| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: C:\WINDOWS\system32\scvhost\svchost.exe,wuauserv.exe; Win32 MalwareWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.09.2012, 16:06
| #1 |
 |  C:\WINDOWS\system32\scvhost\svchost.exe,wuauserv.exe; Win32 Malware Hi@all, hab mich grad registriert und brauche direkt Hilfe^^, Avast hat unter C:\WINDOWS\system32\scvhost\svchost.exe einen Virus gefunden. Hijackthis meldet dazu folgendes: F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system32\scvhost\svchost.exe,wuauserv.exe Hab jetz bei Avast das Ding gelöscht und bei HijackThis den Registryeintrag und dann mal gegooglet und bin hier auf dieses Forum gestoßen. Da ich keine Ahnung habe, hätte ich gerne mal eine Expertenmeinung ob jetz noch Befall vorhanden ist oder nicht. Otl Scan: @ Code:
ATTFilter OTL logfile created on: 06.09.2012 14:05:06 - Run 1 OTL by OldTimer - Version 3.2.61.0 Folder = C:\Dokumente und Einstellungen\user.TEH-PC\Eigene Dateien\Downloads Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1022,42 Mb Total Physical Memory | 617,35 Mb Available Physical Memory | 60,38% Memory free 2,40 Gb Paging File | 1,96 Gb Available in Paging File | 81,53% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 116,41 Gb Total Space | 53,09 Gb Free Space | 45,60% Space Free | Partition Type: NTFS Drive D: | 109,63 Gb Total Space | 41,62 Gb Free Space | 37,97% Space Free | Partition Type: NTFS Drive E: | 6,83 Gb Total Space | 0,36 Gb Free Space | 5,32% Space Free | Partition Type: FAT32 Drive F: | 672,36 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: TEH-PC | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.06 14:01:23 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\user.TEH-PC\Eigene Dateien\Downloads\OTL.exe PRC - [2012.08.21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.05.24 15:57:49 | 000,510,960 | ---- | M] () -- C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe PRC - [2012.05.24 15:57:42 | 000,343,024 | ---- | M] () -- C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe PRC - [2011.04.28 09:59:58 | 000,220,552 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe PRC - [2010.02.18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2009.07.24 18:56:57 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe PRC - [2008.09.19 07:30:34 | 003,674,112 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\PostgreSQL\8.3\bin\postgres.exe PRC - [2008.09.19 03:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe PRC - [2008.07.04 12:52:18 | 000,014,336 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe PRC - [2006.02.28 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2004.02.24 16:35:06 | 002,372,760 | ---- | M] (Sygate Technologies, Inc.) -- C:\Programme\Sygate\SPF\Smc.exe ========== Modules (No Company Name) ========== MOD - [2012.09.06 09:53:39 | 001,807,872 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\12090600\algo.dll MOD - [2012.08.14 08:37:18 | 000,962,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\9cbb2652df5c2243902429b74aad6401\System.Configuration.ni.dll MOD - [2012.08.14 00:38:18 | 005,640,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\9836cee6676ab74cad770ce1945f0ccf\System.Xml.ni.dll MOD - [2012.08.14 00:37:47 | 008,093,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\ff091be1f5321f4782cdc8f348ac8c5d\System.ni.dll MOD - [2012.08.14 00:37:33 | 011,411,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b8995fed79290c488540ac8212bb4347\mscorlib.ni.dll MOD - [2012.08.14 00:37:02 | 000,368,640 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll MOD - [2012.08.14 00:36:55 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll MOD - [2012.05.24 15:57:49 | 000,510,960 | ---- | M] () -- C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe MOD - [2012.05.24 15:57:42 | 000,343,024 | ---- | M] () -- C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe MOD - [2009.08.16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2009.02.27 16:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.05.24 15:57:42 | 000,343,024 | ---- | M] () [Auto | Running] -- C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe -- (ALDITALKVerbindungsassistent_Service) SRV - [2009.11.23 22:45:00 | 003,571,484 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc) SRV - [2009.07.24 18:56:57 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc) SRV - [2009.07.24 18:56:56 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2009.07.15 11:48:20 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2008.09.19 03:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3) SRV - [2008.07.04 12:52:18 | 000,014,336 | ---- | M] (Vodafone) [Auto | Running] -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2004.02.24 16:35:06 | 002,372,760 | ---- | M] (Sygate Technologies, Inc.) [Auto | Running] -- C:\Programme\Sygate\SPF\Smc.exe -- (SmcService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.08.21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr) DRV - [2012.08.21 11:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012.08.14 00:09:47 | 000,106,496 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2010.04.16 00:44:16 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2010.04.16 00:44:16 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010.04.16 00:27:03 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2007.03.27 13:27:02 | 000,543,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211) DRV - [2006.11.07 01:00:00 | 000,014,976 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmunet.sys -- (AVMUNET) DRV - [2006.01.13 18:13:18 | 004,137,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) DRV - [2004.08.03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) DRV - [2004.02.02 10:53:28 | 000,018,518 | ---- | M] (Sygate Technologies, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt) DRV - [2004.02.02 10:51:04 | 000,055,891 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Teefer.sys -- (Teefer) DRV - [2004.02.02 10:37:32 | 000,011,914 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wg3n.sys -- (wg3n) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://ixquick.com/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: wrc@avast.com:7.0.1466 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Programme\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Programme\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Programme\AVAST Software\Avast\WebRep\FF [2012.09.06 11:29:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.05.25 10:21:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.03 20:50:00 | 000,000,000 | ---D | M] [2009.08.10 16:04:07 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\Mozilla\Extensions [2009.08.10 16:04:07 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\Mozilla\Firefox\Profiles\chs3hv6i.default\extensions [2012.09.06 13:08:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.10.08 17:39:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2012.09.06 11:29:54 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAMME\AVAST SOFTWARE\AVAST\WEBREP\FF [2010.10.08 17:38:45 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2010.10.08 17:38:44 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2011.04.03 20:49:52 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.04.03 20:49:52 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.04.03 20:49:52 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.04.03 20:49:52 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.04.03 20:49:52 | 000,000,801 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.02.28 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [MobileConnect] C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [SmcService] C:\Programme\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Launcher.lnk = C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe File not found O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DCE25BC-B101-40B7-9FEB-FDDDEBC40DA6}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\SYSTEM32\Userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe) - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\user.TEH-PC\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\user.TEH-PC\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.07.24 16:32:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{3be63cf0-e79a-11e1-af64-0016172b56cd}\Shell - "" = AutoRun O33 - MountPoints2\{3be63cf0-e79a-11e1-af64-0016172b56cd}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{3be63cf0-e79a-11e1-af64-0016172b56cd}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{61d73d5e-e523-11e1-af5e-0016172b56cd}\Shell - "" = AutoRun O33 - MountPoints2\{61d73d5e-e523-11e1-af5e-0016172b56cd}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{61d73d5e-e523-11e1-af5e-0016172b56cd}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{61d73d5f-e523-11e1-af5e-0016172b56cd}\Shell\verb1\command - "" = I:\desktop.exe O33 - MountPoints2\{762b0894-e6d4-11e1-af62-0016172b56cd}\Shell - "" = AutoRun O33 - MountPoints2\{762b0894-e6d4-11e1-af62-0016172b56cd}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{762b0894-e6d4-11e1-af62-0016172b56cd}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.06 11:30:08 | 000,355,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2012.09.06 11:30:08 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2012.09.06 11:30:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus [2012.09.06 11:30:07 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2012.09.06 11:30:07 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2012.09.06 11:30:06 | 000,729,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2012.09.06 11:30:05 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2012.09.06 11:30:05 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2012.09.06 11:30:05 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2012.09.06 11:29:44 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2012.09.06 11:29:43 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2012.09.06 11:29:24 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software [2012.09.06 11:29:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software [2012.08.17 12:13:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Everest Poker [2012.08.17 12:09:36 | 000,000,000 | ---D | C] -- C:\Programme\Everest Poker [2012.08.14 00:59:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Vodafone [2012.08.14 00:58:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone [2012.08.14 00:58:52 | 000,000,000 | ---D | C] -- C:\Programme\Vodafone [2012.08.14 00:43:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\Vodafone [2012.08.14 00:42:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InstallShield [2012.08.14 00:42:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Vodafone [2012.08.14 00:41:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user.TEH-PC\Lokale Einstellungen\Anwendungsdaten\{D53238E8-3427-491E-A57E-097FA966AAC1} [2012.08.14 00:10:49 | 000,860,928 | ---- | C] (DiBcom SA) -- C:\WINDOWS\System32\drivers\mod7700.sys [2012.08.14 00:10:49 | 000,117,504 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys [2012.08.14 00:10:49 | 000,106,496 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys [2012.08.14 00:10:49 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwusbdev.sys [2012.08.14 00:10:49 | 000,082,816 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcacm.sys [2012.08.14 00:10:49 | 000,072,576 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jubusenum.sys [2012.08.14 00:10:49 | 000,051,456 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcecm.sys [2012.08.14 00:10:49 | 000,026,496 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_juextctrl.sys [2012.08.14 00:10:49 | 000,024,448 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys [2012.08.14 00:10:49 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys [2012.08.14 00:10:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\ALDITALKVerbindungsassistent [2012.08.14 00:09:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ALDI TALK Verbindungsassistent [2012.08.14 00:09:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\ALDITALKVerbindungsassistent [2012.08.14 00:09:44 | 000,000,000 | ---D | C] -- C:\Programme\ALDITALKVerbindungsassistent [2012.08.14 00:09:16 | 015,254,224 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Dokumente und Einstellungen\user.TEH-PC\Desktop\AldiTalk-v4_06-Win.exe [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Dokumente und Einstellungen\user.TEH-PC\Lokale Einstellungen\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\user.TEH-PC\Lokale Einstellungen\Anwendungsdaten\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.06 