Hallo alle zusammen,
seit gestern hab ich das lästige Virus, und werde ständig auf anderen Seiten weitergeleitet. Siet heute geht mein e-mail auch nicht ( hotmail ). Ich hab alle mögliche scans laufen lassen und werd hier die resultate posten viellcht kann mir jemand helfen. Ihr seid meine letzte schance.


1.Hijaker laufen lassen gerade eben

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:36:31, on 18.07.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = hp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [mcagent_exe] "C:\Programme\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [BisonHK] C:\WINDOWS\BisonCam\BisonHK.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DeLay] C:\WINDOWS\BisonCam\DeLay.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [RemoteControl8] c:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 302
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] c:\Programme\CyberLink\PowerDVD8\Language\Language.exe
O4 - HKLM\..\Run: [Hotkey Software] "C:\Programme\Hotkey\HotKeyDriver.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISTray] "C:\Programme\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [autochk] rundll32.exe C:\DOKUME~1\LOCALS~1\protect.dll,_IWMPEvents@16
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKCU\..\Run: [VoipRaider] "C:\Programme\VoipRaider.com\VoipRaider\VoipRaider.exe" -nosplash -minimized
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [cmmyawk] "c:\dokumente und einstellungen\***\lokale einstellungen\anwendungsdaten\cmmyawk.exe" cmmyawk
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ChkDisk.lnk = ?
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Think Green Weather.lnk = C:\Programme\Stardock\DesktopGadgets\Think Green Weather\Think Green Weather.exe
O15 - ESC Trusted Zone: h**p://*.update.microsoft.com
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - (no CLSID) - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Programme\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\GEMEIN~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programme\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe

--
End of file - 7619 bytes

2. McAffee scan gerade eben durchgeführt
scan results
Detection type :Trojan
Detectiona names: Generic.dx!wq Generic.dx!wq
Status : Qurantined ( restart required )
File name: C:\WINDOWS\SYSTEM32\ AUTOCHK.DLL

3. Blacklight rootkit entferner
hidden processes
hidden programm and folders

found : 0

4. .Spyware doctor

suchergebnisse

- Trojan-Spy.Agent ( 28 infizierungen ) - bedrhung hoch

prozesse

notepad.exe ( C:\WINDOWS\SYSTEM32\AUTOCHK.DLL )
firefox.exe ( C:\WINDOWS\SYSTEM32\AUTOCHK.DLL
pctsGui.exe( C:\WINDOWS\SYSTEM32\AUTOCHK.DLL
mcvsshld.exe( C:\WINDOWS\SYSTEM32\AUTOCHK.DLL
skypePM.exe( C:\WINDOWS\SYSTEM32\AUTOCHK.DLL
unsecapp.exe( C:\WINDOWS\SYSTEM32\AUTOCHK.DLL
soffice.bin( C:\WINDOWS\SYSTEM32\AUTOCHK.DLL
Think Green Wheather.exe( C:\WINDOWS\SYSTEM32\AUTOCHK.DLL
cmmyawk.exe( C:\WINDOWS\SYSTEM32\AUTOCHK.DLL
msnmsgr.exe( C:\WINDOWS\SYSTEM32\AUTOCHK.DLL
NMIndex Store.exe( C:\WINDOWS\SYSTEM32\AUTOCHK.DLL
VoipRaider.exe( C:\WINDOWS\SYSTEM32\AUTOCHK.DLL
Skype.exe( C:\WINDOWS\SYSTEM32\AUTOCHK.DLL
rundll32.exe( C:\WINDOWS\SYSTEM32\AUTOCHK.DLL
pctsTray.exe( C:\WINDOWS\SYSTEM32\AUTOCHK.DLL
SynTPEnh.exe( C:\WINDOWS\SYSTEM32\AUTOCHK.DLL
RTHDCPL.exe( C:\WINDOWS\SYSTEM32\AUTOCHK.DLL
mcagent.exe( C:\WINDOWS\SYSTEM32\AUTOCHK.DLL
explorer.exe( C:\WINDOWS\SYSTEM32\AUTOCHK.DLL
wbload.exe( C:\WINDOWS\SYSTEM32\AUTOCHK.DLL
firefox.exe( C:\WINDOWS\SYSTEM32\AUTOCHK.DLL



datei:
C:\WINDOWS\SYSTEM32\autochk.dll
C:\Dokumnete und Einstelungen\LOCALSERVIce\protect.dll
C:\Dokumnete und Einstelungen\ADMIN\protect.dll

autostrat programm
HKEY_USERS\S-1-5-21-679692210-489760867-1431980292-1005\Sotware\Microsot\Windows\ CurrentVersion\Run,autochk=rundll32.exeC:\Dokumen~1\Locals~protect.dll,_IWPEvents@16

zu korrigirender Registrirungswert:

HKEY_LOCAL_MASHINE\SOftware /MicrosoftNT\CurrentVersion\Winlogon, Userinit



-Trojan-Spy.Zbot.YETH ( 3 infizierungen) bedrohung mittel

datei:
C:\WINDOWS\SYSTEM32\lowsec\local.ds
C:\WINDOWS\SYSTEM32\lowsec\user.ds

ordner:
C:\WINDOWS\SYSTEm32\lowsec\

-Trojan.Smallfeg ( 1 infizierungen ) bedrohung mittel
registry wert

HKEY_USERS\S-1-5-21-679692210-489760867-1431980292-1005\Sotware\Microsot\Windows\ CurrentVersion\Run,svchost.exe


5.Malwarebytes.Antimalware

scan ergebnisse

12 infizierte dateien leider wenn ich die deteils ansehen will, meldet mir keine Rückmeldung
hab mehrmals versucht

6. Registry Easy Scan
resultate Probleme:
Active , OLE/ Com Entries 204
Applictions paths 3
Empty registry keys 188
File Exstensions 31
Font Entries 0
Help Sections 1
Invalid File Association 163
Invalid shortcuts 0
Most recently used files 189
Shared Dll sections 10
Sound sections 0
Start menu items 0
Startuo Programms 89
System Services 0
System Software settings 726
Uninstall Entries 1
User software settngs 145

Cleaned problems : 0


Jeder scan zeigt was anderes, so ich weiss nicht was und wo und ob ich was löschen muss oder kann.
Ich hab auch im Internet gelesen das das problem zu lösen ist indem man auf systemsterung /system / hardware / geräte manager / ausgeblendete geräte und TDDS.sys deaktiviert aber ich hab das TDDS.sys bei mir nicht gefunden uh nicht ws änliches-.
Ich brauche dringend eure Hilfe. Ich danke euch alle im Voraus


liebe Grüsse
VIa

Bitte alles der Reihe nach abarbeiten

1.

