| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Falsche Google Weiterleitung und gar kein Internet mehrWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.03.2010, 17:16
| #1 |
 |  Falsche Google Weiterleitung und gar kein Internet mehr Hallo Zusammen, ich habe das Problem, dass Google mich fast permanent auf falsche Seiten leitet wenn ich einen Link von einem Suchergebnis anklicke. Manchmal muss ich zwei bis dreimal auf einen Link klicken, bis ich wirklich auf die Seite vom Sucherergebnis komme. Ab und zu passiert es dann auch, dass nach einer Weile gar kein Internet zugriff mehr möglich ist. Was bedeutet, weder Internetexplorer noch Firefox lassen mich ins Netz . Firefox macht zeigt auch keine Fehlermeldung, Internetexplorer meldet „Fehler 104 net::ERR_CONNECTION_FAILED): Die Verbindung zum Server kann nicht hergestellt werden.“ Zugriff auf meinen Mail IMAP Account geht auch nicht. Allerdings funktioniert der Ping zu meinem Router (Allerdings komm ich per Browser nicht auf die Konfigurationsseite vom Router) und ich kann auch Google erfolgreich anpingen. Somit scheint die Verbindung ins Netz korrekt zu bestehen. Gott sei Dank kann ich nach einem Neustart des Rechners wieder ins Netz, bis es eben manchmal dann wieder nicht mehr geht. Das Google Weiterleitungsproblem habe ich schon ein paar Wochen, dass manchmal dann nach einer Weile gar kein Internet mehr geht habe ich letzte Woche zum ersten Mal beobachtet. MCAffee hat seit 13.02.2010 folgende Sachen gefunden (es sind keine weiteren Funde sonst protokolliert):  Die Google und Boardsuche hat ergeben, dass teilweise beim Google Weiterleitungsproblem die Neuinstallation empfohlen wurde (ohh bitte, lass mich nicht so ein Fall sein) und manchmal aber auch das Problem mit Skripten und ComboFix behoben werden konnte. Leider fehlt mir das Wissen um heraus zu finden was bei mir die Problemursache ist, deswegen wende ich mir hier an das Trojaner-Board. Ich habe die Anleitung „Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?“ durchgelesen und hier folgen nun die Ergebnisse von CCleaner, Malwarebytes-Anti-Malware und RSIT jeweils als Administrator ausgeführt. Ergebnis CCleaner Cleaner: Code:
ATTFilter REINIGUNG komplett - (36.179 Sek)
------------------------------------------------------------------------------------------
2.675,3MB entfernt.
------------------------------------------------------------------------------------------
Details der gelöschten Dateien
------------------------------------------------------------------------------------------
Internet Explorer - Temporäre Internet-Dateien 1.218KB 87 Dateien
Internet Explorer - Cookies 1KB 3 Dateien
Internet Explorer - Lösche Index.dat-Dateien 0KB 4 Dateien
Windows Explorer - Aufgerufene Dokumente 5KB 7 Dateien
System - Papierkorb leeren 2.702.589KB 67 Dateien
System - Temporäre Dateien 1.548KB 3 Dateien
System - Windows-Logdateien 16.426KB 9 Dateien
Firefox/Mozilla - Cookies 0KB 11 Dateien
Firefox/Mozilla - Download-Verlauf 2KB 1 Dateien
Firefox/Mozilla - Internet-Cache 17.677KB 122 Dateien
Werkzeuge - Windows Defender 30KB 5 Dateien
------------------------------------------------------------------------------------------
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\86W39M70\DE_OUT_Round2_ROTO_men[1].png 10KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWGTHFLW\nav_logo7[1].png 5KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUNWPE7M\leipzig-books-09-120._V250144726_[1].gif 3KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\86W39M70\SMInstrumentation[1].vbs 16KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWGTHFLW\mp3-cat-120_2[1].jpg 5KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\86W39M70\audible_a_icon_16T[1].png 1KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUNWPE7M\google_de[1].htm 13KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\86W39M70\DE-EES-DE-stripe-28[1].gif 5KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AKLOJZ70\dl_btn_right[1].gif 1KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\86W39M70\s[3].gif 1KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\86W39M70\iPhone_DE[1].gif 8KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUNWPE7M\de-logo-153x37[1].gif 1KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUNWPE7M\3839810027.03.MZZZZZZZ[1].jpg 5KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AKLOJZ70\3462042025.03.MZZZZZZZ[1].jpg 6KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AKLOJZ70\RadioRequest[1].xml 1KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\86W39M70\piday10-hp[1].gif 21KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUNWPE7M\20090625tef2[1].gif 1KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWGTHFLW\favicon[1].ico 1KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUNWPE7M\SMAppData[1].vbs 4KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\86W39M70\3785760248.03.MZZZZZZZ[1].jpg 5KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUNWPE7M\favicon[1].ico 1KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUNWPE7M\3935937660.03.TZZZZZZZ[1].jpg 4KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUNWPE7M\a4[1].gif 1KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUNWPE7M\SMSyncMessage[1].vbs 31KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWGTHFLW\close_sm[1].gif 1KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWGTHFLW\SMConstantsdef[1].vbs 11KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUNWPE7M\AllServices[1].xml 2KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWGTHFLW\3827009103.03.MZZZZZZZ[1].jpg 9KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWGTHFLW\weatherrequest[1].xml 2KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AKLOJZ70\MG_de-de[1].xml 1KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWGTHFLW\SMRegistry[1].vbs 3KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\86W39M70\transp[2].gif 1KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AKLOJZ70\book-recommendations-120[1].gif 2KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\86W39M70\GroupingRequest[1].xml 1KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUNWPE7M\blank[1].gif 1KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AKLOJZ70\keinohr_110[1].jpg 16KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AKLOJZ70\SMUIContainer[1].vbs 6KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\86W39M70\3423050012.03.TZZZZZZZ[1].jpg 3KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWGTHFLW\top-hundred-books-120[1].gif 2KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AKLOJZ70\dl_btn_left[1].gif 1KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AKLOJZ70\p3[1].gif 1KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUNWPE7M\mgyhp_sm[1].png 1KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\86W39M70\SMSystemData[1].vbs 9KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AKLOJZ70\SMVersion1[1].vbs 3KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWGTHFLW\3453170644.03.TZZZZZZZ[1].jpg 4KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWGTHFLW\p4[1].gif 1KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWGTHFLW\media_guide_16x16[1].png 1KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUNWPE7M\20090625tef1[1].gif 1KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWGTHFLW\3596186536.03.MZZZZZZZ[1].jpg 7KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWGTHFLW\butright[1].gif 1KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\86W39M70\1905654693.03.TZZZZZZZ[1].jpg 4KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AKLOJZ70\3551086559.03.MZZZZZZZ[1].jpg 10KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AKLOJZ70\386873189X.03.TZZZZZZZ[1].jpg 3KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUNWPE7M\LogoFaroLatino16x16[1].png 1KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUNWPE7M\SMClientDB[1].vbs 10KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\86W39M70\tep1l[1].gif 1KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\86W39M70\butleft[1].gif 1KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWGTHFLW\mg4_wmp12_30x30_2[1].png 2KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AKLOJZ70\apparel_fs10a._V201808075_[1].jpg 12KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AKLOJZ70\AllServices[1].xml 2KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWGTHFLW\GC-stripe-650x45._V219929141_[1].gif 6KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUNWPE7M\chat_meebo_ec2_conduit_com[1].txt 1KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWGTHFLW\SMSubscriptionData[1].vbs 11KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUNWPE7M\Q309spa[1].gif 1KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWGTHFLW\syncmessage[1].aspx 3KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\86W39M70\SMUtils[1].vbs 7KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AKLOJZ70\de-study_guides-120[1].gif 7KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\86W39M70\MG_de-de[1].xml 1KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AKLOJZ70\warehousedeals._V226652837_[1].jpg 38KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWGTHFLW\AMZ_Header[1].jpg 30KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUNWPE7M\nell-ww-120._V206492243_[1].jpg 6KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AKLOJZ70\toolbar_sm[1].png 2KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AKLOJZ70\SMProviderEnum[1].vbs 3KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\86W39M70\dl_btn_mid[1].gif 1KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\86W39M70\SMVersionMgr[1].vbs 6KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AKLOJZ70\spacer[2].gif 1KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWGTHFLW\DE-Buch-Restposten-120c[1].gif 3KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\86W39M70\vrl[1].htm 1KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AKLOJZ70\vcl[1].htm 1KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AKLOJZ70\vrl[1].htm 1KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUNWPE7M\vcl[1].htm 1KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWGTHFLW\vcl[1].htm 1KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{B6264BB2-1B3C-4051-9C8E-DE6C51287931}.tmp 16KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{0D6AFFE8-90A7-4EDA-8024-43561D6407F6}.tmp 1KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{327027BB-ADF7-4429-916C-1EAA2A696488}.tmp 790KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B01C7CD5-68C1-4EFA-8D1D-E9CCF2EF1FE4}.tmp 2KB
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B2BCCF86-7D1F-41D6-879C-12C72DCB850B}.tmp 8KB
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@onlinestores.metaservices.microsoft[1].txt 1KB
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@amazon[1].txt 1KB
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@google[2].txt 1KB
Zum Löschen markiert: C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 0KB
Zum Löschen markiert: C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\index.dat 0KB
Zum Löschen markiert: C:\Users\***\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 0KB
Zum Löschen markiert: C:\Users\***\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010031420100315\index.dat 0KB
C:\Users\***\AppData\Roaming\Microsoft\Windows\Recent\0001_Für alle Hilfesuchenden! Wa...pdf.lnk 1KB
C:\Users\***\AppData\Roaming\Microsoft\Windows\Recent\0002_Anleitung_ CCleaner - Troja...pdf.lnk 1KB
C:\Users\***\AppData\Roaming\Microsoft\Windows\Recent\0003_Anleitung_ Malwarebytes Ant...pdf.lnk 1KB
C:\Users\***\AppData\Roaming\Microsoft\Windows\Recent\0004_Anleitung_ RSIT - Randoms S...pdf.lnk 1KB
C:\Users\***\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini.lnk 1KB
C:\Users\***\AppData\Roaming\Microsoft\Windows\Recent\Für alle Hilfesuchenden! Wa...pdf.lnk 1KB
C:\Users\***\AppData\Roaming\Microsoft\Windows\Recent\Google weiterlinkung.lnk 1KB
Geleerter Papierkorb (67 Dateien) 2.702.589KB
C:\Users\***\AppData\Local\Temp\BIT3E82.tmp 774KB
C:\Users\***\AppData\Local\Temp\chrome_shutdown_ms.txt 1KB
C:\Users\***\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv.exe 774KB
C:\Windows\system32\wbem\Logs\FrameWork.log 12KB
C:\Windows\system32\wbem\Logs\wmiprov.log 4KB
C:\Windows\system32\wbem\Logs\WMITracing.log 16.384KB
C:\Windows\PFRO.log 6KB
C:\Windows\setupact.log 7KB
C:\Windows\setuperr.log 0KB
C:\Windows\Debug\UserMode\ChkAcc.log 0KB
C:\Windows\Debug\UserMode\ChkAcc.bak 0KB
C:\Windows\security\logs\scecomp.old 14KB
Entfernte Cookies: google.de 0KB
Entfernte Cookies: google.com 0KB
Entfernte Cookies: w*w.gesundehunde.com 0KB
Entfernte Cookies: tt11.adobe.com 0KB
Entfernte Cookies: adobe.com 0KB
Entfernte Cookies: doubleclick.net 0KB
Entfernte Cookies: 64.111.196.126 0KB
Entfernte Cookies: feed.ndot.com 0KB
Entfernte Cookies: tgonz.com 0KB
Entfernte Cookies: imageshack.us 0KB
Entfernte Cookies: trojaner-board.de 0KB
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\z3veftn9.default\downloads.sqlite 2KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\00CF59DCd01 132KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\05E5DF6Bd01 24KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\08EEC1D4d01 36KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\09BE6142d01 17KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\0BC0D9BEd01 31KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\0BD04AC2d01 16KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\0DF4095Bd01 44KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\0FE0E08Cd01 27KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\1662735Bd01 30KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\16C8FCB0d01 432KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\19090F47d01 39KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\1F7DAE81d01 366KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\2140B440d01 53KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\22A9E2D6d01 27KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\23E0AB09d01 263KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\2A8AEBB1d01 30KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\2AFB9761d01 301KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\2B2B18ACd01 35KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\2F1E879Ad01 32KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\302D4EE0d01 347KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\3070E06Dd01 19KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\30D4716Fd01 150KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\30EA8BD9d01 31KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\315000F0d01 25KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\31A16BCDd01 41KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\321F7457d01 484KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\355E31A2d01 779KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\379881E0d01 32KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\3EDC8DAAd01 37KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\44686675d01 17KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\44F843B3d01 26KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\45792E22d01 31KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\4603CF7Ed01 28KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\4700F43Cd01 131KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\4809FD4Ad01 33KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\48D0C4F2d01 32KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\4A5B4F0Ed01 739KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\4C44CD20d01 135KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\4D4D12A7d01 53KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\4FCD1601d01 19KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\52931A76d01 90KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\52E8265Fd01 30KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\5399CFBFd01 30KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\57589658d01 37KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\5C404FFDd01 245KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\5CDABB64d01 30KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\60DB476Ad01 19KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\6A7706A0d01 305KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\6C639B9Fd01 47KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\6D6B545Ed01 31KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\6EC0809Fd01 54KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\6F50719Dd01 36KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\72F4449Bd01 34KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\77A4DF8Ad01 150KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\7BE16B4Ed01 18KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\7DA9F4B3d01 85KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\7DDFA91Fd01 19KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\7DF7E88Cd01 353KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\7E0B5F83d01 25KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\80383D23d01 68KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\810AD399d01 19KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\854B308Fd01 102KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\879AC753d01 23KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\879FC147d01 90KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\87BF4E63d01 422KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\87DF15EDd01 30KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\8D37C5A8d01 30KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\8E0548E1d01 36KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\90A5A888d01 21KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\91C555F8d01 103KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\92646DB2d01 54KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\9302D56Fd01 19KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\93034278d01 84KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\94E4BF1Dd01 21KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\98FA2499d01 110KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\9C0501B2d01 39KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\AC87BF95d01 24KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\AE59AB2Dd01 21KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\B20AB68Bd01 23KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\B30B9E99d01 37KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\B38AD9ECd01 36KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\B4B67B7Ad01 25KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\B88AC6A7d01 42KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\B9E34881d01 306KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\BF9082B3d01 33KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\C057350Fd01 362KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\C12B6C21d01 421KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\C4907532d01 449KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\C915444Bd01 38KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\C998746Ed01 166KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\CACD00AAd01 143KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\CF8BF022d01 112KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\D444243Cd01 111KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\D4859058d01 55KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\D4DB77F7d01 22KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\D57ED213d01 348KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\D6D89835d01 289KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\DA06FBD2d01 32KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\DD40F187d01 44KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\E0852522d01 232KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\E2D96A3Ad01 57KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\E464A6A9d01 39KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\E5F90217d01 43KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\E5FB10D8d01 29KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\E6240929d01 764KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\E92C73D8d01 53KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\EB4DF835d01 27KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\EC35672Cd01 749KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\EF756152d01 17KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\F000FEE8d01 28KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\F4A37EDFd01 746KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\F51B3672d01 27KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\F5FF9BFAd01 214KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\F7D5D7BFd01 72KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\FBF7CAA1d01 26KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\FC905E3Ed01 20KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\FDDD494Dd01 469KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\FFF50D31d01 19KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\_CACHE_001_ 530KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\_CACHE_002_ 663KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\_CACHE_003_ 1.648KB
