Trojaner-Board - Internet stockt beim Laden

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Internet stockt beim Laden (https://www.trojaner-board.de/91784-internet-stockt-beim-laden.html)

Internet stockt beim Laden

Hallo ihr Lieben

Ich nutze den Speedtest von Computerbild, verbunden mit der Google-Startseite, so dass ich regelmäßig beim Starten von Firefox sehen kann, welche Verbindungsgeschwindigkeit mir gerade zur Verfügung steht und, obwohl ich nur eine DSL 6.000er Leitung habe, stehen da oft zwischen 8.000 und 23.000 kbit/s als Speedangabe.

Das ist schön, aber seit einiger Zeit stockt Firefox zum Beispiel beim Seitenaufbau, oder wenn ich einem Link folge (meist Wohnungsangebote, die ich via Immonet und co. mit meinem Email-Programm abrufe). Das bedeutet, Firefox läd Bilder nicht richtig, verheimlicht mir einfach einen Teil der Seite oder läd einfach ewig lang, ohne Erfolg.

Ich muss dazu sagen, dass das nicht immer so ist, aber es gefällt mir nicht und macht mir Sorgen, also wäre es wahnsinnig lieb, wenn sich jemand mein Log mal ansehen könnte.

Vielen lieben Dank
Eure Shiva

Meine PC Daten:
MS Windows XP Home SP 3
Intel Core 2 Duo CPU E8400
3.00 GHz
3,2GB RAM
NVidia GeForce 9800 GT

Relevante Software
Kaspersky Security Suite CBE 7, immer aktuell
CCleaner wird regelmäßig ausgeführt, ebenso SuperAntiSpyware und Malwarebytes Anti-Malware
Alle drei haben in den letzten Tests nichts gefunden

Logfile HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:11, on 13.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
E:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
E:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe
E:\Programme\Bluetooth Software\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\dgdersvc.exe
C:\WINDOWS\system32\FsUsbExService.Exe
E:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
E:\Programme\HiJackThis\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://saugstube-torrent.to/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVP] "E:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\RSC Home\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\RSC Home\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - E:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\ie_banner_deny.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save YouTube Video - res://C:\Programme\Gemeinsame Dateien\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Programme\Gemeinsame Dateien\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
O8 - Extra context menu item: Senden an &Bluetooth - E:\Programme\Bluetooth Software\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\SCIEPlgn.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Programme\Bluetooth Software\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Programme\Bluetooth Software\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Programme\ICQ 6\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Programme\ICQ 6\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243817729468
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - hxxp://www.navigram.com/engine/v911/Navigram.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: E:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - E:\Programme\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Kaspersky Security Suite CBE (AVP) - Kaspersky Lab - E:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Programme\Bluetooth Software\Bluetooth Software\bin\btwdins.exe
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\WINDOWS\system32\dgdersvc.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: SAMSUNG KiesAllShare Service (KiesAllShare) - Unknown owner - e:\Programme\Samsung\Kies\WiselinkPro\WiselinkPro.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: UPnPService - Magix AG - C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe
O24 - Desktop Component 0: (no name) - hxxp://www.brokolinos-malbuch.de/kniffel/kniffel.jpg

--
End of file - 8208 bytes

Hi,

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe

Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen

Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output

Unter Extra Registry, wähle bitte Use SafeList

Klicke nun auf Run Scan links oben

Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)

Poste die Logfiles hier in den Thread

Gmer:
http://www.trojaner-board.de/74908-a...t-scanner.html
Den Downloadlink findest Du links oben (GMER - Rootkit Detector and Remover), dort dann
auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken).
Starte gmer und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein.

chris

Hallöchen Chris

Danke für die schnell Antwort. Gesagt getan, hier die Logs:

OTL Logfile:

Code:

OTL Extras logfile created on: 14.10.2010 00:24:51 - Run 1

OTL by OldTimer - Version 3.2.15.2     Folder = C:\Dokumente und Einstellungen\RSC Home\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 83,00% Memory free

5,00 Gb Paging File | 5,00 Gb Available in Paging File | 91,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 78,17 Gb Total Space | 33,32 Gb Free Space | 42,63% Space Free | Partition Type: NTFS

Drive E: | 53,52 Gb Total Space | 45,14 Gb Free Space | 84,35% Space Free | Partition Type: NTFS

Drive F: | 29,68 Gb Total Space | 19,61 Gb Free Space | 66,07% Space Free | Partition Type: NTFS

Drive G: | 157,59 Gb Total Space | 62,94 Gb Free Space | 39,94% Space Free | Partition Type: NTFS

Drive H: | 48,90 Gb Total Space | 23,57 Gb Free Space | 48,21% Space Free | Partition Type: NTFS

Drive I: | 97,91 Gb Total Space | 40,94 Gb Free Space | 41,82% Space Free | Partition Type: NTFS

 

Computer Name: RSC | User Name: RSC Home | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- E:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- E:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "E:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "E:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "E:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "E:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "e:\Programme\VLC Media Player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [CEWE FOTOSCHAU] -- "e:\Programme\CeWe Color\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Mein CEWE FOTOBUCH] -- "e:\Programme\CeWe Color\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()

Directory [PlayWithVLC] -- "e:\Programme\VLC Media Player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring" = 1

"" = 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Programme\BearShare Applications\BearShare\BearShare.exe" = C:\Programme\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare -- (MusicLab, LLC)

"E:\Programme\ICQ 6\ICQ6\ICQ.exe" = E:\Programme\ICQ 6\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found

"E:\Programme\TeamViewer3\TeamViewer.exe" = E:\Programme\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- File not found

"E:\Programme\uTorrent\uTorrent.exe" = E:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

"G:\Programme\Dead Space\Dead Space\Deadspace.exe" = G:\Programme\Dead Space\Dead Space\Deadspace.exe:*:Enabled:Dead Space ™ -- ()

"E:\Programme\eMule\emule.exe" = E:\Programme\eMule\emule.exe:*:Enabled:eMule -- File not found

"G:\Programme\FEAR\FEAR.exe" = G:\Programme\FEAR\FEAR.exe:*:Enabled:FEAR -- (Monolith Productions, Inc.)

"G:\Programme\FEAR\FEARMP.exe" = G:\Programme\FEAR\FEARMP.exe:*:Enabled:FEARMP -- (Monolith Productions, Inc.)

"C:\Programme\TeamViewer\Version4\TeamViewer.exe" = C:\Programme\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- File not found

"E:\Programme\Java\jre6\bin\java.exe" = E:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Dokumente und Einstellungen\RSC Home\Desktop\YuLeech-RunesofMagic2_0_1_1821-de(2).exe" = C:\Dokumente und Einstellungen\RSC Home\Desktop\YuLeech-RunesofMagic2_0_1_1821-de(2).exe:*:Enabled:FOG Downloader -- File not found

"G:\Programme\World of Warcraft Trial\Wow.exe" = G:\Programme\World of Warcraft Trial\Wow.exe:*:Enabled:Wow -- File not found

"G:\Programme\World of Warcraft\Launcher.exe" = G:\Programme\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)

"G:\Programme\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-deDE-downloader.exe" = G:\Programme\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)

"G:\Programme\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-deDE-downloader.exe" = G:\Programme\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)

"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)

"G:\Programme\World of Warcraft\BackgroundDownloader.exe" = G:\Programme\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)

"E:\Programme\ICQ 6\ICQ6.5\ICQ.exe" = E:\Programme\ICQ 6\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)

"G:\Programme\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe" = G:\Programme\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)

"G:\Programme\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-deDE-downloader.exe" = G:\Programme\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)

"G:\Programme\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-deDE-downloader.exe" = G:\Programme\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)

"G:\Programme\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-deDE-downloader.exe" = G:\Programme\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)

"C:\Programme\Microsoft LifeCam\LifeCam.exe" = C:\Programme\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)

"C:\Programme\Microsoft LifeCam\LifeEnC2.exe" = C:\Programme\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)

"C:\Programme\Microsoft LifeCam\LifeExp.exe" = C:\Programme\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)

"C:\Programme\Microsoft LifeCam\LifeTray.exe" = C:\Programme\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)

"E:\Programme\TeamViewer\Version5\TeamViewer.exe" = E:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)

"G:\Programme\Red Faction\Red Faction Guerrilla\rfg.exe" = G:\Programme\Red Faction\Red Faction Guerrilla\rfg.exe:*:Enabled:Red Faction: Guerrilla -- (THQ Inc.)

"E:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe" = E:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe:*:Enabled:Kaspersky Anti-Virus -- (Kaspersky Lab)

"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)

"E:\Programme\Samsung\Kies\WiselinkPro\WiselinkPro.exe" = E:\Programme\Samsung\Kies\WiselinkPro\WiselinkPro.exe:*:Enabled:KiesAllShare -- ()

"E:\Programme\Samsung\Kies\WiselinkPro\http_ss_win_pro.exe" = E:\Programme\Samsung\Kies\WiselinkPro\http_ss_win_pro.exe:*:Enabled:Kies_http_ss_win_pro -- ()

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{18472E28-FCA0-421F-BDAC-AC65012E29F2}" = ArcSoft MediaImpression

"{195FF80D-6C1E-4B7A-A48E-45C0AEAC0F24}" = Microsoft LifeCam

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{255ADAEB-BC04-11D5-8467-0050BA1AEF73}" = Digital Video Camera Manager

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11

"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR

"{2D428867-5883-449B-86F3-7B7187061031}" = Nero 7 Essentials

"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113 Gigabit/Fast Ethernet Driver

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7

"{32A87C84-A0D7-4D69-8C39-9B2E64B1EAB9}" = NetObjects Fusion 10.0

"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3A1421C0-5610-46D4-8283-82F3CA755FDB}" = Roxio PhotoSuite 5

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger

"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate

"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call

"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5

"{638EBB3E-04BC-40DB-9176-DDEC2C5CB2BC}" = ArcSoft MediaConverter 2.5

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{739F50FE-87AF-4108-93C8-6FF50A07A304}" = DV Ts

"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.6.13.178

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation

"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime

"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System

"{948A3F91-22EE-4E24-B4E0-BADB972357F4}" = ArcSoft Print Creations

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU

"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU

"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser

"{C774410D-3EF9-4DE7-AC01-332613163ECF}" = Kaspersky Security Suite CBE

"{C833C7B6-1140-471D-932B-391B5CA66D7D}" = Digital Video

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF49A5C4-E09A-4A22-BE7B-E42C687952BC}" = O&O Defrag Professional

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies

"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4

"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T

"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX

"{F9D54D77-01A4-7D34-6F3C-EDC9F8F466E3}" = Fragen-Lern-CD 4.0

"{FC123EEA-330A-4685-911C-95B8F5E9DE68}" = Thief - Deadly Shadows

"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"BearShare" = BearShare

"CanonMyPrinter" = Canon My Printer

"CanonSolutionMenu" = Canon Utilities Solution Menu

"CCleaner" = CCleaner

"de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1" = Fragen-Lern-CD 4.0

"Diablo II" = Diablo II

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"DivX Setup.divx.com" = DivX-Setup

"Dracula The Days of Gore" = Dracula The Days of Gore

"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20

"ffdshow_is1" = ffdshow [rev 1692] [2007-12-09]

"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4

"Free Audio Converter_is1" = Free Audio Converter version 1.2

"Free Studio_is1" = Free Studio version 4.8

"Free Video Dub_is1" = Free Video Dub version 1.5

"Free YouTube Download_is1" = Free YouTube Download 2.3

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8

"HaaliMkx" = Haali Media Splitter

"HijackThis" = HijackThis 2.0.2

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie8" = Windows Internet Explorer 8

"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0

"InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla

"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies

"InstallWIX_{C774410D-3EF9-4DE7-AC01-332613163ECF}" = Kaspersky Security Suite CBE

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.0.0

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)

"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MyFreeCodec" = MyFreeCodec

"NAVIGON Fresh" = NAVIGON Fresh 2.0.2

"Navilog1_is1" = Navilog1 3.7.4

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Drivers" = NVIDIA Drivers

"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager

"Picasa 3" = Picasa 3

"PowerISO" = PowerISO

"ratDVD" = ratDVD 0.78.1444

"SystemRequirementsLab" = System Requirements Lab

"TeamViewer 5" = TeamViewer 5

"Uninstall_is1" = Uninstall 1.0.0.1

"UseNeXT_is1" = UseNeXT

"VLC media player" = VLC media player 1.1.4

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wondershare Photo Collage Studio_is1" = Wondershare Photo Collage Studio 4.2.9.2

"World of Warcraft" = World of Warcraft

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"MyFreeCodec" = MyFreeCodec

"uTorrent" = µTorrent

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 22.09.2010 10:17:48 | Computer Name = RSC | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 1.9.2.3909,

 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x0000100b.

 

Error - 22.09.2010 17:13:13 | Computer Name = RSC | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung PDFCreator.exe, Version 0.9.0.6, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 22.09.2010 17:18:01 | Computer Name = RSC | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung PDFCreator.exe, Version 0.9.0.6, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 22.09.2010 17:18:02 | Computer Name = RSC | Source = Application Hang | ID = 1001

Description = Fehlerhafter Speicherbereich 935613995.

 

Error - 22.09.2010 17:20:13 | Computer Name = RSC | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes

 Modul unknown, Version 0.0.0.0, Fehleradresse 0x06949290.

 

Error - 22.09.2010 17:20:20 | Computer Name = RSC | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung drwtsn32.exe, Version 5.1.2600.0, fehlgeschlagenes

 Modul dbghelp.dll, Version 5.1.2600.5512, Fehleradresse 0x0001295d.

 

Error - 04.10.2010 06:16:21 | Computer Name = RSC | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung DM2005.exe, Version 4.6.8.2, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 04.10.2010 07:31:53 | Computer Name = RSC | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung SpybotSD.exe, Version 1.6.2.46, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 06.10.2010 17:34:28 | Computer Name = RSC | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung mein cewe fotobuch.exe, Version 0.0.0.0,

 fehlgeschlagenes Modul dnsq.dll, Version 7.0.1.325, Fehleradresse 0x0000c1a1.

 

Error - 08.10.2010 05:44:41 | Computer Name = RSC | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung Mein CEWE FOTOBUCH.exe, Version 0.0.0.0, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

[ System Events ]

Error - 09.10.2010 15:56:52 | Computer Name = RSC | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Konfigurationsfreie drahtlose Verbindung" wurde mit folgendem

 Fehler beendet:   %%2

 

Error - 10.10.2010 08:31:49 | Computer Name = RSC | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Konfigurationsfreie drahtlose Verbindung" wurde mit folgendem

 Fehler beendet:   %%2

 

Error - 10.10.2010 14:13:03 | Computer Name = RSC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "SASDIFSV" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%183

 

Error - 11.10.2010 02:57:47 | Computer Name = RSC | Source = sr | ID = 1

Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im 

Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung

 wurde angehalten.

 

Error - 11.10.2010 02:58:05 | Computer Name = RSC | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Konfigurationsfreie drahtlose Verbindung" wurde mit folgendem

 Fehler beendet:   %%2

 

Error - 11.10.2010 06:55:38 | Computer Name = RSC | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Konfigurationsfreie drahtlose Verbindung" wurde mit folgendem

 Fehler beendet:   %%2

 

Error - 11.10.2010 14:35:14 | Computer Name = RSC | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Konfigurationsfreie drahtlose Verbindung" wurde mit folgendem

 Fehler beendet:   %%2

 

Error - 12.10.2010 14:40:44 | Computer Name = RSC | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Konfigurationsfreie drahtlose Verbindung" wurde mit folgendem

 Fehler beendet:   %%2

 

Error - 13.10.2010 06:12:29 | Computer Name = RSC | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Konfigurationsfreie drahtlose Verbindung" wurde mit folgendem

 Fehler beendet:   %%2

 

Error - 13.10.2010 17:42:09 | Computer Name = RSC | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Konfigurationsfreie drahtlose Verbindung" wurde mit folgendem

 Fehler beendet:   %%2

 

 

< End of report >

--- --- ---

OTL Logfile:

Code:

OTL logfile created on: 14.10.2010 00:24:51 - Run 1

OTL by OldTimer - Version 3.2.15.2     Folder = C:\Dokumente und Einstellungen\RSC Home\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 83,00% Memory free

5,00 Gb Paging File | 5,00 Gb Available in Paging File | 91,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 78,17 Gb Total Space | 33,32 Gb Free Space | 42,63% Space Free | Partition Type: NTFS

Drive E: | 53,52 Gb Total Space | 45,14 Gb Free Space | 84,35% Space Free | Partition Type: NTFS

Drive F: | 29,68 Gb Total Space | 19,61 Gb Free Space | 66,07% Space Free | Partition Type: NTFS

Drive G: | 157,59 Gb Total Space | 62,94 Gb Free Space | 39,94% Space Free | Partition Type: NTFS

Drive H: | 48,90 Gb Total Space | 23,57 Gb Free Space | 48,21% Space Free | Partition Type: NTFS

Drive I: | 97,91 Gb Total Space | 40,94 Gb Free Space | 41,82% Space Free | Partition Type: NTFS

 

Computer Name: RSC | User Name: RSC Home | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Dokumente und Einstellungen\RSC Home\Desktop\OTL.exe (OldTimer Tools)

PRC - E:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)

PRC - C:\WINDOWS\system32\dgdersvc.exe (Devguru Co., Ltd.)

PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

PRC - C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\oodag.exe (O&O Software GmbH)

PRC - E:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe (Kaspersky Lab)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - E:\Programme\Bluetooth Software\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Dokumente und Einstellungen\RSC Home\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

MOD - E:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\miscr3.dll (Kaspersky Lab)

MOD - E:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\fssync.dll (Kaspersky Lab)

MOD - E:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\adialhk.dll (Kaspersky Lab)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found

SRV - (KiesAllShare) -- e:\Programme\Samsung\Kies\WiselinkPro\WiselinkPro.exe ()

SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)

SRV - (dgdersvc) -- C:\WINDOWS\system32\dgdersvc.exe (Devguru Co., Ltd.)

SRV - (ACDaemon) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)

SRV - (O&O Defrag) -- C:\WINDOWS\system32\oodag.exe (O&O Software GmbH)

SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)

SRV - (AVP) -- E:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe (Kaspersky Lab)

SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG)

SRV - (UPnPService) -- C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)

SRV - (btwdins) -- E:\Programme\Bluetooth Software\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)

SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found

DRV - (Cardex) -- C:\WINDOWS\System32\drivers\TBPANEL.SYS File not found

DRV - (SASKUTIL) -- E:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()

DRV - (dgderdrv) -- C:\WINDOWS\system32\drivers\dgderdrv.sys (Devguru Co., Ltd)

DRV - (sscemdm) -- C:\WINDOWS\system32\drivers\sscemdm.sys (MCCI Corporation)

DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\WINDOWS\system32\drivers\sscebus.sys (MCCI Corporation)

DRV - (sscemdfl) -- C:\WINDOWS\system32\drivers\sscemdfl.sys (MCCI Corporation)

DRV - (teamviewervpn) -- C:\WINDOWS\system32\drivers\teamviewervpn.sys (TeamViewer GmbH)

DRV - (SASDIFSV) -- E:\Programme\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASENUM) -- E:\Programme\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()

DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()

DRV - (MSHUSBVideo) -- C:\WINDOWS\system32\drivers\nx6000.sys (Microsoft Corporation)

DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)

DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)

DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)

DRV - (L1e) -- C:\WINDOWS\system32\drivers\l1e51x86.sys (Atheros Communications, Inc.)

DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)

DRV - (klif) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)

DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys ()

DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab)

DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)

DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)

DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)

DRV - (BTSERIAL) -- C:\WINDOWS\system32\drivers\btserial.sys (Broadcom Corporation.)

DRV - (BTSLBCSP) -- C:\WINDOWS\system32\drivers\btslbcsp.sys (Broadcom Corporation.)

DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)

DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)

DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)

DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)

DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)

DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)

DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)

DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()

DRV - (ZD1211U(Sitecom)) Sitecom Wireless Network USB Adapter 54G WL-117(Sitecom) -- C:\WINDOWS\system32\drivers\ZD1211U.sys (ZyDAS Technology Corporation)

DRV - (ZDPNDIS5) -- C:\WINDOWS\system32\ZDPNDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://saugstube-torrent.to/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.startup.homepage: "hxxp://dsl-start.computerbild.de"

FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..extensions.enabledItems: info@djzig.com:1.2.0

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: E:\Programme\Mozilla Firefox\components [2010.09.21 21:35:21 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: E:\Programme\Mozilla Firefox\plugins [2010.09.16 15:44:21 | 000,000,000 | ---D | M]

 

[2009.08.29 23:42:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\RSC Home\Anwendungsdaten\Mozilla\Extensions

[2009.08.29 23:42:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\RSC Home\Anwendungsdaten\Mozilla\Extensions\mozswing@mozswing.org

[2010.10.14 00:00:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\RSC Home\Anwendungsdaten\Mozilla\Firefox\Profiles\cbf8azib.default\extensions

[2010.06.13 14:48:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\RSC Home\Anwendungsdaten\Mozilla\Firefox\Profiles\cbf8azib.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.08.20 20:38:46 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\RSC Home\Anwendungsdaten\Mozilla\Firefox\Profiles\cbf8azib.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2010.06.13 14:48:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\RSC Home\Anwendungsdaten\Mozilla\Firefox\Profiles\cbf8azib.default\extensions\firefox-ext@youtubekeep.com

[2010.09.17 15:14:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\RSC Home\Anwendungsdaten\Mozilla\Firefox\Profiles\cbf8azib.default\extensions\info@djzig.com

 

O1 HOSTS File: ([2009.12.21 00:37:14 | 000,366,613 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: 127.0.0.1        www.007guard.com

O1 - Hosts: 127.0.0.1        007guard.com

O1 - Hosts: 127.0.0.1        008i.com

O1 - Hosts: 127.0.0.1        www.008k.com

O1 - Hosts: 127.0.0.1        008k.com

O1 - Hosts: 127.0.0.1        www.00hq.com

O1 - Hosts: 127.0.0.1        00hq.com

O1 - Hosts: 127.0.0.1        010402.com

O1 - Hosts: 127.0.0.1        www.032439.com

O1 - Hosts: 127.0.0.1        032439.com

O1 - Hosts: 127.0.0.1        www.0scan.com

O1 - Hosts: 127.0.0.1        0scan.com

O1 - Hosts: 127.0.0.1        1000gratisproben.com

O1 - Hosts: 127.0.0.1        www.1000gratisproben.com

O1 - Hosts: 127.0.0.1        www.1001namen.com

O1 - Hosts: 127.0.0.1        1001namen.com

O1 - Hosts: 127.0.0.1        100888290cs.com

O1 - Hosts: 127.0.0.1        www.100888290cs.com

O1 - Hosts: 127.0.0.1        100sexlinks.com

O1 - Hosts: 127.0.0.1        www.100sexlinks.com

O1 - Hosts: 127.0.0.1        10sek.com

O1 - Hosts: 127.0.0.1        www.10sek.com

O1 - Hosts: 127.0.0.1        www.123haustiereundmehr.com

O1 - Hosts: 127.0.0.1        123haustiereundmehr.com

O1 - Hosts: 12614 more lines...

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [AVP] E:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe (Kaspersky Lab)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\RSC Home\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubedownload.htm ()

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\RSC Home\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm ()

O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - E:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\ie_banner_deny.htm ()

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - E:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Save YouTube Video - C:\Programme\Gemeinsame Dateien\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)

O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Programme\Gemeinsame Dateien\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)

O8 - Extra context menu item: Senden an &Bluetooth - E:\Programme\Bluetooth Software\Bluetooth Software\btsendto_ie_ctx.htm ()

O9 - Extra Button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\SCIEPlgn.dll (Kaspersky Lab)

O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Programme\Bluetooth Software\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Programme\Bluetooth Software\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Programme\ICQ 6\ICQ6.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Programme\ICQ 6\ICQ6.5\ICQ.exe (ICQ, LLC.)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243817729468 (MUWebControl Class)

O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v911/Navigram.cab (Navigram Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (E:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll) - E:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\adialhk.dll (Kaspersky Lab)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - E:\Programme\SUPERAntiSpyware\SASWINLO.DLL - E:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)

O24 - Desktop Components:0 () - hxxp://www.brokolinos-malbuch.de/kniffel/kniffel.jpg

O24 - Desktop Components:1 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\RSC Home\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\RSC Home\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - E:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008.11.13 22:05:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{604f77ce-cc68-11dd-8db0-0022158357aa}\Shell - "" = AutoRun

O33 - MountPoints2\{604f77ce-cc68-11dd-8db0-0022158357aa}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{604f77ce-cc68-11dd-8db0-0022158357aa}\Shell\AutoRun\command - "" = J:\Setup.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

File not found -- C:\Dokumente und Einstellungen\RSC Home\Desktop\[Torrentreactor.to] - Eclipse Biss zum Abendrot LD DVDSCR German XviD-CiNEJUNKIiEZ.torrent

[2010.10.14 00:23:53 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\RSC Home\Desktop\OTL.exe

[2010.10.13 12:53:32 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\RSC Home\Recent

[2010.10.09 10:40:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\RSC Home\Anwendungsdaten\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1

[2010.10.07 12:53:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\RSC Home\Lokale Einstellungen\Anwendungsdaten\Google

[2010.10.07 12:53:56 | 000,000,000 | ---D | C] -- C:\Programme\Google

[2010.10.07 12:52:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\RSC Home\Lokale Einstellungen\Anwendungsdaten\SimilarImages

[2010.10.05 23:05:58 | 000,123,648 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscemdm.sys

[2010.10.05 23:05:58 | 000,014,848 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscemdfl.sys

[2010.10.05 23:05:58 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscecmnt.sys

[2010.10.05 23:05:58 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscecm.sys

[2010.10.05 23:05:57 | 000,098,560 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscebus.sys

[2010.10.05 23:05:57 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscewhnt.sys

[2010.10.05 23:05:57 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscewh.sys

[2010.10.05 23:05:56 | 000,000,000 | ---D | C] -- C:\Programme\SAMSUNG

[2010.10.05 13:35:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\RSC Home\Eigene Dateien\restore

[2010.10.03 22:34:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\RSC Home\Lokale Einstellungen\Anwendungsdaten\2K Games

[2010.10.01 22:39:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\RSC Home\Anwendungsdaten\vlc

[2010.10.01 12:12:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\RSC Home\Eigene Dateien\Downloads

[2010.10.01 12:08:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\RSC Home\Lokale Einstellungen\Anwendungsdaten\ratDVD

[2010.09.25 23:42:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\RSC Home\Eigene Dateien\Samsung

[2010.09.25 23:42:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite

[2010.09.25 23:42:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\RSC Home\Anwendungsdaten\PC Suite

[2010.09.25 23:42:39 | 000,217,088 | ---- | C] (Teruten) -- C:\WINDOWS\System32\FsUsbExService.Exe

[2010.09.25 23:40:56 | 000,000,000 | ---D | C] -- C:\Programme\DIFX

[2010.09.25 23:40:55 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys

[2010.09.25 23:39:02 | 000,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution

[2010.09.25 23:37:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\RSC Home\Anwendungsdaten\Samsung

[2010.09.25 23:37:13 | 000,000,000 | ---D | C] -- C:\Programme\Common Files

[2010.09.25 23:37:05 | 000,000,000 | ---D | C] -- C:\Programme\MarkAny

[2010.09.25 23:37:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung

[2010.09.25 23:36:21 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Samsung

[2010.09.19 18:35:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\RSC Home\Anwendungsdaten\UseNeXT

[2009.04.02 21:33:58 | 000,047,360 | ---- | C] (VSO Software) -- C:\Dokumente und Einstellungen\RSC Home\Anwendungsdaten\pcouffin.sys

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[36 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

File not found -- C:\Dokumente und Einstellungen\RSC Home\Desktop\[Torrentreactor.to] - Eclipse Biss zum Abendrot LD DVDSCR German XviD-CiNEJUNKIiEZ.torrent

[2010.10.14 00:25:34 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\RSC Home\Desktop\in1w0po8.exe

[2010.10.14 00:23:53 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\RSC Home\Desktop\OTL.exe

[2010.10.14 00:19:35 | 001,039,392 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat

[2010.10.13 23:50:14 | 000,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx

[2010.10.13 23:41:53 | 000,262,800 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2010.10.13 23:41:44 | 002,286,624 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat

[2010.10.13 23:41:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010.10.13 23:41:34 | 001,081,619 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor

[2010.10.13 12:57:49 | 000,227,948 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx

[2010.10.12 20:40:17 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010.10.10 18:08:28 | 000,089,088 | ---- | M] () -- C:\Dokumente und Einstellungen\RSC Home\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.10.10 15:18:03 | 000,000,336 | ---- | M] () -- C:\Dokumente und Einstellungen\RSC Home\Desktop\Work.lnk

[2010.10.08 10:46:01 | 000,459,152 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2010.10.08 10:46:01 | 000,441,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010.10.08 10:46:01 | 000,084,524 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2010.10.08 10:46:01 | 000,071,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010.10.07 13:58:01 | 000,876,729 | ---- | M] () -- C:\Dokumente und Einstellungen\RSC Home\Desktop\AntiTwin.exe

[2010.10.07 13:10:10 | 000,000,024 | ---- | M] () -- C:\WINDOWS\popcinfot.dat

[2010.10.07 13:05:57 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010.10.07 12:52:48 | 000,000,092 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.SimImages

[2010.10.05 13:57:15 | 000,000,746 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mein CEWE FOTOBUCH.lnk

[2010.09.25 23:40:35 | 000,002,528 | ---- | M] () -- C:\Dokumente und Einstellungen\RSC Home\Anwendungsdaten\$_hpcst$.hpc

[2010.09.22 17:51:27 | 000,001,176 | ---- | M] () -- C:\Dokumente und Einstellungen\RSC Home\Anwendungsdaten\vso_ts_preview.xml

[2010.09.22 12:35:31 | 000,000,206 | ---- | M] () -- C:\Dokumente und Einstellungen\RSC Home\default.pls

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[36 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2010.10.14 00:25:33 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\RSC Home\Desktop\in1w0po8.exe

[2010.10.10 15:18:03 | 000,000,336 | ---- | C] () -- C:\Dokumente und Einstellungen\RSC Home\Desktop\Work.lnk

[2010.10.07 13:58:00 | 000,876,729 | ---- | C] () -- C:\Dokumente und Einstellungen\RSC Home\Desktop\AntiTwin.exe

[2010.10.07 12:52:48 | 000,000,092 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.SimImages

[2010.10.05 13:57:15 | 000,000,746 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mein CEWE FOTOBUCH.lnk

[2010.09.26 01:33:19 | 000,698,344 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat

[2010.09.25 23:42:39 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll

[2010.09.25 23:42:39 | 000,036,640 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys

[2010.09.25 23:40:35 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\RSC Home\Anwendungsdaten\$_hpcst$.hpc

[2010.07.25 16:36:51 | 000,001,549 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\flcd_proxy.log

[2010.05.07 07:54:16 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll

[2010.05.07 07:54:16 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll

[2010.05.07 07:54:16 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll

[2010.05.07 07:54:16 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll

[2010.01.10 19:40:01 | 000,281,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2010.01.10 19:40:01 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2009.12.19 18:19:42 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\amebge.sys

[2009.08.07 19:51:34 | 000,178,430 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2009.07.31 22:39:32 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009.07.31 22:39:32 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2009.07.31 22:39:27 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009.07.31 22:39:26 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009.07.31 22:39:24 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009.07.24 15:38:13 | 000,005,045 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ypkpiykb.yyr

[2009.07.24 15:19:09 | 000,014,059 | ---- | C] () -- C:\WINDOWS\Tw500a.ini

[2009.07.24 15:19:09 | 000,000,164 | ---- | C] () -- C:\WINDOWS\Setup500.ini

[2009.04.19 19:30:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OODCNT.INI

[2009.04.04 19:26:31 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll

[2009.04.04 19:18:47 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll

[2009.04.04 19:17:14 | 000,006,768 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini

[2009.04.02 21:34:08 | 000,001,176 | ---- | C] () -- C:\Dokumente und Einstellungen\RSC Home\Anwendungsdaten\vso_ts_preview.xml

[2009.04.02 21:34:02 | 000,000,034 | ---- | C] () -- C:\Dokumente und Einstellungen\RSC Home\Anwendungsdaten\pcouffin.log

[2009.04.02 21:33:58 | 000,087,608 | ---- | C] () -- C:\Dokumente und Einstellungen\RSC Home\Anwendungsdaten\inst.exe

[2009.04.02 21:33:58 | 000,007,887 | ---- | C] () -- C:\Dokumente und Einstellungen\RSC Home\Anwendungsdaten\pcouffin.cat

[2009.04.02 21:33:58 | 000,001,144 | ---- | C] () -- C:\Dokumente und Einstellungen\RSC Home\Anwendungsdaten\pcouffin.inf

[2008.12.17 20:27:54 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll

[2008.12.16 11:13:55 | 000,000,140 | ---- | C] () -- C:\WINDOWS\KMBJACK.INI

[2008.11.24 21:36:28 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll

[2008.11.24 21:36:28 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll

[2008.11.24 21:36:28 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll

[2008.11.14 23:17:58 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI

[2008.11.14 03:42:44 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008.11.14 00:24:47 | 000,089,088 | ---- | C] () -- C:\Dokumente und Einstellungen\RSC Home\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.11.14 00:11:59 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\nnr.dll

[2008.11.13 23:34:47 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll

[2008.11.13 23:17:38 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2008.11.13 23:04:41 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008.11.13 22:37:44 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2008.11.13 22:33:11 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll

[2008.11.13 22:33:11 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys

[2008.11.13 22:28:45 | 000,034,710 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini

[2008.11.13 22:15:52 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2008.11.13 22:15:38 | 000,034,672 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2008.11.13 22:15:38 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2008.11.13 22:12:06 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\RSC Home\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

[2008.11.13 22:07:50 | 000,001,124 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2008.11.13 21:58:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2005.07.22 17:38:48 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll

[2001.11.14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

[2001.03.30 22:58:36 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\Property.dll
 

< End of report >

--- --- ---

Ach übrigens, Gmer kann ich nicht ausführen.
Kurz nach dem Öffnen des Programms bekomme ich einen Blue Screen mit der Meldung:
Bad_Pool_Header

Warum?