Navilog1 - von IL-MAFIOSO

Bitte lade Dir Navilog1 herunter.

• Führe die Datei navilog1.exe aus, eine Installationsroutine wird beginnen.
• Sollte das Programm nach Abschluß der Installation nicht automatisch gestartet werden, führe es bitte per
  Doppelklick auf das Navilog1-Shortcut auf deinem Desktop aus.
• Wähle E für Englisch im Sprachenmenü
• Wähle 1 im nächsten Menü. Bestätige mit Enter.
• Die Dauer des Scans kann variieren, bitte abwarten. Wenn du aufgefordert wirst, eine Taste zu drücken, tue dies bitte.
• Ein neues Dokument sollte erstellt und geöffnet werden: fixnavi.txt.
• Bitte füge den Inhalt dieser Datei in deine nächste Antwort ein.

Der Bericht wird außerdem im Hauptverzeichnis (z.B.: "C:\") erstellt.
(Anleitung von Myrtille)

2.

• Lade Random's System Information Tool (RSIT) herunter,
• speichere es auf Deinem Desktop.
• Starte mit Doppelklick die RSIT.exe.
• Klicke auf Continue, um die Nutzungsbedingungen zu akzeptieren.
• Der Scan startet automatisch, RSIT checkt nun einige wichtige System-Bereiche und produziert Logfiles als Analyse-Grundlage.
• Wenn der Scan beendet ist, werden zwei Logfiles erstellt und in Deinem Editor geöffnet.
• Bitte poste den Inhalt von C:\rsit\log.txt und C:\rsit\info.txt

3.
Wende bitte Gmer wie beschrieben an


4.
Starte Malwarebytes >> Scanberichte >> poste den Aktuellsten Bericht

Hallo Vielen Dank für die schnele Antwoert Hab die Anweisungen wie becshrieben gefolgt und hier sind die Resultate

1. navilog 1 ergebnisse


cleannavi.text


Fix Navipromo version 4.0.1 began on 19.07.2009 0:33:03,39

!!! Warning, this report may include legitimate files/programs!!!
!!! Post this report on the forum you are being helped !!!

Fix running from C:\Programme\navilog1

Updated on 18.07.2009 at 11h00 by IL-MAFIOSO

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz )
BIOS : BIOS Revision: 1.00.04
USER : *** ( Administrator )
BOOT : Normal boot

Antivirus : McAfee VirusScan (Not Activated)
Firewall : McAfee Personal Firewall (Activated)

C:\ (Local Disk) - NTFS - Total:232 Go (Free:160 Go)
D:\ (CD or DVD)


Search done in normal mode

Cleanning stage done on Reboot


C:\Dokumente und Einstellungen\***\lokale~1\anwend~1\cmmyawk.exe deleted !
C:\Dokumente und Einstellungen\***\lokale~1\anwend~1\cmmyawk.dat deleted !
C:\Dokumente und Einstellungen\***\lokale~1\anwend~1\cmmyawk_nav.dat deleted !
C:\Dokumente und Einstellungen\***\lokale~1\anwend~1\cmmyawk_navps.dat deleted !


Cleaning of C:\WINDOWS\Temp done !
Cleaning of C:\Dokumente und Einstellungen\***\lokale~1\Temp done !


*** Copy Registry to Safebackup folder ***

Backing up Registry done !

*** Cleaning Registry ***

Nettoyage Registre Ok





*** Scan completed 19.07.2009 0:59:03,81 ***

2.RESULTATE VON Random's System Information Tool (RSIT)



log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by *** at 2009-07-19 01:25:00
Microsoft Windows XP Professional Service Pack 3
System drive C: has 168 GB (70%) free of 238 GB
Total RAM: 2045 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:25:02, on 19.07.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = h**p://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [mcagent_exe] "C:\Programme\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [BisonHK] C:\WINDOWS\BisonCam\BisonHK.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DeLay] C:\WINDOWS\BisonCam\DeLay.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [RemoteControl8] c:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 302
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] c:\Programme\CyberLink\PowerDVD8\Language\Language.exe
O4 - HKLM\..\Run: [Hotkey Software] "C:\Programme\Hotkey\HotKeyDriver.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16
O4 - HKCU\..\Run: [AdobeUpdater] C:\Programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [autochk] rundll32.exe C:\DOKUME~1\LOCALS~1\protect.dll,_IWMPEvents@16
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKCU\..\Run: [VoipRaider] "C:\Programme\VoipRaider.com\VoipRaider\VoipRaider.exe" -nosplash -minimized
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ChkDisk.lnk = ?
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Think Green Weather.lnk = C:\Programme\Stardock\DesktopGadgets\Think Green Weather\Think Green Weather.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - (no CLSID) - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Programme\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\GEMEIN~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programme\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe

--

End of file - 7407 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\Schedule Task Weekly.job
C:\WINDOWS\tasks\SDMsgUpdate (TE).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Programme\McAfee\VirusScan\scriptsn.dll [2009-05-13 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"=C:\Programme\McAfee.com\Agent\mcagent.exe [2009-05-01 645328]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-02-19 16858112]
"NBKeyScan"=C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]
"SynTPStart"=C:\Programme\Synaptics\SynTP\SynTPStart.exe [2007-08-17 102400]
"BisonHK"=C:\WINDOWS\BisonCam\BisonHK.exe [2008-03-25 77824]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"DeLay"=C:\WINDOWS\BisonCam\DeLay.exe [2008-03-11 53248]
"nwiz"=nwiz.exe /install []
"WinampAgent"=C:\Programme\Winamp\winampa.exe [2008-08-04 36352]
"RemoteControl8"=c:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"BigDogPath"=C:\WINDOWS\VM_STI.EXE [2003-01-21 40960]
"PDVD8LanguageShortcut"=c:\Programme\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]
"Hotkey Software"=C:\Programme\Hotkey\HotKeyDriver.exe [2008-08-18 4730880]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-03-28 13529088]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"NeroFilterCheck"=C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe [2008-06-19 570664]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"QuickTime Task"=C:\Programme\QuickTime\qttask.exe [2009-01-05 413696]
"autochk"=C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16 []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"=C:\Programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe [2007-03-01 2321600]
"autochk"=C:\DOKUME~1\LOCALS~1\protect.dll,_IWMPEvents@16 []
"Skype"=C:\Programme\Skype\Phone\Skype.exe [2008-11-07 21633320]
"SVCHOST.EXE"=C:\WINDOWS\system32\drivers\svchost.exe []
"VoipRaider"=C:\Programme\VoipRaider.com\VoipRaider\VoipRaider.exe [2009-06-30 9065264]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]
"MsnMsgr"=C:\Programme\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]