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\z3veftn9.default\cache\_CACHE_MAP_ 32KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{2B961EB1-84EB-4D0B-B13A-AE8D4D66EAD8} 6KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{47499398-60DE-4421-8A6B-7F0544A31E30} 6KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{9ABDC3A6-6D2D-4803-A2ED-46B9E068F119} 6KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A7B1AE3C-A803-4D59-8454-05A24736AEB9} 6KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{CFBB23E0-F7BD-49E6-97CE-45AB419E0F5B} 6KB
Code:
ATTFilter Ungenutzte Datei-Endungen gopher HKCR\gopher
Ungenutzte Datei-Endungen NcRemove HKCR\NcRemove
Öffne mit Anwendung Problem Applications\moviemk.exe\shell HKCR\Applications\moviemk.exe
Ergebnis Malwarebytes-Anti-Malware: Code:
ATTFilter Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3865
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882
14.03.2010 16:03:50
mbam-log-2010-03-14 (16-03-50).txt
Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|N:\|V:\|)
Durchsuchte Objekte: 598306
Laufzeit: 3 hour(s), 25 minute(s), 30 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter info.txt logfile of random's system information tool 1.06 2010-03-14 16:06:57
======Uninstall list======
"Nero SoundTrax Help-->MsiExec.exe /X{98A67610-A3B5-4098-A423-3708040026D3}
-->"C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0007
-->"C:\Program Files\Creative Installation Information\CTCMSGO\Setup.exe" /remove /l0x0007
-->"C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0007
-->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MINIDISC_U\Setup.exe" /remove /l0x0007
-->"C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0007
-->"C:\Program Files\Creative\Sound Blaster X-Fi\Program\SETUP.EXE" /S /U /W /L:GER
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {35355EBA-4636-40B2-A995-FEB4CDBD92B3}
-->msiexec /package {90120000-003B-0000-0000-0000000FF1CE} /uninstall {BEFDE94E-B9FB-423A-85AE-F58BB56F3CFC}
-->msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {C92FB469-D5B7-48C6-B171-785E1126F099}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B026740-A400-48FF-8F6B-B37C4F61C937}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B026740-A400-48FF-8F6B-B37C4F61C937}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C229589D-CC1A-43FF-9507-CDED3AB85325}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C229589D-CC1A-43FF-9507-CDED3AB85325}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C88C3C27-AECE-4137-A6CC-D7A6FFAD2F84}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C88C3C27-AECE-4137-A6CC-D7A6FFAD2F84}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DCCC08BD-FC52-4AEB-ACF8-6A5C06550468}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DCCC08BD-FC52-4AEB-ACF8-6A5C06550468}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x7 /remove
µTorrent-->"C:\Program Files\uTorrent\uninstall.exe"
3D Funny Fish Free v1.0-->"C:\Program Files\3D Funny Fish Free\unins000.exe"
7-Zip 9.10 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
AAA PDF Password Remover V2.0-->"C:\Program Files\AAAPDF\pdfdec\unins000.exe"
ACDSee Pro 2.5-->MsiExec.exe /I{2D95950E-6D76-43E7-94A5-D9DBA2FD29E4}
Adobe Acrobat 8.1.4 Professional-->msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Dreamweaver CS4-->C:\Program Files\Common Files\Adobe\Installers\acce07fd2c8fe7f9e3f26243e626578\Setup.exe --uninstall=1
Adobe Dreamweaver CS4-->MsiExec.exe /I{30C8AA56-4088-426F-91D1-0EDFD3A25678}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash CS3 Professional-->C:\Program Files\Common Files\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3-->C:\Program Files\Common Files\Adobe\Installers\a04a925a57548091300ada368235fc6\Setup.exe
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Encoder CS4 Exporter-->C:\Program Files\Common Files\Adobe\Installers\5eba9bbdf1514a06b1a4c79a2920188\Setup.exe --uninstall=1
Adobe Media Encoder CS4 Exporter-->MsiExec.exe /I{561968FD-56A1-49FD-9ED0-F55482C7C5BC}
Adobe Media Encoder CS4 Importer-->C:\Program Files\Common Files\Adobe\Installers\7774cb1e022c49962995a9014500066\Setup.exe --uninstall=1
Adobe Media Encoder CS4 Importer-->MsiExec.exe /I{8186FF34-D389-4B7E-9A2F-C197585BCFBD}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Photoshop Elements 8.0-->msiexec /i {17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}
Adobe Photoshop Lightroom 2.2-->MsiExec.exe /I{A4EE4223-98B1-4874-BA6E-E8A574F9C0FF}
Adobe Premiere Elements 7.0 Templates-->msiexec /I {85AF94EC-55DE-452A-8FD7-C34E598B3F1F} REMOVEFROMARP=1
Adobe Premiere Elements 7.0 Templates-->MsiExec.exe /X{85AF94EC-55DE-452A-8FD7-C34E598B3F1F}
Adobe Premiere Elements 7.0-->msiexec /I {D564B5E2-CCB5-4A5C-B35E-2FC30BBC9336} REMOVEPREFS=1
Adobe Premiere Elements 7.0-->MsiExec.exe /I{D564B5E2-CCB5-4A5C-B35E-2FC30BBC9336}
Adobe Reader 8.1.3 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81300000003}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Setup-->MsiExec.exe /I{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}
Adobe Setup-->MsiExec.exe /I{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{9F8FDE1A-FA91-43F2-887B-CF080156D57E}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{EC68232E-C74E-4F1A-B296-DFD2E1944E10}
Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Setup-->MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2}
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Advertising Center-->MsiExec.exe /X{B2EC4A38-B545-4A00-8214-13FE0E915E6D}
ANUBIS International Comp.Ltd. TYPHOON DVD Maker WDM Drivers-->C:\Windows\emunist.exe
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
BodyForm Professional V3.0-->"C:\Program Files\Bodyform Professional V3.0\unins000.exe"
CamStudio-->C:\Program Files\CamStudio\uninstall.exe
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
ConTEXT-->"C:\Program Files\ConTEXT\unins000.exe"
Contour Shuttle-->"C:\Program Files\Contour Shuttle\Uninstall.exe" "C:\Program Files\Contour Shuttle\install.log"
Creative MediaSource 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x7 /remove
DATA BECKER BeckerCAD 5-->"C:\Program Files\DATA BECKER\BeckerCAD 5\unins000.exe"
dBpoweramp Music Converter-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
DC++ 0.698-->"C:\Program Files\DC++\uninstall.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DolbyFiles-->MsiExec.exe /X{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}
eMule-->"C:\Program Files\eMule\Uninstall.exe"
FreeCommander 2009.02-->"C:\Program Files\FreeCommander\unins000.exe"
free-downloads.net Toolbar-->C:\PROGRA~1\FREE-D~1.NET\UNWISE.EXE /U C:\PROGRA~1\FREE-D~1.NET\INSTALL.LOG
FreeMind-->"C:\Program Files\FreeMind\unins000.exe"
GIMP 2.6.3-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Earth-->MsiExec.exe /X{2EAF7E61-068E-11DF-953C-005056806466}
Google Earth-->MsiExec.exe /X{548EAC70-EE00-11DD-908C-005056806466}
Google SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x7 -removeonly
Google SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x7 -removeonly
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
GrabPro - Toolbar-->regsvr32 /u /s "C:\Program Files\Orbitdownloader\GrabPro.dll"
Hauppauge MCE XP/Vista Software Encoder (2.0.25296)-->C:\PROGRA~1\WinTV\UNSftMCE.EXE C:\PROGRA~1\WinTV\softMCE.LOG
Hauppauge WinTV Infrared Remote-->C:\PROGRA~1\WinTV\UNir32.EXE C:\PROGRA~1\WinTV\ir32.LOG
HD Tach version 3-->"C:\Program Files\Simpli Software\HD Tach\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Inkscape 0.46-->C:\Program Files\Inkscape\Uninstall.exe
IntelliFood-->C:\Windows\unin0407.exe -f"C:\Program Files\20consult\IntelliFood\DeIsL1.isu" -c"C:\Program Files\20consult\IntelliFood\_ISREG32.DLL"
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
IssWas 2.6-->"C:\Program Files\isswas2_6\unins000.exe"
iTunes-->MsiExec.exe /I{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
KeePass Password Safe 2.09-->"R:\KeePass\unins000.exe"
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Logitech Audio Echo Cancellation Component-->MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech Legacy USB Camera-Treiberpaket-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\11.10.2016\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -arpregkey"legacyqcam_11.10" /clone_wait /hide_progress
Logitech QuickCam-->MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Logitech QuickCam-Treiberpaket-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Menu Templates - Starter Kit-->MsiExec.exe /X{B78120A0-CF84-4366-A393-4D0A59BC546C}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Project MUI (German) 2007-->MsiExec.exe /X{90120000-00B4-0407-0000-0000000FF1CE}
Microsoft Office Project Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PRJPRO /dll OSETUP.DLL
Microsoft Office Project Professional 2007-->MsiExec.exe /X{90120000-003B-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Visio MUI (German) 2007-->MsiExec.exe /X{90120000-0054-0407-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPRO /dll OSETUP.DLL
Microsoft Office Visio Professional 2007-->MsiExec.exe /X{90120000-0051-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{6AFCA4E1-9B78-3640-8F72-A7BF33448200}
Movie Templates - Starter Kit-->MsiExec.exe /X{E498385E-1C51-459A-B45F-1721E37AA1A0}
Mozilla Firefox (3.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.23)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MVision-->MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
National Instruments-Software-->"C:\Program Files\National Instruments\Shared\NIUninstaller\uninst.exe"
Nero 9-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-01AE-WXPW-1P5Z-4XUX-C4AZ-KX74-117T"
Nero Burning ROM Help-->MsiExec.exe /X{086A7D8C-0A38-4C7F-819A-620275550D5C}
Nero BurnRights Help-->MsiExec.exe /X{F6BDD7C5-89ED-4569-9318-469AA9732572}
Nero BurnRights-->MsiExec.exe /X{7829DB6F-A066-4E40-8912-CB07887C20BB}
Nero ControlCenter-->MsiExec.exe /X{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}
Nero ControlCenter-->MsiExec.exe /X{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}
Nero CoverDesigner Help-->MsiExec.exe /X{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}
Nero CoverDesigner-->MsiExec.exe /X{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}
Nero Disc Copy Gadget Help-->MsiExec.exe /X{60C731FB-C951-41CE-AD41-8E54C8594609}
Nero Disc Copy Gadget-->MsiExec.exe /X{F1861F30-3419-44DB-B2A1-C274825698B3}
Nero DiscSpeed Help-->MsiExec.exe /X{CC019E3F-59D2-4486-8D4B-878105B62A71}
Nero DiscSpeed-->MsiExec.exe /X{869200DB-287A-4DC0-B02B-2B6787FBCD4C}
Nero DriveSpeed Help-->MsiExec.exe /X{E5C7D048-F9B4-4219-B323-8BDB01A2563D}
Nero DriveSpeed-->MsiExec.exe /X{33CF58F5-48D8-4575-83D6-96F574E4D83A}
Nero Express Help-->MsiExec.exe /X{83202942-84B3-4C50-8622-B8C0AA2D2885}
Nero InfoTool Help-->MsiExec.exe /X{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}
Nero InfoTool-->MsiExec.exe /X{FBCDFD61-7DCF-4E71-9226-873BA0053139}
Nero Installer-->MsiExec.exe /X{E8A80433-302B-4FF1-815D-FCC8EAC482FF}
Nero Live Help-->MsiExec.exe /X{77E33D87-255E-413E-9C8D-EED2A7F9BEBF}
Nero Live-->MsiExec.exe /X{DF6A95F5-ADC1-406A-BDC6-2AA7CC0182AA}
Nero PhotoSnap Help-->MsiExec.exe /X{1C00C7C5-E615-4139-B817-7F4003DE68C0}
Nero PhotoSnap-->MsiExec.exe /X{9E82B934-9A25-445B-B8DF-8012808074AC}
Nero Recode Help-->MsiExec.exe /X{AD6BC5CC-2EF0-49C4-B33D-CDC8B2C4DC80}
Nero Recode-->MsiExec.exe /X{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}
Nero Rescue Agent-->MsiExec.exe /X{368BA326-73AD-4351-84ED-3C0A7A52CC53}
Nero RescueAgent Help-->MsiExec.exe /X{5E08ECD1-C98E-4711-BF65-8FD736B3F969}
Nero ShowTime-->MsiExec.exe /X{02627EE5-EACA-4742-A9CC-E687631773E4}
Nero ShowTime-->MsiExec.exe /X{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}
Nero StartSmart Help-->MsiExec.exe /X{2348B586-C9AE-46CE-936C-A68E9426E214}
Nero StartSmart-->MsiExec.exe /X{7748AC8C-18E3-43BB-959B-088FAEA16FB2}
Nero Vision Help-->MsiExec.exe /X{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}
Nero Vision-->MsiExec.exe /X{43E39830-1826-415D-8BAE-86845787B54B}
Nero WaveEditor-->MsiExec.exe /X{A209525B-3377-43F4-B886-32F6B6E7356F}
NeroBurningROM-->MsiExec.exe /X{D025A639-B9C9-417D-8531-208859000AF8}
NeroExpress-->MsiExec.exe /X{595A3116-40BB-4E0F-A2E8-D7951DA56270}
NeroLiveGadget Help-->MsiExec.exe /X{85243696-5E58-4357-9CF8-3498C609941D}
NeroLiveGadget-->MsiExec.exe /X{9E9FDDE6-2C26-492A-85A0-05646B3F2795}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
Olympus Digital Wave Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB91E774-867B-4567-ACE7-8144EF036068}\Setup.exe" -l0x7
Olympus DSS Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E6BBAA-25E6-4BFC-9613-75A5CACE2940}\Setup.exe" -l0x7 UNINSTALL
OpenAL-->"C:\Program Files\OpenAL\OALInst.exe" /U /S
Orbit Downloader-->"C:\Program Files\Orbitdownloader\unins000.exe"
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
PL-2303 USB-to-Serial-->"C:\Program Files\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\setup.exe" -runfromtemp -l0x0009 -removeonly
PowerCinema-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" -uninstall
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
Pro/ENGINEER Release Wildfire 4.0 Datecode F000-->"C:\Program Files\proeWildfire 4.0\uninstall\i486_nt\obj\psuninst.exe" "C:\Program Files\proeWildfire 4.0\uninstall\instlog.txt"
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb
Shuangs Audio Joiner 1.21-->"C:\Program Files\Shuangs Audio Joiner\unins000.exe"
SmartSound Quicktracks for Premiere Elements-->"C:\Program Files\InstallShield Installation Information\{F6234880-85BE-4DCB-8A45-1FF85A1A8552}\setup.exe" -runfromtemp -l0x0409 -removeonly
SmartSound Quicktracks for Premiere Elements-->MsiExec.exe /I{F6234880-85BE-4DCB-8A45-1FF85A1A8552}
SopCast 1.1.1-->C:\Program Files\SopCast\uninst.exe
Sound Blaster X-Fi-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}\SETUP.EXE" -l0x7 /remove
SoundTrax-->MsiExec.exe /X{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}
SpeedCommander 11-->C:\Program Files\SpeedProject\SpeedCommander 11\UnInstall.exe
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
SUPER © Version 2009.bld.36 (June 10, 2009)-->V:\SUPER\INSTAL~1\Setup.exe /remove /q0
SyncBackPro-->"C:\Program Files\2BrightSparks\SyncBackPro\unins000.exe"
Ultima2000 e+-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E990C0BD-E3BC-47F1-B124-4F33D81B0BC3}\Setup.exe"
UltraMon-->MsiExec.exe /I{AF0FA6D7-96F3-468A-ABB7-28BE006EA8E9}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
USB Flachbettscanner-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D341C705-A763-4DC0-A3B6-EA13E34ADE9E}\Setup.exe"
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vista Codec Package-->MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}
webcamXP 2007-->"C:\Program Files\webcamXP\wxp-uninst.exe"
Winamp [Key]Controller v4.0 (remove only)-->"C:\Program Files\Winamp\uninstwkc4.exe"
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Mobile-Gerätecenter: Treiberupdate-->MsiExec.exe /X{CB8CA439-DA83-419C-A4CF-5A0A50025144}
Windows Mobile-Gerätecenter-->MsiExec.exe /I{1F2A5DF9-40E1-4644-ADBD-D80F347BA6C8}
WinRAR Archivierer-->C:\Program Files\WinRAR\uninstall.exe
WinZip 12.0-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}
Your Uninstaller! 2008 Version 6.0-->"C:\Program Files\Your Uninstaller 2008\unins000.exe"
======Hosts File======
127.255.255.255 serial.alcohol-soft.com
127.0.0.1 activate.adobe.com
127.0.0.1 serial.alcohol-soft.com
127.0.0.1 w*w.alcohol-soft.com
127.0.0.1 images.alcohol-soft.com
127.0.0.1 trial.alcohol-soft.com
127.0.0.1 alcohol-soft.com
======Security center information======
AS: Windows-Defender (disabled)
======System event log======
Computer Name: ***
Event Code: 26
Message: Anwendungspopup: Windows - Kein Datenträger: Exception Processing Message 0xc0000013 Parameters 0x762692A0 0x00000004 0x762692A0 0x762692A0
Record Number: 338248
Source Name: Application Popup
Time Written: 20100206200844.000000-000
Event Type: Informationen
User:
Computer Name: ***
Event Code: 26
Message: Anwendungspopup: Windows - Kein Datenträger: Exception Processing Message 0xc0000013 Parameters 0x762692A0 0x00000004 0x762692A0 0x762692A0
Record Number: 338247
Source Name: Application Popup
Time Written: 20100206200832.000000-000
Event Type: Informationen
User:
Computer Name: ***
Event Code: 26
Message: Anwendungspopup: Windows - Kein Datenträger: Exception Processing Message 0xc0000013 Parameters 0x762692A0 0x00000004 0x762692A0 0x762692A0
Record Number: 338246
Source Name: Application Popup
Time Written: 20100206200832.000000-000
Event Type: Informationen
User:
Computer Name: ***
Event Code: 26
Message: Anwendungspopup: Windows - Kein Datenträger: Exception Processing Message 0xc0000013 Parameters 0x762692A0 0x00000004 0x762692A0 0x762692A0
Record Number: 338245
Source Name: Application Popup
Time Written: 20100206200832.000000-000
Event Type: Informationen
User:
Computer Name: ***
Event Code: 26
Message: Anwendungspopup: Windows - Kein Datenträger: Exception Processing Message 0xc0000013 Parameters 0x762692A0 0x00000004 0x762692A0 0x762692A0
Record Number: 338244
Source Name: Application Popup
Time Written: 20100206200832.000000-000
Event Type: Informationen
User:
=====Application event log=====
Computer Name: ***
Event Code: 5000
Message: McShield-Dienst gestartet.
Modulversion: 5100.0194
DAT-Version: 5140.0000
Anzahl an Signaturen in EXTRA.DAT: Kein
Namen der Bedrohungen, die EXTRA.DAT entdecken kann: Kein
Record Number: 15878
Source Name: McLogEvent
Time Written: 20071014173730.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
Computer Name: ***
Event Code: 5615
Message: Der Windows-Verwaltungsinstrumentationsdienst wurde erfolgreich gestartet.
Record Number: 15877
Source Name: Microsoft-Windows-WMI
Time Written: 20071014173729.000000-000
Event Type: Informationen
User:
Computer Name: ***
Event Code: 0
Message:
Record Number: 15876
Source Name: McAfee HackerWatch Service
Time Written: 20071014173726.000000-000
Event Type: Informationen
User:
Computer Name: ***
Event Code: 0
Message:
Record Number: 15875
Source Name: LVCOMSer
Time Written: 20071014173726.000000-000
Event Type: Informationen
User:
Computer Name: ***
Event Code: 4
Message: The LightScribe Service started successfully.
Record Number: 15874
Source Name: LightScribeService
Time Written: 20071014173726.000000-000
Event Type: Informationen
User:
=====Security event log=====
Computer Name: ***
Event Code: 5024
Message: Der Windows-Firewalldienst wurde erfolgreich gestartet.
Record Number: 37654
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081216153702.795809-000
Event Type: Überwachung erfolgreich
User:
Computer Name: ***
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.
Antragsteller:
Sicherheits-ID: S-1-0-0
Kontoname: -
Kontodomäne: -
Anmelde-ID: 0x0
Anmeldetyp: 3
Neue Anmeldung:
Sicherheits-ID: S-1-5-7
Kontoname: ANONYMOUS-ANMELDUNG
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x23138
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}
Prozessinformationen:
Prozess-ID: 0x0
Prozessname: -
Netzwerkinformationen:
Arbeitsstationsname:
Quellnetzwerkadresse: -
Quellport: -
Detaillierte Authentifizierungsinformationen:
Anmeldeprozess: NtLmSsp
Authentifizierungspaket: NTLM
Übertragene Dienste: -
Paketname (nur NTLM): NTLM V1
Schlüssellänge: 0
Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.
Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".
Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).
Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.
Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.
Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
- Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 37653
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081216153702.401809-000
Event Type: Überwachung erfolgreich
User:
Computer Name: ***
Event Code: 5033
Message: Der Windows-Firewalltreiber wurde erfolgreich gestartet.
Record Number: 37652
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081216153702.057408-000
Event Type: Überwachung erfolgreich
User:
Computer Name: ***
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.
Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7
Berechtigungen: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 37651
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081216153701.558205-000
Event Type: Überwachung erfolgreich
User:
Computer Name: ***
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.
Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: ***$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7
Anmeldetyp: 5
Neue Anmeldung:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}
Prozessinformationen:
Prozess-ID: 0x2b4
Prozessname: C:\Windows\System32\services.exe
Netzwerkinformationen:
Arbeitsstationsname:
Quellnetzwerkadresse: -
Quellport: -
Detaillierte Authentifizierungsinformationen:
Anmeldeprozess: Advapi
Authentifizierungspaket: Negotiate
Übertragene Dienste: -
Paketname (nur NTLM): -
Schlüssellänge: 0
Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.
Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".
Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).
Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.
Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.
Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
- Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 37650
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081216153701.558205-000
Event Type: Überwachung erfolgreich
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SYSTEMROOT%\SYSTEM32;%SYSTEMROOT%;%SYSTEMROOT%\SYSTEM32\WBEM;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM;C:\WINDOWS\SYSTEM32;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\proeWildfire 4.0\bin;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"KMP_DUPLICATE_LIB_OK"=TRUE
"MKL_SERIAL"=YES
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
Geändert von TanjasPets (14.03.2010 um 17:21 Uhr) |
|
14.03.2010, 17:17
| #2 |
| |  Falsche Google Weiterleitung und gar kein Internet mehr Ergebnis RSIT log:
__________________Code:
ATTFilter Logfile of random's system information tool 1.06 (written by random/random) Run by *** at 2010-03-14 16:06:20 Microsoft® Windows Vista™ Home Premium Service Pack 2 System drive C: has 44 GB (44%) free of 100 GB Total RAM: 3069 MB (47% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:06:55, on 14.03.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18882) Boot mode: Normal Running processes: C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\SYSTEM32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\CtHelper.exe C:\Windows\System32\CTXFIHLP.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Contour Shuttle\ShuttleHelper.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\System32\CTXFISPI.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\National Instruments\Shared\DataFinderDesktop\bin\DataFinder.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Cyberlink\PowerCinema\PCMService.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Winamp\winampa.exe C:\Windows\System32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\DAEMON Tools Pro\DTProAgent.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\rundll32.exe C:\Program Files\WinTV\Ir.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe C:\Program Files\Orbitdownloader\orbitdm.exe C:\Program Files\ScanPanel\ScnPanel.exe C:\Program Files\Orbitdownloader\orbitnet.exe C:\Program Files\UltraMon\UltraMon.exe D:\Setups\Greenshot\Greenshot-NO-INSTALLER-0.7.009\Greenshot.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Windows\system32\conime.exe C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe c:\program files\common files\installshield\updateservice\isuspm.exe C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe C:\Users\***\Desktop\RSIT.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\trend micro\***.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://w*w.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O1 - Hosts: ::1 localhost O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [Contour Shuttle Device Helper] C:\Program Files\Contour Shuttle\ShuttleHelper.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [DataFinder] "C:\Program Files\National Instruments\Shared\DataFinderDesktop\bin\DataFinder.exe" /auto O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [streamsys64] rundll32.exe "C:\Users\***\AppData\Local\streamsys64\streamsys64.dll", DllInit O4 - HKCU\..\Run: [Google Update] "C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount O4 - HKCU\..\RunOnce: [x64setup] cmd.exe /c "If EXIST "%programfiles%\VistaCodecPack\icons\icons64.dll" REG ADD HKCU\Software\GNU\ffdshow\default /v isSubtitles /t REG_DWORD /d 1 /f&® ADD HKCU\Software\GNU\ffdshow_audio /v ac3 /t REG_DWORD /d 15 /f&®svr32.exe /s "%programfiles%\VistaCodecPack\filters\MatroskaSplitter.ax"" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: FreeCommander.lnk = C:\Program Files\FreeCommander\FreeCommander.exe O4 - Startup: Greenshot.lnk = D:\Setups\Greenshot\Greenshot-NO-INSTALLER-0.7.009\Greenshot.exe O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe O4 - Global Startup: Directrec Configuration Tool.lnk = C:\Program Files\Olympus\DeviceDetector\DirectrecConfig.exe O4 - Global Startup: Microsoft Office Outlook 2007.lnk = ? O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe O4 - Global Startup: ScanPanel.lnk = C:\Program Files\ScanPanel\ScnPanel.exe O4 - Global Startup: UltraMon.lnk = ? O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.209,85.255.112.191 O17 - HKLM\System\CS1\Services\Tcpip\..\{1434E5AF-CA7E-4481-8CCE-8026F6B65648}: NameServer = 85.255.112.209,85.255.112.191 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe O23 - Service: DM1Service - OLYMPUS IMAGING CORP. - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c98f4f77a2eb1d) (gupdate1c98f4f77a2eb1d) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe (file missing) O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\system32\lkcitdl.exe O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\Windows\system32\lkads.exe O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\Windows\system32\lktsrv.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\Windows\system32\nisvcloc.exe O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe O23 - Service: NMSAccess - Unknown owner - C:\Windows\system32\NMSAccessU.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: OpcEnum - OPC Foundation - C:\Windows\SYSTEM32\OpcEnum.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: Contour Shuttle Device Engine (ShuttleEngine) - Contour Design, Inc. - C:\Program Files\Contour Shuttle\ShuttleEngine.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 18519 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3731796510-1770222979-60050208-1000Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3731796510-1770222979-60050208-1000UA.job C:\Windows\tasks\McDefragTask.job C:\Windows\tasks\McQcTask.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}] Octh Class - C:\Program Files\Orbitdownloader\orbitcth.dll [2008-08-22 130248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}] McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-07-08 246800] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}] scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-09-16 62784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-07-23 120608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-25 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}] free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfree.dll [2009-03-10 2079256] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120] {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Program Files\Orbitdownloader\GrabPro.dll [2008-08-22 433272] {ecdee021-0d17-467f-a1ff-c7a115230949} - free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfree.dll [2009-03-10 2079256] {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-07-23 120608] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184] "VolPanel"=C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [2006-09-28 155648] "CTHelper"=C:\Windows\SYSTEM32\CTHELPER.EXE [2006-11-02 19456] "CTxfiHlp"=C:\Windows\SYSTEM32\CTXFIHLP.EXE [2006-11-02 20480] "CTXFIREG"=C:\Windows\SYSTEM32\CTxfiReg.exe [2006-11-02 44032] "UpdReg"=C:\Windows\UpdReg.EXE [2000-05-11 90112] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-25 148888] "PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2007-01-20 200704] "Contour Shuttle Device Helper"=C:\Program Files\Contour Shuttle\ShuttleHelper.exe [2007-02-22 118784] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016] "ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-10-03 221184] "ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-10-03 81920] "Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdc.exe [2007-01-24 563080] "DataFinder"=C:\Program Files\National Instruments\Shared\DataFinderDesktop\bin\DataFinder.exe [2007-04-18 2083616] "Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-10-14 623992] ""= [] "PCMService"=C:\Program Files\CyberLink\PowerCinema\PCMService.exe [2007-06-22 151552] "LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-10-25 2178832] "LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984] "WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-01-15 37376] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-03 13535776] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-03 92704] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792] "AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712] "mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-10-29 1218008] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952] "DAEMON Tools Pro Agent"=C:\Program Files\DAEMON Tools Pro\DTProAgent.exe [2007-09-06 136136] "Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-08-21 443968] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240] "streamsys64"=C:\Users\***\AppData\Local\streamsys64\streamsys64.dll [2009-12-02 69632] "Google Update"=C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-31 135664] "AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2009-11-15 33120] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "x64setup"=cmd.exe /c If EXIST C:\Program Files\VistaCodecPack\icons\icons64.dll REG ADD HKCU\Software\GNU\ffdshow\default /v isSubtitles /t REG_DWORD /d 1 /f&® ADD HKCU\Software\GNU\ffdshow_audio /v ac3 /t REG_DWORD /d 15 /f&®svr32.exe /s C:\Program Files\VistaCodecPack\filters\MatroskaSplitter.ax [] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup AutoStart IR.lnk - C:\Program Files\WinTV\Ir.exe Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe Directrec Configuration Tool.lnk - C:\Program Files\Olympus\DeviceDetector\DirectrecConfig.exe Microsoft Office Outlook 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe ScanPanel.lnk - C:\Program Files\ScanPanel\ScnPanel.exe UltraMon.lnk - C:\Windows\Installer\{AF0FA6D7-96F3-468A-ABB7-28BE006EA8E9}\IcoUltraMon.ico C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup FreeCommander.lnk - C:\Program Files\FreeCommander\FreeCommander.exe Greenshot.lnk - D:\Setups\Greenshot\Greenshot-NO-INSTALLER-0.7.009\Greenshot.exe OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" "C:\Program Files\PPMate\ppmate.exe"="C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate" "C:\Program Files\PPMate\ppmnet.exe"="C:\Program Files\PPMate\ppmnet.exe:*:Enabled:PPMate" "C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit" "C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit" "C:\Users\***\AppData\Roaming\lssas.exe"="C:\Users\***\AppData\Roaming\lssas.exe:*:Enabled:Microsoft IIS Server" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] shell\AutoRun\command - F:\Setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J] shell\AutoRun\command - J:\Setupx.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L] shell\AutoRun\command - L:\Setup.exe -auto [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M] shell\AutoRun\command - M:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18d2ce47-de33-11db-818a-0019d14d5e0e}] shell\AutoRun\command - vlsdgsdsafkjbsdgkjbsdgkjbsdkgjgweagi\sadhhregdfskxjansfkjnllaskjnags\autorun.exekljkjgkjhf786rtuhgkjjkgkjgkjg shell\Explore\command - R:\ shell\open\command - vlsdgsdsafkjbsdgkjbsdgkjbsdkgjgweagi\sadhhregdfskxjansfkjnllaskjnags\autorun.exeivh76r87ygjhfougoiuhiug [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4eef0d66-d997-11db-8435-806e6f6e6963}] shell\AutoRun\command - E:\Zuchtw.exe ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1" ======List of files/folders created in the last 1 months====== 2010-03-14 16:06:20 ----D---- C:\rsit 2010-03-14 16:06:20 ----D---- C:\Program Files\trend micro 2010-03-13 23:54:44 ----D---- C:\Windows\system32\eu-ES 2010-03-13 23:54:44 ----D---- C:\Windows\system32\ca-ES 2010-03-13 23:54:39 ----D---- C:\Windows\system32\vi-VN 2010-03-13 23:31:07 ----D---- C:\Windows\system32\EventProviders 2010-03-13 22:37:37 ----A---- C:\Windows\system32\occache.dll 2010-03-13 22:37:37 ----A---- C:\Windows\system32\msfeeds.dll 2010-03-13 22:37:37 ----A---- C:\Windows\system32\jsproxy.dll 2010-03-13 22:37:37 ----A---- C:\Windows\system32\iepeers.dll 2010-03-13 22:37:36 ----A---- C:\Windows\system32\wininet.dll 2010-03-13 22:37:36 ----A---- C:\Windows\system32\msfeedsbs.dll 2010-03-13 22:37:36 ----A---- C:\Windows\system32\ieui.dll 2010-03-13 22:37:36 ----A---- C:\Windows\system32\iesetup.dll 2010-03-13 22:37:36 ----A---- C:\Windows\system32\iernonce.dll 2010-03-13 22:37:35 ----A---- C:\Windows\system32\urlmon.dll 2010-03-13 22:37:35 ----A---- C:\Windows\system32\msfeedssync.exe 2010-03-13 22:37:35 ----A---- C:\Windows\system32\ieUnatt.exe 2010-03-13 22:37:35 ----A---- C:\Windows\system32\iesysprep.dll 2010-03-13 22:37:35 ----A---- C:\Windows\system32\iertutil.dll 2010-03-13 22:37:35 ----A---- C:\Windows\system32\iedkcs32.dll 2010-03-13 22:37:35 ----A---- C:\Windows\system32\ie4uinit.exe 2010-03-13 22:37:34 ----A---- C:\Windows\system32\mshtml.dll 2010-03-13 22:37:34 ----A---- C:\Windows\system32\ieframe.dll 2010-03-13 22:36:34 ----A---- C:\Windows\system32\mshtmler.dll 2010-03-13 22:36:34 ----A---- C:\Windows\system32\mshtmled.dll 2010-03-13 22:36:34 ----A---- C:\Windows\system32\icardie.dll 2010-03-13 22:36:34 ----A---- C:\Windows\system32\admparse.dll 2010-03-13 22:36:33 ----A---- C:\Windows\system32\msls31.dll 2010-03-13 22:36:33 ----A---- C:\Windows\system32\imgutil.dll 2010-03-13 22:36:33 ----A---- C:\Windows\system32\ieakeng.dll 2010-03-13 22:36:33 ----A---- C:\Windows\system32\dxtrans.dll 2010-03-13 22:36:33 ----A---- C:\Windows\system32\dxtmsft.dll 2010-03-13 22:36:33 ----A---- C:\Windows\system32\corpol.dll 2010-03-13 22:36:32 ----A---- C:\Windows\system32\WinFXDocObj.exe 2010-03-13 22:36:32 ----A---- C:\Windows\system32\wextract.exe 2010-03-13 22:36:32 ----A---- C:\Windows\system32\webcheck.dll 2010-03-13 22:36:32 ----A---- C:\Windows\system32\mstime.dll 2010-03-13 22:36:32 ----A---- C:\Windows\system32\msrating.dll 2010-03-13 22:36:32 ----A---- C:\Windows\system32\licmgr10.dll 2010-03-13 22:36:32 ----A---- C:\Windows\system32\inseng.dll 2010-03-13 22:36:32 ----A---- C:\Windows\system32\ieakui.dll 2010-03-13 22:36:32 ----A---- C:\Windows\system32\ieaksie.dll 2010-03-13 22:36:31 ----A---- C:\Windows\system32\vbscript.dll 2010-03-13 22:36:31 ----A---- C:\Windows\system32\url.dll 2010-03-13 22:36:31 ----A---- C:\Windows\system32\pngfilt.dll 2010-03-13 22:36:31 ----A---- C:\Windows\system32\jscript.dll 2010-03-13 22:36:31 ----A---- C:\Windows\system32\ieapfltr.dll 2010-03-13 22:36:31 ----A---- C:\Windows\system32\advpack.dll 2010-03-13 22:36:30 ----A---- C:\Windows\system32\SetIEInstalledDate.exe 2010-03-13 22:36:30 ----A---- C:\Windows\system32\SetDepNx.exe 2010-03-13 22:36:30 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe 2010-03-13 22:36:30 ----A---- C:\Windows\system32\PDMSetup.exe 2010-03-13 22:36:30 ----A---- C:\Windows\system32\mshta.exe 2010-03-13 22:36:30 ----A---- C:\Windows\system32\iexpress.exe 2010-03-13 13:24:01 ----D---- C:\Users\***\AppData\Roaming\Malwarebytes 2010-03-13 13:23:55 ----D---- C:\ProgramData\Malwarebytes 2010-03-13 13:23:55 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-03-12 19:39:43 ----D---- C:\Users\***\AppData\Roaming\Move Networks 2010-03-11 00:13:38 ----A---- C:\Windows\system32\nshhttp.dll 2010-03-11 00:13:36 ----A---- C:\Windows\system32\httpapi.dll 2010-03-02 18:33:55 ----A---- C:\Windows\system32\stu2.exe 2010-02-26 22:22:51 ----A---- C:\Users\***\AppData\Roaming\nigE229.tmp 2010-02-24 09:37:21 ----A---- C:\Windows\system32\tzres.dll 2010-02-17 18:15:44 ----D---- C:\Program Files\FreeMind ======List of files/folders modified in the last 1 months====== 2010-03-14 16:06:48 ----D---- C:\Windows\Prefetch 2010-03-14 16:06:41 ----D---- C:\Windows\Temp 2010-03-14 16:06:20 ----RD---- C:\Program Files 2010-03-14 12:30:34 ----D---- C:\Windows 2010-03-14 11:35:30 ----D---- C:\Users\***\AppData\Roaming\uTorrent 2010-03-14 11:30:56 ----D---- C:\Program Files\uTorrent 2010-03-14 11:19:29 ----D---- C:\Users\***\AppData\Roaming\Orbit 2010-03-14 10:58:11 ----D---- C:\Windows\winsxs 2010-03-14 10:58:11 ----D---- C:\Windows\system32\catroot 2010-03-14 10:57:47 ----D---- C:\Windows\inf 2010-03-14 10:57:47 ----AD---- C:\Windows\System32 2010-03-14 10:57:47 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-03-14 00:38:18 ----D---- C:\Windows\rescache 2010-03-14 00:24:10 ----D---- C:\Windows\Microsoft.NET 2010-03-14 00:24:04 ----RSD---- C:\Windows\assembly 2010-03-14 00:05:05 ----SHD---- C:\Boot 2010-03-14 00:03:41 ----D---- C:\Windows\system32\catroot2 2010-03-14 00:02:57 ----HD---- C:\ProgramData 2010-03-13 23:56:04 ----D---- C:\Program Files\Windows Mail 2010-03-13 23:56:04 ----D---- C:\Program Files\Windows Calendar 2010-03-13 23:56:04 ----D---- C:\Program Files\Movie Maker 2010-03-13 23:56:03 ----D---- C:\Program Files\Windows Sidebar 2010-03-13 23:56:03 ----D---- C:\Program Files\Windows Media Player 2010-03-13 23:56:03 ----D---- C:\Program Files\Windows Journal 2010-03-13 23:56:03 ----D---- C:\Program Files\Windows Collaboration 2010-03-13 23:56:03 ----D---- C:\Program Files\Internet Explorer 2010-03-13 23:56:02 ----D---- C:\Program Files\Windows Photo Gallery 2010-03-13 23:56:02 ----D---- C:\Program Files\Common Files\System 2010-03-13 23:55:59 ----D---- C:\Windows\servicing 2010-03-13 23:55:59 ----D---- C:\Program Files\Windows Defender 2010-03-13 23:55:58 ----D---- C:\Windows\ehome 2010-03-13 23:55:48 ----D---- C:\Windows\IME 2010-03-13 23:55:47 ----D---- C:\Windows\system32\XPSViewer 2010-03-13 23:55:47 ----D---- C:\Windows\system32\sk-SK 2010-03-13 23:55:47 ----D---- C:\Windows\system32\lv-LV 2010-03-13 23:55:47 ----D---- C:\Windows\system32\ko-KR 2010-03-13 23:55:47 ----D---- C:\Windows\system32\hr-HR 2010-03-13 23:55:47 ----D---- C:\Windows\system32\et-EE 2010-03-13 23:55:47 ----D---- C:\Windows\system32\en-US 2010-03-13 23:55:47 ----D---- C:\Windows\system32\da-DK 2010-03-13 23:55:45 ----D---- C:\Windows\system32\de-DE 2010-03-13 23:55:42 ----D---- C:\Windows\system32\oobe 2010-03-13 23:55:42 ----D---- C:\Windows\system32\migration 2010-03-13 23:55:42 ----D---- C:\Windows\system32\it-IT 2010-03-13 23:55:42 ----D---- C:\Windows\system32\el-GR 2010-03-13 23:55:40 ----D---- C:\Windows\system32\sv-SE 2010-03-13 23:55:40 ----D---- C:\Windows\system32\SLUI 2010-03-13 23:55:40 ----D---- C:\Windows\system32\setup 2010-03-13 23:55:40 ----D---- C:\Windows\system32\ru-RU 2010-03-13 23:55:40 ----D---- C:\Windows\system32\pt-PT 2010-03-13 23:55:40 ----D---- C:\Windows\system32\hu-HU 2010-03-13 23:55:40 ----D---- C:\Windows\system32\he-IL 2010-03-13 23:55:40 ----D---- C:\Windows\system32\fr-FR 2010-03-13 23:55:40 ----D---- C:\Windows\system32\fi-FI 2010-03-13 23:55:40 ----D---- C:\Windows\system32\cs-CZ 2010-03-13 23:55:40 ----D---- C:\Windows\system32\AdvancedInstallers 2010-03-13 23:55:39 ----D---- C:\Windows\system32\zh-TW 2010-03-13 23:55:39 ----D---- C:\Windows\system32\zh-CN 2010-03-13 23:55:39 ----D---- C:\Windows\system32\uk-UA 2010-03-13 23:55:39 ----D---- C:\Windows\system32\sr-Latn-CS 2010-03-13 23:55:39 ----D---- C:\Windows\system32\sl-SI 2010-03-13 23:55:39 ----D---- C:\Windows\system32\ro-RO 2010-03-13 23:55:39 ----D---- C:\Windows\system32\pl-PL 2010-03-13 23:55:39 ----D---- C:\Windows\system32\manifeststore 2010-03-13 23:55:39 ----D---- C:\Windows\system32\ja-JP 2010-03-13 23:55:39 ----D---- C:\Windows\system32\es-ES 2010-03-13 23:55:39 ----D---- C:\Windows\system32\bg-BG 2010-03-13 23:55:38 ----D---- C:\Windows\system32\th-TH 2010-03-13 23:55:38 ----D---- C:\Windows\system32\drivers 2010-03-13 23:55:37 ----D---- C:\Windows\system32\wbem 2010-03-13 23:55:37 ----D---- C:\Windows\system32\tr-TR 2010-03-13 23:55:36 ----D---- C:\Windows\system32\nl-NL 2010-03-13 23:55:36 ----D---- C:\Windows\system32\nb-NO 2010-03-13 23:55:36 ----D---- C:\Windows\system32\migwiz 2010-03-13 23:55:36 ----D---- C:\Windows\system32\lt-LT 2010-03-13 23:55:36 ----D---- C:\Windows\system32\ar-SA 2010-03-13 23:55:35 ----D---- C:\Windows\system32\pt-BR 2010-03-13 23:54:51 ----RSD---- C:\Windows\Fonts 2010-03-13 23:54:50 ----D---- C:\Windows\AppPatch 2010-03-13 23:54:39 ----D---- C:\Windows\system32\Boot 2010-03-13 23:34:06 ----SHD---- C:\System Volume Information 2010-03-13 23:28:54 ----HD---- C:\Windows\system32\GroupPolicy 2010-03-13 23:21:17 ----D---- C:\Windows\PolicyDefinitions 2010-03-13 23:13:38 ----D---- C:\Windows\Minidump 2010-03-13 23:13:38 ----D---- C:\Windows\Debug 2010-03-13 23:05:22 ----D---- C:\Program Files\CCleaner 2010-03-02 18:33:56 ----D---- C:\Program Files\Mozilla Firefox 2010-03-02 06:30:12 ----A---- C:\Windows\system32\mrt.exe 2010-02-28 22:41:49 ----D---- C:\Users\***\AppData\Roaming\KeePass 2010-02-25 17:29:53 ----SHD---- C:\Windows\Installer 2010-02-24 09:16:06 ----N---- C:\Windows\system32\MpSigStub.exe 2010-02-20 11:30:07 ----D---- C:\Program Files\McAfee ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture; C:\Windows\system32\drivers\hcw88aud.sys [2007-12-17 12928] R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2009-09-16 214664] R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2009-04-09 130424] R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2007-01-20 31644] R2 ACEDRV08;ACEDRV08; \??\C:\Windows\system32\drivers\ACEDRV08.sys [2007-09-08 108768] R2 ACEDRV09;ACEDRV09; \??\C:\Windows\system32\drivers\ACEDRV09.sys [2009-06-25 110304] R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720] R2 cvintdrv;cvintdrv; C:\Windows\system32\drivers\cvintdrv.sys [2007-07-24 4096] R3 ctac32k;Creative AC3 Software Decoder; C:\Windows\system32\drivers\ctac32k.sys [2006-11-02 511288] R3 ctaud2k;Creative Audio Driver (WDM); C:\Windows\system32\drivers\ctaud2k.sys [2006-11-02 519864] R3 ctprxy2k;Creative Proxy Driver; C:\Windows\system32\drivers\ctprxy2k.sys [2006-11-02 14648] R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\Windows\system32\drivers\ctsfm2k.sys [2006-11-02 156984] R3 e1express;Intel(R) PRO/1000 PCI Express-Netzwerkverbindungstreiber; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-19 220672] R3 emupia;E-mu Plug-in Architecture Driver; C:\Windows\system32\drivers\emupia2k.sys [2006-11-02 90936] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600] R3 ha20x2k;Creative 20X HAL Driver; C:\Windows\system32\drivers\ha20x2k.sys [2006-11-02 1160504] R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod; C:\Windows\system32\drivers\hcw88bda.sys [2007-12-17 252800] R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder; C:\Windows\System32\Drivers\hcw88rc5.sys [2007-12-17 12288] R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture; C:\Windows\system32\drivers\hcw88tse.sys [2007-12-17 320256] R3 HCW88TUNE;Hauppauge WinTV 88x Tuner; C:\Windows\system32\drivers\hcw88tun.sys [2007-12-17 74624] R3 hcw88vid;Hauppauge WinTV 88x Video; C:\Windows\system32\drivers\hcw88vid.sys [2007-12-17 394880] R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar; C:\Windows\system32\drivers\HCW88BAR.sys [2007-12-17 17280] R3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\Windows\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488] R3 lvpopflt;Logitech POP Suppression Filter; C:\Windows\system32\DRIVERS\lvpopflt.sys [2007-05-12 1921184] R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624] R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-10-12 41752] R3 LVUVC;Logitech QuickCam Fusion(UVC); C:\Windows\system32\DRIVERS\lvuvc.sys [2007-05-12 3580832] R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2009-09-16 79816] R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2009-09-16 35272] R3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2009-09-16 40552] R3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] R3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-03 7460320] R3 ossrv;Creative OS Services Driver; C:\Windows\system32\drivers\ctoss2k.sys [2006-11-02 128312] R3 Ser2pl;Prolific Serial port driver; C:\Windows\system32\DRIVERS\ser2pl.sys [2009-11-19 81920] R3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] S3 a79sqsc6;a79sqsc6; C:\Windows\system32\drivers\a79sqsc6.sys [] S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\Windows\system32\drivers\ctdvda2k.sys [2006-11-02 347144] S3 DCamUSBEMPIA;USB 2860 Video; C:\Windows\system32\DRIVERS\emDevice.sys [2004-08-17 112525] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 fcdabus;fcdabus; C:\Windows\system32\DRIVERS\fcdabus.sys [] S3 FiltUSBEMPIA;USB Device Lower Filter; C:\Windows\system32\DRIVERS\emFilter.sys [2004-11-04 19328] S3 fsRamDsk;RamDisk Drive Service; C:\Windows\system32\DRIVERS\fsRamDsk.sys [] S3 LVcKap;Logitech AEC Driver; C:\Windows\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976] S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2009-09-16 34248] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 SampleScanner;USB Flatbed Scanner Driver; C:\Windows\system32\DRIVERS\ArtecGT.sys [2001-06-07 18120] S3 ScanUSBEMPIA;USB Still Image Capture Device; C:\Windows\system32\DRIVERS\emScan.sys [2004-08-12 4857] S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2009-09-28 7168] S3 usb_rndisx;USB-RNDIS-Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-04-11 15872] S3 VNUSB;VN Series Device; C:\Windows\system32\DRIVERS\VNUSB.sys [2006-04-07 38496] S3 WINUSB;WinUsb-Treiber; C:\Windows\system32\DRIVERS\WinUSB.SYS [2009-04-11 31616] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8; C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672] R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe [2007-06-22 290913] R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe [2007-06-22 118879] R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [1999-12-13 44032] R2 DM1Service;DM1Service; C:\Program Files\Olympus\DeviceDetector\DM1Service.exe [2007-02-16 69632] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440] R2 LkCitadelServer;Lookout Citadel Server; C:\Windows\system32\lkcitdl.exe [2007-03-21 695136] R2 lkClassAds;National Instruments PSP Server Locator; C:\Windows\system32\lkads.exe [2007-07-16 40488] R2 lkTimeSync;National Instruments Time Synchronization; C:\Windows\system32\lktsrv.exe [2007-07-16 50736] R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904] R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-07-23 206112] R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-09 865832] R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848] R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952] R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-09-16 144704] R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-10-27 895696] R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-07-08 26640] R2 mxssvr;NI Configuration Manager; C:\Program Files\National Instruments\MAX\nimxs.exe [2007-03-08 12696] R2 NIDomainService;National Instruments Domain Service; C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe [2007-07-16 213040] R2 NMSAccess;NMSAccess; C:\Windows\system32\NMSAccessU.exe [2009-01-12 71096] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-03 118784] R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\Cyberlink\Shared files\RichVideo.exe [2007-06-22 262247] R2 ShuttleEngine;Contour Shuttle Device Engine; C:\Program Files\Contour Shuttle\ShuttleEngine.exe [2007-02-22 86016] R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688] R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504] R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-11-29 867080] R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568] R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-09-16 606736] S2 gupdate1c98f4f77a2eb1d;Google Update Service (gupdate1c98f4f77a2eb1d); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-15 133104] S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848] S2 niSvcLoc;NI Service Locator; C:\Windows\system32\nisvcloc.exe [2007-07-19 48704] S2 NITaggerService;National Instruments Variable Engine; C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe [2007-07-23 609384] S2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-09-06 71096] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe [] S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-09-16 365072] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 OpcEnum;OpcEnum; C:\Windows\SYSTEM32\OpcEnum.exe [2007-05-09 98304] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728] S4 NILM License Manager;NILM License Manager; C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe [2007-01-29 1007616] -----------------EOF----------------- Ich hoffe, dass jemand damit was anfangen kann und mir weitere Anweisungen gibt. Vielen Dank schon mal im Voraus für die Hilfe, viele Grüße Tanja |
|
15.03.2010, 18:35
| #3 |
| | Falsche Google Weiterleitung und gar kein Internet mehr Hallo Zusammen,
__________________gerade ist mir noch was eingefallen, was auch noch nicht stimmt. In letzter Zeit habe ich in Foren öfters das Problem, dass beim Posten oder auch schon beim Anzeigen der Vorschau zu einem Post, ich folgende Fehlermeldung bekomme: Code:
ATTFilter Ihr Seitenaufruf konnte auf Grund eines fehlenden oder falschen Securitytokens nicht verarbeitet werden.
