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x8B1AAD64]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x8B1A8FDE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x8B1A84D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x8B1A8EAC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x8B1A7DD6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x8B1AACDA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x8B1A9110]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x8B1A7CFA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x8B1A9C3E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x8B1AB07C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x8B1AA9CA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x8B1A949A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x8B1A9360]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x8B1AA442]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x8B1AB554]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x8B1A886C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x8B1A830C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x8B1A9CF2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x8B1AA82E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x8B1AB1BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x8B1AB2A0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x8B1AB3C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x8B1AA5CE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x8B1A7F4E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x8B1A7EA4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x8B1AAF32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x8B1A802E]
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E1CAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E1C104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E1C3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E052D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E04898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E1C1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E1C958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E1C6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E1CF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E1D1A8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 81E7C599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81EA0F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 220 81EA8730 4 Bytes [D0, 7B, 1A, 8B]
.text ntkrnlpa.exe!RtlSidHashLookup + 248 81EA8758 8 Bytes [2C, 95, 1A, 8B, 82, 97, 1A, ...] {SUB AL, 0x95; SBB CL, [EBX-0x74e5687e]}
.text ntkrnlpa.exe!RtlSidHashLookup + 28C 81EA879C 4 Bytes [FC, 99, 1A, 8B]
.text ntkrnlpa.exe!RtlSidHashLookup + 2B8 81EA87C8 4 Bytes [50, 84, 1A, 8B]
.text ntkrnlpa.exe!RtlSidHashLookup + 2DC 81EA87EC 4 Bytes [32, 8B, 1A, 8B]
.text ...
? System32\Drivers\spzo.sys Das System kann den angegebenen Pfad nicht finden. !
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0xAFA18340, 0x3A0767, 0xE8000020]
.text USBPORT.SYS!DllUnload AF73ACA0 5 Bytes JMP 858F01D8
.text peauth.sys BE360C9D 28 Bytes [04, CE, 21, 5C, B3, 73, 08, ...]
.text peauth.sys BE360CC1 28 Bytes [04, CE, 21, 5C, B3, 73, 08, ...]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\svchost.exe[1040] ntdll.dll!NtProtectVirtualMemory 777F5360 5 Bytes JMP 0022000A
.text C:\Windows\system32\svchost.exe[1040] ntdll.dll!NtWriteVirtualMemory 777F5EE0 5 Bytes JMP 0023000A
.text C:\Windows\system32\svchost.exe[1040] ntdll.dll!KiUserExceptionDispatcher 777F6448 5 Bytes JMP 0021000A
.text C:\Windows\system32\svchost.exe[1040] ole32.dll!CoCreateInstance 76CA57FC 5 Bytes JMP 0028000A
.text C:\Windows\system32\svchost.exe[1040] USER32.dll!GetCursorPos 76A3C198 5 Bytes JMP 00D1000A
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] USER32.dll!NotifyWinEvent + 48B 76A4F724 4 Bytes [70, 11, 33, 6D]
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] USER32.dll!NotifyWinEvent + 48B 76A4F724 4 Bytes [70, 11, 33, 6D]
.text C:\Windows\explorer.exe[5660] ntdll.dll!NtProtectVirtualMemory 777F5360 5 Bytes JMP 0072000A
.text C:\Windows\explorer.exe[5660] ntdll.dll!NtWriteVirtualMemory 777F5EE0 5 Bytes JMP 0073000A
.text C:\Windows\explorer.exe[5660] ntdll.dll!KiUserExceptionDispatcher 777F6448 5 Bytes JMP 004E000A
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8A883042] \SystemRoot\System32\Drivers\spzo.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8A8836D6] \SystemRoot\System32\Drivers\spzo.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8A883800] \SystemRoot\System32\Drivers\spzo.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8A88313E] \SystemRoot\System32\Drivers\spzo.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 00320240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 003202B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 00320320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 00320390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 003207F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 00320860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 00320B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 00320B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 00320BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 00320C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 00540DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 00320CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 00540E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 00540E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] 00540EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00540F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 774F0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 774F08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 774F0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 774F09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 00320D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 00320DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 774F0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 774F0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 774F0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 774F0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 774F0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 774F0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 778F0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 778F09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 778F0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 778F0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 00550400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 00550470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 005504E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 00550550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 005505C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 00550630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 005506A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 778F0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] 00550710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00550780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 003306A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 005602B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 00560320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 00560390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 00330710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 003307F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 00560400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 00560470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 005604E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 00560550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 005605C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 00560630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 005606A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 00560710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00560780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 00330860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 003308D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 00330940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00560B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00560BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateThread] 778F01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetErrorMode] 00580710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 00580780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!HeapFree] 778F02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 005807F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 00580860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 005808D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 00580940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 005809B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameW] 00580A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameA] 00580A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree] 778F02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!VirtualAlloc] 778F0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00590320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 00590390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW] 00590400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] 00590470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 005904E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 00590550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 005905C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryExA] 774F0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 774F00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 774F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1500] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 774F04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 00320240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 003202B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 00320320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 00320390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 003207F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 00320860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 00320B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 00320B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 00320BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 00320C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 003D0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 00320CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 003D0E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 003D0E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] 