C:\Dokumente und Einstellungen\Admin\Startmenü\Programme\Autostart
ChkDisk.lnk - C:\WINDOWS\system32\rundll32.exe
OpenOffice.org 3.0.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe
Think Green Weather.lnk - C:\Programme\Stardock\DesktopGadgets\Think Green Weather\Think Green Weather.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]
C:\Programme\Stardock\MyColors\fastload.dll [2007-08-13 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Messenger\msmsgs.exe"="C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Programme\Winamp Remote\bin\Orb.exe"="C:\Programme\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Programme\Winamp Remote\bin\OrbTray.exe"="C:\Programme\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Programme\LimeWire\LimeWire.exe"="C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Programme\Electronic Arts\EADM\Core.exe"="C:\Programme\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
"C:\Programme\Gemeinsame Dateien\McAfee\MNA\McNASvc.exe"="C:\Programme\Gemeinsame Dateien\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Programme\VoipRaider.com\VoipRaider\VoipRaider.exe"="C:\Programme\VoipRaider.com\VoipRaider\VoipRaider.exe:*:Enabled:VoipRaider"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9cdc2860-8d77-11dd-a83f-0015afd5fdb7}]
shell\AutoRun\command - E:\Menu.exe


======List of files/folders created in the last 1 months======

2009-07-19 01:25:00 ----D---- C:\rsit
2009-07-18 22:31:31 ----A---- C:\cleannavi.txt
2009-07-18 22:29:27 ----D---- C:\Programme\Navilog1
2009-07-18 21:28:34 ----D---- C:\Programme\Sophos
2009-07-18 16:34:44 ----A---- C:\WINDOWS\system32\muweb.dll
2009-07-18 15:55:08 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-18 15:54:58 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-18 15:54:19 ----A---- C:\WINDOWS\system32\MRT.INI
2009-07-18 15:50:38 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-18 03:08:25 ----D---- C:\Programme\Gemeinsame Dateien\PC Tools
2009-07-18 03:08:19 ----D---- C:\Programme\Spyware Doctor
2009-07-18 03:08:19 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools
2009-07-18 03:08:19 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PC Tools
2009-07-18 01:12:32 ----D---- C:\Programme\Registry Easy
2009-07-18 01:11:55 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
2009-07-18 01:11:47 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-07-18 01:11:47 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-07-17 18:13:49 ----D---- C:\Programme\Trend Micro
2009-07-17 16:42:32 ----A---- C:\WINDOWS\system32\geyekrlptuwqbd.dll
2009-07-17 16:41:02 ----A---- C:\WINDOWS\system32\geyekrmpetegqx.dll
2009-07-17 16:39:22 ----A---- C:\WINDOWS\system32\geyekrrecqobww.dll
2009-07-17 16:37:49 ----A---- C:\WINDOWS\system32\geyekroijixtnx.dll
2009-07-17 16:33:15 ----A---- C:\WINDOWS\system32\geyekrnhuleynt.dll
2009-07-17 16:32:33 ----SHD---- C:\WINDOWS\system32\lowsec
2009-07-16 22:48:39 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\My Games
2009-07-16 20:43:35 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Peace Craft
2009-07-16 17:59:01 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MythPeople
2009-07-14 18:55:03 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\VoipRaider
2009-07-14 18:49:31 ----D---- C:\Programme\VoipRaider.com
2009-07-11 02:55:57 ----D---- C:\Programme\Miriel The Magical Merchant
2009-07-09 20:30:46 ----D---- C:\Programme\Photo To Color Sketch
2009-07-08 10:20:00 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-07-08 10:19:52 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-07-08 10:19:14 ----D---- C:\WINDOWS\ie8updates
2009-07-08 10:16:44 ----HDC---- C:\WINDOWS\ie8
2009-07-08 10:11:24 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-07-08 10:09:50 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-07-06 01:51:25 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MAXON
2009-07-04 04:03:06 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SiteAdvisor
2009-07-04 03:59:09 ----D---- C:\Programme\Gemeinsame Dateien\McAfee
2009-07-04 03:59:06 ----D---- C:\Programme\McAfee.com
2009-07-04 03:58:56 ----D---- C:\Programme\McAfee
2009-07-04 03:39:34 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee
2009-07-04 03:19:00 ----SHD---- C:\Config.Msi
2009-07-04 03:14:14 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-07-04 03:14:06 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-07-04 03:13:55 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-07-04 03:13:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-07-04 03:13:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-07-04 03:11:00 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-07-04 03:10:51 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-07-04 02:44:41 ----D---- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Corel
2009-07-03 00:46:30 ----D---- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Ultra Fractal 5