Wenn Sie meinen, dass es sich dabei um einen Fehler handelt, wenden Sie sich bitte an den Administrator und beschreiben Sie genau, was Sie gemacht haben, bevor diese Meldung angezeigt wurde.
Bin sehr gespannt auf weitere Anweisungen. Grüße Tanja |
|
19.03.2010, 11:08
| #4 |
| |  Falsche Google Weiterleitung und gar kein Internet mehr Hallo Zusammen, kann mir bitte jemand kurz eine Rückmeldung geben, ob mein Problem so schwierig ist (ich mich dann wohl schon seelisch und moralisch auf eine Neuinstallation vorbereiten muss), oder ob es reiner Zeitmangel ist, dass sich noch keiner gemedet hat? Vielen Dank, und viele Grüße Tanja |
|
22.03.2010, 08:11
| #5 | ||||
| /// Winkelfunktion /// TB-Süch-Tiger™   | Falsche Google Weiterleitung und gar kein Internet mehr Hallo und  Zitat:
Zitat:
Poste wenigtens das Log von CF und das Script, dass Du darauf losgelassen hast! Zitat:
 Zitat:
Poste wie gesagt das CF Logfile und erstell auch eins mit GMER und poste es.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
22.03.2010, 09:39
| #6 | ||||||
| | Falsche Google Weiterleitung und gar kein Internet mehr Hallo Arne, ersteinmal Danke für Deine Hilfe. Zitat:
Zitat:
Zitat:
--> Soll ich heute Abend mal ComboFix laufen lassen? Zitat:
Zitat:
Zitat:
Soll ich CF und GMER nach oder vor HijackThis laufen lassen? Danke für die Hilfe. Grüße Tanja |
|
22.03.2010, 09:40
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Falsche Google Weiterleitung und gar kein Internet mehr Ok, dann CF erstmal weglassen. Was ist hiermit: O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.03.2010, 09:43
| #8 | |
| | Falsche Google Weiterleitung und gar kein Internet mehrZitat:
|
|
22.03.2010, 20:22
| #9 |
| | 1 von 4 Hallo Arne, so hab nun folgendes gemacht: 1. Rechner hochgefahren HijackThis laufen lassen, es kam folgendes Logfiles raus: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:37:07, on 22.03.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18882) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\SYSTEM32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\CtHelper.exe C:\Windows\System32\CTXFIHLP.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Windows\System32\CTXFISPI.EXE C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Contour Shuttle\ShuttleHelper.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\National Instruments\Shared\DataFinderDesktop\bin\DataFinder.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Cyberlink\PowerCinema\PCMService.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Winamp\winampa.exe C:\Windows\System32\rundll32.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\DAEMON Tools Pro\DTProAgent.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\rundll32.exe C:\Program Files\WinTV\Ir.exe C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe C:\Program Files\Orbitdownloader\orbitdm.exe C:\Program Files\ScanPanel\ScnPanel.exe C:\Windows\System32\mobsync.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\UltraMon\UltraMon.exe D:\Setups\Greenshot\Greenshot-NO-INSTALLER-0.7.009\Greenshot.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Orbitdownloader\orbitnet.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\FreeCommander\FreeCommander.exe C:\Windows\SYSTEM32\taskeng.exe c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe C:\Windows\system32\conime.exe D:\Setups\HijackThis\HiJackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://w*w.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O1 - Hosts: ::1 localhost O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [Contour Shuttle Device Helper] C:\Program Files\Contour Shuttle\ShuttleHelper.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [DataFinder] "C:\Program Files\National Instruments\Shared\DataFinderDesktop\bin\DataFinder.exe" /auto O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [streamsys64] rundll32.exe "C:\Users\XXX\AppData\Local\streamsys64\streamsys64.dll", DllInit O4 - HKCU\..\Run: [Google Update] "C:\Users\XXX\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\RunOnce: [x64setup] cmd.exe /c "If EXIST "%programfiles%\VistaCodecPack\icons\icons64.dll" REG ADD HKCU\Software\GNU\ffdshow\default /v isSubtitles /t REG_DWORD /d 1 /f&® ADD HKCU\Software\GNU\ffdshow_audio /v ac3 /t REG_DWORD /d 15 /f&®svr32.exe /s "%programfiles%\VistaCodecPack\filters\MatroskaSplitter.ax"" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: FreeCommander.lnk = C:\Program Files\FreeCommander\FreeCommander.exe O4 - Startup: Greenshot.lnk = D:\Setups\Greenshot\Greenshot-NO-INSTALLER-0.7.009\Greenshot.exe O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe O4 - Global Startup: Directrec Configuration Tool.lnk = C:\Program Files\Olympus\DeviceDetector\DirectrecConfig.exe O4 - Global Startup: Microsoft Office Outlook 2007.lnk = ? O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe O4 - Global Startup: ScanPanel.lnk = C:\Program Files\ScanPanel\ScnPanel.exe O4 - Global Startup: UltraMon.lnk = ? O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.209,85.255.112.191 O17 - HKLM\System\CS1\Services\Tcpip\..\{1434E5AF-CA7E-4481-8CCE-8026F6B65648}: NameServer = 85.255.112.209,85.255.112.191 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe O23 - Service: DM1Service - OLYMPUS IMAGING CORP. - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c98f4f77a2eb1d) (gupdate1c98f4f77a2eb1d) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe (file missing) O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\system32\lkcitdl.exe O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\Windows\system32\lkads.exe O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\Windows\system32\lktsrv.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\Windows\system32\nisvcloc.exe O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe O23 - Service: NMSAccess - Unknown owner - C:\Windows\system32\NMSAccessU.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: OpcEnum - OPC Foundation - C:\Windows\SYSTEM32\OpcEnum.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: Contour Shuttle Device Engine (ShuttleEngine) - Contour Design, Inc. - C:\Program Files\Contour Shuttle\ShuttleEngine.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 18100 bytes 3. Im abgesicherten Modus HijackThis laufen lassen, es kam folgendes Logfiles raus: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:45:04, on 22.03.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18882) Boot mode: Safe mode Running processes: C:\Windows\Explorer.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\FreeCommander\FreeCommander.exe D:\Setups\HijackThis\HiJackThis\HijackThis.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://w*w.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O1 - Hosts: ::1 localhost O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [Contour Shuttle Device Helper] C:\Program Files\Contour Shuttle\ShuttleHelper.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [DataFinder] "C:\Program Files\National Instruments\Shared\DataFinderDesktop\bin\DataFinder.exe" /auto O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [streamsys64] rundll32.exe "C:\Users\XXX\AppData\Local\streamsys64\streamsys64.dll", DllInit O4 - HKCU\..\Run: [Google Update] "C:\Users\XXX\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\RunOnce: [x64setup] cmd.exe /c "If EXIST "%programfiles%\VistaCodecPack\icons\icons64.dll" REG ADD HKCU\Software\GNU\ffdshow\default /v isSubtitles /t REG_DWORD /d 1 /f&® ADD HKCU\Software\GNU\ffdshow_audio /v ac3 /t REG_DWORD /d 15 /f&®svr32.exe /s "%programfiles%\VistaCodecPack\filters\MatroskaSplitter.ax"" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: FreeCommander.lnk = C:\Program Files\FreeCommander\FreeCommander.exe O4 - Startup: Greenshot.lnk = D:\Setups\Greenshot\Greenshot-NO-INSTALLER-0.7.009\Greenshot.exe O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe O4 - Global Startup: Directrec Configuration Tool.lnk = C:\Program Files\Olympus\DeviceDetector\DirectrecConfig.exe O4 - Global Startup: Microsoft Office Outlook 2007.lnk = ? O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe O4 - Global Startup: ScanPanel.lnk = C:\Program Files\ScanPanel\ScnPanel.exe O4 - Global Startup: UltraMon.lnk = ? O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.209,85.255.112.191 O17 - HKLM\System\CS1\Services\Tcpip\..\{1434E5AF-CA7E-4481-8CCE-8026F6B65648}: NameServer = 85.255.112.209,85.255.112.191 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe O23 - Service: DM1Service - OLYMPUS IMAGING CORP. - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c98f4f77a2eb1d) (gupdate1c98f4f77a2eb1d) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe (file missing) O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\system32\lkcitdl.exe O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\Windows\system32\lkads.exe O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\Windows\system32\lktsrv.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\Windows\system32\nisvcloc.exe O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe O23 - Service: NMSAccess - Unknown owner - C:\Windows\system32\NMSAccessU.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: OpcEnum - OPC Foundation - C:\Windows\SYSTEM32\OpcEnum.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: Contour Shuttle Device Engine (ShuttleEngine) - Contour Design, Inc. - C:\Program Files\Contour Shuttle\ShuttleEngine.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 16173 bytes  5. Rechner wieder runter gefahren und im normalen Modus wieder hochgefahren. 6. Nochmal zur Kontrolle HijackThis laufen lassen, es kam folgendes Logfiles raus: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:59:29, on 22.03.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18882) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\SYSTEM32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\CtHelper.exe C:\Windows\System32\CTXFIHLP.EXE C:\Windows\System32\CTXFISPI.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Contour Shuttle\ShuttleHelper.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\National Instruments\Shared\DataFinderDesktop\bin\DataFinder.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Cyberlink\PowerCinema\PCMService.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Winamp\winampa.exe C:\Windows\System32\rundll32.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\DAEMON Tools Pro\DTProAgent.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\rundll32.exe C:\Program Files\WinTV\Ir.exe C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe C:\Program Files\Orbitdownloader\orbitdm.exe C:\Program Files\ScanPanel\ScnPanel.exe C:\Windows\ehome\ehmsas.exe C:\Windows\System32\mobsync.exe C:\Program Files\UltraMon\UltraMon.exe C:\Program Files\FreeCommander\FreeCommander.exe C:\Windows\system32\wbem\unsecapp.exe D:\Setups\Greenshot\Greenshot-NO-INSTALLER-0.7.009\Greenshot.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Orbitdownloader\orbitnet.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Java\jre6\bin\jucheck.exe D:\Setups\HijackThis\HiJackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://w*w.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O1 - Hosts: ::1 localhost O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [Contour Shuttle Device Helper] C:\Program Files\Contour Shuttle\ShuttleHelper.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [DataFinder] "C:\Program Files\National Instruments\Shared\DataFinderDesktop\bin\DataFinder.exe" /auto O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [streamsys64] rundll32.exe "C:\Users\XXX\AppData\Local\streamsys64\streamsys64.dll", DllInit O4 - HKCU\..\Run: [Google Update] "C:\Users\XXX\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\RunOnce: [x64setup] cmd.exe /c "If EXIST "%programfiles%\VistaCodecPack\icons\icons64.dll" REG ADD HKCU\Software\GNU\ffdshow\default /v isSubtitles /t REG_DWORD /d 1 /f&® ADD HKCU\Software\GNU\ffdshow_audio /v ac3 /t REG_DWORD /d 15 /f&®svr32.exe /s "%programfiles%\VistaCodecPack\filters\MatroskaSplitter.ax"" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: FreeCommander.lnk = C:\Program Files\FreeCommander\FreeCommander.exe O4 - Startup: Greenshot.lnk = D:\Setups\Greenshot\Greenshot-NO-INSTALLER-0.7.009\Greenshot.exe O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe O4 - Global Startup: Directrec Configuration Tool.lnk = C:\Program Files\Olympus\DeviceDetector\DirectrecConfig.exe O4 - Global Startup: Microsoft Office Outlook 2007.lnk = ? O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe O4 - Global Startup: ScanPanel.lnk = C:\Program Files\ScanPanel\ScnPanel.exe O4 - Global Startup: UltraMon.lnk = ? O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe O23 - Service: DM1Service - OLYMPUS IMAGING CORP. - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c98f4f77a2eb1d) (gupdate1c98f4f77a2eb1d) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe (file missing) O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\system32\lkcitdl.exe O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\Windows\system32\lkads.exe O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\Windows\system32\lktsrv.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\Windows\system32\nisvcloc.exe O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe O23 - Service: NMSAccess - Unknown owner - C:\Windows\system32\NMSAccessU.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: OpcEnum - OPC Foundation - C:\Windows\SYSTEM32\OpcEnum.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: Contour Shuttle Device Engine (ShuttleEngine) - Contour Design, Inc. - C:\Program Files\Contour Shuttle\ShuttleEngine.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 17776 bytes Code:
ATTFilter GMER 1.0.15.15281 - h**p://www.gmer.net
Rootkit scan 2010-03-22 19:22:06
Windows 6.0.6002 Service Pack 2
Running: xixbi9k7.exe; Driver: C:\Users\XXX~1\AppData\Local\Temp\uxldipow.sys
---- System - GMER 1.0.15 ----
INT 0x61 ? 8612EBF8
INT 0x71 ? 876A0F00
INT 0x71 ? 876A0F00
INT 0x82 ? 876A0F00
INT 0x92 ? 876A0F00
INT 0xA2 ? 876A0F00
INT 0xB2 ? 876A0F00
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x9602579E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x96025738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x9602574C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x960257DC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x9602581F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x96025710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x96025724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x960257B2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x96025847]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x96025833]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x9602578A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x96025776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x9602580B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x960257F2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x960257C8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x96025762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwYieldExecution 82A349D2 5 Bytes JMP 960257CC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 82BC85B5 5 Bytes JMP 96025823 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateUserProcess 82BD2B82 5 Bytes JMP 96025766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 82BF9D60 5 Bytes JMP 9602580F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 82C1944C 7 Bytes JMP 960257E0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 82C1970F 5 Bytes JMP 960257F6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 82C1D47A 5 Bytes JMP 9602577A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 82C22E8D 7 Bytes JMP 960257B6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 82C250AA 5 Bytes JMP 96025728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 82C29B58 5 Bytes JMP 96025714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 82C4AD59 5 Bytes JMP 960257A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 82C5B7B2 5 Bytes JMP 96025837 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 82C5C9B6 5 Bytes JMP 9602584B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 82C9A74B 5 Bytes JMP 9602573C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82C9A796 7 Bytes JMP 96025750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 82C9B253 5 Bytes JMP 9602578E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? System32\Drivers\spkr.sys Das System kann den angegebenen Pfad nicht finden. !
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8F00D340, 0x3D9767, 0xE8000020]
.text USBPORT.SYS!DllUnload 8EAF441B 5 Bytes JMP 876A04E0
.text aaicilxk.SYS 8F865000 22 Bytes [82, 93, DC, 82, 6C, 92, DC, ...]
.text aaicilxk.SYS 8F865017 34 Bytes [00, 32, A7, 78, 80, 3D, A5, ...]
.text aaicilxk.SYS 8F86503A 3 Bytes CALL 902BD2E3
.text aaicilxk.SYS 8F86503E 142 Bytes [A3, 82, 60, FA, AA, 82, E0, ...]
.text aaicilxk.SYS 8F8650CE 73 Bytes [00, 00, 00, 00, 01, C2, 03, ...]
.text ...