003D0EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 003D0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 774F0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 774F08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 774F0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 774F09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 00320D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 00320DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 774F0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 774F0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 774F0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 774F0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 774F0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 774F0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 778F0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 778F09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 778F0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 778F0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 003E0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 003E0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 003E04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 003E0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 003E05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 003E0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 003E06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 778F0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] 003E0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 003E0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 003306A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 003F02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 003F0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 003F0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 00330710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 003307F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 003F0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 003F0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 003F04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 003F0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 003F05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 003F0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 003F06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 003F0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 003F0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 00330860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 003308D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 00330940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 003F0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 003F0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateThread] 778F01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetErrorMode] 00530710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 00530780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!HeapFree] 778F02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 005307F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 00530860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 005308D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 00530940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 005309B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameW] 00530A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameA] 00530A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree] 778F02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!VirtualAlloc] 778F0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00540320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 00540390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW] 00540400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] 00540470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 005404E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 00540550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3260] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 005405C0
IAT D:\Boot Camp\KbdMgr.exe[3464] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75855E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT D:\Boot Camp\KbdMgr.exe[3464] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75855E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT D:\Boot Camp\KbdMgr.exe[3464] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75855E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT D:\Boot Camp\KbdMgr.exe[3464] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75855E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT D:\Boot Camp\KbdMgr.exe[3464] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75855E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT D:\Boot Camp\KbdMgr.exe[3464] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75855E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3788] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75855E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3788] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75855E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3788] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75855E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3788] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75855E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3788] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75855E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3788] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75855E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3888] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75855E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3888] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75855E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3888] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75855E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3888] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75855E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3888] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75855E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3888] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75855E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5660] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [74492494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5660] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [74475624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5660] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [744756E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5660] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [7449250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5660] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [74488573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5660] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [74484D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5660] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [744850CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5660] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [744851A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5660] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [744866D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5660] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [744882CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5660] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [74488819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5660] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [7448907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5660] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [7448E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5660] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [74484C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 854281F8
AttachedDevice \FileSystem\Ntfs \Ntfs symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \FileSystem\Ntfs \Ntfs CtxSbx.sys (Citrix Application Isolation Environment Driver/Citrix Systems, Inc.)
Device \FileSystem\fastfat \FatCdrom 8571D1F8
Device \Driver\volmgr \Device\VolMgrControl 854241F8
Device \Driver\usbuhci \Device\USBPDO-0 858EF1F8
Device \Driver\usbuhci \Device\USBPDO-1 858EF1F8
Device \Driver\usbehci \Device\USBPDO-2 859303C8
Device \Driver\usbuhci \Device\USBPDO-3 858EF1F8
Device \Driver\usbuhci \Device\USBPDO-4 858EF1F8
AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
Device \Driver\usbuhci \Device\USBPDO-5 858EF1F8
Device \Driver\usbehci \Device\USBPDO-6 859303C8
Device \Driver\volmgr \Device\HarddiskVolume1 854241F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
Device \Driver\volmgr \Device\HarddiskVolume2 854241F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
Device \Driver\cdrom \Device\CdRom0 856D8500
Device \Driver\volmgr \Device\HarddiskVolume3 854241F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 854261F8
Device \Driver\atapi \Device\Ide\IdePort0 854261F8
Device \Driver\atapi \Device\Ide\IdePort1 854261F8
Device \Driver\atapi \Device\Ide\IdePort2 854261F8
Device \Driver\atapi \Device\Ide\IdePort3 854261F8
Device \Driver\volmgr \Device\HarddiskVolume4 854241F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
Device \Driver\ACPI_HAL \Device\00000067 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBt_Wins_Export 858D61F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{9DAC3FF5-5BC8-4EB9-9AF7-1F649E743EDE} 858D61F8
Device \Driver\BTHUSB \Device\00000094 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
Device \Driver\usbuhci \Device\USBFDO-0 858EF1F8
Device \Driver\usbuhci \Device\USBFDO-1 858EF1F8
Device \Driver\usbehci \Device\USBFDO-2 859303C8
Device \Driver\usbuhci \Device\USBFDO-3 858EF1F8
Device \Driver\usbuhci \Device\USBFDO-4 858EF1F8
Device \Driver\usbuhci \Device\USBFDO-5 858EF1F8
Device \Driver\usbehci \Device\USBFDO-6 859303C8
Device \FileSystem\fastfat \Fat 8571D1F8
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
Device \FileSystem\cdfs \Cdfs 848D41F8
Device -> \Driver\atapi \Device\Harddisk0\DR0 85804EE4
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001e52ea233e
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001e52ea233e@64b9e8843086 0x04 0xF5 0xAF 0x67 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001e52ea233e@000272e6c8d0 0x89 0xCB 0x21 0x10 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF9 0xBC 0x58 0xC8 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001e52ea233e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001e52ea233e@64b9e8843086 0x04 0xF5 0xAF 0x67 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001e52ea233e@000272e6c8d0 0x89 0xCB 0x21 0x10 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF9 0xBC 0x58 0xC8 ...