14:00:00 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2012.09.06 13:57:09 | 000,000,306 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2012.09.06 13:56:37 | 000,039,291 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012.09.06 13:56:34 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.09.06 13:55:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.09.06 13:54:43 | 000,000,020 | ---- | M] () -- C:\Dokumente und Einstellungen\user.TEH-PC\defogger_reenable [2012.09.06 13:16:13 | 000,000,172 | -HS- | M] () -- C:\WINDOWS\System32\bootrun.reg [2012.09.06 11:30:08 | 000,001,653 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk [2012.09.06 11:30:06 | 000,003,001 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2012.09.06 09:38:00 | 000,000,457 | -HS- | M] () -- C:\WINDOWS\System32\boothide.reg [2012.09.05 20:10:29 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\scvhost.ini [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2012.08.21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2012.08.21 11:13:14 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2012.08.21 11:13:13 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2012.08.21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2012.08.21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2012.08.17 12:13:12 | 000,001,585 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Everest Poker.lnk [2012.08.16 20:14:49 | 000,002,533 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Vodafone Mobile Connect.lnk [2012.08.14 00:59:00 | 000,001,978 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Vodafone SMS.lnk [2012.08.14 00:37:12 | 000,475,558 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.08.14 00:37:12 | 000,455,072 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.08.14 00:37:12 | 000,091,740 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.08.14 00:37:12 | 000,075,150 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.08.14 00:09:52 | 000,001,862 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ALDI TALK Verbindungsassistent.lnk [2012.08.14 00:09:49 | 000,001,899 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Launcher.lnk [2012.08.14 00:09:48 | 000,860,928 | ---- | M] (DiBcom SA) -- C:\WINDOWS\System32\drivers\mod7700.sys [2012.08.14 00:09:48 | 000,026,496 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_juextctrl.sys [2012.08.14 00:09:48 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys [2012.08.14 00:09:47 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys [2012.08.14 00:09:47 | 000,106,496 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys [2012.08.14 00:09:47 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwusbdev.sys [2012.08.14 00:09:47 | 000,082,816 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcacm.sys [2012.08.14 00:09:47 | 000,072,576 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jubusenum.sys [2012.08.14 00:09:47 | 000,051,456 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcecm.sys [2012.08.14 00:09:47 | 000,024,448 | ---- | M] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys [2012.08.13 19:56:52 | 015,254,224 | ---- | M] (WebToGo Mobiles Internet GmbH) -- C:\Dokumente und Einstellungen\user.TEH-PC\Desktop\AldiTalk-v4_06-Win.exe [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Dokumente und Einstellungen\user.TEH-PC\Lokale Einstellungen\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\user.TEH-PC\Lokale Einstellungen\Anwendungsdaten\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.06 13:54:36 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\user.TEH-PC\defogger_reenable [2012.09.06 11:30:08 | 000,001,653 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk [2012.09.06 11:30:06 | 000,000,306 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2012.08.17 12:13:12 | 000,001,585 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Everest Poker.lnk [2012.08.14 00:59:00 | 000,002,533 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Vodafone Mobile Connect.lnk [2012.08.14 00:59:00 | 000,001,978 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Vodafone SMS.lnk [2012.08.14 00:09:52 | 000,001,862 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ALDI TALK Verbindungsassistent.lnk [2012.08.14 00:09:49 | 000,001,899 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Launcher.lnk [2012.08.14 00:09:06 | 000,000,172 | -HS- | C] () -- C:\WINDOWS\System32\bootrun.reg [2012.08.14 00:09:05 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\scvhost.ini [2012.08.14 00:09:04 | 000,000,457 | -HS- | C] () -- C:\WINDOWS\System32\boothide.reg [2012.08.01 19:08:46 | 000,004,135 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\flwjycbm.bab [2012.07.09 21:01:02 | 002,815,240 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-436374069-838170752-839522115-1007-0.dat [2012.07.09 21:01:01 | 000,315,886 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2012.05.08 17:43:43 | 000,004,877 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bltofzsb.qlf [2010.05.21 16:05:54 | 003,099,648 | ---- | C] () -- C:\Programme\openofficeorg32.msi [2010.05.21 16:04:24 | 000,460,088 | ---- | C] () -- C:\Programme\setup.exe [2010.05.21 16:02:28 | 145,988,142 | ---- | C] () -- C:\Programme\openofficeorg1.cab [2010.05.21 15:07:44 | 000,000,290 | ---- | C] () -- C:\Programme\setup.ini [2009.08.14 18:15:12 | 000,004,985 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ojvzdisj.xda [2009.08.13 16:26:46 | 000,026,112 | ---- | C] () -- C:\Dokumente und Einstellungen\user.TEH-PC\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.06.23 13:02:02 | 000,097,410 | R--- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DeviceManager.xml.rc4 [2008.05.23 17:48:50 | 000,020,270 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DeviceInstaller.xml ========== LOP Check ========== [2012.09.06 11:29:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software [2010.04.16 00:25:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2012.04.19 14:41:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Hotspot Shield [2009.07.25 17:58:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier [2012.02.27 00:11:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PMB Files [2010.04.30 23:57:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TP-LINK [2009.07.24 18:56:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2012.08.14 00:58:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone [2012.07.09 20:53:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\XHEO INC [2009.07.24 18:22:27 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357} [2012.03.06 23:53:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\.minecraft [2012.08.30 11:30:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\ALDITALKVerbindungsassistent [2010.12.19 15:27:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\DAEMON Tools Lite [2012.07.09 21:13:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\HEM Data [2012.07.12 02:15:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\HoldemManager [2011.11.17 22:14:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\LolClient [2011.03.20 23:57:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\Rift [2011.12.03 21:52:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\TS3Client [2012.07.12 01:45:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\TuneUp Software [2012.08.14 00:43:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\Vodafone [2012.09.06 14:00:00 | 000,000,492 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job [2012.09.06 13:57:09 | 000,000,306 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 06.09.2012 14:05:06 - Run 1
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Dokumente und Einstellungen\user.TEH-PC\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1022,42 Mb Total Physical Memory | 617,35 Mb Available Physical Memory | 60,38% Memory free
2,40 Gb Paging File | 1,96 Gb Available in Paging File | 81,53% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 116,41 Gb Total Space | 53,09 Gb Free Space | 45,60% Space Free | Partition Type: NTFS
Drive D: | 109,63 Gb Total Space | 41,62 Gb Free Space | 37,97% Space Free | Partition Type: NTFS
Drive E: | 6,83 Gb Total Space | 0,36 Gb Free Space | 5,32% Space Free | Partition Type: FAT32
Drive F: | 672,36 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: TEH-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"58995:TCP" = 58995:TCP:*:Enabled:Pando Media Booster
"58995:UDP" = 58995:UDP:*:Enabled:Pando Media Booster
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher
"8394:UDP" = 8394:UDP:*:Enabled:League of Legends Launcher
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"8395:TCP" = 8395:TCP:*:Enabled:League of Legends Launcher
"8395:UDP" = 8395:UDP:*:Enabled:League of Legends Launcher
"8396:TCP" = 8396:TCP:*:Enabled:League of Legends Launcher
"8396:UDP" = 8396:UDP:*:Enabled:League of Legends Launcher
"58995:TCP" = 58995:TCP:*:Enabled:Pando Media Booster
"58995:UDP" = 58995:UDP:*:Enabled:Pando Media Booster
"6926:TCP" = 6926:TCP:*:Enabled:League of Legends Launcher
"6926:UDP" = 6926:UDP:*:Enabled:League of Legends Launcher
"6940:TCP" = 6940:TCP:*:Enabled:League of Legends Launcher
"6940:UDP" = 6940:UDP:*:Enabled:League of Legends Launcher
"8397:TCP" = 8397:TCP:*:Enabled:League of Legends Launcher
"8397:UDP" = 8397:UDP:*:Enabled:League of Legends Launcher
"6991:TCP" = 6991:TCP:*:Enabled:League of Legends Launcher
"6991:UDP" = 6991:UDP:*:Enabled:League of Legends Launcher
"6935:TCP" = 6935:TCP:*:Enabled:League of Legends Launcher
"6935:UDP" = 6935:UDP:*:Enabled:League of Legends Launcher
"6981:TCP" = 6981:TCP:*:Enabled:League of Legends Launcher
"6981:UDP" = 6981:UDP:*:Enabled:League of Legends Launcher
"6949:TCP" = 6949:TCP:*:Enabled:League of Legends Launcher
"6949:UDP" = 6949:UDP:*:Enabled:League of Legends Launcher
"6990:TCP" = 6990:TCP:*:Enabled:League of Legends Launcher
"6990:UDP" = 6990:UDP:*:Enabled:League of Legends Launcher
"6901:TCP" = 6901:TCP:*:Enabled:League of Legends Launcher
"6901:UDP" = 6901:UDP:*:Enabled:League of Legends Launcher
"6946:TCP" = 6946:TCP:*:Enabled:League of Legends Launcher
"6946:UDP" = 6946:UDP:*:Enabled:League of Legends Launcher
"6936:TCP" = 6936:TCP:*:Enabled:League of Legends Launcher
"6936:UDP" = 6936:UDP:*:Enabled:League of Legends Launcher
"6895:TCP" = 6895:TCP:*:Enabled:League of Legends Launcher
"6895:UDP" = 6895:UDP:*:Enabled:League of Legends Launcher
"8398:TCP" = 8398:TCP:*:Enabled:League of Legends Launcher
"8398:UDP" = 8398:UDP:*:Enabled:League of Legends Launcher
"6980:TCP" = 6980:TCP:*:Enabled:League of Legends Launcher
"6980:UDP" = 6980:UDP:*:Enabled:League of Legends Launcher
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Miranda IM\miranda32.exe" = C:\Programme\Miranda IM\miranda32.exe:*:Enabled:Miranda IM -- ( )
"C:\Programme\League of Legends\Air\LolClient.exe" = C:\Programme\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby
"C:\Programme\League of Legends\Game\League of Legends.exe" = C:\Programme\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client
"C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam
"C:\Programme\Reality Pump\Two Worlds II\TwoWorlds2.exe" = C:\Programme\Reality Pump\Two Worlds II\TwoWorlds2.exe:*:Enabled:Two Worlds II -- (Reality Pump)
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby
"C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client
"C:\Riot Games\League of Legends\lol.launcher.exe" = C:\Riot Games\League of Legends\lol.launcher.exe:*:Enabled:League of Legends Launcher
"C:\Programme\Steam\steamapps\reyeddi\counter-strike source\hl2.exe" = C:\Programme\Steam\steamapps\reyeddi\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.0.0
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88908767-B7AD-4b0d-ACBC-FBCCF2761D31}" = HP Photosmart All-In-One Software 9.0
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B09BCBF6-87EE-4403-A336-3A9510856535}" = HP Photosmart All-In-One Software 9.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"{D8B7A682-20DA-4797-8415-B1FB14D4D32B}" = PS_AIO_Software
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EE91E474-9298-47B8-817F-8E0042408998}" = Risen Hotfix 1.01
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F860F390-78F4-4B45-8C1A-0489618E315B}" = Sygate Personal Firewall
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALDITALKVerbindungsassistent" = ALDI TALK Verbindungsassistent
"avast" = avast! Free Antivirus
"CABAL Online (Europe)_is1" = CABAL Online
"CCleaner" = CCleaner
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Everest Poker" = Everest Poker (Remove Only)
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.0.0
"MedionVFD" = Medion Info Display