.text C:\Windows\system32\drivers\ACEDRV08.sys section is writeable [0x96173000, 0x328BA, 0xE8000020]
.pklstb C:\Windows\system32\drivers\ACEDRV08.sys entry point in ".pklstb" section [0x961B7000]
.relo2 C:\Windows\system32\drivers\ACEDRV08.sys unknown last section [0x961D3000, 0x8E, 0x42000040]
.text C:\Windows\system32\drivers\ACEDRV09.sys section is writeable [0x8EA01000, 0x3326E, 0xE8000020]
.pklstb C:\Windows\system32\drivers\ACEDRV09.sys entry point in ".pklstb" section [0x8EA46000]
.relo2 C:\Windows\system32\drivers\ACEDRV09.sys unknown last section [0x8EA62000, 0x8E, 0x42000040]
|
|
22.03.2010, 20:23
| #10 |
| | 2 von 4Code:
ATTFilter ---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\services.exe[672] kernel32.dll!GetStartupInfoW 775C1929 5 Bytes JMP 00280EE9
.text C:\Windows\system32\services.exe[672] kernel32.dll!GetStartupInfoA 775C19C9 5 Bytes JMP 00280EFA
.text C:\Windows\system32\services.exe[672] kernel32.dll!CreateProcessW 775C1BF3 5 Bytes JMP 00280EA2
.text C:\Windows\system32\services.exe[672] kernel32.dll!CreateProcessA 775C1C28 5 Bytes JMP 00280EB3
.text C:\Windows\system32\services.exe[672] kernel32.dll!VirtualProtect 775C1DC3 5 Bytes JMP 00280F55
.text C:\Windows\system32\services.exe[672] kernel32.dll!CreateNamedPipeA 775C2EF5 5 Bytes JMP 00280014
.text C:\Windows\system32\services.exe[672] kernel32.dll!CreateNamedPipeW 775C5C0C 5 Bytes JMP 00280FC3
.text C:\Windows\system32\services.exe[672] kernel32.dll!CreatePipe 775E8E6E 5 Bytes JMP 00280F15
.text C:\Windows\system32\services.exe[672] kernel32.dll!LoadLibraryExW 775E9109 5 Bytes JMP 0028002F
.text C:\Windows\system32\services.exe[672] kernel32.dll!LoadLibraryW 775E9362 5 Bytes JMP 00280F97
.text C:\Windows\system32\services.exe[672] kernel32.dll!LoadLibraryExA 775E94B4 5 Bytes JMP 00280F7C
.text C:\Windows\system32\services.exe[672] kernel32.dll!LoadLibraryA 775E94DC 5 Bytes JMP 00280FB2
.text C:\Windows\system32\services.exe[672] kernel32.dll!VirtualProtectEx 775EDBDA 5 Bytes JMP 00280F3A
.text C:\Windows\system32\services.exe[672] kernel32.dll!GetProcAddress 7760903B 5 Bytes JMP 00280054
.text C:\Windows\system32\services.exe[672] kernel32.dll!CreateFileW 7760AECB 5 Bytes JMP 00280FDE
.text C:\Windows\system32\services.exe[672] kernel32.dll!CreateFileA 7760CE5F 5 Bytes JMP 00280FEF
.text C:\Windows\system32\services.exe[672] kernel32.dll!WinExec 77655CF7 5 Bytes JMP 00280EC4
.text C:\Windows\system32\services.exe[672] ADVAPI32.dll!RegCreateKeyExA 777639AB 5 Bytes JMP 0029003D
.text C:\Windows\system32\services.exe[672] ADVAPI32.dll!RegCreateKeyA 77763BA9 5 Bytes JMP 00290022
.text C:\Windows\system32\services.exe[672] ADVAPI32.dll!RegOpenKeyA 777689C7 5 Bytes JMP 00290FEF
.text C:\Windows\system32\services.exe[672] ADVAPI32.dll!RegCreateKeyW 7777391E 5 Bytes JMP 00290F9B
.text C:\Windows\system32\services.exe[672] ADVAPI32.dll!RegCreateKeyExW 777741F1 5 Bytes JMP 00290058
.text C:\Windows\system32\services.exe[672] ADVAPI32.dll!RegOpenKeyExA 77777C42 5 Bytes JMP 00290000
.text C:\Windows\system32\services.exe[672] ADVAPI32.dll!RegOpenKeyW 7777E2B5 5 Bytes JMP 00290FD4
.text C:\Windows\system32\services.exe[672] ADVAPI32.dll!RegOpenKeyExW 77787BA1 5 Bytes JMP 00290011
.text C:\Windows\system32\services.exe[672] msvcrt.dll!_wsystem 77C97F2F 5 Bytes JMP 00BC0047
.text C:\Windows\system32\services.exe[672] msvcrt.dll!system 77C9804B 5 Bytes JMP 00BC002C
.text C:\Windows\system32\services.exe[672] msvcrt.dll!_creat 77C9BBE1 5 Bytes JMP 00BC001B
.text C:\Windows\system32\services.exe[672] msvcrt.dll!_open 77C9D106 5 Bytes JMP 00BC0000
.text C:\Windows\system32\services.exe[672] msvcrt.dll!_wcreat 77C9D326 5 Bytes JMP 00BC0FBC
.text C:\Windows\system32\services.exe[672] msvcrt.dll!_wopen 77C9D501 5 Bytes JMP 00BC0FD7
.text C:\Windows\system32\services.exe[672] WS2_32.dll!socket 773C36D1 5 Bytes JMP 00270FE5
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!GetStartupInfoW 775C1929 5 Bytes JMP 001E0F65
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!GetStartupInfoA 775C19C9 5 Bytes JMP 001E00AB
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!CreateProcessW 775C1BF3 5 Bytes JMP 001E00EB
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!CreateProcessA 775C1C28 5 Bytes JMP 001E0F54
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!VirtualProtect 775C1DC3 5 Bytes JMP 001E0075
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!CreateNamedPipeA 775C2EF5 5 Bytes JMP 001E001B
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!CreateNamedPipeW 775C5C0C 5 Bytes JMP 001E0FCA
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!CreatePipe 775E8E6E 5 Bytes JMP 001E0F8A
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!LoadLibraryExW 775E9109 5 Bytes JMP 001E0058
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!LoadLibraryW 775E9362 5 Bytes JMP 001E0F9B
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!LoadLibraryExA 775E94B4 5 Bytes JMP 001E0047
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!LoadLibraryA 775E94DC 5 Bytes JMP 001E002C
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!VirtualProtectEx 775EDBDA 5 Bytes JMP 001E009A
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!GetProcAddress 7760903B 5 Bytes JMP 001E0110
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!CreateFileW 7760AECB 5 Bytes JMP 001E0FE5
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!CreateFileA 7760CE5F 5 Bytes JMP 001E0000
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!WinExec 77655CF7 5 Bytes JMP 001E00C6
.text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegCreateKeyExA 777639AB 5 Bytes JMP 00810FC0
.text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegCreateKeyA 77763BA9 5 Bytes JMP 00810FDB
.text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegOpenKeyA 777689C7 5 Bytes JMP 00810000
.text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegCreateKeyW 7777391E 5 Bytes JMP 00810062
.text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegCreateKeyExW 777741F1 5 Bytes JMP 0081007D
.text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegOpenKeyExA 77777C42 5 Bytes JMP 0081002C
.text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegOpenKeyW 7777E2B5 5 Bytes JMP 00810011
.text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegOpenKeyExW 77787BA1 5 Bytes JMP 00810047
.text C:\Windows\system32\lsass.exe[704] msvcrt.dll!_wsystem 77C97F2F 5 Bytes JMP 00820031
.text C:\Windows\system32\lsass.exe[704] msvcrt.dll!system 77C9804B 5 Bytes JMP 00820016
.text C:\Windows\system32\lsass.exe[704] msvcrt.dll!_creat 77C9BBE1 5 Bytes JMP 00820FB7
.text C:\Windows\system32\lsass.exe[704] msvcrt.dll!_open 77C9D106 5 Bytes JMP 00820FEF
.text C:\Windows\system32\lsass.exe[704] msvcrt.dll!_wcreat 77C9D326 5 Bytes JMP 00820FA6
.text C:\Windows\system32\lsass.exe[704] msvcrt.dll!_wopen 77C9D501 5 Bytes JMP 00820FD2
.text C:\Windows\system32\lsass.exe[704] WS2_32.dll!socket 773C36D1 5 Bytes JMP 001C0000
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!GetStartupInfoW 775C1929 5 Bytes JMP 008400A1
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!GetStartupInfoA 775C19C9 5 Bytes JMP 00840090
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!CreateProcessW 775C1BF3 5 Bytes JMP 00840F0A
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!CreateProcessA 775C1C28 5 Bytes JMP 00840F25
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!VirtualProtect 775C1DC3 5 Bytes JMP 00840053
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!CreateNamedPipeA 775C2EF5 5 Bytes JMP 00840FC3
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!CreateNamedPipeW 775C5C0C 5 Bytes JMP 00840FA8
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!CreatePipe 775E8E6E 5 Bytes JMP 0084007F
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!LoadLibraryExW 775E9109 5 Bytes JMP 00840036
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!LoadLibraryW 775E9362 5 Bytes JMP 00840F83
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!LoadLibraryExA 775E94B4 5 Bytes JMP 00840025
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!LoadLibraryA 775E94DC 5 Bytes JMP 0084000A
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!VirtualProtectEx 775EDBDA 5 Bytes JMP 0084006E
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!GetProcAddress 7760903B 5 Bytes JMP 008400C6
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!CreateFileW 7760AECB 5 Bytes JMP 00840FD4
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!CreateFileA 7760CE5F 5 Bytes JMP 00840FEF
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!WinExec 77655CF7 5 Bytes JMP 00840F40
.text C:\Windows\system32\svchost.exe[856] msvcrt.dll!_wsystem 77C97F2F 5 Bytes JMP 00860047
.text C:\Windows\system32\svchost.exe[856] msvcrt.dll!system 77C9804B 5 Bytes JMP 00860FBC
.text C:\Windows\system32\svchost.exe[856] msvcrt.dll!_creat 77C9BBE1 5 Bytes JMP 00860FD7
.text C:\Windows\system32\svchost.exe[856] msvcrt.dll!_open 77C9D106 5 Bytes JMP 00860000
.text C:\Windows\system32\svchost.exe[856] msvcrt.dll!_wcreat 77C9D326 5 Bytes JMP 0086002C
.text C:\Windows\system32\svchost.exe[856] msvcrt.dll!_wopen 77C9D501 5 Bytes JMP 00860011
.text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!RegCreateKeyExA 777639AB 5 Bytes JMP 0085006C
.text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!RegCreateKeyA 77763BA9 5 Bytes JMP 00850FCA
.text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!RegOpenKeyA 777689C7 5 Bytes JMP 00850000
.text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!RegCreateKeyW 7777391E 5 Bytes JMP 00850051
.text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!RegCreateKeyExW 777741F1 5 Bytes JMP 00850FAF
.text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!RegOpenKeyExA 77777C42 5 Bytes JMP 00850FE5
.text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!RegOpenKeyW 7777E2B5 5 Bytes JMP 0085001B
.text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!RegOpenKeyExW 77787BA1 5 Bytes JMP 00850036
.text C:\Windows\system32\svchost.exe[856] WS2_32.dll!socket 773C36D1 5 Bytes JMP 006E0000
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!GetStartupInfoW 775C1929 5 Bytes JMP 00680095
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!GetStartupInfoA 775C19C9 5 Bytes JMP 00680F59
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!CreateProcessW 775C1BF3 5 Bytes JMP 00680EFE
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!CreateProcessA 775C1C28 5 Bytes JMP 00680F19
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!VirtualProtect 775C1DC3 5 Bytes JMP 00680062
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!CreateNamedPipeA 775C2EF5 5 Bytes JMP 00680FAF
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!CreateNamedPipeW 775C5C0C 5 Bytes JMP 00680000
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!CreatePipe 775E8E6E 5 Bytes JMP 00680084
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!LoadLibraryExW 775E9109 5 Bytes JMP 00680F8A
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!LoadLibraryW 775E9362 5 Bytes JMP 00680022
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!LoadLibraryExA 775E94B4 5 Bytes JMP 0068003D
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!LoadLibraryA 775E94DC 5 Bytes JMP 00680011
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!VirtualProtectEx 775EDBDA 5 Bytes JMP 00680073
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!GetProcAddress 7760903B 5 Bytes JMP 006800B0
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!CreateFileW 7760AECB 5 Bytes JMP 00680FD4
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!CreateFileA 7760CE5F 5 Bytes JMP 00680FE5
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!WinExec 77655CF7 5 Bytes JMP 00680F2A
.text C:\Windows\system32\svchost.exe[932] msvcrt.dll!_wsystem 77C97F2F 5 Bytes JMP 006A0F8D
.text C:\Windows\system32\svchost.exe[932] msvcrt.dll!system 77C9804B 5 Bytes JMP 006A0F9E
.text C:\Windows\system32\svchost.exe[932] msvcrt.dll!_creat 77C9BBE1 5 Bytes JMP 006A0FD4
.text C:\Windows\system32\svchost.exe[932] msvcrt.dll!_open 77C9D106 5 Bytes JMP 006A0FEF
.text C:\Windows\system32\svchost.exe[932] msvcrt.dll!_wcreat 77C9D326 5 Bytes JMP 006A0FC3
.text C:\Windows\system32\svchost.exe[932] msvcrt.dll!_wopen 77C9D501 5 Bytes JMP 006A000C
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!RegCreateKeyExA 777639AB 5 Bytes JMP 00690062
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!RegCreateKeyA 77763BA9 5 Bytes JMP 00690FC0
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!RegOpenKeyA 777689C7 5 Bytes JMP 00690000
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!RegCreateKeyW 7777391E 5 Bytes JMP 00690047
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!RegCreateKeyExW 777741F1 5 Bytes JMP 00690F9B
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!RegOpenKeyExA 77777C42 5 Bytes JMP 0069002C
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!RegOpenKeyW 7777E2B5 5 Bytes JMP 00690011
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!RegOpenKeyExW 77787BA1 5 Bytes JMP 00690FDB
.text C:\Windows\system32\svchost.exe[932] WS2_32.dll!socket 773C36D1 5 Bytes JMP 001F0FEF
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!GetStartupInfoW 775C1929 5 Bytes JMP 00670084
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!GetStartupInfoA 775C19C9 5 Bytes JMP 00670F3E
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!CreateProcessW 775C1BF3 5 Bytes JMP 0067009F
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!CreateProcessA 775C1C28 5 Bytes JMP 00670F12
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!VirtualProtect 775C1DC3 5 Bytes JMP 00670F74
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!CreateNamedPipeA 775C2EF5 5 Bytes JMP 00670022
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!CreateNamedPipeW 775C5C0C 5 Bytes JMP 00670FC7
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!CreatePipe 775E8E6E 5 Bytes JMP 00670069
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!LoadLibraryExW 775E9109 5 Bytes JMP 0067004E
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!LoadLibraryW 775E9362 5 Bytes JMP 00670033
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!LoadLibraryExA 775E94B4 5 Bytes JMP 00670F91
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!LoadLibraryA 775E94DC 5 Bytes JMP 00670FAC
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!VirtualProtectEx 775EDBDA 5 Bytes JMP 00670F63
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!GetProcAddress 7760903B 5 Bytes JMP 006700C4
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!CreateFileW 7760AECB 5 Bytes JMP 00670011
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!CreateFileA 7760CE5F 5 Bytes JMP 00670000
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!WinExec 77655CF7 5 Bytes JMP 00670F23
.text C:\Windows\System32\svchost.exe[968] msvcrt.dll!_wsystem 77C97F2F 5 Bytes JMP 006A0FBE
.text C:\Windows\System32\svchost.exe[968] msvcrt.dll!system 77C9804B 5 Bytes JMP 006A003F
.text C:\Windows\System32\svchost.exe[968] msvcrt.dll!_creat 77C9BBE1 5 Bytes JMP 006A002E
.text C:\Windows\System32\svchost.exe[968] msvcrt.dll!_open 77C9D106 5 Bytes JMP 006A0000
.text C:\Windows\System32\svchost.exe[968] msvcrt.dll!_wcreat 77C9D326 5 Bytes JMP 006A0FD9
.text C:\Windows\System32\svchost.exe[968] msvcrt.dll!_wopen 77C9D501 5 Bytes JMP 006A001D
.text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyExA 777639AB 5 Bytes JMP 00680F83
.text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyA 77763BA9 5 Bytes JMP 0068001B
.text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyA 777689C7 5 Bytes JMP 00680000
.text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyW 7777391E 5 Bytes JMP 00680F94
.text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyExW 777741F1 5 Bytes JMP 00680F72
.text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyExA 77777C42 5 Bytes JMP 00680FCA
.text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyW 7777E2B5 5 Bytes JMP 00680FE5
.text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyExW 77787BA1 5 Bytes JMP 00680FAF
.text C:\Windows\System32\svchost.exe[968] WS2_32.dll!socket 773C36D1 5 Bytes JMP 0066000A
.text C:\Windows\System32\svchost.exe[968] wininet.dll!InternetOpenA 779CD690 5 Bytes JMP 00690000
.text C:\Windows\System32\svchost.exe[968] wininet.dll!InternetOpenW 779CDB09 5 Bytes JMP 0069001B
.text C:\Windows\System32\svchost.exe[968] wininet.dll!InternetOpenUrlA 779CF3A4 5 Bytes JMP 0069002C
.text C:\Windows\System32\svchost.exe[968] wininet.dll!InternetOpenUrlW 77A16DDF 5 Bytes JMP 00690FDB
.text C:\Windows\System32\svchost.exe[1016] kernel32.dll!GetStartupInfoW 775C1929 5 Bytes JMP 009A0096
.text C:\Windows\System32\svchost.exe[1016] kernel32.dll!GetStartupInfoA 775C19C9 5 Bytes JMP 009A0F5A
.text C:\Windows\System32\svchost.exe[1016] kernel32.dll!CreateProcessW 775C1BF3 5 Bytes JMP 009A0EFF
.text C:\Windows\System32\svchost.exe[1016] kernel32.dll!CreateProcessA 775C1C28 5 Bytes JMP 009A0F10
.text C:\Windows\System32\svchost.exe[1016] kernel32.dll!VirtualProtect 775C1DC3 5 Bytes JMP 009A0F97
.text C:\Windows\System32\svchost.exe[1016] kernel32.dll!CreateNamedPipeA 775C2EF5 5 Bytes JMP 009A0FD4
.text C:\Windows\System32\svchost.exe[1016] kernel32.dll!CreateNamedPipeW 775C5C0C 5 Bytes JMP 009A0FC3
.text C:\Windows\System32\svchost.exe[1016] kernel32.dll!CreatePipe 775E8E6E 5 Bytes JMP 009A0F75
.text C:\Windows\System32\svchost.exe[1016] kernel32.dll!LoadLibraryExW 775E9109 5 Bytes JMP 009A0FB2
.text C:\Windows\System32\svchost.exe[1016] kernel32.dll!LoadLibraryW 775E9362 5 Bytes JMP 009A0054
.text C:\Windows\System32\svchost.exe[1016] kernel32.dll!LoadLibraryExA 775E94B4 5 Bytes JMP 009A006F
.text C:\Windows\System32\svchost.exe[1016] kernel32.dll!LoadLibraryA 775E94DC 5 Bytes JMP 009A0039
.text C:\Windows\System32\svchost.exe[1016] kernel32.dll!VirtualProtectEx 775EDBDA 5 Bytes JMP 009A0F86
.text C:\Windows\System32\svchost.exe[1016] kernel32.dll!GetProcAddress 7760903B 5 Bytes JMP 009A00BB
.text C:\Windows\System32\svchost.exe[1016] kernel32.dll!CreateFileW 7760AECB 5 Bytes JMP 009A0FE5
.text C:\Windows\System32\svchost.exe[1016] kernel32.dll!CreateFileA 7760CE5F 5 Bytes JMP 009A0000
.text C:\Windows\System32\svchost.exe[1016] kernel32.dll!WinExec 77655CF7 5 Bytes JMP 009A0F2B
.text C:\Windows\System32\svchost.exe[1016] msvcrt.dll!_wsystem 77C97F2F 5 Bytes JMP 009C0F97
.text C:\Windows\System32\svchost.exe[1016] msvcrt.dll!system 77C9804B 5 Bytes JMP 009C002C
.text C:\Windows\System32\svchost.exe[1016] msvcrt.dll!_creat 77C9BBE1 5 Bytes JMP 009C0FC6
.text C:\Windows\System32\svchost.exe[1016] msvcrt.dll!_open 77C9D106 5 Bytes JMP 009C0000
.text C:\Windows\System32\svchost.exe[1016] msvcrt.dll!_wcreat 77C9D326 5 Bytes JMP 009C0011
.text C:\Windows\System32\svchost.exe[1016] msvcrt.dll!_wopen 77C9D501 5 Bytes JMP 009C0FE3
.text C:\Windows\System32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyExA 777639AB 5 Bytes JMP 009B0047
.text C:\Windows\System32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyA 77763BA9 5 Bytes JMP 009B0025
.text C:\Windows\System32\svchost.exe[1016] ADVAPI32.dll!RegOpenKeyA 777689C7 5 Bytes JMP 009B0FE5
.text C:\Windows\System32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyW 7777391E 5 Bytes JMP 009B0036
.text C:\Windows\System32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyExW 777741F1 5 Bytes JMP 009B0058
.text C:\Windows\System32\svchost.exe[1016] ADVAPI32.dll!RegOpenKeyExA 77777C42 5 Bytes JMP 009B000A
.text C:\Windows\System32\svchost.exe[1016] ADVAPI32.dll!RegOpenKeyW 7777E2B5 5 Bytes JMP 009B0FCA
.text C:\Windows\System32\svchost.exe[1016] ADVAPI32.dll!RegOpenKeyExW 77787BA1 5 Bytes JMP 009B0FB9
.text C:\Windows\System32\svchost.exe[1016] WS2_32.dll!socket 773C36D1 5 Bytes JMP 00220FEF
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!GetStartupInfoW 775C1929 5 Bytes JMP 008C008E
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!GetStartupInfoA 775C19C9 5 Bytes JMP 008C007D
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!CreateProcessW 775C1BF3 5 Bytes JMP 008C0F12
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!CreateProcessA 775C1C28 5 Bytes JMP 008C0F23
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!VirtualProtect 775C1DC3 5 Bytes JMP 008C0F5C
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!CreateNamedPipeA 775C2EF5 5 Bytes JMP 008C001B
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!CreateNamedPipeW 775C5C0C 5 Bytes JMP 008C0FC0
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!CreatePipe 775E8E6E 5 Bytes JMP 008C006C
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!LoadLibraryExW 775E9109 5 Bytes JMP 008C0F6D
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!LoadLibraryW 775E9362 5 Bytes JMP 008C002C
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!LoadLibraryExA 775E94B4 5 Bytes JMP 008C0F8A
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!LoadLibraryA 775E94DC 5 Bytes JMP 008C0FA5
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!VirtualProtectEx 775EDBDA 5 Bytes JMP 008C005B
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!GetProcAddress 7760903B 5 Bytes JMP 008C0EF7
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!CreateFileW 7760AECB 5 Bytes JMP 008C000A
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!CreateFileA 7760CE5F 5 Bytes JMP 008C0FEF
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!WinExec 77655CF7 5 Bytes JMP 008C009F
.text C:\Windows\System32\svchost.exe[1092] msvcrt.dll!_wsystem 77C97F2F 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[1092] msvcrt.dll!_wsystem 77C97F2F 5 Bytes JMP 00930033