---- Files - GMER 1.0.15 ----
File C:\Windows\system32\drivers\atapi.sys suspicious modification
---- EOF - GMER 1.0.15 ----
Geändert von shorts77 (13.05.2010 um 10:34 Uhr) |
|
13.05.2010, 10:15
| #2 |
| | Logs sauber? Bitte überprüfen GMER LOG 2 vom Folgetag
__________________Code:
ATTFilter
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-05-08 10:57:23
Windows 6.1.7600
Running: 6vh6rgwu.exe; Driver: C:\Users\me\AppData\Local\Temp\ugldypow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xAE667BD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0xAE66952C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0xAE669782]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0xAE6699FC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0xAE668450]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0xAE668B32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0xAE668F3C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0xAE6685F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0xAE668E14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xAE6677D6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0xAE668CD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0xAE667992]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0xAE66906E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xAE66ACB0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0xAE6680EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0xAE6681EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xAE668D72]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xAE66A6A2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0xAE66B672]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0xAE668752]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0xAE66A734]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0xAE66AD64]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0xAE668FDE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0xAE6684D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0xAE668EAC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0xAE667DD6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0xAE66ACDA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0xAE669110]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0xAE667CFA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0xAE669C3E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0xAE66B07C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0xAE66A9CA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0xAE66949A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xAE669360]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xAE66A442]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0xAE66B554]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0xAE66886C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0xAE66830C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0xAE669CF2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0xAE66A82E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0xAE66B1BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0xAE66B2A0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0xAE66B3C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0xAE66A5CE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0xAE667F4E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0xAE667EA4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xAE66AF32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xAE66802E]
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E24AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E24104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E243F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E0D2D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E0C898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E241DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E24958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E246F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E24F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E251A8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 81E84599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81EA8F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 220 81EB0730 4 Bytes [D0, 7B, 66, AE] {SAR BYTE [EBX+0x66], 0x1; SCASB }
.text ntkrnlpa.exe!RtlSidHashLookup + 248 81EB0758 8 Bytes [2C, 95, 66, AE, 82, 97, 66, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 28C 81EB079C 4 Bytes [FC, 99, 66, AE]
.text ntkrnlpa.exe!RtlSidHashLookup + 2B8 81EB07C8 4 Bytes [50, 84, 66, AE] {PUSH EAX; TEST [ESI-0x52], AH}
.text ntkrnlpa.exe!RtlSidHashLookup + 2DC 81EB07EC 4 Bytes [32, 8B, 66, AE]
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0xAFA16340, 0x3A0767, 0xE8000020]
.text peauth.sys BD93BC9D 28 Bytes [5E, 44, 72, FA, B4, 7D, 14, ...]
.text peauth.sys BD93BCC1 28 Bytes [5E, 44, 72, FA, B4, 7D, 14, ...]
? C:\Users\me\AppData\Local\Temp\mbr.sys Das System kann die angegebene Datei nicht finden. !
? C:\Windows\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
.text autochk.exe 004111D1 46 Bytes [44, 8F, 18, 8B, 44, 8E, 14, ...]
.text autochk.exe 00411203 10 Bytes [03, F0, 03, F8, FF, 24, 95, ...]