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Miranda IM" = Miranda IM 0.8.10
"Mozilla Firefox (3.5.16)" = Mozilla Firefox (3.5.16)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Tremulous" = Tremulous 1.1.0
"Two Worlds II" = Two Worlds II
"WIC" = Windows Imaging Component
"William Hill Poker" = William Hill Poker
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Worms Reloaded_is1" = Worms Reloaded
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 05.09.2012 03:43:52 | Computer Name = TEH-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 05.09.2012 14:01:11 | Computer Name = TEH-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 05.09.2012 15:44:17 | Computer Name = TEH-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 06.09.2012 03:37:46 | Computer Name = TEH-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 06.09.2012 07:19:28 | Computer Name = TEH-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 06.09.2012 07:22:20 | Computer Name = TEH-PC | Source = VMCService | ID = 0
Description = GetProcessOwner
Error - 06.09.2012 07:29:51 | Computer Name = TEH-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 06.09.2012 07:35:45 | Computer Name = TEH-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 06.09.2012 07:56:06 | Computer Name = TEH-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 06.09.2012 07:57:25 | Computer Name = TEH-PC | Source = VMCService | ID = 0
Description = GetProcessOwner
[ OSession Events ]
Error - 12.11.2010 13:47:12 | Computer Name = TEH-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9921
seconds with 60 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 06.09.2012 05:29:05 | Computer Name = TEH-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 06.09.2012 05:29:06 | Computer Name = TEH-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 06.09.2012 05:29:08 | Computer Name = TEH-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 06.09.2012 05:29:09 | Computer Name = TEH-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 06.09.2012 05:29:11 | Computer Name = TEH-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 06.09.2012 05:29:12 | Computer Name = TEH-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 06.09.2012 05:29:14 | Computer Name = TEH-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 06.09.2012 05:29:16 | Computer Name = TEH-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 06.09.2012 05:29:17 | Computer Name = TEH-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 06.09.2012 05:29:19 | Computer Name = TEH-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
[ TuneUp Events ]
Error - 30.08.2012 04:58:37 | Computer Name = TEH-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended,
State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications
(Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2012-08-30 10:58:37',
1, Resumed FROM ActiveApps;DELETE FROM ActiveApps
Error - 30.08.2012 19:51:13 | Computer Name = TEH-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended,
State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications
(Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2012-08-31 01:51:13',
1, Resumed FROM ActiveApps;DELETE FROM ActiveApps
Error - 31.08.2012 05:55:21 | Computer Name = TEH-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended,
State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications
(Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2012-08-31 11:55:21',
1, Resumed FROM ActiveApps;DELETE FROM ActiveApps
Error - 31.08.2012 08:32:04 | Computer Name = TEH-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended,
State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications
(Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2012-08-31 14:32:04',
1, Resumed FROM ActiveApps;DELETE FROM ActiveApps
Error - 01.09.2012 05:09:32 | Computer Name = TEH-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended,
State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications
(Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2012-09-01 11:09:32',
1, Resumed FROM ActiveApps;DELETE FROM ActiveApps
Error - 02.09.2012 06:56:28 | Computer Name = TEH-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended,
State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications
(Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2012-09-02 12:56:28',
1, Resumed FROM ActiveApps;DELETE FROM ActiveApps
Error - 03.09.2012 06:23:43 | Computer Name = TEH-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended,
State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications
(Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2012-09-03 12:23:43',
1, Resumed FROM ActiveApps;DELETE FROM ActiveApps
Error - 04.09.2012 05:11:05 | Computer Name = TEH-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended,
State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications
(Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2012-09-04 11:11:05',
1, Resumed FROM ActiveApps;DELETE FROM ActiveApps
Error - 05.09.2012 04:43:55 | Computer Name = TEH-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended,
State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications
(Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2012-09-05 10:43:55',
1, Resumed FROM ActiveApps;DELETE FROM ActiveApps
Error - 05.09.2012 15:01:14 | Computer Name = TEH-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended,
State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications
(Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2012-09-05 21:01:14',
1, Resumed FROM ActiveApps;DELETE FROM ActiveApps
< End of report >
|
|
06.09.2012, 16:27
| #2 |
| | C:\WINDOWS\system32\scvhost\svchost.exe,wuauserv.exe; Win32 Malware mittlerweile auch den GMER scan gemacht:
__________________GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-06 16:22:20
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 ST3250824AS rev.3.AAE
Running: ghjrtikt.exe; Driver: C:\DOKUME~1\user~1.TEH\LOKALE~1\Temp\uwtdipow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xF2F26708]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF2FF97C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xF2F2711C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xF2F68401]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xF2F31F28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xF2F31F74]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xF2F320F6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xF2F67DB5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xF2F31E96]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xF2F31FB8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xF2F31EDE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xF2F27310]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xF2F320B0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xF2F27A9C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xF2F26756]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xF2F68AC7]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xF2F68D7D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xF2F2B0E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF2F68932]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF2F6879D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF2FF98AC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xF2F263BE]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwMapViewOfSection [0xF7C6C8D0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xF2F267A4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xF2F2B456]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xF2F28464]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xF2F31F52]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xF2F31F96]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xF2F3211A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xF2F68111]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xF2F31EBC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xF2F2AC5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xF2F3203A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xF2F31F06]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xF2F2AE8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xF2F320D4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF2FF9A2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xF2F68618]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xF2F28330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xF2F6846A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xF2F27EDA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF300530E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xF2F67428]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xF2F267F2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xF2F26840]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xF2F2791C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xF2F26448]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xF2F265F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xF2F68BCE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xF2F2659E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xF2F27BFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xF2F27D5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xF2F26668]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xF2F27632]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xF2F27794]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xF2F2688E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xF2F27160]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF3011966]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text TUKERNEL.EXE!ZwYieldExecution + 147 804E5008 5 Bytes [B8, 1F, F3, F2, DE] {MOV EAX, 0xdef2f31f}
.text TUKERNEL.EXE!ZwYieldExecution + 14D 804E500E 2 Bytes [F3, F2]
.text TUKERNEL.EXE!ZwYieldExecution + 3CB 804E528C 12 Bytes [F2, 67, F2, F2, 40, 68, F2, ...]
.text TUKERNEL.EXE!ZwYieldExecution + 473 804E5334 12 Bytes [FE, 7B, F2, F2, 5A, 7D, F2, ...]
PAGE TUKERNEL.EXE!ObInsertObject 8056EBBF 5 Bytes JMP F3010320 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE TUKERNEL.EXE!PsCreateSystemThread + 455 80576F09 4 Bytes CALL F2F28AF1 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE TUKERNEL.EXE!SeTokenIsWriteRestricted + 799 8058B5EC 7 Bytes JMP F301196A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE TUKERNEL.EXE!ObMakeTemporaryObject 805A9184 5 Bytes JMP F300E806 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6831360, 0x20469D, 0xE8000020]
.text tcpip.sys!IPTransmit + 10BC F3213CFA 6 Bytes CALL F76A2200 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text tcpip.sys!IPTransmit + 263D F321527B 6 Bytes CALL F76A2200 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text tcpip.sys!ARPRcv + 521E F321A4BE 6 Bytes CALL F76A2200 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text wanarp.sys F7A483FD 4 Bytes CALL F76A2350 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text wanarp.sys F7A48402 2 Bytes [90, 90] {NOP ; NOP }