LG Shiva

Hi,

Du setzt Filesharing-SW ein (utorrent und bearshare), darüber wird Malware verbreitet...

JAVA
Deine Javasoftware ist veraltet!
Download Java-Downloads für alle Betriebssysteme
Schliesse alle Programme auch Deinen Webbrowser
Über "Start -> Einstellungen -> Systemsteuerung -> Software
entferne alle älteren Versionen von Java Runtime Environment (JRE of J2SE)
Auch auf C:\Programme\Java entfernen!
Nachdem alles entfernt wurde --->Rechner neu starten
Installiere jetzt vom Desktop aus die neue Version!

Dann steht in Deinem EventLog:

Zitat:

Error - 13.10.2010 17:42:09 | Computer Name = RSC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Konfigurationsfreie drahtlose Verbindung" wurde mit folgendem
Fehler beendet: %%2

Falls vorhanden, Treiber nachinstallieren!

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:

Als erstes versteckte Dateien anzeigen lassen! (nur Punkt 1 durchführen!)

Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:

Code:

C:\Dokumente und Einstellungen\RSC Home\Desktop\in1w0po8.exe

C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ypkpiykb.yyr

Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)

Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.

Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Fix für OTL:

Doppelklick auf die OTL.exe, um das Programm auszuführen.

Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif

Code:



:OTL

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O33 - MountPoints2\{604f77ce-cc68-11dd-8db0-0022158357aa}\Shell - "" = AutoRun

O33 - MountPoints2\{604f77ce-cc68-11dd-8db0-0022158357aa}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{604f77ce-cc68-11dd-8db0-0022158357aa}\Shell\AutoRun\command - "" = J:\Setup.exe -- File not found
 
 

:reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring" = dword:0x00
 

:Commands

[emptytemp]

[Reboot]

Den roten Run Fixes! Button anklicken.

Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

%systemroot%\_OTL

Combofix
Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.
Antivierenlösung komplett auschalten und zwar so, dass sie sich auch nach einem Reboot NICHT einschaltet!

Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß!

Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen.

chris

Ok, lieben Dank. Hier schonmal der erste Teil unserer Forschung, alle Schritte bis zum OTL Fix habe ich vorgenommen.

Zitat:

Ergebnis der Gmer:

File name: in1w0po8.exe
Submission date: 2010-10-14 10:20:20 (UTC)
Current status: finished
Result: 0/ 43 (0.0%)
MD5: aeaecc7ee4044faaeea4ed3c14dbee13
SHA1: b4caaa6b1a4bc2109db7fc62b9dd6dd231ea1c7a
SHA256: f8fcb438327d7fbf25d1106d6dc9f2359ad1f77cc67ed5618afaf90e8f2ecb31
File size: 293376 bytes
Scan date: 2010-10-14 10:20:20 (UTC)

Ergebnis der ypkpiykb.yyr:
(bisher nie zum testen hochgeladen, keine Ergebnisse der Virusprogramme)

File name: ypkpiykb.yyr
Submission date: 2010-10-14 10:26:56 (UTC)
Current status: finished
Result: 0/ 42 (0.0%)
MD5: f94fee4113cd3fe7d1e5ffb2ef16fd07
SHA1: 70a1d784c3699a74eda2c4ec2c0d2a207df7e874
SHA256: f2949e1cd537b0c177a35dbd010b4bcd4ba906e568b5a0bf1ba09235a39b3ab9

Hier das OTL Logfile nach dem Reboot:

Zitat:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{604f77ce-cc68-11dd-8db0-0022158357aa}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604f77ce-cc68-11dd-8db0-0022158357aa}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{604f77ce-cc68-11dd-8db0-0022158357aa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604f77ce-cc68-11dd-8db0-0022158357aa}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{604f77ce-cc68-11dd-8db0-0022158357aa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604f77ce-cc68-11dd-8db0-0022158357aa}\ not found.
File J:\Setup.exe not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\"DisableMonitoring" | dword:0x00 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41044 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 345261 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: RSC Home
->Temp folder emptied: 9404046 bytes
->Temporary Internet Files folder emptied: 581856 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 71672543 bytes
->Flash cache emptied: 43289 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2879572 bytes
%systemroot%\System32 .tmp files removed: 4371335 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 245760 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 86,00 mb

OTL by OldTimer - Version 3.2.15.2 log created on 10142010_123736

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

So, ich hab nun versucht, auch den letzten Schritt auszuführen, ComboFix, aber leider erfolglos. Das Programm durchläuft zahlreiche Stufen, bis im blauen Fenster darunter die Meldung steht: Lösche Dateien

Bei diesem Schritt bricht der Pc ab, ich bekomme den gleichen Bluescreen, wie beim Ausführen von Gmer, mit dem Status: BAD_POOL_HEADER.

Wie geht es nun weiter?
Ich hab nochmal ein HJT Logfile drangehangen, ganz aktuell, vielleicht hilft das...

HiJackthis Logfile:

Code:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:06:56, on 14.10.2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe

E:\Programme\Bluetooth Software\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\dgdersvc.exe

C:\WINDOWS\system32\FsUsbExService.Exe

E:\Programme\Java\jre6\bin\jqs.exe

C:\Programme\Microsoft LifeCam\MSCamS32.exe

C:\WINDOWS\system32\oodag.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

E:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe

E:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe

E:\Programme\Mozilla Firefox\firefox.exe

E:\Programme\HiJackThis\HijackThis\HijackThis.exe
 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Saugstube-Torrent.to - The one and only Torrent site

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Programme\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\RSC Home\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubedownload.htm

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\RSC Home\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm

O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - E:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\ie_banner_deny.htm

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Save YouTube Video - res://C:\Programme\Gemeinsame Dateien\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm

O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Programme\Gemeinsame Dateien\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm

O8 - Extra context menu item: Senden an &Bluetooth - E:\Programme\Bluetooth Software\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\SCIEPlgn.dll

O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Programme\Bluetooth Software\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Programme\Bluetooth Software\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Programme\ICQ 6\ICQ6.5\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Programme\ICQ 6\ICQ6.5\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243817729468

O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - hxxp://www.navigram.com/engine/v911/Navigram.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - E:\Programme\SUPERAntiSpyware\SASWINLO.DLL

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Kaspersky Security Suite CBE (AVP) - Kaspersky Lab - E:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Programme\Bluetooth Software\Bluetooth Software\bin\btwdins.exe

O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\WINDOWS\system32\dgdersvc.exe

O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Programme\Java\jre6\bin\jqs.exe

O23 - Service: SAMSUNG KiesAllShare Service (KiesAllShare) - Unknown owner - e:\Programme\Samsung\Kies\WiselinkPro\WiselinkPro.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: UPnPService - Magix AG - C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe

O24 - Desktop Component 0: (no name) - hxxp://www.brokolinos-malbuch.de/kniffel/kniffel.jpg
 

--

End of file - 7951 bytes

--- --- ---

HI,

ein Bad_Pool_Header kann so ziemlich alles sein, von einer korrupten Registry bis hin zu einem nicht richtig programmierten Treiber...

Hast Du in letzter Zeit irgendwelche SW installiert? Wenn ja schrittweise deinstallieren.

Fangen wir mit der Reg. mal an:
Anleitung & Download: http://www.trojaner-board.de/51464-a...-ccleaner.html
Die Registry (blaues Würfel-Symbol linke Seite) musst du mehrmals durchsuchen und bereinigen lassen, bis nichts mehr gefunden wird.
Installation des cCleaners ohne die Toolbar! Benutzerdefinierte Installation wählen.

Hier noch eine Anleitung in English:
BAD_POOL_HEADER Blue Screen of Death -- fix found - Parallels Forums

Arbeitsspeicher prüfen:
MemTest - Download - CHIP Online

OSAM
Folge den Anweisungen hier http://www.trojaner-board.de/84180-a...n-manager.html zur Erstellung eines
Logs und poste das hier in Deinem Thread.

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Nach dem Start erscheint ein Fenster, dort dann "Start Scan".
Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

Systemdateien prüfen:
sfc /scannow
1.) Start->ausführen cmd eingeben
2.) sfc /scannow eingeben
3.) XP-CD bereithalten, falls fehlerhafte Dateien gefunden werden
(bei OEM-Rechnern befindet sich i. a. ein entsprechendes Verzeichnis bereits auf der Festplatte)
4.) warten...

chris

Hallo Chris

Lieben Dank für deine Zeit.
Den CCleaner lasse ich mindestens 2x am Tag routinemäßig durchlaufen, auch die Registrybereinigung. Ich bin nicht das erste Mal euer Gast :)

Die beiden Dateien aus der Anleitung habe ich gelöscht und neugestartet, auch habe ich zwischendurch via Secunia alles geupdatet, was noch auf einem älteren Stand war, eigentlich mach ich das aber ohnehin regelmäßig.

MEM-Test ergab nach einer 20-minütigen Prüfung keine Fehler.

Die Downloadseite für das OSAM Programm ist down, ich habs mir hier geholt:
hxxp://osam-autorun-manager.software.informer.com/
Aber dem entsprechend verbindet sich das Programm nicht mit dem Server, wodurch das Ganze vorzeitig unterbrochen und kein Log erstellt wird.

TDSS-Killer hat nichts gefunden, hier das Log:

Zitat:

2010/10/14 15:44:34.0625 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/14 15:44:34.0625 ================================================================================
2010/10/14 15:44:34.0625 SystemInfo:
2010/10/14 15:44:34.0625
2010/10/14 15:44:34.0625 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/14 15:44:34.0625 Product type: Workstation
2010/10/14 15:44:34.0625 ComputerName: RSC
2010/10/14 15:44:34.0625 UserName: RSC Home
2010/10/14 15:44:34.0625 Windows directory: C:\WINDOWS
2010/10/14 15:44:34.0625 System windows directory: C:\WINDOWS
2010/10/14 15:44:34.0625 Processor architecture: Intel x86
2010/10/14 15:44:34.0625 Number of processors: 2
2010/10/14 15:44:34.0625 Page size: 0x1000
2010/10/14 15:44:34.0625 Boot type: Normal boot
2010/10/14 15:44:34.0625 ================================================================================
2010/10/14 15:44:34.0953 Initialize success
2010/10/14 15:44:49.0750 ================================================================================
2010/10/14 15:44:49.0750 Scan started
2010/10/14 15:44:49.0750 Mode: Manual;
2010/10/14 15:44:49.0750 ================================================================================
2010/10/14 15:44:50.0468 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/14 15:44:50.0500 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/14 15:44:50.0515 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/14 15:44:50.0546 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
2010/10/14 15:44:50.0593 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/14 15:44:50.0640 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/10/14 15:44:50.0671 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\WINDOWS\system32\drivers\AsIO.sys
2010/10/14 15:44:50.0703 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/14 15:44:50.0703 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/14 15:44:50.0750 atksgt (70f72c50d39f5afa76c17f86223a7c4f) C:\WINDOWS\system32\DRIVERS\atksgt.sys
2010/10/14 15:44:50.0765 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/14 15:44:50.0812 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/14 15:44:50.0843 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/14 15:44:50.0875 btaudio (711442f5953966b14299b4b0404ec073) C:\WINDOWS\system32\drivers\btaudio.sys
2010/10/14 15:44:50.0890 BTDriver (409f48dc4d505559043acbbf6095768a) C:\WINDOWS\system32\DRIVERS\btport.sys
2010/10/14 15:44:50.0921 BTKRNL (03664bb96504c81b02f58c0eade8a464) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2010/10/14 15:44:50.0953 BTSERIAL (873f58c0fde879b53b468b65e39549c5) C:\WINDOWS\system32\drivers\btserial.sys
2010/10/14 15:44:50.0953 BTSLBCSP (df810d392af466ff76cb6bf55c6c86af) C:\WINDOWS\system32\drivers\btslbcsp.sys
2010/10/14 15:44:50.0968 BTWDNDIS (4223556c93871a4cbd68d0585f5e5dc9) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2010/10/14 15:44:50.0984 BTWUSB (2054534e921359af42875ed825fa075f) C:\WINDOWS\system32\Drivers\btwusb.sys
2010/10/14 15:44:51.0093 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/14 15:44:51.0125 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/10/14 15:44:51.0125 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/14 15:44:51.0156 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/14 15:44:51.0171 Cdr4_xp (837eef65af62d4e8a37c41d3879f7274) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2010/10/14 15:44:51.0171 Cdralw2k (579da2f9f5401f55dae2cf8779d61dfc) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2010/10/14 15:44:51.0203 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/14 15:44:51.0265 dgderdrv (d0d4f3ca1d3a4400e1f40f36a800cd12) C:\WINDOWS\system32\drivers\dgderdrv.sys
2010/10/14 15:44:51.0281 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/14 15:44:51.0312 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/14 15:44:51.0359 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/14 15:44:51.0375 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/14 15:44:51.0390 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/14 15:44:51.0406 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/14 15:44:51.0453 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/14 15:44:51.0468 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/10/14 15:44:51.0468 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/14 15:44:51.0484 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/10/14 15:44:51.0500 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/14 15:44:51.0531 FsUsbExDisk (b07663a810e861eebfd0eac7e82ca62d) C:\WINDOWS\system32\FsUsbExDisk.SYS
2010/10/14 15:44:51.0593 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/14 15:44:51.0609 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/14 15:44:51.0625 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/14 15:44:51.0640 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/10/14 15:44:51.0656 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/14 15:44:51.0687 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/14 15:44:51.0703 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\drivers\i8042prt.sys
2010/10/14 15:44:51.0718 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/14 15:44:51.0828 IntcAzAudAddService (19afbb8427ce65042599555e578170df) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/10/14 15:44:51.0875 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/14 15:44:51.0890 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/14 15:44:51.0937 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/14 15:44:51.0953 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/14 15:44:51.0968 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/14 15:44:51.0984 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/14 15:44:52.0000 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/14 15:44:52.0015 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/14 15:44:52.0031 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/14 15:44:52.0031 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/10/14 15:44:52.0046 kl1 (8eb0825b9d9f38c7ace67f012776c323) C:\WINDOWS\system32\drivers\kl1.sys
2010/10/14 15:44:52.0078 klif (854167a8a1c7300282ee5e157c3e1fbe) C:\WINDOWS\system32\drivers\klif.sys
2010/10/14 15:44:52.0109 klim5 (fab690ad3d3949b9ed227508734c8a85) C:\WINDOWS\system32\DRIVERS\klim5.sys
2010/10/14 15:44:52.0125 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/14 15:44:52.0140 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/14 15:44:52.0171 L1e (b3a21f963bf315a29e1d5eb376a51078) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
2010/10/14 15:44:52.0218 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
2010/10/14 15:44:52.0234 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/14 15:44:52.0250 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/14 15:44:52.0265 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/14 15:44:52.0281 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/14 15:44:52.0281 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/14 15:44:52.0296 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/14 15:44:52.0328 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/14 15:44:52.0359 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/14 15:44:52.0390 MSHUSBVideo (066f26efe273125b352e35405d258e85) C:\WINDOWS\system32\Drivers\nx6000.sys
2010/10/14 15:44:52.0421 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/14 15:44:52.0437 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/14 15:44:52.0468 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/14 15:44:52.0484 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/14 15:44:52.0515 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/10/14 15:44:52.0531 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2010/10/14 15:44:52.0546 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/14 15:44:52.0562 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/10/14 15:44:52.0593 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/14 15:44:52.0625 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/10/14 15:44:52.0640 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/14 15:44:52.0671 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/14 15:44:52.0671 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/14 15:44:52.0687 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/14 15:44:52.0703 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/14 15:44:52.0703 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/14 15:44:52.0734 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/10/14 15:44:52.0734 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/14 15:44:52.0750 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/14 15:44:52.0765 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/14 15:44:52.0953 nv (a05d99cbf55eb493c9e82b4bca848ef5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/10/14 15:44:53.0015 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/14 15:44:53.0031 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/14 15:44:53.0062 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/10/14 15:44:53.0093 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
2010/10/14 15:44:53.0093 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/14 15:44:53.0109 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/14 15:44:53.0171 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2010/10/14 15:44:53.0171 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/14 15:44:53.0203 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/14 15:44:53.0218 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/14 15:44:53.0265 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2010/10/14 15:44:53.0328 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/14 15:44:53.0359 PQNTDrv (7e8be4d11f5ac1e5cae42719a7230508) C:\WINDOWS\system32\drivers\PQNTDrv.sys
2010/10/14 15:44:53.0375 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/14 15:44:53.0375 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/14 15:44:53.0390 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/10/14 15:44:53.0453 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/14 15:44:53.0453 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/14 15:44:53.0468 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/14 15:44:53.0468 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/14 15:44:53.0484 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/14 15:44:53.0500 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/14 15:44:53.0531 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/14 15:44:53.0546 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/14 15:44:53.0609 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) E:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
2010/10/14 15:44:53.0625 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) E:\Programme\SUPERAntiSpyware\SASENUM.SYS
2010/10/14 15:44:53.0656 SASKUTIL (61db0d0756a99506207fd724e3692b25) E:\Programme\SUPERAntiSpyware\SASKUTIL.sys
2010/10/14 15:44:53.0687 SCDEmu (a73ae2510014103a44a5a58845219dcb) C:\WINDOWS\system32\drivers\SCDEmu.sys
2010/10/14 15:44:53.0703 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/14 15:44:53.0734 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/14 15:44:53.0734 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/14 15:44:53.0765 sfdrv01 (0b179a959ff6b6ca5927d4f255ab9f90) C:\WINDOWS\system32\drivers\sfdrv01.sys
2010/10/14 15:44:53.0765 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOWS\system32\drivers\sfhlp02.sys
2010/10/14 15:44:53.0796 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/14 15:44:53.0796 sfsync02 (a62efe6aa55c6a599ddbb6bd00e8fb9c) C:\WINDOWS\system32\drivers\sfsync02.sys
2010/10/14 15:44:53.0828 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/10/14 15:44:53.0859 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/14 15:44:53.0906 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
2010/10/14 15:44:53.0906 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/14 15:44:53.0937 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/14 15:44:53.0984 sscebus (b2063ce662af3ab20045121a5b716df6) C:\WINDOWS\system32\DRIVERS\sscebus.sys
2010/10/14 15:44:54.0000 sscemdfl (66799dc0afe3dcaf8368cae17394a762) C:\WINDOWS\system32\DRIVERS\sscemdfl.sys
2010/10/14 15:44:54.0031 sscemdm (cbf03ffc08f8db547bab2f79aa663d16) C:\WINDOWS\system32\DRIVERS\sscemdm.sys
2010/10/14 15:44:54.0062 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/10/14 15:44:54.0078 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/14 15:44:54.0093 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/14 15:44:54.0125 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/14 15:44:54.0156 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/14 15:44:54.0187 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/14 15:44:54.0203 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/14 15:44:54.0218 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys
2010/10/14 15:44:54.0250 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/14 15:44:54.0265 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/14 15:44:54.0296 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/14 15:44:54.0328 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/10/14 15:44:54.0343 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/14 15:44:54.0359 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/14 15:44:54.0375 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/14 15:44:54.0390 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/14 15:44:54.0406 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/14 15:44:54.0421 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/14 15:44:54.0421 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/14 15:44:54.0453 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/10/14 15:44:54.0468 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/14 15:44:54.0500 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/14 15:44:54.0500 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/14 15:44:54.0546 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/14 15:44:54.0578 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2010/10/14 15:44:54.0593 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/10/14 15:44:54.0609 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/14 15:44:54.0640 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/10/14 15:44:54.0671 ZD1211U(Sitecom) (2a1274b9e7d71216b0fb5e998498d2e4) C:\WINDOWS\system32\DRIVERS\zd1211u.sys
2010/10/14 15:44:54.0718 ZDPNDIS5 (29c917279d79848b3dd94909fc00e2a8) C:\WINDOWS\system32\ZDPNDIS5.SYS
2010/10/14 15:44:54.0906 ================================================================================
2010/10/14 15:44:54.0906 Scan finished
2010/10/14 15:44:54.0906 ================================================================================

Das größte Problem ist das Prüfen der Systemdateien. Das Programm läuft und will immer wieder eine XP Professional CD von mir haben, die ich aber nicht habe. Auf dem Rechner ist XP Home installiert, die originale Windows-CD erkennt er aber nciht als die, die er braucht. Was kann ich tun?

LG Shiva

ps: Bei jedem Neustart, auch bei jedem korrekt ausgeführten, wird mir angezeigt, dass Windows nach einem schwerwiegenden Fehler wieder ausgeführt wird...

Hi,

thats complicated, but we will give it a try:

scannow:
Von der CD wird das dllcache-Verzeichnis aktualisiert. Hierbei verlangt XP leider immer die Professional-CD, auch bei XP Home.
Dafür gibt es eine Umgehung. Man kopiert den I386-Ordner von der XP-Home-CD auf die Festplatte. Anschliessend modifiziert
man die Registry so, dass XP von diesem Verzeichnis aus repariert. Damit wird der Zugriff auf die CD nahezu komplett ausgeschlossen.
Schritt 1
Lege die XP-CD ein und suche den Ordner mit folgendem Namen:
I386
Dies ist der Hauptordner und und sollte unter den ersten sein, die du siehst. Kopiere ihn jetzt auf dein Systemlaufwerk.
Für die meisten sollte das das Laufwerk C:\ sein. Wenn du fertig bist, hast du einen Ordner der so aussieht: C:\I386
-----------------------------
Schritt 2
Nun musst du dem Computer noch das neue Verzeichnis bekannt geben. Das geschieht in der Registry (Start > ausführen >regedit)
und navigiere zu:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup
Dort siehst du auf der rechten Seite verschiedene Einträge. Du änderst den folgenden:
SourcePath
Hier ist vermutlich ein Verweis auf dein CD-ROM-Laufwerk, und deshalb fragt er nach der XP CD. Alles was erforderlich ist, ist den Eintrag wie folgt zu ändern:
C:\
Einfach auf den Wert doppelklicken und es geht ein Fenster auf, wo du den neuen Wert eintragen kannst.
Nun starte deinen Computer neu und versuche scannow sfc noch einmal!

Vor dem Ändern der Reg solltest Du eine Sicherheitskopie wie folgt machen:

Backup der Registry erstellen mit ERUNT:
* Lade Dir ERUNT von folgender Adresse: Favorite Freeware
* Wähle die Installationsversion von ERUNT und installiere es auf deutsch
* Nach der Installation startet er gleich, alle Auswahlen so lassen
* Backup durchführen

chris

Also die Umgehung hat geklappt. Was kann ich jetzt noch tun?

Hi,

wurden Dateien bei der Systemüberprüfung ersetzt?
Wenn ja Windowsupdate ausführen.

Als nächstes in den abgesicherten Modus booten (F8 beim Booten) und noch mal Combofix probieren laufen zu lassen...

chris

So, das hat diesmal geklappt, hier das Logfile:

Combofix Logfile:

Code:

ComboFix 10-10-14.01 - Administrator 15.10.2010  12:08:31.2.2 - x86 NETWORK

Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.3327.3040 [GMT 2:00]

ausgeführt von:: f:\taskleiste\Virus & Co\ComboFix.exe

AV: Kaspersky Security Suite CBE *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Security Suite CBE *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.
 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

c:\dokumente und einstellungen\RSC Home\Anwendungsdaten\inst.exe

c:\dokumente und einstellungen\RSC Home\Desktop\[Torrentreactor.to] - Eclipse Biss zum Abendrot LD DVDSCR German XviD-CiNEJUNKIiEZ.torrent 

c:\windows\system32\Drivers\amebge.sys

c:\windows\system32\muzapp.exe
 

.

(((((((((((((((((((((((   Dateien erstellt von 2010-09-15 bis 2010-10-15  ))))))))))))))))))))))))))))))

.
 

2010-10-15 10:04 . 2010-10-15 10:04    --------    d-----w-    c:\dokumente und einstellungen\Administrator

2010-10-14 15:09 . 2010-10-14 15:11    --------    d-----w-    C:\I386

2010-10-14 15:01 . 2010-10-14 15:01    --------    d-----w-    c:\programme\Gemeinsame Dateien\Adobe

2010-10-14 14:46 . 2001-08-18 02:54    87040    -c--a-w-    c:\windows\system32\dllcache\wiafbdrv.dll

2010-10-14 14:45 . 2001-08-18 02:54    69632    -c--a-w-    c:\windows\system32\dllcache\umaxu12.dll

2010-10-14 14:44 . 2001-08-17 11:49    30464    -c--a-w-    c:\windows\system32\dllcache\tbatm155.sys

2010-10-14 14:43 . 2008-04-13 17:40    7552    -c--a-w-    c:\windows\system32\dllcache\sonyait.sys

2010-10-14 14:42 . 2001-08-18 02:52    386560    -c--a-w-    c:\windows\system32\dllcache\sgiul50.dll

2010-10-14 14:41 . 2001-08-18 02:54    10752    -c--a-w-    c:\windows\system32\dllcache\rsmgrstr.dll

2010-10-14 14:40 . 2001-08-17 12:04    92416    -c--a-w-    c:\windows\system32\dllcache\phildec.sys

2010-10-14 14:39 . 2001-08-17 10:49    51552    -c--a-w-    c:\windows\system32\dllcache\ntgrip.sys

2010-10-14 14:38 . 2001-08-17 12:02    35200    -c--a-w-    c:\windows\system32\dllcache\msgame.sys

2010-10-14 14:37 . 2008-04-14 01:22    48640    -c--a-w-    c:\windows\system32\dllcache\kdsui.dll

2010-10-14 14:36 . 2001-08-17 10:49    58592    -c--a-w-    c:\windows\system32\dllcache\i740nt5.sys

2010-10-14 14:35 . 2001-08-18 02:33    322432    -c--a-w-    c:\windows\system32\dllcache\g400m.sys

2010-10-14 14:34 . 2001-08-18 02:54    52224    -c--a-w-    c:\windows\system32\dllcache\eqnlogr.exe

2010-10-14 14:33 . 2001-08-18 02:25    117760    -c--a-w-    c:\windows\system32\dllcache\d100ib5.sys

2010-10-14 14:32 . 2008-04-13 17:46    13696    -c--a-w-    c:\windows\system32\dllcache\avcstrm.sys

2010-10-14 14:29 . 2001-08-17 12:07    101888    -c--a-w-    c:\windows\system32\dllcache\adpu160m.sys

2010-10-14 13:39 . 2010-10-14 13:39    --------    d-----w-    c:\programme\Gemeinsame Dateien\Online Solutions Shared

2010-10-14 10:37 . 2010-10-14 10:37    --------    d-----w-    C:\_OTL

2010-10-14 10:16 . 2010-10-14 10:16    --------    d-----w-    c:\programme\Gemeinsame Dateien\Java

2010-10-14 10:16 . 2010-10-14 10:16    73728    ----a-w-    c:\windows\system32\javacpl.cpl

2010-10-14 10:16 . 2010-10-14 10:16    472808    ----a-w-    c:\windows\system32\deployJava1.dll

2010-10-09 08:40 . 2010-10-09 08:40    --------    d-----w-    c:\dokumente und einstellungen\RSC Home\Anwendungsdaten\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1

2010-10-07 10:53 . 2010-10-07 10:53    --------    d-----w-    c:\dokumente und einstellungen\RSC Home\Lokale Einstellungen\Anwendungsdaten\Google

2010-10-07 10:53 . 2010-10-07 10:53    --------    d-----w-    c:\programme\Google

2010-10-07 10:52 . 2010-10-07 11:15    --------    d-----w-    c:\dokumente und einstellungen\RSC Home\Lokale Einstellungen\Anwendungsdaten\SimilarImages

2010-10-05 21:05 . 2010-04-27 02:25    14848    ----a-w-    c:\windows\system32\drivers\sscemdfl.sys

2010-10-05 21:05 . 2010-04-27 02:25    12416    ----a-w-    c:\windows\system32\drivers\sscecmnt.sys

2010-10-05 21:05 . 2010-04-27 02:25    12416    ----a-w-    c:\windows\system32\drivers\sscecm.sys

2010-10-05 21:05 . 2010-04-27 02:25    123648    ----a-w-    c:\windows\system32\drivers\sscemdm.sys

2010-10-05 21:05 . 2010-04-27 02:25    98560    ----a-w-    c:\windows\system32\drivers\sscebus.sys

2010-10-05 21:05 . 2010-04-27 02:25    12288    ----a-w-    c:\windows\system32\drivers\sscewhnt.sys

2010-10-05 21:05 . 2010-04-27 02:25    12288    ----a-w-    c:\windows\system32\drivers\sscewh.sys

2010-10-05 21:05 . 2010-10-05 21:05    --------    d-----w-    c:\programme\SAMSUNG

2010-10-03 20:34 . 2010-10-03 20:34    --------    d-----w-    c:\dokumente und einstellungen\RSC Home\Lokale Einstellungen\Anwendungsdaten\2K Games

2010-10-01 20:39 . 2010-10-01 20:39    --------    d-----w-    c:\dokumente und einstellungen\RSC Home\Anwendungsdaten\vlc

2010-10-01 10:08 . 2010-10-01 10:08    --------    d-----w-    c:\dokumente und einstellungen\RSC Home\Lokale Einstellungen\Anwendungsdaten\ratDVD

2010-09-25 21:42 . 2010-09-25 21:42    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Suite

2010-09-25 21:42 . 2010-09-25 21:42    --------    d-----w-    c:\dokumente und einstellungen\RSC Home\Anwendungsdaten\PC Suite

2010-09-25 21:42 . 2010-05-01 06:51    36640    ----a-w-    c:\windows\system32\FsUsbExDisk.Sys

2010-09-25 21:42 . 2010-05-01 06:51    217088    ----a-w-    c:\windows\system32\FsUsbExService.Exe

2010-09-25 21:42 . 2010-05-01 06:51    110592    ----a-w-    c:\windows\system32\FsUsbExDevice.Dll

2010-09-25 21:40 . 2010-09-25 21:40    --------    d-----w-    c:\programme\DIFX

2010-09-25 21:40 . 2008-08-26 07:26    18816    ----a-w-    c:\windows\system32\drivers\pccsmcfd.sys

2010-09-25 21:39 . 2010-09-25 21:40    --------    d-----w-    c:\programme\PC Connectivity Solution

2010-09-25 21:37 . 2010-09-25 21:37    --------    d-----w-    c:\dokumente und einstellungen\RSC Home\Anwendungsdaten\Samsung

2010-09-25 21:37 . 2010-09-25 21:37    --------    d-----w-    c:\programme\Common Files

2010-09-25 21:37 . 2010-09-25 21:37    --------    d-----w-    c:\programme\MarkAny

2010-09-25 21:37 . 2010-09-25 21:40    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Samsung

2010-09-25 21:36 . 2010-09-25 21:36    --------    d-----w-    c:\programme\Gemeinsame Dateien\Samsung

2010-09-22 16:10 . 2010-09-22 16:10    103864    ----a-w-    c:\programme\Internet Explorer\PLUGINS\nppdf32.dll

2010-09-19 16:35 . 2010-10-11 19:06    --------    d-----w-    c:\dokumente und einstellungen\RSC Home\Anwendungsdaten\UseNeXT
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.
 