.text autochk.exe 0041120E 5 Bytes [8B, FF, 20, 12, 41] {MOV EDI, EDI; AND [EDX], DL; INC ECX}
.text autochk.exe 00411214 3 Bytes [28, 12, 41] {SUB [EDX], DL; INC ECX}
.text autochk.exe 00411218 3 Bytes [38, 12, 41] {CMP [EDX], DL; INC ECX}
.text ...
---- User code sections - GMER 1.0.15 ----
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1532] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1532] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1532] USER32.dll!NotifyWinEvent + 48B 7584F724 4 Bytes [70, 11, 33, 6D]
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3824] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3824] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3824] USER32.dll!NotifyWinEvent + 48B 7584F724 4 Bytes [70, 11, 33, 6D]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \FileSystem\Ntfs \Ntfs CtxSbx.sys (Citrix Application Isolation Environment Driver/Citrix Systems, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
Device \Driver\ACPI_HAL \Device\00000068 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000094 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001e52ea233e
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001e52ea233e@64b9e8843086 0x04 0xF5 0xAF 0x67 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001e52ea233e@000272e6c8d0 0x89 0xCB 0x21 0x10 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF9 0xBC 0x58 0xC8 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001e52ea233e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001e52ea233e@64b9e8843086 0x04 0xF5 0xAF 0x67 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001e52ea233e@000272e6c8d0 0x89 0xCB 0x21 0x10 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF9 0xBC 0x58 0xC8 ...
---- EOF - GMER 1.0.15 ----
|
|
13.05.2010, 10:16
| #3 |
| | Logs sauber? Bitte überprüfen DDS LOG
__________________Code:
ATTFilter DDS (Ver_10-03-17.01) - NTFSx86
Run by me at 16:18:50,79 on 07.05.2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.49.1033.18.3054.1522 [GMT 2:00]
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
FW: WatchGuard Mobile VPN Firewall *disabled* {33F684F9-95EF-4FC3-9196-012CF0A4D310}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
D:\Symantec\Backup Exec System Recovery\Agent\VProSvc.exe
D:\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe
C:\Windows\system32\svchost.exe -k bthaudiosvc
D:\Google\Update\GoogleUpdate.exe
D:\WatchGuard\Mobile VPN\ncpclcfg.exe
D:\WatchGuard\Mobile VPN\ncprwsnt.exe
D:\WatchGuard\Mobile VPN\ncpsec.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
D:\Citrix\Streaming Client\RadeSvc.exe
D:\WatchGuard\Mobile VPN\rwsrsu.exe
D:\Citrix\ICA Client\ssonsvr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\dllhost.exe
C:\Windows\System32\IRW.exe
D:\TeamViewer\Version5\TeamViewer_Service.exe
D:\Boot Camp\KbdMgr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\rundll32.exe
D:\VMware\VMware View\Client\bin\wsnm.exe
D:\Symantec\Backup Exec System Recovery\Agent\VProTray.exe
D:\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
D:\Citrix\ICA Client\concentr.exe
D:\Xobni\XobniService.exe
D:\iTunes\iTunesHelper.exe
D:\WatchGuard\Mobile VPN\NcpBudgetGui.exe
C:\Windows\system32\nfsclnt.exe
D:\WatchGuard\Mobile VPN\rwsrsu.exe
D:\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
D:\Microsoft Office 2010\Office14\MSOSYNC.EXE
D:\gSyncit\gsyncit.exe
D:\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\System32\taskmgr.exe
C:\Users\me\AppData\Roaming\Dropbox\bin\Dropbox.exe
D:\Citrix\ICA Client\WFCRUN32.EXE
D:\Symantec\Backup Exec System Recovery\Shared\Drivers\SymSnapService.exe
D:\HotSpot Manager\HotSpotMgr.exe
D:\FSL\IconRestorer\IconRestorer.exe
D:\Microsoft Office 2010\Office14\ONENOTEM.EXE
C:\Windows\system32\dllhost.exe
C:\Program Files\Common Files\T-Com\HotspotMgr\HotSpotFSvc.exe
C:\Windows\system32\UI0Detect.exe
D:\iPod\bin\iPodService.exe
C:\Windows\System32\msdtc.exe
C:\Windows\explorer.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Users\me\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - d:\techsmith\snagit 9\SnagItBHO.dll