======List of files/folders modified in the last 1 months======

2009-07-19 01:13:33 ----D---- C:\WINDOWS\Temp
2009-07-19 01:02:48 ----D---- C:\Programme\Mozilla Firefox
2009-07-19 00:57:54 ----D---- C:\WINDOWS\system32\ias
2009-07-19 00:54:09 ----D---- C:\WINDOWS\system32
2009-07-19 00:53:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-19 00:30:43 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp
2009-07-19 00:24:46 ----D---- C:\WINDOWS
2009-07-19 00:00:05 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\skypePM
2009-07-18 23:00:42 ----D---- C:\WINDOWS\system32\drivers
2009-07-18 22:29:27 ----RD---- C:\Programme
2009-07-18 22:03:29 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Skype
2009-07-18 21:55:15 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-18 15:55:13 ----HD---- C:\WINDOWS\inf
2009-07-18 15:55:07 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-18 15:55:02 ----A---- C:\WINDOWS\imsins.BAK
2009-07-18 15:55:01 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-18 03:08:25 ----D---- C:\Programme\Gemeinsame Dateien
2009-07-18 02:58:58 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-18 01:12:40 ----SD---- C:\WINDOWS\Tasks
2009-07-18 00:51:09 ----D---- C:\WINDOWS\Minidump
2009-07-17 23:32:39 ----D---- C:\WINDOWS\Network Diagnostic
2009-07-17 22:20:44 ----A---- C:\WINDOWS\NeroDigital.ini
2009-07-17 20:29:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-16 22:48:20 ----D---- C:\My Games
2009-07-16 20:47:01 ----D---- C:\My Download Files
2009-07-16 17:58:46 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BigFishGamesCache
2009-07-15 20:20:36 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Adobe
2009-07-09 21:29:10 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\gtk-2.0
2009-07-08 19:08:38 ----D---- C:\Programme\Adobe Photoshop CS3
2009-07-08 10:24:02 ----D---- C:\WINDOWS\Prefetch
2009-07-08 10:22:29 ----D---- C:\WINDOWS\system32\de-de
2009-07-08 10:22:28 ----D---- C:\WINDOWS\Media
2009-07-08 10:22:28 ----D---- C:\WINDOWS\Help
2009-07-08 10:22:28 ----D---- C:\Programme\Internet Explorer
2009-07-07 17:10:56 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-06 02:46:52 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2009-07-05 14:18:44 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Google
2009-07-04 12:04:44 ----D---- C:\Downloads
2009-07-04 03:55:09 ----D---- C:\Programme\Google
2009-07-04 03:55:09 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google
2009-07-04 03:55:06 ----SHD---- C:\WINDOWS\Installer
2009-07-04 03:21:30 ----D---- C:\Programme\Gemeinsame Dateien\Adobe
2009-07-04 03:21:11 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe
2009-07-04 03:20:39 ----D---- C:\Programme\Adobe
2009-07-04 03:16:12 ----D---- C:\WINDOWS\system32\wbem
2009-07-04 03:16:11 ----D---- C:\WINDOWS\AppPatch
2009-07-04 03:02:07 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Corel
2009-07-04 02:51:08 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Aveyond II
2009-07-04 02:51:08 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AveDesk
2009-07-04 02:51:08 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Ashtons Family Resort
2009-07-04 02:51:08 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Apple Computer
2009-06-23 13:06:47 ----D---- C:\Programme\Stellarium
2009-06-20 14:42:34 ----D---- C:\Programme\ZC2.10
2009-06-20 14:42:13 ----D---- C:\Programme\Zylom Games
2009-06-20 14:38:55 ----D---- C:\Programme\RealArcade

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-05-13 214024]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-04-09 120136]
R1 Tcpip6;Microsoft IPv6-Protokolltreiber; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 WmiAcpi;Microsoft Windows-Verwaltungsschnittstelle für ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 EMSCR;EMSCR; C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2007-04-11 66432]
R3 ESDCR;ESDCR; C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2007-04-11 46080]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-02-26 4737024]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-05-13 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-05-13 35272]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-03-28 6551008]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2007-12-26 288000]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 SiSGbeXP;SiS191/SiS190 Ethernet Device NDIS 5.1 Driver; C:\WINDOWS\system32\DRIVERS\SiSGbeXP.sys [2008-03-03 43392]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-08-17 212704]
R3 tunmp;Microsoft Tun-Miniportadaptertreiber; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys []
S2 ancfylmqolyow;ancfylmqolyow; \??\C:\WINDOWS\system32\drivers\malwyphbjskiuc.sys []
S3 aujasnkj;aujasnkj; \??\C:\DOKUME~1\Admin\LOKALE~1\Temp\aujasnkj.sys []
S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BTHMODEM;Serieller Kommunikationstreiber für Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888]
S3 BthPan;Bluetooth-Gerät (PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Bluetooth-Porttreiber; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 273024]
S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 Cam5607;BisonCam, NB Pro; C:\WINDOWS\System32\Drivers\BisonC07.sys [2008-03-31 1069608]
S3 catchme;catchme; \??\C:\DOKUME~1\Admin\LOKALE~1\Temp\catchme.sys []
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\19F.tmp []
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-05-13 34248]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-05-13 40552]
S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;USB-Videogerät (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZSMC302;USB PC Camera 302; C:\WINDOWS\System32\Drivers\usbvm302.sys [2004-04-23 90513]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6-Hilfsdienst; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Programme\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Iprip;RIP-Überwachung; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Programme\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-05-01 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\GEMEIN~1\mcafee\mna\mcnasvc.exe [2009-04-09 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe [2009-04-09 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-05-13 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Programme\McAfee\MPF\MPFSrv.exe [2009-05-08 893112]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-03-28 155716]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]
R2 SimpTcp;Einfache TCP/IP-Dienste; C:\WINDOWS\system32\tcpsvcs.exe [2008-04-14 19456]
R2 SNMP;SNMP-Dienst; C:\WINDOWS\System32\snmp.exe [2008-04-14 33280]
R3 NMIndexingService;NMIndexingService; C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S3 Adobe LM Service;Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-01-26 72704]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-16 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 LPDSVC;TCP/IP-Druckserver; C:\WINDOWS\system32\tcpsvcs.exe [2008-04-14 19456]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-05-08 365072]
S3 p2pgasvc;Peernetzwerk-Gruppenauthentifizierung; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2pimsvc;Peernetzwerkidentitäts-Manager; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2psvc;Peernetzwerk; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 PNRPSvc;Peer Name Resolution-Protokoll; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Programme\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
S3 sdCoreService;PC Tools Security Service; C:\Programme\Spyware Doctor\pctsSvc.exe [2009-01-21 1095560]
S3 SNMPTRAP;SNMP-Trap-Dienst; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-10-24 920576]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-05-08 606736]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