.text C:\Windows\System32\svchost.exe[1092] msvcrt.dll!system 77C9804B 5 Bytes JMP 00930022
.text C:\Windows\System32\svchost.exe[1092] msvcrt.dll!_creat 77C9BBE1 5 Bytes JMP 00930011
.text C:\Windows\System32\svchost.exe[1092] msvcrt.dll!_open 77C9D106 5 Bytes JMP 00930000
.text C:\Windows\System32\svchost.exe[1092] msvcrt.dll!_wcreat 77C9D326 5 Bytes JMP 00930FBC
.text C:\Windows\System32\svchost.exe[1092] msvcrt.dll!_wopen 77C9D501 5 Bytes JMP 00930FD7
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyExA 777639AB 5 Bytes JMP 00920FB9
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyA 77763BA9 5 Bytes JMP 00920FD4
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyA 777689C7 5 Bytes JMP 00920000
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyW 7777391E 5 Bytes JMP 0092005B
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyExW 777741F1 5 Bytes JMP 00920076
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyExA 77777C42 5 Bytes JMP 0092001B
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyW 7777E2B5 5 Bytes JMP 00920FE5
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyExW 77787BA1 5 Bytes JMP 00920036
.text C:\Windows\System32\svchost.exe[1092] WS2_32.dll!socket 773C36D1 5 Bytes JMP 008B000A
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!GetStartupInfoW 775C1929 5 Bytes JMP 00A4008A
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!GetStartupInfoA 775C19C9 5 Bytes JMP 00A40F44
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!CreateProcessW 775C1BF3 5 Bytes JMP 00A400C0
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!CreateProcessA 775C1C28 5 Bytes JMP 00A40F29
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!VirtualProtect 775C1DC3 5 Bytes JMP 00A40F70
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!CreateNamedPipeA 775C2EF5 5 Bytes JMP 00A4001E
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!CreateNamedPipeW 775C5C0C 5 Bytes JMP 00A40FCD
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!CreatePipe 775E8E6E 5 Bytes JMP 00A4006F
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!LoadLibraryExW 775E9109 5 Bytes JMP 00A40054
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!LoadLibraryW 775E9362 5 Bytes JMP 00A40FB2
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!LoadLibraryExA 775E94B4 5 Bytes JMP 00A40F97
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!LoadLibraryA 775E94DC 5 Bytes JMP 00A40039
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!VirtualProtectEx 775EDBDA 5 Bytes JMP 00A40F5F
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!GetProcAddress 7760903B 5 Bytes JMP 00A40F0E
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!CreateFileW 7760AECB 5 Bytes JMP 00A40FDE
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!CreateFileA 7760CE5F 5 Bytes JMP 00A40FEF
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!WinExec 77655CF7 5 Bytes JMP 00A400A5
.text C:\Windows\system32\svchost.exe[1144] msvcrt.dll!_wsystem 77C97F2F 5 Bytes JMP 00B70042
.text C:\Windows\system32\svchost.exe[1144] msvcrt.dll!system 77C9804B 5 Bytes JMP 00B70027
.text C:\Windows\system32\svchost.exe[1144] msvcrt.dll!_creat 77C9BBE1 5 Bytes JMP 00B70FD2
.text C:\Windows\system32\svchost.exe[1144] msvcrt.dll!_open 77C9D106 5 Bytes JMP 00B70000
.text C:\Windows\system32\svchost.exe[1144] msvcrt.dll!_wcreat 77C9D326 5 Bytes JMP 00B70FC1
.text C:\Windows\system32\svchost.exe[1144] msvcrt.dll!_wopen 77C9D501 5 Bytes JMP 00B70FE3
.text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyExA 777639AB 5 Bytes JMP 00B60F97
.text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyA 77763BA9 5 Bytes JMP 00B6002F
.text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyA 777689C7 5 Bytes JMP 00B60000
.text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyW 7777391E 5 Bytes JMP 00B60FA8
.text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyExW 777741F1 5 Bytes JMP 00B60F86
.text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyExA 77777C42 5 Bytes JMP 00B60FDE
.text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyW 7777E2B5 5 Bytes JMP 00B60FEF
.text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyExW 77787BA1 5 Bytes JMP 00B60FC3
.text C:\Windows\system32\svchost.exe[1144] WS2_32.dll!socket 773C36D1 5 Bytes JMP 009F0000
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!GetStartupInfoW 775C1929 5 Bytes JMP 00180F15
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!GetStartupInfoA 775C19C9 5 Bytes JMP 00180051
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!CreateProcessW 775C1BF3 5 Bytes JMP 00180EE2
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!CreateProcessA 775C1C28 5 Bytes JMP 00180EF3
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!VirtualProtect 775C1DC3 5 Bytes JMP 00180F5C
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!CreateNamedPipeA 775C2EF5 5 Bytes JMP 00180FDE
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!CreateNamedPipeW 775C5C0C 5 Bytes JMP 00180FC3
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!CreatePipe 775E8E6E 5 Bytes JMP 00180F30
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!LoadLibraryExW 775E9109 5 Bytes JMP 00180F77
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!LoadLibraryW 775E9362 5 Bytes JMP 0018002F
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!LoadLibraryExA 775E94B4 5 Bytes JMP 00180040
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!LoadLibraryA 775E94DC 5 Bytes JMP 00180FB2
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!VirtualProtectEx 775EDBDA 5 Bytes JMP 00180F41
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!GetProcAddress 7760903B 5 Bytes JMP 00180EC7
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!CreateFileW 7760AECB 5 Bytes JMP 00180014
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!CreateFileA 7760CE5F 5 Bytes JMP 00180FEF
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!WinExec 77655CF7 5 Bytes JMP 00180F04
.text C:\Windows\system32\svchost.exe[1212] msvcrt.dll!_wsystem 77C97F2F 5 Bytes JMP 001A005D
.text C:\Windows\system32\svchost.exe[1212] msvcrt.dll!system 77C9804B 5 Bytes JMP 001A0042
.text C:\Windows\system32\svchost.exe[1212] msvcrt.dll!_creat 77C9BBE1 5 Bytes JMP 001A0FD2
.text C:\Windows\system32\svchost.exe[1212] msvcrt.dll!_open 77C9D106 5 Bytes JMP 001A0FEF
.text C:\Windows\system32\svchost.exe[1212] msvcrt.dll!_wcreat 77C9D326 5 Bytes JMP 001A0027
.text C:\Windows\system32\svchost.exe[1212] msvcrt.dll!_wopen 77C9D501 5 Bytes JMP 001A000C
.text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyExA 777639AB 5 Bytes JMP 00190F5E
.text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyA 77763BA9 5 Bytes JMP 00190000
.text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyA 777689C7 5 Bytes JMP 00190FEF
.text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyW 7777391E 5 Bytes JMP 00190F6F
.text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyExW 777741F1 5 Bytes JMP 00190025
.text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyExA 77777C42 5 Bytes JMP 00190FB9
.text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyW 7777E2B5 5 Bytes JMP 00190FD4
.text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyExW 77787BA1 5 Bytes JMP 00190F94
.text C:\Windows\system32\svchost.exe[1212] WS2_32.dll!socket 773C36D1 5 Bytes JMP 00170FEF
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!GetStartupInfoW 775C1929 5 Bytes JMP 00FD0095
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!GetStartupInfoA 775C19C9 5 Bytes JMP 00FD0F4F
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateProcessW 775C1BF3 5 Bytes JMP 00FD0F23
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateProcessA 775C1C28 5 Bytes JMP 00FD00BA
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!VirtualProtect 775C1DC3 5 Bytes JMP 00FD0069
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateNamedPipeA 775C2EF5 5 Bytes JMP 00FD0FE5
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateNamedPipeW 775C5C0C 5 Bytes JMP 00FD0FD4
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreatePipe 775E8E6E 5 Bytes JMP 00FD007A
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!LoadLibraryExW 775E9109 5 Bytes JMP 00FD0F8F
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!LoadLibraryW 775E9362 5 Bytes JMP 00FD0047
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!LoadLibraryExA 775E94B4 5 Bytes JMP 00FD0058
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!LoadLibraryA 775E94DC 5 Bytes JMP 00FD0036
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!VirtualProtectEx 775EDBDA 5 Bytes JMP 00FD0F74
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!GetProcAddress 7760903B 5 Bytes JMP 00FD0F08
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateFileW 7760AECB 5 Bytes JMP 00FD001B
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateFileA 7760CE5F 5 Bytes JMP 00FD0000
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!WinExec 77655CF7 5 Bytes JMP 00FD0F3E
.text C:\Windows\system32\svchost.exe[1296] msvcrt.dll!_wsystem 77C97F2F 5 Bytes JMP 014C0038
.text C:\Windows\system32\svchost.exe[1296] msvcrt.dll!system 77C9804B 5 Bytes JMP 014C001D
.text C:\Windows\system32\svchost.exe[1296] msvcrt.dll!_creat 77C9BBE1 5 Bytes JMP 014C0FD2
.text C:\Windows\system32\svchost.exe[1296] msvcrt.dll!_open 77C9D106 5 Bytes JMP 014C0000
.text C:\Windows\system32\svchost.exe[1296] msvcrt.dll!_wcreat 77C9D326 5 Bytes JMP 014C0FB7
.text C:\Windows\system32\svchost.exe[1296] msvcrt.dll!_wopen 77C9D501 5 Bytes JMP 014C0FE3
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyExA 777639AB 5 Bytes JMP 0146002F
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyA 77763BA9 5 Bytes JMP 01460F9E
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyA 777689C7 5 Bytes JMP 01460FEF
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyW 7777391E 5 Bytes JMP 01460F8D
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyExW 777741F1 5 Bytes JMP 01460F7C
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyExA 77777C42 5 Bytes JMP 01460FD4
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyW 7777E2B5 5 Bytes JMP 0146000A
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyExW 77787BA1 5 Bytes JMP 01460FB9
.text C:\Windows\system32\svchost.exe[1296] WS2_32.dll!socket 773C36D1 5 Bytes JMP 00F8000A
.text C:\Windows\system32\svchost.exe[1296] WinInet.dll!InternetOpenA 779CD690 5 Bytes JMP 014B0FEF
.text C:\Windows\system32\svchost.exe[1296] WinInet.dll!InternetOpenW 779CDB09 5 Bytes JMP 014B0FCA
.text C:\Windows\system32\svchost.exe[1296] WinInet.dll!InternetOpenUrlA 779CF3A4 5 Bytes JMP 014B0FB9
.text C:\Windows\system32\svchost.exe[1296] WinInet.dll!InternetOpenUrlW 77A16DDF 5 Bytes JMP 014B0F9E
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!GetStartupInfoW 775C1929 5 Bytes JMP 008B00EB
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!GetStartupInfoA 775C19C9 5 Bytes JMP 008B00C6
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreateProcessW 775C1BF3 5 Bytes JMP 008B0132
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreateProcessA 775C1C28 5 Bytes JMP 008B0121
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!VirtualProtect 775C1DC3 5 Bytes JMP 008B0090
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreateNamedPipeA 775C2EF5 5 Bytes JMP 008B0FCA
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreateNamedPipeW 775C5C0C 5 Bytes JMP 008B0011
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreatePipe 775E8E6E 5 Bytes JMP 008B0F9B
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!LoadLibraryExW 775E9109 5 Bytes JMP 008B0075
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!LoadLibraryW 775E9362 5 Bytes JMP 008B003D
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!LoadLibraryExA 775E94B4 5 Bytes JMP 008B0058
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!LoadLibraryA 775E94DC 5 Bytes JMP 008B002C
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!VirtualProtectEx 775EDBDA 5 Bytes JMP 008B00AB
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!GetProcAddress 7760903B 5 Bytes JMP 008B0F8A
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreateFileW 7760AECB 5 Bytes JMP 008B0000
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreateFileA 7760CE5F 5 Bytes JMP 008B0FEF
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!WinExec 77655CF7 5 Bytes JMP 008B00FC
.text C:\Windows\system32\svchost.exe[1388] msvcrt.dll!_wsystem 77C97F2F 5 Bytes JMP 008D0FB7
.text C:\Windows\system32\svchost.exe[1388] msvcrt.dll!system 77C9804B 5 Bytes JMP 008D004C
.text C:\Windows\system32\svchost.exe[1388] msvcrt.dll!_creat 77C9BBE1 5 Bytes JMP 008D0FD2
.text C:\Windows\system32\svchost.exe[1388] msvcrt.dll!_open 77C9D106 5 Bytes JMP 008D0FEF
.text C:\Windows\system32\svchost.exe[1388] msvcrt.dll!_wcreat 77C9D326 5 Bytes JMP 008D0027
.text C:\Windows\system32\svchost.exe[1388] msvcrt.dll!_wopen 77C9D501 5 Bytes JMP 008D000C
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyExA 777639AB 5 Bytes JMP 008C0062
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyA 77763BA9 5 Bytes JMP 008C0047
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyA 777689C7 5 Bytes JMP 008C0FE5
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyW 7777391E 5 Bytes JMP 008C0FCA
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyExW 777741F1 5 Bytes JMP 008C0F9B
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyExA 77777C42 5 Bytes JMP 008C001B
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyW 7777E2B5 5 Bytes JMP 008C000A
|
|
22.03.2010, 20:23
| #11 |
| | 3 von 4Code:
ATTFilter .text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyExW 77787BA1 5 Bytes JMP 008C0036
.text C:\Windows\system32\svchost.exe[1388] WS2_32.dll!socket 773C36D1 5 Bytes JMP 00850000
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!GetStartupInfoW 775C1929 5 Bytes JMP 00810F3A
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!GetStartupInfoA 775C19C9 5 Bytes JMP 0081008A
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!CreateProcessW 775C1BF3 5 Bytes JMP 00810F04
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!CreateProcessA 775C1C28 5 Bytes JMP 00810F15
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!VirtualProtect 775C1DC3 5 Bytes JMP 00810F70
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!CreateNamedPipeA 775C2EF5 5 Bytes JMP 0081001B
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!CreateNamedPipeW 775C5C0C 5 Bytes JMP 00810FD4
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!CreatePipe 775E8E6E 5 Bytes JMP 00810F55
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!LoadLibraryExW 775E9109 5 Bytes JMP 00810F8D
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!LoadLibraryW 775E9362 5 Bytes JMP 00810040
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!LoadLibraryExA 775E94B4 5 Bytes JMP 00810F9E
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!LoadLibraryA 775E94DC 5 Bytes JMP 00810FB9
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!VirtualProtectEx 775EDBDA 5 Bytes JMP 00810065
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!GetProcAddress 7760903B 5 Bytes JMP 00810EF3
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!CreateFileW 7760AECB 5 Bytes JMP 00810FE5
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!CreateFileA 7760CE5F 5 Bytes JMP 00810000
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!WinExec 77655CF7 5 Bytes JMP 0081009B
.text C:\Windows\system32\svchost.exe[1696] msvcrt.dll!_wsystem 77C97F2F 5 Bytes JMP 00830FA1
.text C:\Windows\system32\svchost.exe[1696] msvcrt.dll!system 77C9804B 5 Bytes JMP 00830FBC
.text C:\Windows\system32\svchost.exe[1696] msvcrt.dll!_creat 77C9BBE1 5 Bytes JMP 00830FD7
.text C:\Windows\system32\svchost.exe[1696] msvcrt.dll!_open 77C9D106 5 Bytes JMP 00830000
.text C:\Windows\system32\svchost.exe[1696] msvcrt.dll!_wcreat 77C9D326 5 Bytes JMP 00830022
.text C:\Windows\system32\svchost.exe[1696] msvcrt.dll!_wopen 77C9D501 5 Bytes JMP 00830011
.text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!RegCreateKeyExA 777639AB 5 Bytes JMP 00820F94
.text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!RegCreateKeyA 77763BA9 5 Bytes JMP 00820036
.text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!RegOpenKeyA 777689C7 5 Bytes JMP 00820FEF
.text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!RegCreateKeyW 7777391E 5 Bytes JMP 00820FAF
.text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!RegCreateKeyExW 777741F1 5 Bytes JMP 00820F83
.text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!RegOpenKeyExA 77777C42 5 Bytes JMP 00820FD4
.text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!RegOpenKeyW 7777E2B5 5 Bytes JMP 0082000A
.text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!RegOpenKeyExW 77787BA1 5 Bytes JMP 00820025
.text C:\Windows\system32\svchost.exe[1696] WS2_32.dll!socket 773C36D1 5 Bytes JMP 00800000
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!GetStartupInfoW 775C1929 5 Bytes JMP 00150076
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!GetStartupInfoA 775C19C9 5 Bytes JMP 00150F30
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!CreateProcessW 775C1BF3 5 Bytes JMP 00150087
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!CreateProcessA 775C1C28 5 Bytes JMP 00150EFA
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!VirtualProtect 775C1DC3 5 Bytes JMP 00150040
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!CreateNamedPipeA 775C2EF5 5 Bytes JMP 00150FC3
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!CreateNamedPipeW 775C5C0C 5 Bytes JMP 00150FA8
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!CreatePipe 775E8E6E 5 Bytes JMP 00150051
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!LoadLibraryExW 775E9109 5 Bytes JMP 0015002F
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!LoadLibraryW 775E9362 5 Bytes JMP 00150014
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!LoadLibraryExA 775E94B4 5 Bytes JMP 00150F72
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!LoadLibraryA 775E94DC 5 Bytes JMP 00150F97
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!VirtualProtectEx 775EDBDA 5 Bytes JMP 00150F4B
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!GetProcAddress 7760903B 5 Bytes JMP 00150098
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!CreateFileW 7760AECB 5 Bytes JMP 00150FD4
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!CreateFileA 7760CE5F 5 Bytes JMP 00150FEF
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!WinExec 77655CF7 5 Bytes JMP 00150F0B
.text C:\Windows\system32\svchost.exe[1948] msvcrt.dll!_wsystem 77C97F2F 5 Bytes JMP 00170058
.text C:\Windows\system32\svchost.exe[1948] msvcrt.dll!system 77C9804B 5 Bytes JMP 0017003D
.text C:\Windows\system32\svchost.exe[1948] msvcrt.dll!_creat 77C9BBE1 5 Bytes JMP 00170FD7
.text C:\Windows\system32\svchost.exe[1948] msvcrt.dll!_open 77C9D106 5 Bytes JMP 00170000
.text C:\Windows\system32\svchost.exe[1948] msvcrt.dll!_wcreat 77C9D326 5 Bytes JMP 0017002C
.text C:\Windows\system32\svchost.exe[1948] msvcrt.dll!_wopen 77C9D501 5 Bytes JMP 00170011
.text C:\Windows\system32\svchost.exe[1948] ADVAPI32.dll!RegCreateKeyExA 777639AB 5 Bytes JMP 00160F97
.text C:\Windows\system32\svchost.exe[1948] ADVAPI32.dll!RegCreateKeyA 77763BA9 5 Bytes JMP 00160FB9
.text C:\Windows\system32\svchost.exe[1948] ADVAPI32.dll!RegOpenKeyA 777689C7 5 Bytes JMP 0016000A
.text C:\Windows\system32\svchost.exe[1948] ADVAPI32.dll!RegCreateKeyW 7777391E 5 Bytes JMP 00160FA8
.text C:\Windows\system32\svchost.exe[1948] ADVAPI32.dll!RegCreateKeyExW 777741F1 5 Bytes JMP 00160054
.text C:\Windows\system32\svchost.exe[1948] ADVAPI32.dll!RegOpenKeyExA 77777C42 5 Bytes JMP 00160FD4
.text C:\Windows\system32\svchost.exe[1948] ADVAPI32.dll!RegOpenKeyW 7777E2B5 5 Bytes JMP 00160FEF
.text C:\Windows\system32\svchost.exe[1948] ADVAPI32.dll!RegOpenKeyExW 77787BA1 5 Bytes JMP 0016002F
.text C:\Windows\system32\svchost.exe[1948] WS2_32.dll!socket 773C36D1 5 Bytes JMP 00100FEF
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2096] kernel32.dll!LoadLibraryW 775E9362 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2096] kernel32.dll!LoadLibraryA 775E94DC 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\system32\svchost.exe[2876] kernel32.dll!GetStartupInfoW 775C1929 5 Bytes JMP 001A0F74
.text C:\Windows\system32\svchost.exe[2876] kernel32.dll!GetStartupInfoA 775C19C9 5 Bytes JMP 001A0F85
.text C:\Windows\system32\svchost.exe[2876] kernel32.dll!CreateProcessW 775C1BF3 5 Bytes JMP 001A00DF
.text C:\Windows\system32\svchost.exe[2876] kernel32.dll!CreateProcessA 775C1C28 5 Bytes JMP 001A0F3E
.text C:\Windows\system32\svchost.exe[2876] kernel32.dll!VirtualProtect 775C1DC3 5 Bytes JMP 001A0084
.text C:\Windows\system32\svchost.exe[2876] kernel32.dll!CreateNamedPipeA 775C2EF5 5 Bytes JMP 001A0036
.text C:\Windows\system32\svchost.exe[2876] kernel32.dll!CreateNamedPipeW 775C5C0C 5 Bytes JMP 001A0047
.text C:\Windows\system32\svchost.exe[2876] kernel32.dll!CreatePipe 775E8E6E 5 Bytes JMP 001A00A6
.text C:\Windows\system32\svchost.exe[2876] kernel32.dll!LoadLibraryExW 775E9109 5 Bytes JMP 001A0FAA
.text C:\Windows\system32\svchost.exe[2876] kernel32.dll!LoadLibraryW 775E9362 5 Bytes JMP 001A0FDB
.text C:\Windows\system32\svchost.exe[2876] kernel32.dll!LoadLibraryExA 775E94B4 5 Bytes JMP 001A0073
.text C:\Windows\system32\svchost.exe[2876] kernel32.dll!LoadLibraryA 775E94DC 5 Bytes JMP 001A0058
.text C:\Windows\system32\svchost.exe[2876] kernel32.dll!VirtualProtectEx 775EDBDA 5 Bytes JMP 001A0095
.text C:\Windows\system32\svchost.exe[2876] kernel32.dll!GetProcAddress 7760903B 5 Bytes JMP 001A0F2D
.text C:\Windows\system32\svchost.exe[2876] kernel32.dll!CreateFileW 7760AECB 5 Bytes JMP 001A001B