BHO: Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\spybot~1\SDHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - d:\java\jre6\bin\ssv.dll
BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - d:\mic30f~1\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - d:\techsmith\snagit 9\SnagItIEAddin.dll
uRun: [SpybotSD TeaTimer] d:\spybot - search & destroy\TeaTimer.exe
uRun: [OfficeSyncProcess] d:\microsoft office 2010\office14\MSOSYNC.EXE
uRun: [gSyncit] d:\gsyncit\gsyncit.exe
uRun: [SUPERAntiSpyware] d:\superantispyware\SUPERAntiSpyware.exe
mRun: [IRW] c:\windows\system32\IRW.exe
mRun: [Apple_KbdMgr] d:\boot camp\KbdMgr.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Symantec Backup Exec System Recovery 8.5] "d:\symantec\backup exec system recovery\agent\VProTray.exe"
mRun: [IntelliPoint] "d:\microsoft intellipoint\ipoint.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ConnectionCenter] "d:\citrix\ica client\concentr.exe" /startup
mRun: [iTunesHelper] "d:\itunes\iTunesHelper.exe"
mRun: [NcpBudgetGui] "d:\watchguard\mobile vpn\NcpBudgetGui.exe" -start
mRun: [NcpPopup] "d:\watchguard\mobile vpn\ncppopup.exe" noerrmsg
mRun: [NcpRsuGui] "d:\watchguard\mobile vpn\rwsrsu.exe" -gui
mRun: [Malwarebytes' Anti-Malware] "d:\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [avp] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
StartupFolder: c:\users\me\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\me\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\me\appdata\roaming\micros~1\windows\startm~1\programs\startup\hotspo~1.lnk - d:\hotspot manager\HotSpotMgr.exe
StartupFolder: c:\users\me\appdata\roaming\micros~1\windows\startm~1\programs\startup\iconre~1.lnk - d:\fsl\iconrestorer\IconRestorer.exe
StartupFolder: c:\users\me\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - d:\microsoft office 2010\office14\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\taskmgr.lnk - c:\windows\system32\taskmgr.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to &Evernote - d:\evernote\evernote3.5\enbar.dll/2000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - d:\mic30f~1\office14\ONBttnIE.dll/105
IE: Hinzufügen zu Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: Nach Microsoft E&xel exportieren - d:\mic30f~1\office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\microsoft office 2010\office14\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - d:\microsoft office 2010\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\micros~1\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\spybot~1\SDHelper.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - d:\evernote\evernote3.5\enbar.dll
Trusted Zone: learningsystem.de\fh-riedlingen-dls
Trusted Zone: uzsystem.de\uzcrm
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {DBDC1CDA-B64B-49F7-9535-6317AA416E51} - hxxps://192.51.32.233/downloads/VMware-viewclient.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - d:\superantispyware\SASWINLO.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\users\me\appdata\roaming\mozilla\firefox\profiles\ezw2jevm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - component: c:\users\me\appdata\roaming\mozilla\firefox\profiles\ezw2jevm.default\extensions\lazarus@interclue.com\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\users\me\appdata\local\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\me\appdata\roaming\mozilla\firefox\profiles\ezw2jevm.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
FF - plugin: c:\users\me\appdata\roaming\mozilla\firefox\profiles\ezw2jevm.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\users\me\appdata\roaming\mozilla\firefox\profiles\ezw2jevm.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: d:\citrix\streaming client\nprade.dll
FF - plugin: d:\google\google earth\plugin\npgeplugin.dll
FF - plugin: d:\google\picasa3\npPicasa3.dll
FF - plugin: d:\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: d:\mic30f~1\office14\NPAUTHZ.DLL
FF - plugin: d:\micros~1\office14\NPSPWRAP.DLL
FF - plugin: d:\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "hxxp://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R0 Ramdisk;Ramdisk [ QSoft ];c:\windows\system32\drivers\RAMDisk.sys [2009-7-27 8192]