info.txt


info.txt logfile of random's system information tool 1.06 2009-07-19 01:25:05

======Uninstall list======

-->C:\Programme\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\IsUn0407.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.65-->"C:\Programme\7-Zip\Uninstall.exe"
Adobe AIR-->c:\Programme\Gemeinsame Dateien\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Programme\Gemeinsame Dateien\Adobe\Installers\5f143314a5d434c8511097393d17397\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{29F05234-DCBB-4FE0-88DC-5160C9250312}
Adobe Reader 8.1.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81200000003}
Adobe Setup-->MsiExec.exe /I{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Big Fish Games Client-->C:\Programme\bfgclient\Uninstall.exe
BisonCam-->C:\Programme\InstallShield Installation Information\{4BB1DCED-84D3-47F9-B718-5947E904593E}\setup.exe -runfromtemp -l0x0007 -removeonly
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
CyberLink PowerDVD 8-->"C:\Programme\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\setup.exe" /z-uninstall
CyberLink PowerDVD 8-->"C:\Programme\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\setup.exe" /z-uninstall
Free YouTube to Mp3 Converter version 3.1-->"C:\Programme\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
GTK+ 2.10.6-1 runtime environment-->"C:\Programme\Gemeinsame Dateien\GTK\2.0\setup\unins000.exe"
HijackThis 2.0.2-->"C:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix für Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotkey-->"C:\Programme\InstallShield Installation Information\{B729B3C1-55A9-45FB-B7AD-D6A42DA8C883}\setup.exe" -runfromtemp -l0x0009 -removeonly
Inkscape 0.46-->C:\Programme\Inkscape\Uninstall.exe
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LimeWire 4.18.8-->"C:\Programme\LimeWire\uninstall.exe"
MAGIX Photo Clinic 4.5 (US)-->C:\MAGIX\Photo_Clinic_45\instslct.exe
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Programme\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU-->MsiExec.exe /I{9309DD7E-EBFE-3C95-8B47-30D3A012F606}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU-->MsiExec.exe /I{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Miriel The Magical Merchant-->"C:\Programme\Miriel The Magical Merchant\Uninstall.exe"
Mozilla Firefox (3.5.1)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Nero 8 Essentials-->MsiExec.exe /X{891D0B03-05DF-4CD1-B267-268FDA1C1031}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OpenOffice.org 3.0-->MsiExec.exe /I{04B45310-A5FE-4425-BFCA-1A6D8920DE74}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Photo To Color Sketch 6.97-->"C:\Programme\Photo To Color Sketch\unins000.exe"
PhotoFiltre-->"C:\Programme\PhotoFiltre\Uninst.exe"
PhotoPerfect 2.91-->"C:\Programme\PhotoPerfect\unins000.exe"
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealArcade-->C:\Programme\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7 -removeonly
REALTEK RTL8187B Wireless LAN Driver-->C:\Programme\InstallShield Installation Information\{895722FE-25FE-4854-95AC-B0C42F9DBEDA}\Install.exe -uninst -l0x7
Registry Easy v5.1-->"C:\Programme\Registry Easy\unins000.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sicherheitsupdate für Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sophos Anti-Rootkit 1.5.0-->C:\Programme\Sophos\Sophos Anti-Rootkit\helper.exe remove
Spyware Doctor 6.0-->C:\Programme\Spyware Doctor\unins000.exe /LOG
Stardock MyColors-->"C:\Programme\Stardock\MyColors\thememgr.exe" /uninstallwise
Stellarium 0.7.1-->"C:\Programme\Stellarium\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Programme\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
The GIMP 2.2.13-->"C:\Programme\GIMP-2.0\unins000.exe"
Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
Update für Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update für Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update für Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update für Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VoipRaider-->"C:\Programme\VoipRaider.com\VoipRaider\unins000.exe"
Wichtiges Update für Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Winamp-->"C:\Programme\Winamp\UninstWA.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Programme\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}
Windows Live Messenger-->MsiExec.exe /X{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
ZBrush3-->MsiExec.exe /I{6084D038-3401-4C9D-A216-86E6EEA25AFB}
ZC0302-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5EA24DA8-F398-42C7-8CDC-39273493C514}\setup.exe" -l0x9
ZHelp-->MsiExec.exe /I{18A265FA-A1F2-413E-940E-A6A255733CA3}

======Security center information======

AV: Spyware Doctor with AntiVirus (disabled)
AV: McAfee VirusScan
FW: McAfee Personal Firewall

======System event log======

Computer Name:***
Event Code: 1003
Message: Der Computer konnte die Netzwerkadresse, die durch den DHCP-Server für die
Netzwerkkarte mit der Netzwerkadresse 0015AFD5FDB7 zugeteilt wurde, nicht erneuern. Der
folgende Fehler ist aufgetreten:
Der Vorgang wurde durch den Benutzer abgebrochen.
.
Es wird weiterhin im Hintergrund versucht, eine Adresse vom
Netzwerkadressserver (DHCP) zu erhalten.

Record Number: 21578
Source Name: Dhcp
Time Written: 20090704110311.000000+120
Event Type: Warnung
User:

Computer Name: ***
Event Code: 7036
Message: Dienst "Windows-Bilderfassung (WIA)" befindet sich jetzt im Status "Ausgeführt".

Record Number: 21577
Source Name: Service Control Manager
Time Written: 20090704110307.000000+120
Event Type: Informationen
User:

Computer Name: ***
Event Code: 7036
Message: Dienst "McAfee Real-time Scanner" befindet sich jetzt im Status "Ausgeführt".

Record Number: 21576
Source Name: Service Control Manager
Time Written: 20090704110305.000000+120
Event Type: Informationen
User:

Computer Name:***
Event Code: 7036
Message: Dienst "McAfee Real-time Scanner" befindet sich jetzt im Status "Angehalten".

Record Number: 21575
Source Name: Service Control Manager
Time Written: 20090704041839.000000+120
Event Type: Informationen
User:

Computer Name: ***
Event Code: 7036
Message: Dienst "Windows Installer" befindet sich jetzt im Status "Beendet".

Record Number: 21574
Source Name: Service Control Manager
Time Written: 20090704040506.000000+120
Event Type: Informationen
User:

=====Application event log=====

Computer Name: ***
Event Code: 1800
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.

Record Number: 5985
Source Name: SecurityCenter
Time Written: 20090312015115.000000+060
Event Type: Informationen
User:

Computer Name: ***
Event Code: 1015
Message: TraceLevel-Parameter ist nicht in der Registrierung enthalten.
Die verwendete Standardablaufverfolgungsstufe ist 32.

Record Number: 5984
Source Name: EvntAgnt
Time Written: 20090312015114.000000+060
Event Type: Warnung
User:

Computer Name: ***
Event Code: 1003
Message: TraceFileName-Parameter ist nicht in der Registrierung enthalten.
Die verwendete Standardablaufverfolgungsdatei ist .

Record Number: 5983
Source Name: EvntAgnt
Time Written: 20090312015114.000000+060
Event Type: Warnung
User:

Computer Name: ***
Event Code: 105
Message: The service was started.

Record Number: 5982
Source Name: PLFlash DeviceIoControl Service
Time Written: 20090312015112.000000+060
Event Type: Informationen
User:

Computer Name:***
Event Code: 0
Message:
Record Number: 5981
Source Name: Nero BackItUp Scheduler 3
Time Written: 20090312015112.000000+060
Event Type: Informationen
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\Gemeinsame Dateien\GTK\2.0\bin;C:\Programme\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Programme\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

3.Resultate von Gmer

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-19 18:34:17
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xBA6CD514] <-- ROOTKIT !!!
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xBA6BC282] <-- ROOTKIT !!!
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xBA6BC474] <-- ROOTKIT !!!
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xBA6CDD00] <-- ROOTKIT !!!
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xBA6CDFB8] <-- ROOTKIT !!!
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xBA6CC3FA] <-- ROOTKIT !!!
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xBA6CE422] <-- ROOTKIT !!!
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xBA6CD7D8] <-- ROOTKIT !!!
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xBA6BBF32] <-- ROOTKIT !!!