.text C:\Windows\system32\svchost.exe[2876] kernel32.dll!CreateFileA 7760CE5F 5 Bytes JMP 001A000A
.text C:\Windows\system32\svchost.exe[2876] kernel32.dll!WinExec 77655CF7 5 Bytes JMP 001A0F59
.text C:\Windows\system32\svchost.exe[2876] msvcrt.dll!_wsystem 77C97F2F 5 Bytes JMP 001D0027
.text C:\Windows\system32\svchost.exe[2876] msvcrt.dll!system 77C9804B 5 Bytes JMP 001D0FA6
.text C:\Windows\system32\svchost.exe[2876] msvcrt.dll!_creat 77C9BBE1 5 Bytes JMP 001D0FD2
.text C:\Windows\system32\svchost.exe[2876] msvcrt.dll!_open 77C9D106 5 Bytes JMP 001D0FE3
.text C:\Windows\system32\svchost.exe[2876] msvcrt.dll!_wcreat 77C9D326 5 Bytes JMP 001D0FB7
.text C:\Windows\system32\svchost.exe[2876] msvcrt.dll!_wopen 77C9D501 5 Bytes JMP 001D0000
.text C:\Windows\system32\svchost.exe[2876] ADVAPI32.dll!RegCreateKeyExA 777639AB 5 Bytes JMP 001C0054
.text C:\Windows\system32\svchost.exe[2876] ADVAPI32.dll!RegCreateKeyA 77763BA9 5 Bytes JMP 001C0FB2
.text C:\Windows\system32\svchost.exe[2876] ADVAPI32.dll!RegOpenKeyA 777689C7 5 Bytes JMP 001C0FEF
.text C:\Windows\system32\svchost.exe[2876] ADVAPI32.dll!RegCreateKeyW 7777391E 5 Bytes JMP 001C0039
.text C:\Windows\system32\svchost.exe[2876] ADVAPI32.dll!RegCreateKeyExW 777741F1 5 Bytes JMP 001C0F8D
.text C:\Windows\system32\svchost.exe[2876] ADVAPI32.dll!RegOpenKeyExA 77777C42 5 Bytes JMP 001C000A
.text C:\Windows\system32\svchost.exe[2876] ADVAPI32.dll!RegOpenKeyW 7777E2B5 5 Bytes JMP 001C0FD4
.text C:\Windows\system32\svchost.exe[2876] ADVAPI32.dll!RegOpenKeyExW 77787BA1 5 Bytes JMP 001C0FC3
.text C:\Windows\system32\svchost.exe[2876] WS2_32.dll!socket 773C36D1 5 Bytes JMP 00130FEF
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!GetStartupInfoW 775C1929 5 Bytes JMP 00910EF8
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!GetStartupInfoA 775C19C9 5 Bytes JMP 00910F13
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!CreateProcessW 775C1BF3 5 Bytes JMP 00910EB1
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!CreateProcessA 775C1C28 5 Bytes JMP 00910ECC
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!VirtualProtect 775C1DC3 5 Bytes JMP 00910F50
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!CreateNamedPipeA 775C2EF5 5 Bytes JMP 00910FCA
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!CreateNamedPipeW 775C5C0C 5 Bytes JMP 00910FAF
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!CreatePipe 775E8E6E 5 Bytes JMP 00910F24
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!LoadLibraryExW 775E9109 5 Bytes JMP 00910F61
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!LoadLibraryW 775E9362 5 Bytes JMP 00910F83
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!LoadLibraryExA 775E94B4 5 Bytes JMP 00910F72
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!LoadLibraryA 775E94DC 5 Bytes JMP 00910F9E
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!VirtualProtectEx 775EDBDA 5 Bytes JMP 00910F3F
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!GetProcAddress 7760903B 5 Bytes JMP 00910059
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!CreateFileW 7760AECB 5 Bytes JMP 00910000
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!CreateFileA 7760CE5F 5 Bytes JMP 00910FEF
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!WinExec 77655CF7 5 Bytes JMP 00910EE7
.text C:\Windows\system32\svchost.exe[3064] msvcrt.dll!_wsystem 77C97F2F 5 Bytes JMP 009B0FCF
.text C:\Windows\system32\svchost.exe[3064] msvcrt.dll!system 77C9804B 5 Bytes JMP 009B005A
.text C:\Windows\system32\svchost.exe[3064] msvcrt.dll!_creat 77C9BBE1 5 Bytes JMP 009B0038
.text C:\Windows\system32\svchost.exe[3064] msvcrt.dll!_open 77C9D106 5 Bytes JMP 009B0000
.text C:\Windows\system32\svchost.exe[3064] msvcrt.dll!_wcreat 77C9D326 5 Bytes JMP 009B0049
.text C:\Windows\system32\svchost.exe[3064] msvcrt.dll!_wopen 77C9D501 5 Bytes JMP 009B0011
.text C:\Windows\system32\svchost.exe[3064] ADVAPI32.dll!RegCreateKeyExA 777639AB 5 Bytes JMP 009A0F9E
.text C:\Windows\system32\svchost.exe[3064] ADVAPI32.dll!RegCreateKeyA 77763BA9 5 Bytes JMP 009A0FD4
.text C:\Windows\system32\svchost.exe[3064] ADVAPI32.dll!RegOpenKeyA 777689C7 5 Bytes JMP 009A0FEF
.text C:\Windows\system32\svchost.exe[3064] ADVAPI32.dll!RegCreateKeyW 7777391E 5 Bytes JMP 009A0FAF
.text C:\Windows\system32\svchost.exe[3064] ADVAPI32.dll!RegCreateKeyExW 777741F1 5 Bytes JMP 009A0F8D
.text C:\Windows\system32\svchost.exe[3064] ADVAPI32.dll!RegOpenKeyExA 77777C42 5 Bytes JMP 009A0025
.text C:\Windows\system32\svchost.exe[3064] ADVAPI32.dll!RegOpenKeyW 7777E2B5 5 Bytes JMP 009A0014
.text C:\Windows\system32\svchost.exe[3064] ADVAPI32.dll!RegOpenKeyExW 77787BA1 5 Bytes JMP 009A0036
.text C:\Windows\system32\svchost.exe[3064] WS2_32.dll!socket 773C36D1 5 Bytes JMP 00300FEF
.text C:\Windows\System32\svchost.exe[3276] kernel32.dll!GetStartupInfoW 775C1929 5 Bytes JMP 00050F33
.text C:\Windows\System32\svchost.exe[3276] kernel32.dll!GetStartupInfoA 775C19C9 5 Bytes JMP 00050F4E
.text C:\Windows\System32\svchost.exe[3276] kernel32.dll!CreateProcessW 775C1BF3 5 Bytes JMP 00050EF6
.text C:\Windows\System32\svchost.exe[3276] kernel32.dll!CreateProcessA 775C1C28 5 Bytes JMP 00050F11
.text C:\Windows\System32\svchost.exe[3276] kernel32.dll!VirtualProtect 775C1DC3 5 Bytes JMP 0005005E
.text C:\Windows\System32\svchost.exe[3276] kernel32.dll!CreateNamedPipeA 775C2EF5 5 Bytes JMP 00050025
.text C:\Windows\System32\svchost.exe[3276] kernel32.dll!CreateNamedPipeW 775C5C0C 5 Bytes JMP 00050FDE
.text C:\Windows\System32\svchost.exe[3276] kernel32.dll!CreatePipe 775E8E6E 5 Bytes JMP 00050079
.text C:\Windows\System32\svchost.exe[3276] kernel32.dll!LoadLibraryExW 775E9109 5 Bytes JMP 00050F90
.text C:\Windows\System32\svchost.exe[3276] kernel32.dll!LoadLibraryW 775E9362 5 Bytes JMP 00050FBC
.text C:\Windows\System32\svchost.exe[3276] kernel32.dll!LoadLibraryExA 775E94B4 5 Bytes JMP 00050FA1
.text C:\Windows\System32\svchost.exe[3276] kernel32.dll!LoadLibraryA 775E94DC 5 Bytes JMP 00050FCD
.text C:\Windows\System32\svchost.exe[3276] kernel32.dll!VirtualProtectEx 775EDBDA 5 Bytes JMP 00050F5F
.text C:\Windows\System32\svchost.exe[3276] kernel32.dll!GetProcAddress 7760903B 5 Bytes JMP 000500A8
.text C:\Windows\System32\svchost.exe[3276] kernel32.dll!CreateFileW 7760AECB 5 Bytes JMP 0005000A
.text C:\Windows\System32\svchost.exe[3276] kernel32.dll!CreateFileA 7760CE5F 5 Bytes JMP 00050FEF
.text C:\Windows\System32\svchost.exe[3276] kernel32.dll!WinExec 77655CF7 5 Bytes JMP 00050F22
.text C:\Windows\System32\svchost.exe[3276] msvcrt.dll!_wsystem 77C97F2F 5 Bytes JMP 00070028
.text C:\Windows\System32\svchost.exe[3276] msvcrt.dll!system 77C9804B 5 Bytes JMP 00070F93
.text C:\Windows\System32\svchost.exe[3276] msvcrt.dll!_creat 77C9BBE1 5 Bytes JMP 00070FB5
.text C:\Windows\System32\svchost.exe[3276] msvcrt.dll!_open 77C9D106 5 Bytes JMP 00070FE3
.text C:\Windows\System32\svchost.exe[3276] msvcrt.dll!_wcreat 77C9D326 5 Bytes JMP 00070FA4
.text C:\Windows\System32\svchost.exe[3276] msvcrt.dll!_wopen 77C9D501 5 Bytes JMP 00070FD2
.text C:\Windows\System32\svchost.exe[3276] ADVAPI32.dll!RegCreateKeyExA 777639AB 5 Bytes JMP 00060062
.text C:\Windows\System32\svchost.exe[3276] ADVAPI32.dll!RegCreateKeyA 77763BA9 5 Bytes JMP 00060FC0
.text C:\Windows\System32\svchost.exe[3276] ADVAPI32.dll!RegOpenKeyA 777689C7 5 Bytes JMP 00060000
.text C:\Windows\System32\svchost.exe[3276] ADVAPI32.dll!RegCreateKeyW 7777391E 5 Bytes JMP 00060047
.text C:\Windows\System32\svchost.exe[3276] ADVAPI32.dll!RegCreateKeyExW 777741F1 5 Bytes JMP 00060073
.text C:\Windows\System32\svchost.exe[3276] ADVAPI32.dll!RegOpenKeyExA 77777C42 5 Bytes JMP 0006002C
.text C:\Windows\System32\svchost.exe[3276] ADVAPI32.dll!RegOpenKeyW 7777E2B5 5 Bytes JMP 00060011
.text C:\Windows\System32\svchost.exe[3276] ADVAPI32.dll!RegOpenKeyExW 77787BA1 5 Bytes JMP 00060FD1
.text C:\Windows\Explorer.EXE[3452] kernel32.dll!GetStartupInfoW 775C1929 5 Bytes JMP 03F40F2B
.text C:\Windows\Explorer.EXE[3452] kernel32.dll!GetStartupInfoA 775C19C9 5 Bytes JMP 03F40F3C
.text C:\Windows\Explorer.EXE[3452] kernel32.dll!CreateProcessW 775C1BF3 5 Bytes JMP 03F40F10
.text C:\Windows\Explorer.EXE[3452] kernel32.dll!CreateProcessA 775C1C28 5 Bytes JMP 03F400A7
.text C:\Windows\Explorer.EXE[3452] kernel32.dll!VirtualProtect 775C1DC3 5 Bytes JMP 03F4004C
.text C:\Windows\Explorer.EXE[3452] kernel32.dll!CreateNamedPipeA 775C2EF5 5 Bytes JMP 03F40FC3
.text C:\Windows\Explorer.EXE[3452] kernel32.dll!CreateNamedPipeW 775C5C0C 5 Bytes JMP 03F40FA8
.text C:\Windows\Explorer.EXE[3452] kernel32.dll!CreatePipe 775E8E6E 5 Bytes JMP 03F40F4D
.text C:\Windows\Explorer.EXE[3452] kernel32.dll!LoadLibraryExW 775E9109 5 Bytes JMP 03F40F72
.text C:\Windows\Explorer.EXE[3452] kernel32.dll!LoadLibraryW 775E9362 5 Bytes JMP 03F40F8D
.text C:\Windows\Explorer.EXE[3452] kernel32.dll!LoadLibraryExA 775E94B4 5 Bytes JMP 03F4002F
.text C:\Windows\Explorer.EXE[3452] kernel32.dll!LoadLibraryA 775E94DC 5 Bytes JMP 03F4001E
.text C:\Windows\Explorer.EXE[3452] kernel32.dll!VirtualProtectEx 775EDBDA 5 Bytes JMP 03F4005D
.text C:\Windows\Explorer.EXE[3452] kernel32.dll!GetProcAddress 7760903B 5 Bytes JMP 03F400B8
.text C:\Windows\Explorer.EXE[3452] kernel32.dll!CreateFileW 7760AECB 5 Bytes JMP 03F40FD4
.text C:\Windows\Explorer.EXE[3452] kernel32.dll!CreateFileA 7760CE5F 5 Bytes JMP 03F40FEF
.text C:\Windows\Explorer.EXE[3452] kernel32.dll!WinExec 77655CF7 5 Bytes JMP 03F4008C
.text C:\Windows\Explorer.EXE[3452] ADVAPI32.dll!RegCreateKeyExA 777639AB 5 Bytes JMP 043C0025
.text C:\Windows\Explorer.EXE[3452] ADVAPI32.dll!RegCreateKeyA 77763BA9 5 Bytes JMP 043C0014
.text C:\Windows\Explorer.EXE[3452] ADVAPI32.dll!RegOpenKeyA 777689C7 5 Bytes JMP 043C0FEF
.text C:\Windows\Explorer.EXE[3452] ADVAPI32.dll!RegCreateKeyW 7777391E 5 Bytes JMP 043C0F8D
.text C:\Windows\Explorer.EXE[3452] ADVAPI32.dll!RegCreateKeyExW 777741F1 5 Bytes JMP 043C0036
.text C:\Windows\Explorer.EXE[3452] ADVAPI32.dll!RegOpenKeyExA 77777C42 5 Bytes JMP 043C0FB9
.text C:\Windows\Explorer.EXE[3452] ADVAPI32.dll!RegOpenKeyW 7777E2B5 5 Bytes JMP 043C0FD4
.text C:\Windows\Explorer.EXE[3452] ADVAPI32.dll!RegOpenKeyExW 77787BA1 5 Bytes JMP 043C0FA8
.text C:\Windows\Explorer.EXE[3452] msvcrt.dll!_wsystem 77C97F2F 5 Bytes JMP 04420FB7
.text C:\Windows\Explorer.EXE[3452] msvcrt.dll!system 77C9804B 5 Bytes JMP 04420042
.text C:\Windows\Explorer.EXE[3452] msvcrt.dll!_creat 77C9BBE1 5 Bytes JMP 0442000C
.text C:\Windows\Explorer.EXE[3452] msvcrt.dll!_open 77C9D106 5 Bytes JMP 04420FEF
.text C:\Windows\Explorer.EXE[3452] msvcrt.dll!_wcreat 77C9D326 5 Bytes JMP 04420027
.text C:\Windows\Explorer.EXE[3452] msvcrt.dll!_wopen 77C9D501 5 Bytes JMP 04420FD2
.text C:\Windows\Explorer.EXE[3452] WININET.dll!InternetOpenA 779CD690 5 Bytes JMP 043D0FEF
.text C:\Windows\Explorer.EXE[3452] WININET.dll!InternetOpenW 779CDB09 5 Bytes JMP 043D0FD4
.text C:\Windows\Explorer.EXE[3452] WININET.dll!InternetOpenUrlA 779CF3A4 5 Bytes JMP 043D000A
.text C:\Windows\Explorer.EXE[3452] WININET.dll!InternetOpenUrlW 77A16DDF 5 Bytes JMP 043D001B
.text C:\Windows\Explorer.EXE[3452] WS2_32.dll!socket 773C36D1 5 Bytes JMP 03E70000
.text C:\Windows\system32\svchost.exe[4456] kernel32.dll!GetStartupInfoW 775C1929 5 Bytes JMP 000100BD
.text C:\Windows\system32\svchost.exe[4456] kernel32.dll!GetStartupInfoA 775C19C9 5 Bytes JMP 00010098
.text C:\Windows\system32\svchost.exe[4456] kernel32.dll!CreateProcessW 775C1BF3 5 Bytes JMP 000100D8
.text C:\Windows\system32\svchost.exe[4456] kernel32.dll!CreateProcessA 775C1C28 5 Bytes JMP 00010F41
.text C:\Windows\system32\svchost.exe[4456] kernel32.dll!VirtualProtect 775C1DC3 5 Bytes JMP 00010051
.text C:\Windows\system32\svchost.exe[4456] kernel32.dll!CreateNamedPipeA 775C2EF5 5 Bytes JMP 00010FCA
.text C:\Windows\system32\svchost.exe[4456] kernel32.dll!CreateNamedPipeW 775C5C0C 5 Bytes JMP 00010FB9
.text C:\Windows\system32\svchost.exe[4456] kernel32.dll!CreatePipe 775E8E6E 5 Bytes JMP 00010087
.text C:\Windows\system32\svchost.exe[4456] kernel32.dll!LoadLibraryExW 775E9109 5 Bytes JMP 00010F77
.text C:\Windows\system32\svchost.exe[4456] kernel32.dll!LoadLibraryW 775E9362 5 Bytes JMP 00010F9E
.text C:\Windows\system32\svchost.exe[4456] kernel32.dll!LoadLibraryExA 775E94B4 5 Bytes JMP 00010040
.text C:\Windows\system32\svchost.exe[4456] kernel32.dll!LoadLibraryA 775E94DC 5 Bytes JMP 00010025
.text C:\Windows\system32\svchost.exe[4456] kernel32.dll!VirtualProtectEx 775EDBDA 5 Bytes JMP 0001006C
.text C:\Windows\system32\svchost.exe[4456] kernel32.dll!GetProcAddress 7760903B 5 Bytes JMP 00010F30
.text C:\Windows\system32\svchost.exe[4456] kernel32.dll!CreateFileW 7760AECB 5 Bytes JMP 00010000
.text C:\Windows\system32\svchost.exe[4456] kernel32.dll!CreateFileA 7760CE5F 5 Bytes JMP 00010FE5
.text C:\Windows\system32\svchost.exe[4456] kernel32.dll!WinExec 77655CF7 5 Bytes JMP 00010F5C
.text C:\Windows\system32\svchost.exe[4456] msvcrt.dll!_wsystem 77C97F2F 5 Bytes JMP 00050FB9
.text C:\Windows\system32\svchost.exe[4456] msvcrt.dll!system 77C9804B 5 Bytes JMP 00050FCA
.text C:\Windows\system32\svchost.exe[4456] msvcrt.dll!_creat 77C9BBE1 5 Bytes JMP 0005003A
.text C:\Windows\system32\svchost.exe[4456] msvcrt.dll!_open 77C9D106 5 Bytes JMP 00050000
.text C:\Windows\system32\svchost.exe[4456] msvcrt.dll!_wcreat 77C9D326 5 Bytes JMP 00050FE5
.text C:\Windows\system32\svchost.exe[4456] msvcrt.dll!_wopen 77C9D501 5 Bytes JMP 0005001D
.text C:\Windows\system32\svchost.exe[4456] ADVAPI32.dll!RegCreateKeyExA 777639AB 5 Bytes JMP 00060F94
.text C:\Windows\system32\svchost.exe[4456] ADVAPI32.dll!RegCreateKeyA 77763BA9 5 Bytes JMP 00060025
.text C:\Windows\system32\svchost.exe[4456] ADVAPI32.dll!RegOpenKeyA 777689C7 5 Bytes JMP 00060000
.text C:\Windows\system32\svchost.exe[4456] ADVAPI32.dll!RegCreateKeyW 7777391E 5 Bytes JMP 00060036
.text C:\Windows\system32\svchost.exe[4456] ADVAPI32.dll!RegCreateKeyExW 777741F1 5 Bytes JMP 00060051
.text C:\Windows\system32\svchost.exe[4456] ADVAPI32.dll!RegOpenKeyExA 77777C42 5 Bytes JMP 00060FCA
.text C:\Windows\system32\svchost.exe[4456] ADVAPI32.dll!RegOpenKeyW 7777E2B5 5 Bytes JMP 00060FE5
.text C:\Windows\system32\svchost.exe[4456] ADVAPI32.dll!RegOpenKeyExW 77787BA1 5 Bytes JMP 00060FB9
.text C:\Windows\system32\svchost.exe[4456] WS2_32.dll!socket 773C36D1 5 Bytes JMP 0008000A
.text C:\Windows\system32\svchost.exe[7168] kernel32.dll!GetStartupInfoW 775C1929 5 Bytes JMP 00010F52
.text C:\Windows\system32\svchost.exe[7168] kernel32.dll!GetStartupInfoA 775C19C9 5 Bytes JMP 00010098
.text C:\Windows\system32\svchost.exe[7168] kernel32.dll!CreateProcessW 775C1BF3 5 Bytes JMP 00010F2D
.text C:\Windows\system32\svchost.exe[7168] kernel32.dll!CreateProcessA 775C1C28 5 Bytes JMP 000100CE
.text C:\Windows\system32\svchost.exe[7168] kernel32.dll!VirtualProtect 775C1DC3 5 Bytes JMP 0001006C
.text C:\Windows\system32\svchost.exe[7168] kernel32.dll!CreateNamedPipeA 775C2EF5 5 Bytes JMP 00010011
.text C:\Windows\system32\svchost.exe[7168] kernel32.dll!CreateNamedPipeW 775C5C0C 5 Bytes JMP 00010036
.text C:\Windows\system32\svchost.exe[7168] kernel32.dll!CreatePipe 775E8E6E 5 Bytes JMP 00010087
.text C:\Windows\system32\svchost.exe[7168] kernel32.dll!LoadLibraryExW 775E9109 5 Bytes JMP 00010F94
.text C:\Windows\system32\svchost.exe[7168] kernel32.dll!LoadLibraryW 775E9362 5 Bytes JMP 00010FC0
.text C:\Windows\system32\svchost.exe[7168] kernel32.dll!LoadLibraryExA 775E94B4 5 Bytes JMP 00010FAF
.text C:\Windows\system32\svchost.exe[7168] kernel32.dll!LoadLibraryA 775E94DC 5 Bytes JMP 00010047
.text C:\Windows\system32\svchost.exe[7168] kernel32.dll!VirtualProtectEx 775EDBDA 5 Bytes JMP 00010F6D
.text C:\Windows\system32\svchost.exe[7168] kernel32.dll!GetProcAddress 7760903B 5 Bytes JMP 00010F1C
.text C:\Windows\system32\svchost.exe[7168] kernel32.dll!CreateFileW 7760AECB 5 Bytes JMP 00010000
.text C:\Windows\system32\svchost.exe[7168] kernel32.dll!CreateFileA 7760CE5F 5 Bytes JMP 00010FE5
.text C:\Windows\system32\svchost.exe[7168] kernel32.dll!WinExec 77655CF7 5 Bytes JMP 000100BD
.text C:\Windows\system32\svchost.exe[7168] msvcrt.dll!_wsystem 77C97F2F 5 Bytes JMP 00060062
.text C:\Windows\system32\svchost.exe[7168] msvcrt.dll!system 77C9804B 5 Bytes JMP 00060047
.text C:\Windows\system32\svchost.exe[7168] msvcrt.dll!_creat 77C9BBE1 5 Bytes JMP 00060011
.text C:\Windows\system32\svchost.exe[7168] msvcrt.dll!_open 77C9D106 5 Bytes JMP 00060000
.text C:\Windows\system32\svchost.exe[7168] msvcrt.dll!_wcreat 77C9D326 5 Bytes JMP 0006002C
.text C:\Windows\system32\svchost.exe[7168] msvcrt.dll!_wopen 77C9D501 5 Bytes JMP 00060FD7
.text C:\Windows\system32\svchost.exe[7168] ADVAPI32.dll!RegCreateKeyExA 777639AB 5 Bytes JMP 00070058
.text C:\Windows\system32\svchost.exe[7168] ADVAPI32.dll!RegCreateKeyA 77763BA9 5 Bytes JMP 0007002C
.text C:\Windows\system32\svchost.exe[7168] ADVAPI32.dll!RegOpenKeyA 777689C7 5 Bytes JMP 00070000
.text C:\Windows\system32\svchost.exe[7168] ADVAPI32.dll!RegCreateKeyW 7777391E 5 Bytes JMP 00070047
.text C:\Windows\system32\svchost.exe[7168] ADVAPI32.dll!RegCreateKeyExW 777741F1 5 Bytes JMP 00070F9B
.text C:\Windows\system32\svchost.exe[7168] ADVAPI32.dll!RegOpenKeyExA 77777C42 5 Bytes JMP 00070011
.text C:\Windows\system32\svchost.exe[7168] ADVAPI32.dll!RegOpenKeyW 7777E2B5 5 Bytes JMP 00070FE5
.text C:\Windows\system32\svchost.exe[7168] ADVAPI32.dll!RegOpenKeyExW 77787BA1 5 Bytes JMP 00070FC0
.text C:\Windows\system32\svchost.exe[7168] WS2_32.dll!socket 773C36D1 5 Bytes JMP 00080000
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Users\XXX\Desktop\xixbi9k7.exe[580] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00182F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\XXX\Desktop\xixbi9k7.exe[580] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00182D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\XXX\Desktop\xixbi9k7.exe[580] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00182CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\XXX\Desktop\xixbi9k7.exe[580] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00182CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\WinTV\Ir.exe[1424] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\WinTV\Ir.exe[1424] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\WinTV\Ir.exe[1424] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\WinTV\Ir.exe[1424] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\SYSTEM32\taskeng.exe[2688] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00182F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\SYSTEM32\taskeng.exe[2688] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00182D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\SYSTEM32\taskeng.exe[2688] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00182CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\SYSTEM32\taskeng.exe[2688] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00182CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[2988] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [000C2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[2988] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [000C2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[2988] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [000C2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[2988] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [000C2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT c:\PROGRA~1\mcafee.com\agent\mcagent.exe[3056] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01C12F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT c:\PROGRA~1\mcafee.com\agent\mcagent.exe[3056] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01C12D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT c:\PROGRA~1\mcafee.com\agent\mcagent.exe[3056] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01C12CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT c:\PROGRA~1\mcafee.com\agent\mcagent.exe[3056] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01C12CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\mobsync.exe[3388] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00152F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\mobsync.exe[3388] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00152D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\mobsync.exe[3388] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00152CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\mobsync.exe[3388] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00152CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[3452] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01792F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[3452] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01792D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[3452] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01792CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[3452] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01792CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3580] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00792F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3580] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00792D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3580] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00792CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3580] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00792CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\UltraMon\UltraMon.exe[3680] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00942F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\UltraMon\UltraMon.exe[3680] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00942D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\UltraMon\UltraMon.exe[3680] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00942CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\UltraMon\UltraMon.exe[3680] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00942CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\DAEMON