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
 

c:\dokumente und einstellungen\RSC Home\Startmen\Programme\Autostart\

Secunia PSI.lnk - e:\programme\Secunia\PSI\psi.exe [2010-7-21 965176]
 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\programme\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-13 12:31    548352    ----a-w-    e:\programme\SUPERAntiSpyware\SASWINLO.DLL
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute    REG_MULTI_SZ       autocheck autochk *\0OODBS
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2009-11-20 19:32    110184    ----a-w-    c:\windows\system32\nvmctray.dll
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programme\\BearShare Applications\\BearShare\\BearShare.exe"=

"e:\\Programme\\uTorrent\\uTorrent.exe"=

"g:\\Programme\\Dead Space\\Dead Space\\Deadspace.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"g:\\Programme\\FEAR\\FEAR.exe"=

"g:\\Programme\\FEAR\\FEARMP.exe"=

"e:\\Programme\\Java\\jre6\\bin\\java.exe"=

"g:\\Programme\\World of Warcraft\\Launcher.exe"=

"g:\\Programme\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-deDE-downloader.exe"=

"g:\\Programme\\World of Warcraft\\WoW-3.1.2.9901-to-3.1.3.9947-deDE-downloader.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"g:\\Programme\\World of Warcraft\\BackgroundDownloader.exe"=

"e:\\Programme\\ICQ 6\\ICQ6.5\\ICQ.exe"=

"g:\\Programme\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe"=

"g:\\Programme\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-deDE-downloader.exe"=

"g:\\Programme\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-deDE-downloader.exe"=

"g:\\Programme\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-deDE-downloader.exe"=

"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programme\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\Programme\\Microsoft LifeCam\\LifeEnC2.exe"=

"c:\\Programme\\Microsoft LifeCam\\LifeExp.exe"=

"c:\\Programme\\Microsoft LifeCam\\LifeTray.exe"=

"g:\\Programme\\Red Faction\\Red Faction Guerrilla\\rfg.exe"=

"e:\\Programme\\Kaspersky Lab\\Kaspersky Security Suite CBE\\avp.exe"=

"e:\\Programme\\Samsung\\Kies\\WiselinkPro\\WiselinkPro.exe"=

"e:\\Programme\\Samsung\\Kies\\WiselinkPro\\http_ss_win_pro.exe"=

"e:\\Programme\\Skype\\Phone\\Skype.exe"=

"e:\\Programme\\TeamViewer\\Version5\\TeamViewer.exe"=

"e:\\Programme\\TeamViewer\\Version5\\TeamViewer_Service.exe"=
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
 

R1 SASDIFSV;SASDIFSV;e:\programme\SUPERAntiSpyware\SASDIFSV.SYS [17.02.2009 12:43 12872]

R1 SASKUTIL;SASKUTIL;e:\programme\SUPERAntiSpyware\SASKUTIL.SYS [17.02.2009 12:43 67656]

R2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [01.05.2010 08:50 95568]

R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [25.09.2010 23:42 217088]

R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [01.05.2010 08:50 18136]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [25.09.2010 23:42 36640]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13.12.2007 14:28 24592]

R3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX2000/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [27.10.2009 22:38 30560]

R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [11.03.2010 11:17 25088]

S3 KiesAllShare;SAMSUNG KiesAllShare Service;e:\programme\Samsung\Kies\WiselinkPro\WiselinkPro.exe [25.09.2010 23:38 9241088]

S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [07.07.2010 16:05 14904]

S3 SASENUM;SASENUM;e:\programme\SUPERAntiSpyware\SASENUM.SYS [17.02.2009 12:43 12872]

S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [05.10.2010 23:05 98560]

S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [05.10.2010 23:05 14848]

S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [05.10.2010 23:05 123648]

S3 UPnPService;UPnPService;c:\programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe [04.04.2009 19:30 544768]

S3 ZD1211U(Sitecom);Sitecom Wireless Network USB Adapter 54G WL-117(Sitecom);c:\windows\system32\drivers\ZD1211U.sys [17.12.2008 20:27 233472]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13.11.2008 23:17 721904]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://saugstube-torrent.to/

mWindow Title = Microsoft Internet Explorer

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Free YouTube Download - c:\dokumente und einstellungen\RSC Home\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubedownload.htm

IE: Free YouTube to Mp3 Converter - c:\dokumente und einstellungen\RSC Home\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm

IE: Nach Microsoft &Excel exportieren - e:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: Save YouTube Video - c:\programme\Gemeinsame Dateien\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm

IE: Save YouTube Video as MP3 - c:\programme\Gemeinsame Dateien\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm

IE: Senden an &Bluetooth - e:\programme\Bluetooth Software\Bluetooth Software\btsendto_ie_ctx.htm

FF - ProfilePath - c:\dokumente und einstellungen\RSC Home\Anwendungsdaten\Mozilla\Firefox\Profiles\cbf8azib.default\

FF - prefs.js: browser.startup.homepage - hxxp://dsl-start.computerbild.de

FF - component: c:\programme\Gemeinsame Dateien\DVDVideoSoft\Dll\FFContextMenuY\components\FFContextMenu.dll

FF - plugin: c:\programme\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: e:\programme\Adobe\Reader 9.0\Reader\browser\nppdf32.dll

FF - plugin: e:\programme\DivX\DivX Player\npDivxPlayerPlugin.dll

FF - plugin: e:\programme\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: e:\programme\Java\jre6\bin\new_plugin\npjp2.dll

FF - plugin: e:\programme\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: e:\programme\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: e:\programme\Picasa\Picasa3\npPicasa3.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
 

---- FIREFOX Richtlinien ----

e:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 

e:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 

e:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -
 

AddRemove-InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3} - c:\programme\InstallShield Installation Information\{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}\setup.exe

AddRemove-{2460923D-1AA6-47FE-A375-76308780D20F} - c:\programme\InstallShield Installation Information\{2460923D-1AA6-47FE-A375-76308780D20F}\setup.exe

AddRemove-01_Simmental - e:\programme\Samsung\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - e:\programme\Samsung\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - e:\programme\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\programme\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-07_Schorl - e:\programme\Samsung\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-09_Hsp - e:\programme\Samsung\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - e:\programme\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-12_Symbian_USB_Download_Driver - e:\programme\Samsung\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe

AddRemove-15_Symbian_Samsung_PC_DLC_Driver - e:\programme\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe

AddRemove-16_Shrewsbury - e:\programme\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
 
 

.

--------------------- Gesperrte Registrierungsschluessel ---------------------
 

[HKEY_USERS\S-1-5-21-1202660629-1284227242-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)
 

[HKEY_USERS\S-1-5-21-1202660629-1284227242-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:4d,0b,c5,58,1c,2d,af,8f,6a,ac,e3,72,a5,c9,2b,2f,20,9e,99,92,b8,db,c3,

   95,a1,9e,c9,08,cb,a2,94,bb,3f,51,3c,00,a0,fe,f2,23,4d,aa,8f,a1,44,39,e3,e7,\

"??"=hex:76,b4,6c,1c,f6,56,5c,07,44,85,c8,1c,39,43,f7,92
 

[HKEY_USERS\S-1-5-21-1202660629-1284227242-839522115-1004\Software\SecuROM\License information*]

"datasecu"=hex:b1,9a,c0,ba,1e,93,04,9d,50,d1,42,e7,ba,90,fb,5b,ae,98,01,01,15,

   67,3f,ab,3d,9c,73,59,83,c4,03,7c,10,fe,88,4a,0f,ae,f9,07,fb,f7,58,8d,ca,8e,\

"rkeysecu"=hex:98,5b,b0,83,87,34,73,96,7d,05,25,4e,24,e1,60,74
 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"
 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"
 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"
 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]

"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

"OODEFRAG10.00.00.01WORKSTATION"="B7E0E652D11A7ACAF329A586ABCDBA1ECBF08CAA148DC49C1FA613F8E3A6205A2250C1970EAB53870B004B28D1554A2DCF15CC3989A9D0C1F452FE7675F9A386EDC41B382BB1013607F4AC5A09EF5B8BE96B115F3DF5908C2789F071DAE2332F562759A383BEE742C60D580E9ADCCDB83AB734B58AFE7A3235E92B46A3D8025D5E134718765B152BEB03C00855CF2749236FEF26D1C4ADFAE2C7FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98085D575E7D6A3B9808A9C6AECB7A5D1407CBCA4A255547CDCA7B2979E033345422A24619A2086793FBD45998C742977197FCAB8BCABB404962CC3D33B7F7787D49C13912E1EB8F9261384791F258805FDA891E3C4837AEC94242EB011E317A181BE5918B0F2D1F4B40BCA829D9E96414173BDDC107A29D4A99709A5A4CD37CFEA40A762F507BAE9AA06A09DA327CD08D74437E07E800AE09C9CE7DBAEFF852D2A312622A40A866A2BE294AA1A0BB630ECA33647AC1F1158AEA3B212129DD66788CC1A7AB6B2A05478C4A9F02C1F5501BA704488FD9C0999445F462920DE2B59807C1E7E9D619DDB12DFE13FEA39EDE00CD10BA3D6C5818B359A1F616A48DD19DED221C1CF4B45750F85D8123494CE84AB1981CFBA94802B559486337ED06DF3951528F7F325EE9D3FCDE1BFC293BDFCB7D3EA1CCB544D9AEABD50406D819185E732862D5EB9B2530FA64651E3048C59A8D0BD5B029253975E91B0696CA3949464E5D07627396ABA065AEB79A3CF73212F4E796AF8FE54C25E2CBECFE1D79D3EB8B0FC6EC101E3320E665400E206F504FF82615D26928D11E99818E5B9C142D110C3E3D447B2285715A90FE14A37B5FB491F7D62A292DA081453718CB0A645F39E1D05AB8633A019950A049500109B368EDF5B647B8DD1FB7CF4D85F41B6D062B5591619D69201AE08DE648E6E6AD3255EE1BE242F3C74AEAD60AAB7C78D25375E0AAE9CC24B054548B9AF682791ED728AA465B35A818328B2E14308FBE5D0DE536AFDF231E6F4AC5F556A8D0CF36B353E93B76BD9DA5FBCC5B780FDC7F790C1237960300D3002C4BAC970082F474690EAA21DE008A66DD241AA71598BE393E517BB6E7C739AE3ABB46C1764D667B30529D0491219975A6CD587567F9F7512441CFCF75E4B268CCB6899959EC9892D1DCA952614DEB1534C8B71B7A3D959A52C03280E7C39BBE4C1CF24BC71CF1252FB1676072B216A77C598F341B22F99273F356514E53C0E7B611B4E4391FCD413B9525E4BE039FB58684EA42E66B795844C325A90D8AE4BC20FDB15874B97B1AFC93E27B167584EA7097872850E15D32165B3857DBDFBE3EAE1182FA96B5BD8610F9D8A497C43417E89F582F9F506308CD2C610CC651750B9A"

"OODEFRAG11.00.00.01WORKSTATION"="6A6AE7977D6D6560D466C76ACD2C0CFD95E7CE39331F0379A16034ACB2359139961646022C14EAADF9EC872302ADF6FCC14022580F5C68B93450A584679929A690B99979EFC10E0F9202DB4F40E1E2ACB53254D55B1EC11E5AFCF0932F233B6D2A02FA536CA9CEA65C8D34C5A885B5FEBDFC482956CB780A0C218E8F8482D50127BF97A7786781190998119E0EBCA8E91603758C6F304964B41709F316CA5C5840E7AFD1A0764E0E3F510A37FA8C48E5F3CBE6FCCDFA471736DD828045F40570A41499F124B9AF321908C8B02B6075F1FCFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98085D575E7D6A3B9808A9C6AECB7A5D1407C1435658639539C8FA7DABB6F5FD96737EF7F183875FBC85991BFD01874387F5C55962D393B02AC3338C44E050B798C3E8A4580AC5C3F7B9652D522B55492BCA649680733AB8E7AF206061099ECED9CDB17E5479BB255F8A77235D068B9E48FA91C96A3011A134DF6D9BB823231BF1725E9B4265D2DDFA03C9A93AE05FC5F7E0DE531B34B5B0D898E5744A57834A770514273F12DCA2D324FC00483FE815D4C888A8D4E0A804A295FCB6D5844B5D0BCA9FDFACF98A7879DF55FC2AD622B87E7368D398C7500AE084C93F60B8E8A84B006D9B324AF5B87FA0BB064891EE2E1817027031317608EA868300B33AAD55615413BE39631911FAC13A19CC0F1248CBDAF8B12A18C69317310B015D7F50DF7468C5C5EFDCD383861202C52721B32EC15E95DB522D539A42115FDA2D376C1832D5E04047FEE866C15765B0894E605BAC30C5C7BF5313DB4EA1293DB9C1FD244D26E15177C680624F49DE91ECD0099C3ED69AE249A1DCEA9E56AF68DA3169FC7B596EB0F96625F6559288350C1981972E4AC8AF8BE470309C956334AED0756E7561CBA78C44C6F3FE54A27BE4478240B9F82842679B6E66B537D48A959C4B19F9266698B1783980FA228FD93BB328E29FC237447FF85A1F580B3A6AB5C378734A81CAF32F523395FA055A5717E6F21EA2FC96F23DE5A0BC7BD2EC65F7ABF1442A44AC418F50CF02B5F7AC11C2A1C7E30B70899FCBFB8D779545EA2188EC0DA9E630631E21AA90E5E66B5736CCD5EEFC26DA7A309C0DD1DAA50BD65958D483934B7C6AB875CAD5384D42CE8B89291481416CF59CE19A03472BC2F5DA9FE2F3C62AD4DED2624DE9422AD629E90F76C862B04AAD72955D1BEE2AFDB209534BE0DD58570545040475A2C5F2233D394C00614C8E74D3F2C0775B2BC31BD8347631C2AF9744FAB5730ACAE9D89C0628EC9394EF45C5F57A64D8E73D0DDFD64103AE38101DA6739C569980E3B91BD7BCCF3F69FAEE3DA1F01AE444ED48579EBF3F87D258E15A419C1AFC5C8940C3DA209FA29BD1"

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
 

- - - - - - - > 'winlogon.exe'(1448)

e:\programme\Kaspersky Lab\Kaspersky Security Suite CBE\miscr3.dll

e:\programme\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\klogon.dll
 

- - - - - - - > 'lsass.exe'(1504)

e:\programme\Kaspersky Lab\Kaspersky Security Suite CBE\dnsq.dll

e:\programme\Kaspersky Lab\Kaspersky Security Suite CBE\miscr3.dll

e:\programme\Kaspersky Lab\Kaspersky Security Suite CBE\fssync.dll
 

- - - - - - - > 'explorer.exe'(120)

e:\programme\Kaspersky Lab\Kaspersky Security Suite CBE\miscr3.dll

e:\programme\Kaspersky Lab\Kaspersky Security Suite CBE\fssync.dll

e:\programme\Kaspersky Lab\Kaspersky Security Suite CBE\scrchpg.dll

c:\windows\system32\mshtml.dll

c:\windows\system32\msls31.dll

e:\programme\Kaspersky Lab\Kaspersky Security Suite CBE\adialhk.dll

e:\programme\Kaspersky Lab\Kaspersky Security Suite CBE\dnsq.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe

e:\programme\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe

e:\programme\Bluetooth Software\Bluetooth Software\bin\btwdins.exe

e:\programme\Java\jre6\bin\jqs.exe

c:\programme\Microsoft LifeCam\MSCamS32.exe

c:\windows\system32\oodag.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2010-10-15  12:17:29 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2010-10-15 10:17
 

Vor Suchlauf: 12 Verzeichnis(se), 32.841.547.776 Bytes frei

Nach Suchlauf: 15 Verzeichnis(se), 32.752.041.984 Bytes frei
 

- - End Of File - - 6FCF5C3D7DE3A4BE7426B1BD116796DB

--- --- ---

Soll Gmer so auch nochmal durchlaufen?