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB7BF94EC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB7BF952C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB7BF9470]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB7BF9484]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB7BF9500]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB7BF94D8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB7BF94C4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB7BF9542]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB7BF9516]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504AE8 7 Bytes JMP B7BF951A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP B7BF94F0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B2006 7 Bytes JMP B7BF9530 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E14 5 Bytes JMP B7BF9546 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83E6 7 Bytes JMP B7BF9504 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB408 5 Bytes JMP B7BF9474 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB694 5 Bytes JMP B7BF9488 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE52 5 Bytes JMP B7BF94C8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D1702 5 Bytes JMP B7BF94DC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B9000A
.text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B9005B
.text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B90F70
.text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B9004A
.text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B90F97
.text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B90FB2
.text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B90087
.text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B90076
.text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B900BD
.text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B90F24
.text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B900D8
.text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B90039
.text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B90FEF
.text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B90F4B
.text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B90FC3
.text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B90FDE
.text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B900A2
.text C:\WINDOWS\system32\svchost.exe[388] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00B8002C
.text C:\WINDOWS\system32\svchost.exe[388] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00B80F9B
.text C:\WINDOWS\system32\svchost.exe[388] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00B8001B
.text C:\WINDOWS\system32\svchost.exe[388] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00B80FE5
.text C:\WINDOWS\system32\svchost.exe[388] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00B80058
.text C:\WINDOWS\system32\svchost.exe[388] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00B80000
.text C:\WINDOWS\system32\svchost.exe[388] ADVAPI32.dll!RegCreateKeyW 77DCBA55 2 Bytes JMP 00B80FB6
.text C:\WINDOWS\system32\svchost.exe[388] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA58 2 Bytes [DB, 88]
.text C:\WINDOWS\system32\svchost.exe[388] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00B8003D
.text C:\WINDOWS\system32\svchost.exe[388] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00B70053
.text C:\WINDOWS\system32\svchost.exe[388] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00B70FBE
.text C:\WINDOWS\system32\svchost.exe[388] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00B70FE3
.text C:\WINDOWS\system32\svchost.exe[388] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00B7000C
.text C:\WINDOWS\system32\svchost.exe[388] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00B7002E
.text C:\WINDOWS\system32\svchost.exe[388] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00B7001D
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01180FEF
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01180080
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01180F8B
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01180065

.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01180FA8
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01180FB9
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0118009B
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01180F53
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01180F27
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01180F38
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 011800DB
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01180040
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0118000A
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01180F70
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01180FD4
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01180025
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 011800AC
.text C:\WINDOWS\system32\services.exe[808] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 0117002F
.text C:\WINDOWS\system32\services.exe[808] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 0117006C
.text C:\WINDOWS\system32\services.exe[808] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 0117000A
.text C:\WINDOWS\system32\services.exe[808] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 01170FDE
.text C:\WINDOWS\system32\services.exe[808] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 01170FAF
.text C:\WINDOWS\system32\services.exe[808] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 01170FEF
.text C:\WINDOWS\system32\services.exe[808] ADVAPI32.dll!RegCreateKeyW 77DCBA55 5 Bytes JMP 01170051
.text C:\WINDOWS\system32\services.exe[808] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 01170040
.text C:\WINDOWS\system32\services.exe[808] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 01160038
.text C:\WINDOWS\system32\services.exe[808] msvcrt.dll!system 77BF93C7 5 Bytes JMP 01160FAD
.text C:\WINDOWS\system32\services.exe[808] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 0116000C
.text C:\WINDOWS\system32\services.exe[808] msvcrt.dll!_open 77BFF566 5 Bytes JMP 01160FEF
.text C:\WINDOWS\system32\services.exe[808] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 01160027
.text C:\WINDOWS\system32\services.exe[808] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 01160FD2
.text C:\WINDOWS\system32\services.exe[808] WS2_32.dll!socket 71A14211 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D60FEF
.text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D60067
.text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D6004C
.text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D60F72
.text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D60F83
.text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D60FB9
.text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D600A9
.text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D60F57
.text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D600DF
.text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D600C4
.text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D600F0
.text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D60F9E
.text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D6000A
.text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D60082
.text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D60FCA
.text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D60025
.text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D60F3C
.text C:\WINDOWS\system32\lsass.exe[828] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00D50FDE
.text C:\WINDOWS\system32\lsass.exe[828] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00D50065
.text C:\WINDOWS\system32\lsass.exe[828] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00D50025
.text C:\WINDOWS\system32\lsass.exe[828] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00D50014
.text C:\WINDOWS\system32\lsass.exe[828] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00D50FA8
.text C:\WINDOWS\system32\lsass.exe[828] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00D50FEF
.text C:\WINDOWS\system32\lsass.exe[828] ADVAPI32.dll!RegCreateKeyW 77DCBA55 2 Bytes JMP 00D50FC3
.text C:\WINDOWS\system32\lsass.exe[828] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA58 2 Bytes [F8, 88]
.text C:\WINDOWS\system32\lsass.exe[828] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00D5004A
.text C:\WINDOWS\system32\lsass.exe[828] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00D40055
.text C:\WINDOWS\system32\lsass.exe[828] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00D40FCA
.text C:\WINDOWS\system32\lsass.exe[828] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00D40029
.text C:\WINDOWS\system32\lsass.exe[828] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00D40000
.text C:\WINDOWS\system32\lsass.exe[828] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00D40044
.text C:\WINDOWS\system32\lsass.exe[828] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00D40FEF
.text C:\WINDOWS\system32\lsass.exe[828] WS2_32.dll!socket 71A14211 5 Bytes JMP 00D30FEF
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B30000
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B3006E
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B30F79
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B30F94
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B30FA5
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B3003D
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B30F4D
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B30095
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B30F17
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B300B0
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B300D5
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B30FB6
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B30011
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B30F5E
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B30FC7
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B30022
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B30F3C
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00B20022
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00B20FA5
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00B20011
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00B20000
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00B20FB6
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00B20FEF
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyW 77DCBA55 5 Bytes JMP 00B20058
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00B2003D
.text C:\WINDOWS\system32\svchost.exe[996] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00B10FA1
.text C:\WINDOWS\system32\svchost.exe[996] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00B10FB2
.text C:\WINDOWS\system32\svchost.exe[996] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00B10FD7
.text C:\WINDOWS\system32\svchost.exe[996] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00B10000
.text C:\WINDOWS\system32\svchost.exe[996] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00B1002C
.text C:\WINDOWS\system32\svchost.exe[996] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00B10011
.text C:\WINDOWS\system32\svchost.exe[996] WS2_32.dll!socket 71A14211 5 Bytes JMP 00B00000
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D80000
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D80F5F
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D80F70