R1 cdfdrv;cdfdrv;c:\windows\system32\drivers\cdfdrv.sys [2009-8-11 28704]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-9-14 21520]
R1 SASDIFSV;SASDIFSV;d:\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;d:\superantispyware\SASKUTIL.SYS [2010-4-27 61440]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340456]
R2 Backup Exec System Recovery;Backup Exec System Recovery;d:\symantec\backup exec system recovery\agent\VProSvc.exe [2008-9-4 4687200]
R2 CAPI;CAPI 2.0 Service;c:\windows\system32\drivers\capi.sys [2009-10-13 28740]
R2 ctxpidmn;ctxpidmn;c:\windows\system32\drivers\ctxpidmn.sys [2009-8-24 22816]
R2 CtxSbx;CtxSbx;c:\windows\system32\drivers\CtxSbx.sys [2009-8-24 201248]
R2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe -k bthaudiosvc [2009-7-14 20992]
R2 inpout32;inpout32;c:\windows\system32\drivers\inpout32.sys [2010-2-4 11936]
R2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [2008-4-15 5504]
R2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [2008-4-15 6528]
R2 ncpclcfg;ncpclcfg;d:\watchguard\mobile vpn\ncpclcfg.exe [2010-5-3 86016]
R2 ncprwsnt;ncprwsnt;d:\watchguard\mobile vpn\NCPRWSNT.EXE [2010-5-3 1085960]
R2 NcpSec;NcpSec;d:\watchguard\mobile vpn\NCPSEC.EXE [2010-5-3 32768]
R2 NDISCAPI;NDIS CAPI Service;c:\windows\system32\drivers\ndiscapi.sys [2009-10-13 41037]
R2 NfsClnt;Client für NFS;c:\windows\system32\nfsclnt.exe [2009-7-14 52736]
R2 RadeSvc;Citrix Streamingdienst;d:\citrix\streaming client\RadeSvc.exe [2009-9-10 636232]
R2 rwsrsu;rwsrsu;d:\watchguard\mobile vpn\rwsrsu.exe [2010-5-3 819712]
R2 SBSDWSCService;SBSD Security Center Service;d:\spybot - search & destroy\SDWinSec.exe [2009-11-9 1153368]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-7-14 7168]
R2 TeamViewer5;TeamViewer 5;d:\teamviewer\version5\TeamViewer_Service.exe [2010-1-12 185640]
R2 wsnm;VMware View Client Service;d:\vmware\vmware view\client\bin\wsnm.exe [2010-2-10 151552]
R2 XobniService;XobniService;d:\xobni\XobniService.exe [2010-4-15 55016]
R3 aapltctp;Apple Trackpad Enabler;c:\windows\system32\drivers\aapltctp.sys [2009-8-18 4224]
R3 aapltp;Apple Trackpad;c:\windows\system32\drivers\aapltp.sys [2009-8-18 35072]
R3 applebt;Apple Built-in Bluetooth;c:\windows\system32\drivers\applebt.sys [2009-8-18 9088]
R3 csr_a2dp;Bluetooth AV Profile;c:\windows\system32\drivers\bthav.sys [2009-12-21 61952]
R3 ctxusbf;Citrix USB Filter Driver;c:\windows\system32\drivers\ctxusbf.sys [2009-2-2 56632]
R3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\drivers\IRFilter.sys [2009-8-18 16512]
R3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\drivers\KeyMagic.sys [2009-8-18 19968]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-11-9 20952]
R3 NcpFiltMP;NcpFiltMP;c:\windows\system32\drivers\ncpvaxp.sys [2010-5-3 81224]
R3 NfsRdr;Client für NFS-Redirector;c:\windows\system32\drivers\nfsrdr.sys [2009-7-14 201216]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]
R3 RpcXdr;Server für NFS Open RPC (ONCRPC);c:\windows\system32\drivers\rpcxdr.sys [2009-7-14 86528]
R3 SymSnapService;SymSnapService;d:\symantec\backup exec system recovery\shared\drivers\SymSnapService.exe [2008-8-7 1562096]
R3 WSUSBDMAN;VMware View Virtual Client USB Manager;c:\windows\system32\drivers\WSUSBDMAN.sys [2010-2-10 26928]
S2 gupdate;Google Update Service (gupdate);d:\google\update\GoogleUpdate.exe [2009-11-3 135664]
S2 MBAMService;MBAMService;d:\malwarebytes' anti-malware\mbamservice.exe [2009-11-9 304464]
S2 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;d:\starmoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [2010-4-14 541192]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BthAudioHF;BthAudioHF Service;c:\windows\system32\drivers\BthAudioHF.sys [2009-12-21 43008]
S3 BthKicker;Apple Bluetooth Device Driver;c:\windows\system32\drivers\BthKicker.sys [2009-8-18 7424]
S3 CQG.CustomerExperience.AgentService;CQG Customer Experience Agent 1.74.5020;d:\cqg\customerexperience\agent\CQG.CustomerExperience.AgentService.exe [2009-4-29 5120]