.text win32k.sys!EngFreeUserMem + 674 BF809B45 5 Bytes JMP F2F2CA6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D0 BF80CAA1 5 Bytes JMP F2F2C95E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF80FBC0 5 Bytes JMP F2F2C918 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11F0 BF81C962 5 Bytes JMP F2F2BFCA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPaint + 4EF BF8255ED 5 Bytes JMP F2F2B6E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 1E5F BF8341A1 5 Bytes JMP F2F2CBD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 237D BF8346BF 5 Bytes JMP F2F2C81E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 4564 BF8368A6 5 Bytes JMP F2F2CDE0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + EE3F BF841181 5 Bytes JMP F2F2B756 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + DE42 BF85AD4E 5 Bytes JMP F2F2B5AA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + B5F2 BF8670A0 5 Bytes JMP F2F2BFB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3474 BF87111B 5 Bytes JMP F2F2BB40 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 34FF BF8711A6 5 Bytes JMP F2F2BE06 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 35C1 BF87593B 5 Bytes JMP F2F2C9A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 35FB BF894195 5 Bytes JMP F2F2BC00 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 411E BF894CB8 5 Bytes JMP F2F2BDC0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF8B1EF6 5 Bytes JMP F2F2C0A4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 3AA1 BF8B6854 5 Bytes JMP F2F2CB20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 33F7 BF8BA1A0 5 Bytes JMP F2F2C08C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 34B7 BF8BA260 5 Bytes JMP F2F2B592 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 8A22 BF8BF7CB 5 Bytes JMP F2F2CD3E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + 3E8 BF8C333C 5 Bytes JMP F2F2B866 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8EB97D 5 Bytes JMP F2F2B93E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8EBBFD 5 Bytes JMP F2F2BA6A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + B223 BF8F5689 5 Bytes JMP F2F2BFE2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + 19EF BF8F9A43 5 Bytes JMP F2F2B48C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19C1 BF913245 5 Bytes JMP F2F2B682 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2595 BF913E19 5 Bytes JMP F2F2B812 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4EF4 BF916778 5 Bytes JMP F2F2BF20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 18EC BF94468A 5 Bytes JMP F2F2CC96 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB991F300, 0x3B6D8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xF7B7B300, 0x1BEE, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\System32\svchost.exe[172] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[172] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[204] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[204] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe[412] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe[412] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\msiexec.exe[524] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\WINDOWS\system32\msiexec.exe[524] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\smss.exe[644] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[672] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[672] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[672] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[672] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[672] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 002A1014
.text C:\WINDOWS\System32\svchost.exe[672] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 002A0804
.text C:\WINDOWS\System32\svchost.exe[672] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 002A0A08
.text C:\WINDOWS\System32\svchost.exe[672] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\System32\svchost.exe[672] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 002A0E10
.text C:\WINDOWS\System32\svchost.exe[672] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 002A01F8
.text C:\WINDOWS\System32\svchost.exe[672] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 002A03FC
.text C:\WINDOWS\System32\svchost.exe[672] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 002A0600
.text C:\WINDOWS\System32\svchost.exe[672] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[672] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[672] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[672] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[672] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\csrss.exe[776] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[776] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[780] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[780] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[780] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\svchost.exe[780] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[780] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[780] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[780] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[780] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[836] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[836] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[912] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[924] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1196] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1196] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Programme\Sygate\SPF\smc.exe[1284] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\Programme\Sygate\SPF\smc.exe[1284] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1360] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\TUProgSt.exe[1500] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 001501F8
.text C:\WINDOWS\System32\TUProgSt.exe[1500] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\WINDOWS\System32\TUProgSt.exe[1500] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 001503FC
.text C:\WINDOWS\System32\TUProgSt.exe[1500] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\TUProgSt.exe[1500] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 00381014
.text C:\WINDOWS\System32\TUProgSt.exe[1500] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 00380804
.text C:\WINDOWS\System32\TUProgSt.exe[1500] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 00380A08
.text C:\WINDOWS\System32\TUProgSt.exe[1500] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 00380C0C
.text C:\WINDOWS\System32\TUProgSt.exe[1500] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 00380E10
.text C:\WINDOWS\System32\TUProgSt.exe[1500] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 003801F8
.text C:\WINDOWS\System32\TUProgSt.exe[1500] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 003803FC
.text C:\WINDOWS\System32\TUProgSt.exe[1500] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 00380600
.text C:\WINDOWS\System32\TUProgSt.exe[1500] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 003901F8
.text C:\WINDOWS\System32\TUProgSt.exe[1500] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 003903FC
.text C:\WINDOWS\System32\TUProgSt.exe[1500] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 00390804
.text C:\WINDOWS\System32\TUProgSt.exe[1500] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 00390A08
.text C:\WINDOWS\System32\TUProgSt.exe[1500] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00390600
.text C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe[1568] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe[1568] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Dokumente und Einstellungen\user.TEH-PC\Eigene Dateien\Downloads\ghjrtikt.exe[1576] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\Dokumente und Einstellungen\user.TEH-PC\Eigene Dateien\Downloads\ghjrtikt.exe[1576] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Programme\AVAST Software\Avast\AvastSvc.exe[1688] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\Programme\AVAST Software\Avast\AvastSvc.exe[1688] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Programme\AVAST Software\Avast\AvastSvc.exe[1688] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1836] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1836] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[1880] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 000501F8
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[1880] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[1880] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 000503FC
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[1880] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[1880] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 00E91014
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[1880] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 00E90804
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[1880] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 00E90A08
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[1880] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 00E90C0C
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[1880] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 00E90E10
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[1880] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 00E901F8
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[1880] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 00E903FC
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[1880] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 00E90600
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[1880] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 00EA01F8
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[1880] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 00EA03FC
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[1880] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 00EA0804
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[1880] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 00EA0A08
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[1880] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00EA0600
.text C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe[1920] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe[1920] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1984] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1984] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Programme\Java\jre6\bin\jqs.exe[2008] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\Programme\Java\jre6\bin\jqs.exe[2008] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2144] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2144] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2196] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 000501F8
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2196] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2196] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 000503FC
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2196] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2196] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 00E91014
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2196] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 00E90804
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2196] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 00E90A08
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2196] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 00E90C0C
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2196] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 00E90E10
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2196] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 00E901F8
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2196] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 00E903FC
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2196] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 00E90600
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2196] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 00EA01F8
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2196] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 00EA03FC
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2196] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 00EA0804
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2196] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 00EA0A08
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2196] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00EA0600
.text C:\WINDOWS\Explorer.EXE[2276] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[2276] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[2276] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[2276] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[2276] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 002B1014
.text C:\WINDOWS\Explorer.EXE[2276] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 002B0804
.text C:\WINDOWS\Explorer.EXE[2276] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\Explorer.EXE[2276] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\Explorer.EXE[2276] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 002B0E10
.text C:\WINDOWS\Explorer.EXE[2276] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\Explorer.EXE[2276] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 002B03FC
.text C:\WINDOWS\Explorer.EXE[2276] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 002B0600
.text C:\WINDOWS\Explorer.EXE[2276] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[2276] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[2276] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[2276] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[2276] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 002C0600
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2284] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 001501F8
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2284] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2284] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 001503FC