Tools Pro\DTProAgent.exe[4104] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00DC2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\DAEMON Tools Pro\DTProAgent.exe[4104] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00DC2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\DAEMON Tools Pro\DTProAgent.exe[4104] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00DC2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\DAEMON Tools Pro\DTProAgent.exe[4104] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00DC2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehtray.exe[4128] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [000B2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehtray.exe[4128] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [000B2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehtray.exe[4128] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [000B2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehtray.exe[4128] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [000B2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[4168] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009F2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[4168] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [009F2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[4168] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009F2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[4168] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009F2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Picasa2\PicasaMediaDetector.exe[4248] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01992F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Picasa2\PicasaMediaDetector.exe[4248] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01992D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Picasa2\PicasaMediaDetector.exe[4248] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01992CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Picasa2\PicasaMediaDetector.exe[4248] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01992CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[4280] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00232F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[4280] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00232D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[4280] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00232CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[4280] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00232CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Defender\MSASCui.exe[4372] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00232F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Defender\MSASCui.exe[4372] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00232D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Defender\MSASCui.exe[4372] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00232CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Defender\MSASCui.exe[4372] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00232CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe[4488] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00832F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe[4488] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00832D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe[4488] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00832CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe[4488] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00832CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\CtHelper.exe[4560] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00842F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\CtHelper.exe[4560] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00842D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\CtHelper.exe[4560] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00842CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\CtHelper.exe[4560] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00842CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\CTXFIHLP.EXE[4708] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C32F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\CTXFIHLP.EXE[4708] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00C32D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
|
|
22.03.2010, 20:24
| #12 |
| | 4 von 4Code:
ATTFilter IAT C:\Windows\System32\CTXFIHLP.EXE[4708] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C32CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\CTXFIHLP.EXE[4708] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C32CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[4868] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[4868] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[4868] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[4868] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehmsas.exe[4916] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [000D2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehmsas.exe[4916] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [000D2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehmsas.exe[4916] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [000D2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehmsas.exe[4916] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [000D2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\PowerISO\PWRISOVM.EXE[4924] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003A2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\PowerISO\PWRISOVM.EXE[4924] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003A2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\PowerISO\PWRISOVM.EXE[4924] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003A2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\PowerISO\PWRISOVM.EXE[4924] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003A2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Contour Shuttle\ShuttleHelper.exe[4952] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Contour Shuttle\ShuttleHelper.exe[4952] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Contour Shuttle\ShuttleHelper.exe[4952] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Contour Shuttle\ShuttleHelper.exe[4952] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT D:\Setups\Greenshot\Greenshot-NO-INSTALLER-0.7.009\Greenshot.exe[4964] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtCreateFile] [001C2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT D:\Setups\Greenshot\Greenshot-NO-INSTALLER-0.7.009\Greenshot.exe[4964] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtClose] [001C2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT D:\Setups\Greenshot\Greenshot-NO-INSTALLER-0.7.009\Greenshot.exe[4964] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtDeviceIoControlFile] [001C2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT D:\Setups\Greenshot\Greenshot-NO-INSTALLER-0.7.009\Greenshot.exe[4964] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtDuplicateObject] [001C2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[4980] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00CB2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[4980] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00CB2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[4980] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00CB2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[4980] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00CB2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5000] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00452F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5000] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00452D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5000] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00452CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5000] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00452CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\CTXFISPI.EXE[5152] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\CTXFISPI.EXE[5152] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\CTXFISPI.EXE[5152] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\CTXFISPI.EXE[5152] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[5276] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00342F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[5276] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00342D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[5276] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00342CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[5276] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00342CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Orbitdownloader\orbitdm.exe[5308] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [017F2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Orbitdownloader\orbitdm.exe[5308] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [017F2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Orbitdownloader\orbitdm.exe[5308] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [017F2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Orbitdownloader\orbitdm.exe[5308] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [017F2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\WindowsMobile\wmdc.exe[5364] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [002D2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\WindowsMobile\wmdc.exe[5364] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [002D2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\WindowsMobile\wmdc.exe[5364] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [002D2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\WindowsMobile\wmdc.exe[5364] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [002D2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Orbitdownloader\orbitnet.exe[5492] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00952F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Orbitdownloader\orbitnet.exe[5492] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00952D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Orbitdownloader\orbitnet.exe[5492] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00952CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Orbitdownloader\orbitnet.exe[5492] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00952CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ScanPanel\ScnPanel.exe[5504] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B42F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ScanPanel\ScnPanel.exe[5504] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00B42D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ScanPanel\ScnPanel.exe[5504] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B42CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ScanPanel\ScnPanel.exe[5504] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B42CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\National Instruments\Shared\DataFinderDesktop\bin\DataFinder.exe[5508] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01D52F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\National Instruments\Shared\DataFinderDesktop\bin\DataFinder.exe[5508] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01D52D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\National Instruments\Shared\DataFinderDesktop\bin\DataFinder.exe[5508] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01D52CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\National Instruments\Shared\DataFinderDesktop\bin\DataFinder.exe[5508] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01D52CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[5544] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [016E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[5544] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [016E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[5544] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [016E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[5544] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [016E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Cyberlink\PowerCinema\PCMService.exe[5560] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003B2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Cyberlink\PowerCinema\PCMService.exe[5560] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003B2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Cyberlink\PowerCinema\PCMService.exe[5560] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003B2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Cyberlink\PowerCinema\PCMService.exe[5560] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003B2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wbem\unsecapp.exe[5692] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [002A2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wbem\unsecapp.exe[5692] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [002A2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wbem\unsecapp.exe[5692] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [002A2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wbem\unsecapp.exe[5692] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [002A2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[5732] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[5732] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [009E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[5732] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[5732] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[5760] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[5760] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[5760] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[5760] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Winamp\winampa.exe[5808] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008A2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Winamp\winampa.exe[5808] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [008A2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Winamp\winampa.exe[5808] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008A2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Winamp\winampa.exe[5808] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008A2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[6044] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [000A2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[6044] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [000A2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[6044] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [000A2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[6044] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [000A2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[6332] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[6332] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003D2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[6332] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[6332] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\svchost.exe[7168] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00102F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\svchost.exe[7168] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00102D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\svchost.exe[7168] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00102CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\svchost.exe[7168] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00102CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8612F1F8
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
Device \FileSystem\fastfat \FatCdrom 895DD500
Device \Driver\volmgr \Device\VolMgrControl 8536A1F8
Device \Driver\usbuhci \Device\USBPDO-0 875B81F8
Device \Driver\usbuhci \Device\USBPDO-1 875B81F8
Device \Driver\PCI_PNP8641 \Device\00000052 spkr.sys
Device \Driver\usbehci \Device\USBPDO-2 875B61F8
Device \Driver\usbuhci \Device\USBPDO-3 875B81F8
Device \Driver\usbuhci \Device\USBPDO-4 875B81F8
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
Device \Driver\usbuhci \Device\USBPDO-5 875B81F8
Device \Driver\usbehci \Device\USBPDO-6 875B61F8
Device \Driver\volmgr \Device\HarddiskVolume1 8536A1F8
Device \Driver\volmgr \Device\HarddiskVolume2 8536A1F8
Device \Driver\cdrom \Device\CdRom0 876441F8
Device \Driver\volmgr \Device\HarddiskVolume3 8536A1F8
Device \Driver\cdrom \Device\CdRom1 876441F8
Device \Driver\iaStorV \Device\Ide\iaStor0 8612E1F8
Device \Driver\iaStorV \Device\Ide\IAAStorageDevice-0 8612E1F8
Device \Driver\iaStorV \Device\Ide\IAAStorageDevice-1 8612E1F8
Device \Driver\iaStorV \Device\Ide\IAAStorageDevice-2 8612E1F8
Device \Driver\USBSTOR \Device\00000073 893E91F8
Device \Driver\volmgr \Device\HarddiskVolume4 8536A1F8
Device \Driver\volmgr \Device\HarddiskVolume5 8536A1F8
Device \Driver\USBSTOR \Device\00000075 893E91F8
Device \Driver\volmgr \Device\HarddiskVolume6 8536A1F8
Device \Driver\volmgr \Device\HarddiskVolume7 8536A1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 8927C500
Device \Driver\volmgr \Device\HarddiskVolume8 8536A1F8
Device \Driver\volmgr \Device\HarddiskVolume9 8536A1F8
Device \Driver\Smb \Device\NetbiosSmb 8949F1F8
Device \Driver\iScsiPrt \Device\RaidPort0 876E01F8
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
Device \Driver\USBSTOR \Device\0000006b 893E91F8
Device \Driver\USBSTOR \Device\0000006c 893E91F8
Device \Driver\usbuhci \Device\USBFDO-0 875B81F8
Device \Driver\USBSTOR \Device\0000006d 893E91F8
Device \Driver\usbuhci \Device\USBFDO-1 875B81F8
Device \Driver\USBSTOR \Device\0000006e 893E91F8
Device \Driver\usbehci \Device\USBFDO-2 875B61F8
Device \Driver\USBSTOR \Device\0000006f 893E91F8
Device \Driver\usbuhci \Device\USBFDO-3 875B81F8
Device \Driver\usbuhci \Device\USBFDO-4 875B81F8
Device \Driver\usbuhci \Device\USBFDO-5 875B81F8
Device \Driver\sptd \Device\2016974657 spkr.sys
Device \Driver\usbehci \Device\USBFDO-6 875B61F8
Device \Driver\aaicilxk \Device\Scsi\aaicilxk1Port2Path0Target0Lun0 87760500
Device \Driver\aaicilxk \Device\Scsi\aaicilxk1 87760500
Device \FileSystem\fastfat \Fat 895DD500
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
Device \FileSystem\cdfs \Cdfs 896571F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxcnvnpotxpjcbipsmmvhwysxwpexxwbfpo.sys
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxcnvnpotxpjcbipsmmvhwysxwpexxwbfpo.sys
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxcleiaynaubqtrlqmrcottnvhntyjupddi.dll
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x3E 0x84 0x44 0xFA ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6A 0x1E 0xE9 0x3C ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2F 0xC7 0x8A 0xE3 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC1 0xE0 0x8C 0x89 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -510268767
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -2103802456
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x91 0x1C 0x2F 0x03 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6A 0x1E 0xE9 0x3C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2F 0xC7 0x8A 0xE3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2A 0x8E 0x14 0x7E ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x91 0x1C 0x2F 0x03 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6A 0x1E 0xE9 0x3C ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2F 0xC7 0x8A 0xE3 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2A 0x8E 0x14 0x7E ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat 0xAE 0x4B 0xA0 0xEA ...
---- EOF - GMER 1.0.15 ----
9. Noch die Screenshots von den Detailfenstern von den Funden von McAfee gemacht:  Bin mal gespannt, was Du darin sehen kannst. Viele Grüße Tanja |
|
22.03.2010, 20:40
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Falsche Google Weiterleitung und gar kein Internet mehr Sag mal, ist das ein Bürorechner? da ist ganz schön viel ungewöhnlicher Krams drauf, auch sowas oberteures wie Adobe CS4...
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.03.2010, 22:45
| #14 |
| | Falsche Google Weiterleitung und gar kein Internet mehr So melde mich nun mal schon zum vorwärmen von einer Ubuntu DesktopCD. Oder gibt es noch Hoffnung für mein System? |
|
23.03.2010, 08:48
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Falsche Google Weiterleitung und gar kein Internet mehr Ist das nun ein Bürorechner oder nicht?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Falsche Google Weiterleitung und gar kein Internet mehr |
| becker, browser, combofix, conduit, content.ie5, downloader, excel, explorer, failed, falsche seite, favicon, fehlermeldung, firefox, flash player, google, install.exe, internet, kein internet, keine fehlermeldung, local\temp, logfile, malwarebytes' anti-malware, msiexec.exe, neustart, photoshop, problem, programdata, rundll, security, seiten, server, services.exe, sketchup, software, usb, vlc media player, windows-defender, winlogon.exe |
Linear-Darstellung