S3 DectEnum;DectEnum;c:\windows\system32\drivers\DectEnum.sys [2005-3-1 8448]
S3 G6FTPServer;Gene6 FTP Server;d:\program files\gene6 ftp server\G6FTPServer.exe [2007-10-22 470016]
S3 Gigusb;Dect USB Driver;c:\windows\system32\drivers\Gigusb.sys [2005-3-1 53632]
S3 HRCMPA;ISDN Wan driver (Ver. 1.20.0032);c:\windows\system32\drivers\hrcmpa.sys [2004-9-8 263751]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2009-10-5 100736]
S3 IUAPIWDM;ISDN USB Interface (Ver. 1.20.0032);c:\windows\system32\drivers\IUAPIWDM.sys [2004-9-8 50759]
S3 NcpFilt;Ncp Filter Service;c:\windows\system32\drivers\ncpvaxp.sys [2010-5-3 81224]
S3 ncpvaxp;NCP Secure Client Virtual Adapter Driver;c:\windows\system32\drivers\ncpvaxp.sys [2010-5-3 81224]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-3-19 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-3-19 8320]
S3 siellif;siellif;c:\windows\system32\drivers\siellif.sys [2005-3-1 113408]
S3 StorSvc;Speicherdienst;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-14 311296]
S4 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\common files\abbyy\finereader\10.00\licensing\pe\NetworkLicenseServer.exe [2009-12-22 814344]
S4 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [2008-4-15 132400]
S4 AppleTimeSrv;Apple-Time-Server;c:\windows\system32\AppleTimeSrv.exe [2008-4-15 99632]
=============== Created Last 30 ================
2010-05-06 13:45:36 0 d-----w- C:\$RECYCLE.BIN
2010-05-06 13:31:49 98816 ----a-w- c:\windows\sed.exe
2010-05-06 13:31:49 77312 ----a-w- c:\windows\MBR.exe
2010-05-06 13:31:49 256512 ----a-w- c:\windows\PEV.exe
2010-05-06 13:31:49 161792 ----a-w- c:\windows\SWREG.exe
2010-05-06 13:17:44 0 d-----w- D:\Windows Journal
2010-05-06 13:17:44 0 d-----w- D:\Common Files
2010-05-06 09:58:35 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-05-06 09:57:58 0 d-----w- D:\SUPERAntiSpyware
2010-05-06 09:57:58 0 d-----w- c:\users\me\appdata\roaming\SUPERAntiSpyware.com
2010-05-06 09:43:48 0 d-----w- D:\WhatsRunning
2010-05-05 09:01:53 0 d-----w- D:\Evernote
2010-05-04 10:01:07 0 d-----w- c:\users\me\appdata\roaming\Foxit Software
2010-05-03 09:05:40 991232 ----a-w- c:\windows\system32\ncpgina1.dll
2010-05-03 09:05:39 631 ----a-w- c:\windows\system32\ncppki.conf
2010-05-03 09:05:38 81224 ----a-w- c:\windows\system32\drivers\ncpvaxp.sys
2010-05-03 07:06:11 0 d-----w- D:\Xobni
2010-04-29 20:11:52 0 d-----w- D:\iPod
2010-04-29 20:11:51 0 d-----w- D:\iTunes
2010-04-29 20:08:53 0 d-----w- D:\Bonjour
2010-04-28 06:25:08 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-04-28 06:25:06 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-28 06:25:06 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-22 09:50:51 0 d-----w- D:\TweetDeck
2010-04-17 14:03:42 98304 ----a-w- c:\windows\system32\CNQ9601I.DLL
2010-04-17 14:03:42 417792 ----a-w- c:\windows\system32\CNQ9601L.DLL
2010-04-17 14:03:42 192512 ----a-w- c:\windows\system32\CNQ9601O.DLL
2010-04-17 14:03:42 1331200 ----a-w- c:\windows\system32\CNQ9601C.DLL
2010-04-14 06:26:58 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 06:26:58 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 06:26:58 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 06:26:57 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 06:26:57 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 06:26:57 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 06:25:51 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 06:25:46 132608 ----a-w- c:\windows\system32\cabview.dll
2010-04-08 11:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 11:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
==================== Find3M ====================
2010-05-06 12:27:39 649360 ----a-w- c:\windows\system32\perfh007.dat
2010-05-06 12:27:39 128244 ----a-w- c:\windows\system32\perfc007.dat
2010-05-05 06:49:33 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-05-05 06:49:33 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-05-05 06:45:39 147112 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-29 13:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-12 07:26:23 353330 ----a-w- c:\users\me\appdata\roaming\nvModes.dat