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2284] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2284] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 003A01F8
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2284] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 003A03FC
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2284] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 003A0804
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2284] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 003A0A08
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2284] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 003A0600
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2284] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 003B1014
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2284] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 003B0804
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2284] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 003B0A08
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2284] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 003B0C0C
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2284] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 003B0E10
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2284] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 003B01F8
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2284] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 003B03FC
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2284] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 003B0600
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2328] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 000501F8
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2328] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2328] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 000503FC
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2328] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2328] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 00E91014
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2328] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 00E90804
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2328] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 00E90A08
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2328] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 00E90C0C
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2328] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 00E90E10
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2328] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 00E901F8
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2328] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 00E903FC
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2328] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 00E90600
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2328] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 00EA01F8
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2328] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 00EA03FC
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2328] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 00EA0804
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2328] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 00EA0A08
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2328] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00EA0600
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2336] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 000501F8
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2336] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2336] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 000503FC
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2336] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2336] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 00E91014
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2336] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 00E90804
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2336] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 00E90A08
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2336] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 00E90C0C
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2336] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 00E90E10
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2336] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 00E901F8
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2336] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 00E903FC
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2336] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 00E90600
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2336] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 00EA01F8
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2336] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 00EA03FC
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2336] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 00EA0804
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2336] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 00EA0A08
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2336] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00EA0600
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2344] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 000501F8
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2344] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2344] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 000503FC
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2344] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2344] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 00E91014
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2344] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 00E90804
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2344] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 00E90A08
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2344] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 00E90C0C
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2344] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 00E90E10
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2344] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 00E901F8
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2344] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 00E903FC
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2344] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 00E90600
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2344] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 00EA01F8
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2344] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 00EA03FC
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2344] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 00EA0804
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2344] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 00EA0A08
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2344] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00EA0600
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2352] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 000501F8
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2352] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2352] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 000503FC
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2352] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2352] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 00E91014
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2352] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 00E90804
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2352] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 00E90A08
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2352] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 00E90C0C
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2352] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 00E90E10
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2352] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 00E901F8
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2352] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 00E903FC
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2352] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 00E90600
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2352] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 00EA01F8
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2352] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 00EA03FC
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2352] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 00EA0804
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2352] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 00EA0A08
.text C:\Programme\PostgreSQL\8.3\bin\postgres.exe[2352] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00EA0600
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2604] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2604] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2604] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2604] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2604] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2604] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2604] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2604] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2604] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2604] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2604] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2604] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2604] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2604] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2604] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2604] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2604] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\wscntfy.exe[2632] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[2632] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Programme\PDF24\pdf24.exe[2712] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 001401F8
.text C:\Programme\PDF24\pdf24.exe[2712] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\Programme\PDF24\pdf24.exe[2712] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 001403FC
.text C:\Programme\PDF24\pdf24.exe[2712] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Programme\PDF24\pdf24.exe[2712] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 00531014
.text C:\Programme\PDF24\pdf24.exe[2712] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 00530804
.text C:\Programme\PDF24\pdf24.exe[2712] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 00530A08
.text C:\Programme\PDF24\pdf24.exe[2712] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 00530C0C
.text C:\Programme\PDF24\pdf24.exe[2712] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 00530E10
.text C:\Programme\PDF24\pdf24.exe[2712] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 005301F8
.text C:\Programme\PDF24\pdf24.exe[2712] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 005303FC
.text C:\Programme\PDF24\pdf24.exe[2712] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 00530600
.text C:\Programme\PDF24\pdf24.exe[2712] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 005401F8
.text C:\Programme\PDF24\pdf24.exe[2712] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 005403FC
.text C:\Programme\PDF24\pdf24.exe[2712] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 00540804
.text C:\Programme\PDF24\pdf24.exe[2712] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 00540A08
.text C:\Programme\PDF24\pdf24.exe[2712] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00540600
.text C:\WINDOWS\System32\alg.exe[2752] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[2752] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2752] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[2752] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2752] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 002A01F8
.text C:\WINDOWS\System32\alg.exe[2752] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 002A03FC
.text C:\WINDOWS\System32\alg.exe[2752] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 002A0804
.text C:\WINDOWS\System32\alg.exe[2752] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 002A0A08