LG Shiva

Hi,

ja bitte GMER laufen lassen und Log posten...

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:

Als erstes versteckte Dateien anzeigen lassen!
(nur Punkt 1 durchführen!)

Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“
und suche folgende Datei/Dateien:

Code:

c:\windows\system32\drivers\dgderdrv.sys

Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)

Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.

Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Wie verhält sich der Rechner?

chris

Also hier erstmal das Ergebnis der Virustotal-Prüfung:

Zitat:

File name:dgderdrv.sys
Submission date:2010-10-15 20:50:20 (UTC)
Current status:queued queued analysing finished
Result:0/ 43 (0.0%)
MD5: d0d4f3ca1d3a4400e1f40f36a800cd12
SHA1: 7ceb03afaee62ef20c58fafde6df189cd3a805aa
SHA256: fad9e0019109d52480a5664e2c2422dbf4dfa6e2f317d3fc00351fbb90797123

Bisher besteht das gleiche Problem, manche Seiten brauchen unangenehm lang zum Aufbauen, oder Bilder / Elemente werden nicht geladen, andere widerum nicht. Und das kenn ich von meinem Rechner so nicht...

Ich lass jetzt Gmer durchlaufen und poste das Logfile.

Lieben Dank
Shiva

Gmer lief sehr lange, wurde dann aber von einem Bluescreen unterbrochen.

PFN_LIST_CORRUPT

Hi,

Rootkit Unhooker
Downloade Dir bitte RKUnhookerLE und speichere die Datei auf deinem Desktop.

Deaktiviere alle Hintergrundwächter. Besonders den deiner Anti Virensoftware.
Starte die RKUnhookerLE.exe
Klicke auf den Report Tab und danach auf Scan
Setze ein Häckchen bei
- Drivers
- Stealth Code
- Files
- Code Hooks
Entferne alle anderen Hacken
Wenn Du gefragt wirst welcher Bereich gescannt werden soll, gehe sicher das deine Systemplatte ( meistens C: ) angehackt ist.
Klicke OK
Wenn der Scan beendet wurde
File --> Save Report
klicken.
Speichere die Datei als RKU.txt auf dem Desktop.
Klicke Close

Hinweis:
Solltest Du folgende Warnung bekommen

Zitat:

"Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?"

Klicke auf OK

und

MBR-Check
Lade Dir http://ad13.geekstogo.com/MBRCheck.exe und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.

Vista und Win7 User mit Rechtsklick "als Administrator starten"

Das Tool braucht nur eine Sekunde.

Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste bitte den Inhalt des .txt Dokumentes

chris

Hi Chris

Ich kann dir gar nicht oft danken, ich find das so klasse, wieviel Zeit ihr euch nehmt für die Probleme völlig fremder Leute.
Mal wieder ein riesen Lob an dich und auch ans Team :daumenhoc

LG Shiva

Ich hab beides ausgeführt, hier die Logfiles:

Zitat:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB73C6000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 10240000 bytes
0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 6283264 bytes
0xB4AF4000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4968448 bytes
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes
0xB71FF000 C:\WINDOWS\system32\DRIVERS\btkrnl.sys 1327104 bytes
0xB7E47000 Ntfs.sys 577536 bytes
0xB4797000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes
0xB70D9000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes
0xB498C000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes
0xB3C26000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes
0xB3DC8000 C:\WINDOWS\system32\DRIVERS\atksgt.sys 274432 bytes
0xB361A000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes
0xB4763000 C:\WINDOWS\system32\drivers\klif.sys 212992 bytes
0xB3CA6000 C:\WINDOWS\system32\drivers\btslbcsp.sys 204800 bytes
0xB7F78000 ACPI.sys 192512 bytes
0xB3EAB000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes
0xB7E1A000 NDIS.sys 184320 bytes
0xB33E7000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes
0xB4807000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes
0xB7366000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes
0xB4964000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes
0xB493E000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes
0xB4AD0000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes
0xB738E000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes
0xB7343000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes
0xB491C000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes
0xB4832000 E:\Programme\SUPERAntiSpyware\SASKUTIL.sys 139264 bytes
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes
0xB7F10000 fltmgr.sys 131072 bytes
0xB7F48000 ftdisk.sys 126976 bytes
0xB471D000 C:\WINDOWS\System32\Drivers\usbvideo.sys 122880 bytes
0xB7DD2000 kl1.sys 114688 bytes
0xB7DEE000 Mup.sys 106496 bytes
0xB7F30000 atapi.sys 98304 bytes
0xB4705000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB7EE7000 KSecDD.sys 94208 bytes
0xB7148000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes
0xB40E0000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes
0xB73B2000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes
0xB4A0D000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes
0xB7ED4000 WudfPf.sys 77824 bytes
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes
0xB7E08000 sfdrv01.sys 73728 bytes
0xB7EFE000 sr.sys 73728 bytes
0xB7F67000 pci.sys 69632 bytes
0xB7137000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes
0xB716F000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes
0xB8278000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes
0xB8248000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes
0xB80A8000 ohci1394.sys 65536 bytes
0xB8258000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes
0xB8208000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes
0xB81B8000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes
0xB8288000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes
0xB4355000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes
0xB719F000 C:\WINDOWS\system32\drivers\usbaudio.sys 61440 bytes
0xB82F8000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes
0xB80B8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes
0xB718F000 C:\WINDOWS\System32\Drivers\btwusb.sys 57344 bytes
0xB80F8000 VolSnap.sys 57344 bytes
0xB8118000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes
0xB8238000 C:\WINDOWS\system32\DRIVERS\l1e51x86.sys 53248 bytes
0xB8298000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes
0xB82D8000 C:\WINDOWS\System32\Drivers\pcouffin.sys 49152 bytes
0xB82B8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes
0xB71EF000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes
0xB8268000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes
0xB80D8000 MountMgr.sys 45056 bytes
0xB82A8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes
0xB8228000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 40960 bytes
0xB80C8000 isapnp.sys 40960 bytes
0xB8308000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes
0xB71AF000 C:\WINDOWS\System32\Drivers\nx6000.sys 40960 bytes
0xB8128000 PxHelp20.sys 40960 bytes
0xB82E8000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes
0xB8108000 disk.sys 36864 bytes
0xB36CB000 C:\WINDOWS\system32\FsUsbExDisk.SYS 36864 bytes
0xB71BF000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes
0xB82C8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes
0xB81E8000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes
0xB38EE000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xB80E8000 sfsync02.sys 36864 bytes
0xB81F8000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes
0xB83E8000 C:\WINDOWS\system32\DRIVERS\klim5.sys 32768 bytes
0xB8468000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes
0xB8480000 C:\WINDOWS\System32\Drivers\SCDEmu.SYS 32768 bytes
0xB8338000 sfhlp02.sys 32768 bytes
0xB8490000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes
0xB83D8000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes
0xB8450000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes
0xB8408000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 28672 bytes
0xB8328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes
0xB8400000 C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys 28672 bytes
0xB8430000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes
0xB8438000 C:\WINDOWS\system32\drivers\btserial.sys 24576 bytes
0xB8410000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes
0xB8498000 E:\Programme\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes
0xB83D0000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes
0xB8458000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes
0xB84A8000 C:\WINDOWS\system32\DRIVERS\lirsgt.sys 20480 bytes
0xB8460000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes
0xB8330000 PartMgr.sys 20480 bytes
0xB83F0000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes
0xB83F8000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes
0xB8340000 C:\WINDOWS\system32\drivers\TDI.SYS 20480 bytes
0xB83B8000 C:\WINDOWS\System32\watchdog.sys 20480 bytes
0xB49ED000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes
0xB8590000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes
0xB43D5000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes
0xB857C000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes
0xB3522000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes
0xB84B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes
0xB374A000 C:\WINDOWS\System32\drivers\dgderdrv.sys 12288 bytes
0xB4860000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes
0xB4A40000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes
0xB8578000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes
0xB8588000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes
0xB70C9000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes
0xB85C8000 C:\WINDOWS\system32\DRIVERS\ASACPI.sys 8192 bytes
0xB85F6000 C:\WINDOWS\system32\drivers\AsIO.sys 8192 bytes
0xB85EE000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes
0xB8608000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xB85EC000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes
0xB85A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes
0xB85F0000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes
0xB8642000 C:\WINDOWS\system32\DRIVERS\psi_mf.sys 8192 bytes
0xB85F2000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes
0xB85CA000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes
0xB85CC000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes
0xB85AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes
0xB8753000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes
0xB8794000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes
0xB87DE000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes
0xB8670000 pciide.sys 4096 bytes
0xB8693000 C:\WINDOWS\System32\Drivers\PQNTDrv.SYS 4096 bytes
==============================================
>Stealth
==============================================
0x89F5CBF2 Unknown page with executable code, 1038 bytes
0x89F13B23 Unknown page with executable code, 1245 bytes
0x89F5D29A Unknown page with executable code, 3430 bytes
0x89F150E1 Unknown page with executable code, 3871 bytes
0x89F1D022 Unknown page with executable code, 4062 bytes
0x89F14E59 Unknown page with executable code, 423 bytes
0x89F7E170 Unknown thread object [ ETHREAD 0x89FB8020 ] , 600 bytes
0x89F5B140 Unknown thread object [ ETHREAD 0x89FB7020 ] TID: 704, 600 bytes
0x89F5B140 Unknown thread object [ ETHREAD 0x8AC6F5A0 ] TID: 708, 600 bytes
0x89F1B520 Unknown thread object [ ETHREAD 0x89FAD020 ] TID: 712, 600 bytes
0x89F1B520 Unknown thread object [ ETHREAD 0x8AC112F8 ] TID: 716, 600 bytes
0x89F1D580 Unknown thread object [ ETHREAD 0x8AC193D8 ] TID: 724, 600 bytes
0x89F1D580 Unknown thread object [ ETHREAD 0x89FA58B0 ] TID: 728, 600 bytes
0x89F1D580 Unknown thread object [ ETHREAD 0x8ACA7DA8 ] TID: 732, 600 bytes
0x89F1B520 Unknown thread object [ ETHREAD 0x89FAC020 ] TID: 736, 600 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Blizzard Entertainment\Logs\World of Warcraft Update\Logs\Blizzard Updater Log.html
!-->[Hidden] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX\E_Foto_Manager_2007\crm.ini
!-->[Hidden] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX\E_Foto_Manager_2007\FotoMaker.ini
!-->[Hidden] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX\E_Foto_Manager_2007\Installation.ini
!-->[Hidden] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX\E_Foto_Manager_2007\UserData\FotoMaker.ini
!-->[Hidden] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX\E_Music_Manager_2007\crm.ini
!-->[Hidden] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX\E_Music_Manager_2007\Installation.ini
!-->[Hidden] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX\E_Music_Manager_2007\MP3Maker.ini
!-->[Hidden] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX\E_Music_Manager_2007\UserData\MP3Maker.ini
!-->[Hidden] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX\Magix Music Maker\installation.ini
!-->[Hidden] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX\Magix Music Maker\TechnoMaker.ini
!-->[Hidden] C:\System Volume Information\_restore{0CF3EDD4-5782-497E-9321-688D0DCB4448}\RP207\A0045195.lnk
!-->[Hidden] C:\WINDOWS\Prefetch\MSPAINT.EXE-11CBB631.pf
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0002D4E4, Type: Inline - RelativeJump 0x805044E4-->805044FD [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D4FC, Type: Inline - RelativeJump 0x805044FC-->805044B8 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D548, Type: Inline - RelativeJump 0x80504548-->8050456C [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D550, Type: Inline - RelativeJump 0x80504550-->80504510 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D584, Type: Inline - RelativeJump 0x80504584-->80504540 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D59C, Type: Inline - RelativeJump 0x8050459C-->80504558 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D5BC, Type: Inline - RelativeJump 0x805045BC-->80504578 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D604, Type: Inline - RelativeJump 0x80504604-->805045C0 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D668, Type: Inline - RelativeJump 0x80504668-->80504624 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D700, Type: Inline - RelativeJump 0x80504700-->805046BC [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D744, Type: Inline - RelativeJump 0x80504744-->80504700 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D7A0, Type: Inline - RelativeJump 0x805047A0-->8050475C [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D7B0, Type: Inline - RelativeJump 0x805047B0-->8050476C [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D7B8, Type: Inline - RelativeJump 0x805047B8-->80504774 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D7D4, Type: Inline - RelativeJump 0x805047D4-->80504790 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D834, Type: Inline - RelativeJump 0x80504834-->805047F0 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D840, Type: Inline - RelativeJump 0x80504840-->805047FC [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D878, Type: Inline - RelativeJump 0x80504878-->80504834 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D884, Type: Inline - RelativeJump 0x80504884-->80504840 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D8D4, Type: Inline - RelativeJump 0x805048D4-->80504890 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0006ECBE, Type: Inline - RelativeJump 0x80545CBE-->80545CC5 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlCheckLockForReadAccess, Type: Inline - RelativeJump 0x804EAF84-->B47834C0 [klif.sys]
ntkrnlpa.exe-->IoCreateDevice, Type: EAT modification 0x80670574-->89F0CC00 [unknown_code_page]
ntkrnlpa.exe-->IoIsOperationSynchronous, Type: Inline - RelativeJump 0x804EF912-->B47839C0 [klif.sys]
tcpip.sys-->ntkrnlpa.exe-->IoCreateDevice, Type: IAT modification 0xB49CB488-->89F0CC00 [unknown_code_page]
wanarp.sys-->ntkrnlpa.exe-->IoCreateDevice, Type: IAT modification 0xB81FDC08-->89F0CC00 [unknown_code_page]
[1000]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [shimeng.dll]
[1000]explorer.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[1000]explorer.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[1000]explorer.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[1000]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [shimeng.dll]
[1000]explorer.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[1000]explorer.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[1000]explorer.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[1000]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[1000]explorer.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x010011D4-->00000000 [kernel32.dll]
[1000]explorer.exe-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x0100112C-->00000000 [kernel32.dll]
[1000]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x0100117C-->00000000 [kernel32.dll]
[1000]explorer.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x01001254-->00000000 [kernel32.dll]
[1000]explorer.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719B1178-->00000000 [shimeng.dll]
[1000]explorer.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x719B1184-->00000000 [kernel32.dll]
[1000]explorer.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x719B11A0-->00000000 [kernel32.dll]
[1000]explorer.exe-->shell32.dll+0x00005128, Type: Inline - RelativeJump 0x7E675128-->00000000 [unknown_code_page]
[1000]explorer.exe-->shell32.dll+0x00008698, Type: Inline - RelativeJump 0x7E678698-->00000000 [unknown_code_page]
[1000]explorer.exe-->shell32.dll+0x00008FD0, Type: Inline - RelativeJump 0x7E678FD0-->00000000 [unknown_code_page]
[1000]explorer.exe-->shell32.dll+0x0000EF80, Type: Inline - RelativeJump 0x7E67EF80-->00000000 [shell32.dll]
[1000]explorer.exe-->shell32.dll+0x0000F0B8, Type: Inline - RelativeJump 0x7E67F0B8-->00000000 [unknown_code_page]
[1000]explorer.exe-->shell32.dll+0x00010A98, Type: Inline - RelativeJump 0x7E680A98-->00000000 [shell32.dll]
[1000]explorer.exe-->shell32.dll+0x00011CBC, Type: Inline - RelativeJump 0x7E681CBC-->00000000 [shell32.dll]
[1000]explorer.exe-->shell32.dll+0x000182BC, Type: Inline - RelativeJump 0x7E6882BC-->00000000 [shell32.dll]
[1000]explorer.exe-->shell32.dll+0x0002485C, Type: Inline - RelativeJump 0x7E69485C-->00000000 [shell32.dll]
[1000]explorer.exe-->shell32.dll+0x00034C94, Type: Inline - RelativeJump 0x7E6A4C94-->00000000 [unknown_code_page]
[1000]explorer.exe-->shell32.dll+0x0004E030, Type: Inline - RelativeJump 0x7E6BE030-->00000000 [shell32.dll]
[1000]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [shimeng.dll]
[1000]explorer.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[1000]explorer.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[1000]explorer.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[1000]explorer.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[1000]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [shimeng.dll]
[1000]explorer.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[1000]explorer.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[1000]explorer.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[1000]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x408B14B0-->00000000 [shimeng.dll]
[1000]explorer.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x408B14B4-->00000000 [kernel32.dll]
[1000]explorer.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x408B1450-->00000000 [kernel32.dll]
[1000]explorer.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x408B1350-->00000000 [kernel32.dll]
[1000]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [shimeng.dll]
[1000]explorer.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->00000000 [kernel32.dll]
[1084]svchost.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[1084]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[1084]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[1084]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[1084]svchost.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[1084]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[1084]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[1084]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[1084]svchost.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001058-->00000000 [kernel32.dll]
[1084]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x010010A0-->00000000 [kernel32.dll]
[1084]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x0100105C-->00000000 [kernel32.dll]
[1084]svchost.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[1084]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[1084]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[1084]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[1084]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[1084]svchost.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[1084]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[1084]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[1084]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[1084]svchost.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x408B14B0-->00000000 [kernel32.dll]
[1084]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x408B14B4-->00000000 [kernel32.dll]
[1084]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x408B1450-->00000000 [kernel32.dll]
[1084]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x408B1350-->00000000 [kernel32.dll]
[1084]svchost.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [kernel32.dll]
[1084]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->00000000 [kernel32.dll]
[1172]ACService.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[1172]ACService.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[1172]ACService.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[1172]ACService.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[1172]ACService.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[1172]ACService.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[1172]ACService.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[1172]ACService.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[1172]ACService.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x00412098-->00000000 [kernel32.dll]
[1172]ACService.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x004121DC-->00000000 [kernel32.dll]
[1172]ACService.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x00412094-->00000000 [kernel32.dll]
[1172]ACService.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[1172]ACService.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[1172]ACService.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[1172]ACService.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[1172]ACService.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[1172]ACService.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[1172]ACService.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[1172]ACService.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[1172]ACService.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[1224]svchost.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[1224]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[1224]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[1224]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[1224]svchost.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[1224]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[1224]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[1224]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[1224]svchost.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001058-->00000000 [kernel32.dll]
[1224]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x010010A0-->00000000 [kernel32.dll]
[1224]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x0100105C-->00000000 [kernel32.dll]
[1224]svchost.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[1224]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[1224]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[1224]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[1224]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[1224]svchost.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[1224]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[1224]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[1224]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[1280]RTHDCPL.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[1280]RTHDCPL.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[1280]RTHDCPL.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[1280]RTHDCPL.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[1280]RTHDCPL.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[1280]RTHDCPL.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[1280]RTHDCPL.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[1280]RTHDCPL.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[1280]RTHDCPL.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0074550C-->00000000 [kernel32.dll]
[1280]RTHDCPL.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x007455A4-->00000000 [kernel32.dll]
[1280]RTHDCPL.exe-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x007455A8-->00000000 [kernel32.dll]
[1280]RTHDCPL.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[1280]RTHDCPL.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[1280]RTHDCPL.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[1280]RTHDCPL.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[1280]RTHDCPL.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[1280]RTHDCPL.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[1280]RTHDCPL.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[1280]RTHDCPL.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[1280]RTHDCPL.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[1372]ctfmon.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[1372]ctfmon.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[1372]ctfmon.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[1372]ctfmon.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[1372]ctfmon.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[1372]ctfmon.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[1372]ctfmon.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[1372]ctfmon.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[1372]ctfmon.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x00401098-->00000000 [kernel32.dll]
[1372]ctfmon.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401060-->00000000 [kernel32.dll]
[1372]ctfmon.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[1372]ctfmon.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[1372]ctfmon.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[1372]ctfmon.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[1372]ctfmon.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[1372]ctfmon.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[1372]ctfmon.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[1372]ctfmon.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[1372]ctfmon.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[1412]csrss.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[1412]csrss.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[1412]csrss.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[1412]csrss.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[1412]csrss.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[1412]csrss.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[1412]csrss.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[1412]csrss.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[1412]csrss.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[1412]csrss.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[1412]csrss.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[1412]csrss.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[1440]winlogon.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[1440]winlogon.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[1440]winlogon.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[1440]winlogon.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[1440]winlogon.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[1440]winlogon.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[1440]winlogon.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[1440]winlogon.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[1440]winlogon.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001234-->00000000 [kernel32.dll]
[1440]winlogon.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x010013DC-->00000000 [kernel32.dll]
[1440]winlogon.exe-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x01001408-->00000000 [kernel32.dll]
[1440]winlogon.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x01001384-->00000000 [kernel32.dll]
[1440]winlogon.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x01001238-->00000000 [kernel32.dll]
[1440]winlogon.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[1440]winlogon.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[1440]winlogon.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[1440]winlogon.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[1440]winlogon.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[1440]winlogon.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[1440]winlogon.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[1440]winlogon.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[1440]winlogon.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[1440]winlogon.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x408B14B0-->00000000 [kernel32.dll]
[1440]winlogon.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x408B14B4-->00000000 [kernel32.dll]
[1440]winlogon.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x408B1450-->00000000 [kernel32.dll]
[1440]winlogon.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x408B1350-->00000000 [kernel32.dll]
[1440]winlogon.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [kernel32.dll]
[1440]winlogon.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->00000000 [kernel32.dll]
[1484]services.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[1484]services.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[1484]services.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[1484]services.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[1484]services.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[1484]services.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[1484]services.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[1484]services.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[1484]services.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001138-->00000000 [kernel32.dll]
[1484]services.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x010010D4-->00000000 [kernel32.dll]
[1484]services.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x01001190-->00000000 [kernel32.dll]
[1484]services.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[1484]services.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[1484]services.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[1484]services.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[1484]services.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [kernel32.dll]
[1484]services.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->00000000 [kernel32.dll]
[1496]lsass.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[1496]lsass.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[1496]lsass.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[1496]lsass.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[1496]lsass.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[1496]lsass.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[1496]lsass.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[1496]lsass.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[1496]lsass.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719B1178-->00000000 [kernel32.dll]
[1496]lsass.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x719B1184-->00000000 [kernel32.dll]
[1496]lsass.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x719B11A0-->00000000 [kernel32.dll]
[1496]lsass.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[1496]lsass.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[1496]lsass.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[1496]lsass.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[1496]lsass.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[1496]lsass.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[1496]lsass.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[1496]lsass.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[1496]lsass.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[1496]lsass.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [kernel32.dll]
[1496]lsass.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->00000000 [kernel32.dll]
[160]svchost.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[160]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[160]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[160]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[160]svchost.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[160]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[160]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[160]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[160]svchost.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001058-->00000000 [kernel32.dll]
[160]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x010010A0-->00000000 [kernel32.dll]
[160]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x0100105C-->00000000 [kernel32.dll]
[160]svchost.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[160]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[160]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[160]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[160]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[160]svchost.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[160]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[160]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[160]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[1652]nvsvc32.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[1652]nvsvc32.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[1652]nvsvc32.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[1652]nvsvc32.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[1652]nvsvc32.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[1652]nvsvc32.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[1652]nvsvc32.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[1652]nvsvc32.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[1652]nvsvc32.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0041E234-->00000000 [kernel32.dll]
[1652]nvsvc32.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x0041E0F8-->00000000 [kernel32.dll]
[1652]nvsvc32.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x0041E230-->00000000 [kernel32.dll]
[1652]nvsvc32.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[1652]nvsvc32.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[1652]nvsvc32.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[1652]nvsvc32.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[1652]nvsvc32.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[1652]nvsvc32.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[1652]nvsvc32.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[1652]nvsvc32.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[1652]nvsvc32.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[1652]nvsvc32.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [kernel32.dll]
[1652]nvsvc32.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->00000000 [kernel32.dll]
[1696]dgdersvc.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[1696]dgdersvc.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[1696]dgdersvc.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[1696]dgdersvc.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[1696]dgdersvc.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[1696]dgdersvc.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[1696]dgdersvc.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[1696]dgdersvc.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[1696]dgdersvc.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040F0F4-->00000000 [kernel32.dll]
[1696]dgdersvc.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x0040F084-->00000000 [kernel32.dll]
[1696]dgdersvc.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[1696]dgdersvc.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[1696]dgdersvc.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[1696]dgdersvc.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[1696]dgdersvc.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[1696]dgdersvc.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[1696]dgdersvc.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[1696]dgdersvc.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[1696]dgdersvc.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[1708]svchost.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[1708]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[1708]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[1708]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[1708]svchost.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[1708]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[1708]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[1708]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[1708]svchost.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001058-->00000000 [kernel32.dll]
[1708]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x010010A0-->00000000 [kernel32.dll]
[1708]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x0100105C-->00000000 [kernel32.dll]
[1708]svchost.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[1708]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[1708]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[1708]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[1708]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[1708]svchost.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[1708]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[1708]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[1708]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[1708]svchost.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [kernel32.dll]
[1708]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->00000000 [kernel32.dll]
[1804]svchost.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[1804]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[1804]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[1804]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[1804]svchost.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[1804]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[1804]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[1804]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[1804]svchost.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001058-->00000000 [kernel32.dll]
[1804]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x010010A0-->00000000 [kernel32.dll]
[1804]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x0100105C-->00000000 [kernel32.dll]
[1804]svchost.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719B1178-->00000000 [kernel32.dll]
[1804]svchost.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x719B1184-->00000000 [kernel32.dll]
[1804]svchost.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x719B11A0-->00000000 [kernel32.dll]
[1804]svchost.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[1804]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[1804]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[1804]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[1804]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[1804]svchost.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[1804]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[1804]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[1804]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[1804]svchost.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [kernel32.dll]
[1804]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->00000000 [kernel32.dll]
[1968]btwdins.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[1968]btwdins.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[1968]btwdins.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[1968]btwdins.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[1968]btwdins.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[1968]btwdins.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[1968]btwdins.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[1968]btwdins.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[1968]btwdins.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x00428268-->00000000 [kernel32.dll]
[1968]btwdins.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00428208-->00000000 [kernel32.dll]
[1968]btwdins.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004280DC-->00000000 [kernel32.dll]
[1968]btwdins.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x00428264-->00000000 [kernel32.dll]
[1968]btwdins.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[1968]btwdins.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[1968]btwdins.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[1968]btwdins.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[1968]btwdins.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [kernel32.dll]
[1968]btwdins.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->00000000 [kernel32.dll]
[196]MSCamS32.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[196]MSCamS32.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[196]MSCamS32.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[196]MSCamS32.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[196]MSCamS32.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[196]MSCamS32.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[196]MSCamS32.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[196]MSCamS32.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[196]MSCamS32.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x004170C0-->00000000 [kernel32.dll]
[196]MSCamS32.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004170DC-->00000000 [kernel32.dll]
[196]MSCamS32.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x00417080-->00000000 [kernel32.dll]
[196]MSCamS32.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[196]MSCamS32.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[196]MSCamS32.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[196]MSCamS32.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[196]MSCamS32.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[196]MSCamS32.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[196]MSCamS32.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[196]MSCamS32.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[196]MSCamS32.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[1976]psi.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[1976]psi.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[1976]psi.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[1976]psi.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[1976]psi.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[1976]psi.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[1976]psi.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[1976]psi.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[1976]psi.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x00475338-->00000000 [kernel32.dll]
[1976]psi.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x0047528C-->00000000 [kernel32.dll]
[1976]psi.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x00475300-->00000000 [kernel32.dll]
[1976]psi.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719B1178-->00000000 [kernel32.dll]
[1976]psi.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x719B1184-->00000000 [kernel32.dll]
[1976]psi.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x719B11A0-->00000000 [kernel32.dll]
[1976]psi.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[1976]psi.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[1976]psi.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[1976]psi.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[1976]psi.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[1976]psi.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[1976]psi.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[1976]psi.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[1976]psi.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[1976]psi.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x408B14B0-->00000000 [kernel32.dll]
[1976]psi.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x408B14B4-->00000000 [kernel32.dll]
[1976]psi.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x408B1450-->00000000 [kernel32.dll]
[1976]psi.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x408B1350-->00000000 [kernel32.dll]
[1976]psi.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [kernel32.dll]
[1976]psi.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->00000000 [kernel32.dll]
[2024]svchost.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[2024]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[2024]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[2024]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[2024]svchost.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[2024]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[2024]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[2024]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[2024]svchost.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001058-->00000000 [kernel32.dll]
[2024]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x010010A0-->00000000 [kernel32.dll]
[2024]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x0100105C-->00000000 [kernel32.dll]
[2024]svchost.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719B1178-->00000000 [kernel32.dll]
[2024]svchost.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x719B1184-->00000000 [kernel32.dll]
[2024]svchost.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x719B11A0-->00000000 [kernel32.dll]
[2024]svchost.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[2024]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[2024]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[2024]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[2024]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[2024]svchost.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[2024]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[2024]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[2024]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[2024]svchost.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x408B14B0-->00000000 [kernel32.dll]
[2024]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x408B14B4-->00000000 [kernel32.dll]
[2024]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x408B1450-->00000000 [kernel32.dll]
[2024]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x408B1350-->00000000 [kernel32.dll]
[2024]svchost.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [kernel32.dll]
[2024]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->00000000 [kernel32.dll]
[220]plugin-container.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[220]plugin-container.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[220]plugin-container.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[220]plugin-container.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[220]plugin-container.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[220]plugin-container.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[220]plugin-container.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[220]plugin-container.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[220]plugin-container.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[220]plugin-container.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[220]plugin-container.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[220]plugin-container.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[220]plugin-container.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[220]plugin-container.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[220]plugin-container.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[220]plugin-container.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[220]plugin-container.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[220]plugin-container.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x7E3B531E-->00000000 [xul.dll]
[220]plugin-container.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x408B14B0-->00000000 [kernel32.dll]
[220]plugin-container.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x408B14B4-->00000000 [kernel32.dll]
[220]plugin-container.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x408B1450-->00000000 [kernel32.dll]
[220]plugin-container.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x408B1350-->00000000 [kernel32.dll]
[220]plugin-container.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [kernel32.dll]
[220]plugin-container.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->00000000 [kernel32.dll]
[292]FsUsbExService.Exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[292]FsUsbExService.Exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[292]FsUsbExService.Exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[292]FsUsbExService.Exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[292]FsUsbExService.Exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[292]FsUsbExService.Exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[292]FsUsbExService.Exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[292]FsUsbExService.Exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[292]FsUsbExService.Exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x004262C8-->00000000 [kernel32.dll]
[292]FsUsbExService.Exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x004262C4-->00000000 [kernel32.dll]
[292]FsUsbExService.Exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[292]FsUsbExService.Exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[292]FsUsbExService.Exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[292]FsUsbExService.Exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[292]FsUsbExService.Exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[292]FsUsbExService.Exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[292]FsUsbExService.Exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[292]FsUsbExService.Exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[292]FsUsbExService.Exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[2936]wscntfy.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[2936]wscntfy.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[2936]wscntfy.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[2936]wscntfy.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[2936]wscntfy.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[2936]wscntfy.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[2936]wscntfy.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[2936]wscntfy.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[2936]wscntfy.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x01001024-->00000000 [kernel32.dll]
[2936]wscntfy.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[2936]wscntfy.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[2936]wscntfy.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[2936]wscntfy.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[2936]wscntfy.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[2936]wscntfy.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[2936]wscntfy.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[2936]wscntfy.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[2936]wscntfy.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[2948]firefox.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[2948]firefox.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[2948]firefox.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[2948]firefox.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[2948]firefox.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[2948]firefox.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[2948]firefox.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[2948]firefox.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[2948]firefox.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x00403030-->00000000 [kernel32.dll]
[2948]firefox.exe-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x00403034-->00000000 [kernel32.dll]
[2948]firefox.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719B1178-->00000000 [kernel32.dll]
[2948]firefox.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x719B1184-->00000000 [kernel32.dll]
[2948]firefox.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x719B11A0-->00000000 [kernel32.dll]
[2948]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9263C3-->00000000 [firefox.exe]
[2948]firefox.exe-->shell32.dll+0x00008640, Type: Inline - RelativeJump 0x7E678640-->00000000 [unknown_code_page]
[2948]firefox.exe-->shell32.dll+0x0000EE64, Type: Inline - RelativeJump 0x7E67EE64-->00000000 [unknown_code_page]
[2948]firefox.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[2948]firefox.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[2948]firefox.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[2948]firefox.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[2948]firefox.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[2948]firefox.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[2948]firefox.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[2948]firefox.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[2948]firefox.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[2948]firefox.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x408B14B0-->00000000 [kernel32.dll]
[2948]firefox.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x408B14B4-->00000000 [kernel32.dll]
[2948]firefox.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x408B1450-->00000000 [kernel32.dll]
[2948]firefox.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x408B1350-->00000000 [kernel32.dll]
[2948]firefox.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [kernel32.dll]
[2948]firefox.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->00000000 [kernel32.dll]
[3080]wmiapsrv.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[3080]wmiapsrv.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[3080]wmiapsrv.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[3080]wmiapsrv.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[3080]wmiapsrv.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[3080]wmiapsrv.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[3080]wmiapsrv.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[3080]wmiapsrv.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[3080]wmiapsrv.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x010011B8-->00000000 [kernel32.dll]
[3080]wmiapsrv.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x0100110C-->00000000 [kernel32.dll]
[3080]wmiapsrv.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[3080]wmiapsrv.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[3080]wmiapsrv.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[3080]wmiapsrv.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[3080]wmiapsrv.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[3080]wmiapsrv.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[3080]wmiapsrv.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[3080]wmiapsrv.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[3080]wmiapsrv.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[3080]wmiapsrv.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [kernel32.dll]
[3080]wmiapsrv.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->00000000 [kernel32.dll]
[328]jqs.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[328]jqs.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[328]jqs.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[328]jqs.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[328]jqs.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[328]jqs.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[328]jqs.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[328]jqs.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[328]jqs.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x00417128-->00000000 [kernel32.dll]
[328]jqs.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x0041711C-->00000000 [kernel32.dll]
[328]jqs.exe-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x004170AC-->00000000 [kernel32.dll]
[328]jqs.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719B1178-->00000000 [kernel32.dll]
[328]jqs.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x719B1184-->00000000 [kernel32.dll]
[328]jqs.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x719B11A0-->00000000 [kernel32.dll]
[328]jqs.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[328]jqs.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[328]jqs.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[328]jqs.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[328]jqs.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[328]jqs.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[328]jqs.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[328]jqs.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[328]jqs.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[328]jqs.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [kernel32.dll]
[328]jqs.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->00000000 [kernel32.dll]
[3584]alg.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[3584]alg.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[3584]alg.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[3584]alg.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[3584]alg.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[3584]alg.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[3584]alg.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[3584]alg.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[3584]alg.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719B1178-->00000000 [kernel32.dll]
[3584]alg.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x719B1184-->00000000 [kernel32.dll]
[3584]alg.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x719B11A0-->00000000 [kernel32.dll]
[3584]alg.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[3584]alg.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[3584]alg.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[3584]alg.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[3584]alg.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[3584]alg.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[3584]alg.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[3584]alg.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[3584]alg.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[3584]alg.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [kernel32.dll]
[3584]alg.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->00000000 [kernel32.dll]
[3792]DM2005.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[3792]DM2005.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[3792]DM2005.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[3792]DM2005.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[3792]DM2005.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[3792]DM2005.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[3792]DM2005.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[3792]DM2005.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[3792]DM2005.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x00AC8F5C-->00000000 [kernel32.dll]
[3792]DM2005.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00AC8F64-->00000000 [kernel32.dll]
[3792]DM2005.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719B1178-->00000000 [kernel32.dll]
[3792]DM2005.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x719B1184-->00000000 [kernel32.dll]
[3792]DM2005.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x719B11A0-->00000000 [kernel32.dll]
[3792]DM2005.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[3792]DM2005.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[3792]DM2005.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[3792]DM2005.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[3792]DM2005.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[3792]DM2005.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[3792]DM2005.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[3792]DM2005.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[3792]DM2005.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[3792]DM2005.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x408B14B0-->00000000 [kernel32.dll]
[3792]DM2005.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x408B14B4-->00000000 [kernel32.dll]
[3792]DM2005.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x408B1450-->00000000 [kernel32.dll]
[3792]DM2005.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x408B1350-->00000000 [kernel32.dll]
[3792]DM2005.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [kernel32.dll]
[3792]DM2005.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->00000000 [kernel32.dll]
[448]svchost.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[448]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[448]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[448]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[448]svchost.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[448]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[448]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[448]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[448]svchost.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001058-->00000000 [kernel32.dll]
[448]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x010010A0-->00000000 [kernel32.dll]
[448]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x0100105C-->00000000 [kernel32.dll]
[448]svchost.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719B1178-->00000000 [kernel32.dll]
[448]svchost.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x719B1184-->00000000 [kernel32.dll]
[448]svchost.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x719B11A0-->00000000 [kernel32.dll]
[448]svchost.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[448]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[448]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[448]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[448]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[448]svchost.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[448]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[448]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[448]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[448]svchost.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [kernel32.dll]
[448]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->00000000 [kernel32.dll]
[620]spoolsv.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[620]spoolsv.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[620]spoolsv.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[620]spoolsv.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[620]spoolsv.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[620]spoolsv.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[620]spoolsv.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[620]spoolsv.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[620]spoolsv.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001104-->00000000 [kernel32.dll]
[620]spoolsv.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x010010CC-->00000000 [kernel32.dll]
[620]spoolsv.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719B1178-->00000000 [kernel32.dll]
[620]spoolsv.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x719B1184-->00000000 [kernel32.dll]
[620]spoolsv.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x719B11A0-->00000000 [kernel32.dll]
[620]spoolsv.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[620]spoolsv.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[620]spoolsv.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[620]spoolsv.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[620]spoolsv.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[620]spoolsv.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[620]spoolsv.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[620]spoolsv.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[620]spoolsv.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[620]spoolsv.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [kernel32.dll]
[620]spoolsv.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->00000000 [kernel32.dll]
[916]oodag.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [kernel32.dll]
[916]oodag.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [kernel32.dll]
[916]oodag.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [kernel32.dll]
[916]oodag.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [kernel32.dll]
[916]oodag.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [kernel32.dll]
[916]oodag.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [kernel32.dll]
[916]oodag.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [kernel32.dll]
[916]oodag.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [kernel32.dll]
[916]oodag.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x004D7210-->00000000 [kernel32.dll]
[916]oodag.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x004D7238-->00000000 [kernel32.dll]
[916]oodag.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004D7244-->00000000 [kernel32.dll]
[916]oodag.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719B1178-->00000000 [kernel32.dll]
[916]oodag.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x719B1184-->00000000 [kernel32.dll]
[916]oodag.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x719B11A0-->00000000 [kernel32.dll]
[916]oodag.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [kernel32.dll]
[916]oodag.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [kernel32.dll]
[916]oodag.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [kernel32.dll]
[916]oodag.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [kernel32.dll]
[916]oodag.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [kernel32.dll]
[916]oodag.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [kernel32.dll]
[916]oodag.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [kernel32.dll]
[916]oodag.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [kernel32.dll]
[916]oodag.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [kernel32.dll]
[916]oodag.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [kernel32.dll]
[916]oodag.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->00000000 [kernel32.dll]