2010-03-29 08:18:59 81 ----a-w- C:\CTX.DAT
2010-03-25 15:32:28 86016 ----a-w- c:\windows\system32\NtDirect.dll
2010-02-23 07:56:00 977920 ----a-w- c:\windows\system32\wininet.dll
2010-02-19 23:47:50 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-11 07:10:14 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-10 11:58:50 327680 ----a-w- c:\windows\system32\wsauth.dll
2009-10-03 15:15:41 4096 --sha-w- D:\VSNAP.IDX
2009-08-18 14:04:54 38104 ----a-w- c:\windows\inf\perflib\0407\perfd.dat
2009-08-18 14:04:54 38104 ----a-w- c:\windows\inf\perflib\0407\perfc.dat
2009-08-18 14:04:54 295922 ----a-w- c:\windows\inf\perflib\0407\perfi.dat
2009-08-18 14:04:54 295922 ----a-w- c:\windows\inf\perflib\0407\perfh.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-08-26 12:02:49 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-08-26 12:02:49 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-08-26 12:02:49 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-08-26 12:02:49 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
2009-08-18 14:13:07 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
============= FINISH: 16:21:10,02 ===============
|
|
13.05.2010, 10:23
| #4 |
| | Logs sauber? Bitte überprüfen Post 5/5 , jetzt bin ich fertig  bisher wurden, bis auf tdx.sys keine viren gefunden! sehr komisch- lediglich das rootkit und in einer datei wurde von KIS2010 der Variant.Renos.14 gefunden. mir ist der befall lediglich aufgefallen, da ich an besagtem tag letzter woche den FF google hijack hatte. evtl. glück im unglück und doch nicht alle daten ausspioniert? werde jetzt nochmal einen vollscan mit der drweb livecd machen. cosinus, für deine treuen logfile-lese-dienste und kompetenten ratschläge spendiere ich dir einen kasten virutelles bier =D |
|
13.05.2010, 16:00
| #5 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | Logs sauber? Bitte überprüfenZitat:
Im 2. GMER Log sieht man aber keine atapi.sys Manipulation mehr. Wo lag die tdx.sys die Du ausgewertet hast? Denn eine tdx.sys gehört auch anscheinend zu Kaspersky!! Benenn die bitte mal um in tdx.sys.vir - vllt haben wir da ein Rootkit, das gezielt auf Kaspersky losgeht Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
13.05.2010, 18:17
| #6 |
| | Logs sauber? Bitte überprüfen die Tdx.sys hab ich mir aus dem combofix qoobox Verzeichnis geholt. Lag urspruenglich in Windows\system32\drivers. der drweb Scan mit der livecd, der seit Stunden laeuft, hat die tdx eben auch nochmal in Windows\winsxs\x86_Microsoft-Windows-TDI-over-tcpip(....)\ gefunden. Ewig langer Pfad. Drweb erkennt tdx.sys als backdoor.tdss.2459 die atapi.sys habe ich auch hochgeladen, aus knoppix mit bekanntem Ergebnis. weder gmer/ combofix hat das file jedoch vorher angeruehrt, deswegen wundert mich das suspicious, da bis auf einen Scanner bei virustotal keiner was auszusetzen hatte |
|
13.05.2010, 19:01
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Logs sauber? Bitte überprüfen Achja, dann war das ein neuere TDSS. AFAIK hatten ältere Versionen vom TDSS die atapi.sys direkt manipuliert, neuere Versionen hatten zufällig einen anderen Treiber infiziert und es erschien dann der und die atapi.sys als "suspicous modification" wobei man aber nur die andere Treiberdatei (in Deinem Fall tdx.sys) durch ein Original ersetzen musste und dann war auch das mit der atapi.sys geklärt  Du kannst auch gern zur Kontrolle nochmal Vollscans mit Malwarebytes und SUPERAntiSpyware machen und die Logs posten. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Logs sauber? Bitte überprüfen |
| 0 bytes, 0x00000001, acroiehelper.dll, adblock, adobe, antivirus, bho, browseui preloader, components, einstellungen, error, excel, excel.exe, exe datei, explorer, firefox, firefox 3.6.3, firefox.exe, gupdate, hijack, hkus\s-1-5-18, installation, location, logfile, malwarebytes' anti-malware, microsoft office 2003, mozilla, notebook, nvidia, object, oldtimer, otl log, otl logfile, otl.exe, pdf, performance, plug-in, realtek, registry, rootkit, rundll, safer networking, scan, searchplugins, senden, server, server 2003, software, system recovery |
Hybrid-Darstellung