.text C:\WINDOWS\System32\alg.exe[2752] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 002A0600
.text C:\WINDOWS\System32\alg.exe[2752] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\alg.exe[2752] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[2752] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[2752] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\alg.exe[2752] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\alg.exe[2752] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[2752] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[2752] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 002B0600
.text C:\WINDOWS\RTHDCPL.EXE[3092] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 001401F8
.text C:\WINDOWS\RTHDCPL.EXE[3092] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[3092] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 001403FC
.text C:\WINDOWS\RTHDCPL.EXE[3092] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[3092] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 003701F8
.text C:\WINDOWS\RTHDCPL.EXE[3092] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 003703FC
.text C:\WINDOWS\RTHDCPL.EXE[3092] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 00370804
.text C:\WINDOWS\RTHDCPL.EXE[3092] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 00370A08
.text C:\WINDOWS\RTHDCPL.EXE[3092] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00370600
.text C:\WINDOWS\RTHDCPL.EXE[3092] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 00381014
.text C:\WINDOWS\RTHDCPL.EXE[3092] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 00380804
.text C:\WINDOWS\RTHDCPL.EXE[3092] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 00380A08
.text C:\WINDOWS\RTHDCPL.EXE[3092] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 00380C0C
.text C:\WINDOWS\RTHDCPL.EXE[3092] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 00380E10
.text C:\WINDOWS\RTHDCPL.EXE[3092] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 003801F8
.text C:\WINDOWS\RTHDCPL.EXE[3092] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 003803FC
.text C:\WINDOWS\RTHDCPL.EXE[3092] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 00380600
.text C:\Programme\HP\HP Software Update\HPWuSchd2.exe[3172] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 001401F8
.text C:\Programme\HP\HP Software Update\HPWuSchd2.exe[3172] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\Programme\HP\HP Software Update\HPWuSchd2.exe[3172] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 001403FC
.text C:\Programme\HP\HP Software Update\HPWuSchd2.exe[3172] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Programme\HP\HP Software Update\HPWuSchd2.exe[3172] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 003701F8
.text C:\Programme\HP\HP Software Update\HPWuSchd2.exe[3172] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 003703FC
.text C:\Programme\HP\HP Software Update\HPWuSchd2.exe[3172] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 00370804
.text C:\Programme\HP\HP Software Update\HPWuSchd2.exe[3172] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 00370A08
.text C:\Programme\HP\HP Software Update\HPWuSchd2.exe[3172] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00370600
.text C:\Programme\HP\HP Software Update\HPWuSchd2.exe[3172] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 00381014
.text C:\Programme\HP\HP Software Update\HPWuSchd2.exe[3172] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 00380804
.text C:\Programme\HP\HP Software Update\HPWuSchd2.exe[3172] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 00380A08
.text C:\Programme\HP\HP Software Update\HPWuSchd2.exe[3172] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 00380C0C
.text C:\Programme\HP\HP Software Update\HPWuSchd2.exe[3172] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 00380E10
.text C:\Programme\HP\HP Software Update\HPWuSchd2.exe[3172] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 003801F8
.text C:\Programme\HP\HP Software Update\HPWuSchd2.exe[3172] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 003803FC
.text C:\Programme\HP\HP Software Update\HPWuSchd2.exe[3172] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 00380600
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3176] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 001501F8
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3176] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3176] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 001503FC
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3176] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3176] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 00381014
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3176] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 00380804
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3176] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 00380A08
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3176] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 00380C0C
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3176] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 00380E10
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3176] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 003801F8
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3176] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 003803FC
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3176] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 00380600
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3176] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 003901F8
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3176] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 003903FC
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3176] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 00390804
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3176] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 00390A08
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3176] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\wuauclt.exe[3228] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\wuauclt.exe[3228] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[3228] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\wuauclt.exe[3228] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[3228] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\wuauclt.exe[3228] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\wuauclt.exe[3228] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\wuauclt.exe[3228] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\wuauclt.exe[3228] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\wuauclt.exe[3228] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\wuauclt.exe[3228] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\wuauclt.exe[3228] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\wuauclt.exe[3228] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\wuauclt.exe[3228] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\wuauclt.exe[3228] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wuauclt.exe[3228] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\wuauclt.exe[3228] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 002C0600
.text C:\Programme\AVAST Software\Avast\avastUI.exe[3256] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\Programme\AVAST Software\Avast\avastUI.exe[3256] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe[3420] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 001501F8
.text C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe[3420] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe[3420] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 001503FC
.text C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe[3420] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe[3420] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 00381014
.text C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe[3420] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 00380804
.text C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe[3420] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 00380A08
.text C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe[3420] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 00380C0C
.text C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe[3420] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 00380E10
.text C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe[3420] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 003801F8
.text C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe[3420] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 003803FC
.text C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe[3420] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 00380600
.text C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe[3420] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 003901F8
.text C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe[3420] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 003903FC
.text C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe[3420] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 00390804
.text C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe[3420] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 00390A08
.text C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe[3420] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00390600
.text C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[3600] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 001501F8
.text C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[3600] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926AC2 1 Byte [62]
.text C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[3600] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 001503FC
.text C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[3600] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[3600] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 00381014
.text C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[3600] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 00380804
.text C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[3600] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 00380A08
.text C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[3600] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 00380C0C
.text C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[3600] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 00380E10
.text C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[3600] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 003801F8
.text C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[3600] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 003803FC
.text C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[3600] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 00380600
.text C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[3600] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 003901F8
.text C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[3600] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 003903FC
.text C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[3600] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 00390804
.text C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[3600] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 00390A08
.text C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[3600] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00390600
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\aswTdi \Device\AswUdpFilter wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\aswTdi \Device\AswTcpFilter wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1C 0xA3 0xFA 0xCD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x96 0x21 0xD7 0xDE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFA 0xF2 0x70 0x55 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xA3 0xA2 0xDA 0x0B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1C 0xA3 0xFA 0xCD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x96 0x21 0xD7 0xDE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFA 0xF2 0x70 0x55 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xA3 0xA2 0xDA 0x0B ...
---- EOF - GMER 1.0.15 ----
|
|
11.09.2012, 21:13
| #3 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | C:\WINDOWS\system32\scvhost\svchost.exe,wuauserv.exe; Win32 Malware Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
13.09.2012, 14:59
| #4 |
| | C:\WINDOWS\system32\scvhost\svchost.exe,wuauserv.exe; Win32 Malware Eset Logfile: Code:
ATTFilter C:\Dokumente und Einstellungen\User.TEH-PC\Eigene Dateien\Downloads\SoftonicDownloader_fuer_teamspeak.exe a variant of Win32/SoftonicDownloader.A application
C:\Everest Poker\cstart.exe a variant of Win32/Casino application
C:\Everest Poker\Everest Poker.exe a variant of Win32/Casino application
Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.13.02 Windows XP Service Pack 2 x86 NTFS Internet Explorer 6.0.2900.2180 User :: TEH-PC [Administrator] 13.09.2012 10:59:58 mbam-log-2012-09-13 (10-59-58).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 461236 Laufzeit: 1 Stunde(n), 41 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL|CheckedValue (PUM.Hijack.System.Hidden) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
13.09.2012, 21:07
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | C:\WINDOWS\system32\scvhost\svchost.exe,wuauserv.exe; Win32 Malware Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.09.2012, 10:01
| #6 |
| | C:\WINDOWS\system32\scvhost\svchost.exe,wuauserv.exe; Win32 Malware Nein, das ist mein erster Scan und im Reiter Logdateien steht auch nur dieses Logfile. |
|
14.09.2012, 15:13
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | C:\WINDOWS\system32\scvhost\svchost.exe,wuauserv.exe; Win32 Malware adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.09.2012, 15:22
| #8 |
| | C:\WINDOWS\system32\scvhost\svchost.exe,wuauserv.exe; Win32 Malware AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.001 - Datei am 09/14/2012 um 16:19:29 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 2 (32 bits)
# Benutzer : user - TEH-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\user.TEH-PC\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v6.0.2900.2180
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[R1].txt - [588 octets] - [14/09/2012 16:19:29]
########## EOF - C:\AdwCleaner[R1].txt - [647 octets] ##########
|
|
14.09.2012, 19:55
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | C:\WINDOWS\system32\scvhost\svchost.exe,wuauserv.exe; Win32 Malware Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.09.2012, 09:59
| #10 |
| | C:\WINDOWS\system32\scvhost\svchost.exe,wuauserv.exe; Win32 Malware Sry, hat etwas länger gedauert, hatte viel um die Ohren. Hier das Logfile: Code:
ATTFilter OTL logfile created on: 18.09.2012 10:35:57 - Run 2 OTL by OldTimer - Version 3.2.61.0 Folder = C:\Dokumente und Einstellungen\user.TEH-PC\Eigene Dateien\Downloads\otl Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1022,42 Mb Total Physical Memory | 451,65 Mb Available Physical Memory | 44,17% Memory free 2,40 Gb Paging File | 1,82 Gb Available in Paging File | 75,77% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 116,41 Gb Total Space | 52,34 Gb Free Space | 44,96% Space Free | Partition Type: NTFS Drive D: | 109,63 Gb Total Space | 41,64 Gb Free Space | 37,98% Space Free | Partition Type: NTFS Drive E: | 6,83 Gb Total Space | 0,36 Gb Free Space | 5,32% Space Free | Partition Type: FAT32 Drive F: | 672,36 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: TEH-PC | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.17 20:39:10 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.09.06 14:01:23 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\user.TEH-PC\Eigene Dateien\Downloads\otl\OTL.exe PRC - [2012.08.25 22:27:58 | 000,545,552 | ---- | M] (SANDBOXIE L.T.D) -- C:\Programme\Sandboxie\SbieCtrl.exe PRC - [2012.08.25 22:27:58 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) -- C:\Programme\Sandboxie\SbieSvc.exe PRC - [2012.08.21 11:12:30 | 006,516,280 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\Setup\avast.setup PRC - [2012.08.21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.05.24 15:57:49 | 000,510,960 | ---- | M] () -- C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe PRC - [2012.05.24 15:57:42 | 000,343,024 | ---- | M] () -- C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe PRC - [2011.04.28 09:59:58 | 000,220,552 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe PRC - [2010.02.18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2009.07.24 18:56:57 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe PRC - [2008.09.19 07:30:34 | 003,674,112 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\PostgreSQL\8.3\bin\postgres.exe PRC - [2008.09.19 03:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe PRC - [2008.07.04 12:52:18 | 000,014,336 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe PRC - [2008.07.04 12:52:14 | 002,072,576 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe PRC - [2006.02.28 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2004.02.24 16:35:06 | 002,372,760 | ---- | M] (Sygate Technologies, Inc.) -- C:\Programme\Sygate\SPF\Smc.exe ========== Modules (No Company Name) ========== MOD - [2012.09.17 20:39:09 | 002,244,064 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.09.11 08:04:33 | 001,808,384 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\12091100\algo.dll MOD - [2012.08.21 11:12:20 | 000,247,224 | ---- | M] () -- C:\Programme\AVAST Software\Avast\Setup\setiface.dll MOD - [2012.08.14 08:37:29 | 000,684,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\19639c382982f74d9ff2d2058e79d0b0\System.Transactions.ni.dll MOD - [2012.08.14 08:37:28 | 000,729,088 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\8f9463ab786e044e8e1b382ec3a9527a\System.Security.ni.dll MOD - [2012.08.14 08:37:18 | 000,962,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\9cbb2652df5c2243902429b74aad6401\System.Configuration.ni.dll MOD - [2012.08.14 00:38:28 | 006,688,768 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\e514e17bad41f448b6e3f8cd69c249ed\System.Data.ni.dll MOD - [2012.08.14 00:38:18 | 005,640,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\9836cee6676ab74cad770ce1945f0ccf\System.Xml.ni.dll MOD - [2012.08.14 00:38:09 | 013,107,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\20c12f97eb34c640aa2e3bcee121752c\System.Windows.Forms.ni.dll MOD - [2012.08.14 00:37:53 | 001,626,112 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\b6e86cfc1505f54cbeac3524bba161cc\System.Drawing.ni.dll MOD - [2012.08.14 00:37:47 | 008,093,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\ff091be1f5321f4782cdc8f348ac8c5d\System.ni.dll MOD - [2012.08.14 00:37:33 | 011,411,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b8995fed79290c488540ac8212bb4347\mscorlib.ni.dll MOD - [2012.08.14 00:37:05 | 000,260,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2012.08.14 00:37:02 | 000,368,640 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll MOD - [2012.08.14 00:37:02 | 000,299,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2012.08.14 00:36:58 | 002,878,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2012.08.14 00:36:55 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll MOD - [2012.05.24 15:57:49 | 000,510,960 | ---- | M] () -- C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe MOD - [2012.05.24 15:57:42 | 000,343,024 | ---- | M] () -- C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe MOD - [2009.02.27 16:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012.09.17 20:39:09 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.25 22:27:58 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.05.24 15:57:42 | 000,343,024 | ---- | M] () [Auto | Running] -- C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe -- (ALDITALKVerbindungsassistent_Service) SRV - [2009.11.23 22:45:00 | 003,571,484 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc) SRV - [2009.07.24 18:56:57 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc) SRV - [2009.07.24 18:56:56 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2009.07.15 11:48:20 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2008.09.19 03:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3) SRV - [2008.07.04 12:52:18 | 000,014,336 | ---- | M] (Vodafone) [Auto | Running] -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2004.02.24 16:35:06 | 002,372,760 | ---- | M] (Sygate Technologies, Inc.) [Auto | Running] -- C:\Programme\Sygate\SPF\Smc.exe -- (SmcService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.09.13 10:58:53 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012.08.25 22:27:54 | 000,157,776 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.08.21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr) DRV - [2012.08.21 11:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012.08.14 00:09:47 | 000,106,496 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2010.04.16 00:44:16 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2010.04.16 00:44:16 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010.04.16 00:27:03 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2007.03.27 13:27:02 | 000,543,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211) DRV - [2006.11.07 01:00:00 | 000,014,976 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmunet.sys -- (AVMUNET) DRV - [2006.01.13 18:13:18 | 004,137,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) DRV - [2004.08.03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) DRV - [2004.02.02 10:53:28 | 000,018,518 | ---- | M] (Sygate Technologies, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt) DRV - [2004.02.02 10:51:04 | 000,055,891 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Teefer.sys -- (Teefer) DRV - [2004.02.02 10:37:32 | 000,011,914 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wg3n.sys -- (wg3n) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu" FF - prefs.js..browser.startup.homepage: "hxxp://ixquick.com/" FF - prefs.js..extensions.enabledItems: wrc@avast.com:7.0.1466 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Programme\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Programme\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Programme\AVAST Software\Avast\WebRep\FF [2012.09.06 11:29:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.09.17 20:39:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.09.13 16:44:24 | 000,000,000 | ---D | M] [2009.08.10 16:04:07 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\Mozilla\Extensions [2012.09.13 20:52:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\Mozilla\Firefox\Profiles\chs3hv6i.default\extensions [2012.09.13 16:44:34 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.17 20:39:11 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2010.10.08 17:38:44 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2012.09.17 20:39:05 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.17 20:39:05 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.09.17 20:39:05 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.09.17 20:39:05 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.17 20:39:05 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.17 20:39:05 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.02.28 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [MobileConnect] C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [SmcService] C:\Programme\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager) O4 - HKCU..\Run: [SandboxieControl] C:\Programme\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Launcher.lnk = C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe File not found O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\SYSTEM32\Userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe) - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\user.TEH-PC\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\user.TEH-PC\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.07.24 16:32:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{3be63cf0-e79a-11e1-af64-0016172b56cd}\Shell - "" = AutoRun O33 - MountPoints2\{3be63cf0-e79a-11e1-af64-0016172b56cd}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{3be63cf0-e79a-11e1-af64-0016172b56cd}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{61d73d5e-e523-11e1-af5e-0016172b56cd}\Shell - "" = AutoRun O33 - MountPoints2\{61d73d5e-e523-11e1-af5e-0016172b56cd}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{61d73d5e-e523-11e1-af5e-0016172b56cd}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{61d73d5f-e523-11e1-af5e-0016172b56cd}\Shell\verb1\command - "" = I:\desktop.exe O33 - MountPoints2\{762b0894-e6d4-11e1-af62-0016172b56cd}\Shell - "" = AutoRun O33 - MountPoints2\{762b0894-e6d4-11e1-af62-0016172b56cd}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{762b0894-e6d4-11e1-af62-0016172b56cd}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) NetSvcs: WmdmPmSp - File not found SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: vsmon - Service SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - DOTNETFRAMEWORKS ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (hxxp://www.mp3dev.org/) Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.) Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll () Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll () Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.09.13 16:44:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla [2012.09.13 16:44:40 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service [2012.09.13 12:46:25 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.09.13 10:58:02 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2012.09.13 10:58:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\Malwarebytes [2012.09.13 10:56:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.09.13 10:56:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.09.13 10:56:17 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.09.13 10:56:17 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.09.11 12:06:01 | 000,000,000 | -HSD | C] -- C:\found.000 [2012.09.09 19:18:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Sandboxie [2012.09.06 11:30:08 | 000,355,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2012.09.06 11:30:08 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2012.09.06 11:30:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus [2012.09.06 11:30:07 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2012.09.06 11:30:07 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2012.09.06 11:30:06 | 000,729,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2012.09.06 11:30:05 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2012.09.06 11:30:05 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2012.09.06 11:30:05 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2012.09.06 11:29:44 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2012.09.06 11:29:43 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2012.09.06 11:29:24 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software [2012.09.06 11:29:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Dokumente und Einstellungen\user.TEH-PC\Lokale Einstellungen\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\user.TEH-PC\Lokale Einstellungen\Anwendungsdaten\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.18 10:34:12 | 000,000,306 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2012.09.18 10:33:59 | 000,039,291 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012.09.18 10:33:54 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2012.09.18 10:18:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.09.14 16:18:17 | 000,512,399 | ---- | M] () -- C:\Dokumente und Einstellungen\user.TEH-PC\Desktop\adwcleaner.exe [2012.09.13 10:58:53 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2012.09.13 10:56:20 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.13 10:50:33 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.09.11 00:05:33 | 000,001,270 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini [2012.09.09 19:18:00 | 000,000,764 | ---- | M] () -- C:\Dokumente und Einstellungen\user.TEH-PC\Desktop\Sandboxed Web Browser.lnk [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.09.06 13:54:43 | 000,000,020 | ---- | M] () -- C:\Dokumente und Einstellungen\user.TEH-PC\defogger_reenable [2012.09.06 13:16:13 | 000,000,172 | -HS- | M] () -- C:\WINDOWS\System32\bootrun.reg [2012.09.06 11:30:08 | 000,001,653 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk [2012.09.06 11:30:06 | 000,003,001 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2012.09.06 09:38:00 | 000,000,457 | -HS- | M] () -- C:\WINDOWS\System32\boothide.reg [2012.09.05 20:10:29 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\scvhost.ini [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2012.08.21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2012.08.21 11:13:14 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2012.08.21 11:13:13 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2012.08.21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2012.08.21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Dokumente und Einstellungen\user.TEH-PC\Lokale Einstellungen\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\user.TEH-PC\Lokale Einstellungen\Anwendungsdaten\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.14 16:18:17 | 000,512,399 | ---- | C] () -- C:\Dokumente und Einstellungen\user.TEH-PC\Desktop\adwcleaner.exe [2012.09.13 16:44:31 | 000,000,702 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk [2012.09.13 10:56:20 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.09 19:18:10 | 000,000,764 | ---- | C] () -- C:\Dokumente und Einstellungen\user.TEH-PC\Desktop\Sandboxed Web Browser.lnk [2012.09.09 19:18:07 | 000,001,270 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini [2012.09.06 13:54:36 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\user.TEH-PC\defogger_reenable [2012.09.06 11:30:08 | 000,001,653 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk [2012.09.06 11:30:06 | 000,000,306 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2012.08.14 00:09:05 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\scvhost.ini [2012.08.01 19:08:46 | 000,004,135 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\flwjycbm.bab [2012.07.09 21:01:02 | 002,815,240 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-436374069-838170752-839522115-1007-0.dat [2012.07.09 21:01:01 | 000,315,886 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2012.05.08 17:43:43 | 000,004,877 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bltofzsb.qlf [2010.05.21 16:05:54 | 003,099,648 | ---- | C] () -- C:\Programme\openofficeorg32.msi [2010.05.21 16:04:24 | 000,460,088 | ---- | C] () -- C:\Programme\setup.exe [2010.05.21 16:02:28 | 145,988,142 | ---- | C] () -- C:\Programme\openofficeorg1.cab [2010.05.21 15:07:44 | 000,000,290 | ---- | C] () -- C:\Programme\setup.ini [2009.08.14 18:15:12 | 000,004,985 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ojvzdisj.xda [2009.08.13 16:26:46 | 000,026,112 | ---- | C] () -- C:\Dokumente und Einstellungen\user.TEH-PC\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.06.23 13:02:02 | 000,097,410 | R--- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DeviceManager.xml.rc4 [2008.05.23 17:48:50 | 000,020,270 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DeviceInstaller.xml ========== LOP Check ========== [2012.09.06 11:29:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software [2010.04.16 00:25:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2012.04.19 14:41:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Hotspot Shield [2009.07.25 17:58:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier [2012.02.27 00:11:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PMB Files [2010.04.30 23:57:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TP-LINK [2009.07.24 18:56:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2012.08.14 00:58:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone [2012.07.09 20:53:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\XHEO INC [2009.07.24 18:22:27 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357} [2012.03.06 23:53:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\.minecraft [2012.08.30 11:30:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\ALDITALKVerbindungsassistent [2010.12.19 15:27:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\DAEMON Tools Lite [2012.07.09 21:13:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\HEM Data [2012.07.12 02:15:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\HoldemManager [2011.11.17 22:14:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\LolClient [2011.03.20 23:57:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\Rift [2011.12.03 21:52:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\TS3Client [2012.07.12 01:45:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\TuneUp Software [2012.08.14 00:43:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\Vodafone [2012.09.18 10:33:54 | 000,000,492 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job [2012.09.18 10:34:12 | 000,000,306 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.03.06 23:53:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\.minecraft [2009.10.28 21:17:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\Adobe [2012.08.30 11:30:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\ALDITALKVerbindungsassistent [2010.12.19 15:27:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\DAEMON Tools Lite [2009.08.11 00:31:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\DivX [2012.07.09 21:13:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\HEM Data [2012.07.12 02:15:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\HoldemManager [2010.03.10 12:38:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\HP [2009.08.10 16:03:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\Identities [2011.11.17 22:14:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\LolClient [2009.08.10 23:28:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\Macromedia [2012.09.13 10:58:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\Malwarebytes [2009.08.11 00:31:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\Media Player Classic [2012.08.14 00:46:51 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\Microsoft [2009.08.10 16:04:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\Mozilla [2011.07.27 02:03:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\Real [2011.03.20 23:57:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\Rift [2010.10.10 18:25:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\Sun [2011.01.01 21:39:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\teamspeak2 [2011.12.03 21:52:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\TS3Client [2012.07.12 01:45:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\TuneUp Software [2012.08.14 00:43:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\Vodafone [2009.12.05 19:32:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user.TEH-PC\Anwendungsdaten\WinRAR < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > [2007.11.07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe < MD5 for: AGP440.SYS > [2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys < MD5 for: ATAPI.SYS > [2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys [2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys [2006.02.28 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys [2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2006.02.28 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2006.02.28 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\eventlog.dll < MD5 for: NETLOGON.DLL > [2006.02.28 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\dllcache\netlogon.dll [2006.02.28 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll < MD5 for: SCECLI.DLL > [2006.02.28 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\dllcache\scecli.dll [2006.02.28 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\scecli.dll < MD5 for: USER32.DLL > [2006.02.28 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\system32\dllcache\user32.dll [2006.02.28 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2006.02.28 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\dllcache\userinit.exe [2006.02.28 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2006.02.28 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\dllcache\winlogon.exe [2006.02.28 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\winlogon.exe [2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.02.28 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2006.02.28 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2009.07.24 17:46:46 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2009.07.24 17:46:46 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2009.07.24 17:46:46 | 000,458,752 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < > < End of report > |
|
19.09.2012, 11:26
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | C:\WINDOWS\system32\scvhost\svchost.exe,wuauserv.exe; Win32 Malware Bitte meine Anleitungen genauer lesen Du hast OTL nicht neu runtergeladen und auch den Haken bei Scanne alle Benutzer nicht gesetzt!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu C:\WINDOWS\system32\scvhost\svchost.exe,wuauserv.exe; Win32 Malware |
| 32 bit, antivirus, bho, desktop, einstellungen, error, excel, firefox, flash player, format, helper, home, hotspot, league of legends, logfile, malware, plug-in, realtek, rundll, scan, security, software, svchost.exe, system, teamspeak, udp, virus, vodafone, windows |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