.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D80F8B
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D80FA8
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D80FCA
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D80F0E
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D80F29
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D80EE2
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D80EF3
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D8008C
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D80FB9
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D8001B
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D80F44
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D80FDB
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D80036
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D80071
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00D70FCD
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00D70043
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00D70014
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00D70FDE
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00D70F86
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00D70FEF
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyW 77DCBA55 2 Bytes JMP 00D70FA1
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA58 2 Bytes [FA, 88]
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00D70FBC
.text C:\WINDOWS\system32\svchost.exe[1064] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00D60FC8
.text C:\WINDOWS\system32\svchost.exe[1064] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00D60053
.text C:\WINDOWS\system32\svchost.exe[1064] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00D60FD9
.text C:\WINDOWS\system32\svchost.exe[1064] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00D60000
.text C:\WINDOWS\system32\svchost.exe[1064] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00D60038
.text C:\WINDOWS\system32\svchost.exe[1064] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00D60011
.text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!socket 71A14211 5 Bytes JMP 00D50FEF
.text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02E50000
.text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02E50FAC
.text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02E50097
.text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02E50086
.text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02E50069
.text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02E5003D
.text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02E500E1
.text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02E50F9B
.text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02E5010D
.text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02E50F7E
.text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02E50F63
.text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02E50058
.text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02E50011
.text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02E500C6
.text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02E50022
.text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02E50FDB
.text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02E500FC
.text C:\WINDOWS\System32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 02E40040
.text C:\WINDOWS\System32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 02E40062
.text C:\WINDOWS\System32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 02E40FE5
.text C:\WINDOWS\System32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 02E4001B
.text C:\WINDOWS\System32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 02E40FAF
.text C:\WINDOWS\System32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 02E40000
.text C:\WINDOWS\System32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyW 77DCBA55 5 Bytes JMP 02E40051
.text C:\WINDOWS\System32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 02E40FD4
.text C:\WINDOWS\System32\svchost.exe[1108] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 02E20053
.text C:\WINDOWS\System32\svchost.exe[1108] msvcrt.dll!system 77BF93C7 5 Bytes JMP 02E20FC8
.text C:\WINDOWS\System32\svchost.exe[1108] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 02E20FD9
.text C:\WINDOWS\System32\svchost.exe[1108] msvcrt.dll!_open 77BFF566 5 Bytes JMP 02E20000
.text C:\WINDOWS\System32\svchost.exe[1108] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 02E2002E
.text C:\WINDOWS\System32\svchost.exe[1108] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 02E2001D
.text C:\WINDOWS\System32\svchost.exe[1108] WS2_32.dll!socket 71A14211 5 Bytes JMP 02D00FEF
.text C:\WINDOWS\System32\svchost.exe[1108] WININET.dll!InternetOpenA 408DD6C0 5 Bytes JMP 02CF0000
.text C:\WINDOWS\System32\svchost.exe[1108] WININET.dll!InternetOpenW 408DDB39 5 Bytes JMP 02CF0FE5
.text C:\WINDOWS\System32\svchost.exe[1108] WININET.dll!InternetOpenUrlA 408DF3D4 5 Bytes JMP 02CF0FC0
.text C:\WINDOWS\System32\svchost.exe[1108] WININET.dll!InternetOpenUrlW 40926DD7 5 Bytes JMP 02CF001B
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007C0000
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 007C0073
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 007C0F74
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 007C0058
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 007C0047
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 007C0FCA
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007C00B5
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007C009A
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007C00D0
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007C0F37
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007C0F26
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 007C0FAF
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 007C001B
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 007C0F63
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 007C0036
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 007C0FEF
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007C0F52
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 007B0014
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 007B005B
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 007B0FC3
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 007B0FD4
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 007B0F9E
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 007B0FEF
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyW 77DCBA55 5 Bytes JMP 007B0040
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 007B002F
.text C:\WINDOWS\system32\svchost.exe[1196] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 007A0F7F
.text C:\WINDOWS\system32\svchost.exe[1196] msvcrt.dll!system 77BF93C7 5 Bytes JMP 007A0F90
.text C:\WINDOWS\system32\svchost.exe[1196] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 007A0FBC
.text C:\WINDOWS\system32\svchost.exe[1196] msvcrt.dll!_open 77BFF566 5 Bytes JMP 007A0000
.text C:\WINDOWS\system32\svchost.exe[1196] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 007A0FAB
.text C:\WINDOWS\system32\svchost.exe[1196] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 007A0FE3
.text C:\WINDOWS\system32\svchost.exe[1196] WS2_32.dll!socket 71A14211 5 Bytes JMP 00790FE5
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A10FEF
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A10F5E
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A10049
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A10F6F
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A10F80
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A10022
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A10093
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A10F41
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A100B8
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A10F15
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A10EFA
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A10F9B
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A10000
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A1006E
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A10011
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A10FC0

.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A10F30
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00A00033
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00A0004E
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00A00022
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00A00011
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00A00F9B
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00A00000
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegCreateKeyW 77DCBA55 2 Bytes JMP 00A00FAC
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA58 2 Bytes [C3, 88]
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00A00FC7
.text C:\WINDOWS\system32\svchost.exe[1228] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 009F0F99
.text C:\WINDOWS\system32\svchost.exe[1228] msvcrt.dll!system 77BF93C7 5 Bytes JMP 009F002E
.text C:\WINDOWS\system32\svchost.exe[1228] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 009F001D
.text C:\WINDOWS\system32\svchost.exe[1228] msvcrt.dll!_open 77BFF566 5 Bytes JMP 009F000C
.text C:\WINDOWS\system32\svchost.exe[1228] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 009F0FBE
.text C:\WINDOWS\system32\svchost.exe[1228] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 009F0FE3
.text C:\WINDOWS\system32\svchost.exe[1228] WS2_32.dll!socket 71A14211 5 Bytes JMP 009E0000
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BF0000
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BF0089
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BF0F9E
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BF0078
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BF0FAF
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BF0040
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BF00B5
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BF0F6F
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BF00D0
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BF0F37
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BF00EB
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BF0051
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BF009A
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BF0FDE
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BF002F
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BF0F52
.text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00940014
.text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 0094004A
.text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00940FC3
.text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00940FD4
.text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00940F8D
.text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00940FEF
.text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyW 77DCBA55 2 Bytes JMP 00940FA8
.text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA58 2 Bytes [B7, 88] {MOV BH, 0x88}
.text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00940025
.text C:\WINDOWS\system32\svchost.exe[1488] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00930051
.text C:\WINDOWS\system32\svchost.exe[1488] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00930FBC
.text C:\WINDOWS\system32\svchost.exe[1488] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00930FDE
.text C:\WINDOWS\system32\svchost.exe[1488] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00930FEF
.text C:\WINDOWS\system32\svchost.exe[1488] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00930FCD
.text C:\WINDOWS\system32\svchost.exe[1488] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00930018
.text C:\WINDOWS\system32\svchost.exe[1488] WININET.dll!InternetOpenA 408DD6C0 5 Bytes JMP 00910FEF
.text C:\WINDOWS\system32\svchost.exe[1488] WININET.dll!InternetOpenW 408DDB39 5 Bytes JMP 00910FDE
.text C:\WINDOWS\system32\svchost.exe[1488] WININET.dll!InternetOpenUrlA 408DF3D4 5 Bytes JMP 0091000A
.text C:\WINDOWS\system32\svchost.exe[1488] WININET.dll!InternetOpenUrlW 40926DD7 5 Bytes JMP 0091001B
.text C:\WINDOWS\system32\svchost.exe[1488] WS2_32.dll!socket 71A14211 5 Bytes JMP 00920FEF
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00660FEF
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00660040
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00660F55
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00660F66
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00660F8D
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00660014
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0066006C
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00660F1A
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00660098
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00660EFF
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006600A9
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0066002F
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00660FD4
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00660051
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00660FA8
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00660FB9
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0066007D