!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

Zitat:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 137):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7F78000 ACPI.sys
0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB7F67000 pci.sys
0xB80A8000 ohci1394.sys
0xB80B8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB80C8000 isapnp.sys
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB80D8000 MountMgr.sys
0xB7F48000 ftdisk.sys
0xB8330000 PartMgr.sys
0xB80E8000 sfsync02.sys
0xB80F8000 VolSnap.sys
0xB7F30000 atapi.sys
0xB8108000 disk.sys
0xB8118000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7F10000 fltmgr.sys
0xB7EFE000 sr.sys
0xB8128000 PxHelp20.sys
0xB7EE7000 KSecDD.sys
0xB7ED4000 WudfPf.sys
0xB7E47000 Ntfs.sys
0xB7E1A000 NDIS.sys
0xB8338000 sfhlp02.sys
0xB7E08000 sfdrv01.sys
0xB7DEE000 Mup.sys
0xB7DD2000 kl1.sys
0xB8340000 \WINDOWS\system32\drivers\TDI.SYS
0xB8228000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB73C6000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB73B2000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB83D0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB738E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB83D8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB7366000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8238000 \SystemRoot\system32\DRIVERS\l1e51x86.sys
0xB8248000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB85C8000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0xB8258000 \SystemRoot\system32\DRIVERS\serial.sys
0xB857C000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB8268000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB8278000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8288000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB7343000 \SystemRoot\system32\DRIVERS\ks.sys
0xB71FF000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xB83E8000 \SystemRoot\system32\DRIVERS\klim5.sys
0xB8753000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB8298000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB8588000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB7148000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB82A8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB82B8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB7137000 \SystemRoot\system32\DRIVERS\psched.sys
0xB82C8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB83F0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB83F8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB8400000 \SystemRoot\system32\DRIVERS\teamviewervpn.sys
0xB82D8000 \SystemRoot\System32\Drivers\pcouffin.sys
0xB82E8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB8408000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB8410000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB85CA000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB70D9000 \SystemRoot\system32\DRIVERS\update.sys
0xB8590000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB82F8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB85CC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB8308000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB4AF4000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB4AD0000 \SystemRoot\system32\drivers\portcls.sys
0xB81B8000 \SystemRoot\system32\drivers\drmk.sys
0xB85EC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB87DE000 \SystemRoot\System32\Drivers\Null.SYS
0xB85EE000 \SystemRoot\System32\Drivers\Beep.SYS
0xB8450000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB8458000 \SystemRoot\System32\drivers\vga.sys
0xB85F0000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB85F2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB8460000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB8468000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB70C9000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB4A0D000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB498C000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB4964000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB493E000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB491C000 \SystemRoot\System32\drivers\afd.sys
0xB81E8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB8480000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0xB81F8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB4832000 \??\E:\Programme\SUPERAntiSpyware\SASKUTIL.sys
0xB8208000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB8490000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB8498000 \??\E:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
0xB4807000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB8693000 \SystemRoot\System32\Drivers\PQNTDrv.SYS
0xB4797000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB4763000 \??\C:\WINDOWS\system32\drivers\klif.sys
0xB71EF000 \SystemRoot\System32\Drivers\Fips.SYS
0xB85F6000 \SystemRoot\system32\drivers\AsIO.sys
0xB4A40000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB71BF000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB71AF000 \SystemRoot\System32\Drivers\nx6000.sys
0xB471D000 \SystemRoot\System32\Drivers\usbvideo.sys
0xB719F000 \SystemRoot\system32\drivers\usbaudio.sys
0xB8578000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB718F000 \SystemRoot\System32\Drivers\btwusb.sys
0xB716F000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB49ED000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB4705000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB8608000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB4860000 \SystemRoot\System32\drivers\Dxapi.sys
0xB83B8000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB8794000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB43D5000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB40E0000 \SystemRoot\system32\drivers\wdmaud.sys
0xB4355000 \SystemRoot\system32\drivers\sysaudio.sys
0xB3EAB000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB3DC8000 \SystemRoot\system32\DRIVERS\atksgt.sys
0xB8438000 \??\C:\WINDOWS\system32\drivers\btserial.sys
0xB3CA6000 \??\C:\WINDOWS\system32\drivers\btslbcsp.sys
0xB84A8000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0xB3C26000 \SystemRoot\system32\DRIVERS\srv.sys
0xB361A000 \SystemRoot\System32\Drivers\HTTP.sys
0xB374A000 \SystemRoot\System32\drivers\dgderdrv.sys
0xB36CB000 \??\C:\WINDOWS\system32\FsUsbExDisk.SYS
0xB8642000 \SystemRoot\system32\DRIVERS\psi_mf.sys
0xB3522000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xB8430000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xB33E7000 \SystemRoot\system32\drivers\kmixer.sys
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 32):
0 System Idle Process
4 SYSTEM
1288 C:\WINDOWS\system32\smss.exe
1412 csrss.exe
1440 C:\WINDOWS\system32\winlogon.exe
1484 C:\WINDOWS\system32\services.exe
1496 C:\WINDOWS\system32\lsass.exe
1652 C:\WINDOWS\system32\nvsvc32.exe
1708 C:\WINDOWS\system32\svchost.exe
1804 svchost.exe
2024 C:\WINDOWS\system32\svchost.exe
160 C:\WINDOWS\system32\svchost.exe
448 svchost.exe
620 C:\WINDOWS\system32\spoolsv.exe
1000 C:\WINDOWS\explorer.exe
1084 svchost.exe
1172 C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
1280 C:\WINDOWS\RTHDCPL.exe
1372 C:\WINDOWS\system32\ctfmon.exe
1968 E:\Programme\Bluetooth Software\Bluetooth Software\bin\btwdins.exe
1976 E:\Programme\Secunia\PSI\psi.exe
1696 C:\WINDOWS\system32\dgdersvc.exe
292 C:\WINDOWS\system32\FsUsbExService.Exe
328 E:\Programme\Java\jre6\bin\jqs.exe
196 C:\Programme\Microsoft LifeCam\MSCamS32.exe
916 C:\WINDOWS\system32\oodag.exe
1224 C:\WINDOWS\system32\svchost.exe
3080 C:\WINDOWS\system32\wbem\wmiapsrv.exe
3584 alg.exe
2936 C:\WINDOWS\system32\wscntfy.exe
2656 C:\Dokumente und Einstellungen\RSC Home\Desktop\MBRCheck.exe
388 E:\Programme\Mozilla Firefox\firefox.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000013`8aa9b800 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000020`eba7ca00 (NTFS)
\\.\G: --> \\.\PhysicalDrive0 at offset 0x00000028`576e9000 (NTFS)
\\.\H: --> \\.\PhysicalDrive0 at offset 0x0000004f`bd294800 (NTFS)
\\.\I: --> \\.\PhysicalDrive0 at offset 0x0000005b`f685a600 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD502IJ, Rev: 1AA01113

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11

Done!

Hi Chris

Ich hab jetzt mal was anderes ausprobiert.
Die Kaspersky Software habe ich deinstalliert, danach auch CCleaner durchlaufen lassen, die Registry bereinigt, neugestartet und wieder AVG installiert.
Die AVG Software hat mich bisher eigentlich immer mer überzeugt, als die anderen, und bei Kaspersky ist mir ohnehin aufgefallen, dass der PC insgesamt ein wenig langsamer war, auch beim Systemstart.

Der erste Scan hat 6 Infizierungen gefunden und behoben, ich lasse jetzt nochmal komplett scannen und poste dir meinen Bericht.
Es wäre lieb, wenn du mir zu den Ergebnissen aus dem letzten Post deine Meinung schreibst.

Liebe Grüße
Shiva

Hi,

sieht soweit ok aus...
Prüfe mal bei virustotal folgende Datei:
C:\WINDOWS\Prefetch\MSPAINT.EXE-11CBB631.pf

Im Hooker-Log sind viele Redirections enthalten, dafür ist aber hauptamtlich Kaspersky zuständig...

Was hat AVG gefunden?

chris

Also diese Datei im Prefetch Ordner kann ich nicht prüfen, die ist da nicht drin. Wäre aber möglich, dass ich während der Prüfung Paint kurz offen hatte. Daran könnts liegen...

AVG hatte 5 kleine Trojaner gefunden, untersteh dich aber zu fragen, wo genau :rofl: Ich wollte ein Log speichern, das geht bei AVG aber irgendwie nicht, oder doch? Wenn ja, such ichs für dich raus, ansonsten weiß ichs leider nicht mehr, weil die danach sofort bereinigt hat und dann waren sie weg...

Ich hab gestern noch komplette Scans durchführen lassen von SuperAntispyware, MBAM und auch nochmal von AVG, und im Moment sieht alles sehr gut aus, keine Funde und auch keine Internetprobleme.

Ich denke, dieser Fall ist abgeschlossen.
Vielen vielen Dan ihr Lieben, so viele wüssten nicht, was sie ohne euch machen sollten. Ihr seid klasse.

Liebe Grüße und bis (hoffentlich nicht allzu) bald
Eure Shiva