.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00650025
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00650F72
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00650FD4
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00650FE5
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00650F83
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyW 77DCBA55 2 Bytes JMP 00650F9E
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA58 2 Bytes [88, 88]
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00650FAF
.text C:\WINDOWS\system32\svchost.exe[1544] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00640F97
.text C:\WINDOWS\system32\svchost.exe[1544] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00640FB2
.text C:\WINDOWS\system32\svchost.exe[1544] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00640FCD
.text C:\WINDOWS\system32\svchost.exe[1544] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00640FEF
.text C:\WINDOWS\system32\svchost.exe[1544] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00640022
.text C:\WINDOWS\system32\svchost.exe[1544] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00640FDE
.text C:\WINDOWS\system32\svchost.exe[1544] WS2_32.dll!socket 71A14211 5 Bytes JMP 00630FEF
.text c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe[1728] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe[1728] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\Explorer.EXE[2252] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AC000A
.text C:\WINDOWS\Explorer.EXE[2252] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AC0067
.text C:\WINDOWS\Explorer.EXE[2252] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AC0F72
.text C:\WINDOWS\Explorer.EXE[2252] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AC004A
.text C:\WINDOWS\Explorer.EXE[2252] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AC0F8D
.text C:\WINDOWS\Explorer.EXE[2252] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AC0FB9
.text C:\WINDOWS\Explorer.EXE[2252] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AC0F46
.text C:\WINDOWS\Explorer.EXE[2252] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AC0F57
.text C:\WINDOWS\Explorer.EXE[2252] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AC0F09
.text C:\WINDOWS\Explorer.EXE[2252] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AC0F24
.text C:\WINDOWS\Explorer.EXE[2252] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AC0EE4
.text C:\WINDOWS\Explorer.EXE[2252] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AC0FA8
.text C:\WINDOWS\Explorer.EXE[2252] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AC001B
.text C:\WINDOWS\Explorer.EXE[2252] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AC0082
.text C:\WINDOWS\Explorer.EXE[2252] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AC0FCA
.text C:\WINDOWS\Explorer.EXE[2252] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AC0FEF
.text C:\WINDOWS\Explorer.EXE[2252] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AC0F35
.text C:\WINDOWS\Explorer.EXE[2252] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00AB0036
.text C:\WINDOWS\Explorer.EXE[2252] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00AB0F9E
.text C:\WINDOWS\Explorer.EXE[2252] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00AB0FE5
.text C:\WINDOWS\Explorer.EXE[2252] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00AB001B
.text C:\WINDOWS\Explorer.EXE[2252] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00AB0FAF
.text C:\WINDOWS\Explorer.EXE[2252] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00AB0000
.text C:\WINDOWS\Explorer.EXE[2252] ADVAPI32.dll!RegCreateKeyW 77DCBA55 2 Bytes JMP 00AB0FC0
.text C:\WINDOWS\Explorer.EXE[2252] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA58 2 Bytes [CE, 88]
.text C:\WINDOWS\Explorer.EXE[2252] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00AB0051
.text C:\WINDOWS\Explorer.EXE[2252] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00AA0FC3
.text C:\WINDOWS\Explorer.EXE[2252] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00AA0044
.text C:\WINDOWS\Explorer.EXE[2252] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00AA0029
.text C:\WINDOWS\Explorer.EXE[2252] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00AA0FEF
.text C:\WINDOWS\Explorer.EXE[2252] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00AA0FD4
.text C:\WINDOWS\Explorer.EXE[2252] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00AA000C
.text C:\WINDOWS\Explorer.EXE[2252] WININET.dll!InternetOpenA 408DD6C0 5 Bytes JMP 003F0FEF
.text C:\WINDOWS\Explorer.EXE[2252] WININET.dll!InternetOpenW 408DDB39 5 Bytes JMP 003F0FDE
.text C:\WINDOWS\Explorer.EXE[2252] WININET.dll!InternetOpenUrlA 408DF3D4 5 Bytes JMP 003F0FC3
.text C:\WINDOWS\Explorer.EXE[2252] WININET.dll!InternetOpenUrlW 40926DD7 5 Bytes JMP 003F0FB2
.text C:\WINDOWS\Explorer.EXE[2252] WS2_32.dll!socket 71A14211 5 Bytes JMP 02040FE5
.text C:\WINDOWS\System32\svchost.exe[2912] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A000A
.text C:\WINDOWS\System32\svchost.exe[2912] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0FA5
.text C:\WINDOWS\System32\svchost.exe[2912] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0090
.text C:\WINDOWS\System32\svchost.exe[2912] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0073
.text C:\WINDOWS\System32\svchost.exe[2912] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0062
.text C:\WINDOWS\System32\svchost.exe[2912] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0036
.text C:\WINDOWS\System32\svchost.exe[2912] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A00D7
.text C:\WINDOWS\System32\svchost.exe[2912] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A00C6
.text C:\WINDOWS\System32\svchost.exe[2912] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A010D
.text C:\WINDOWS\System32\svchost.exe[2912] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F6A
.text C:\WINDOWS\System32\svchost.exe[2912] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A011E
.text C:\WINDOWS\System32\svchost.exe[2912] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A0051
.text C:\WINDOWS\System32\svchost.exe[2912] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A001B
.text C:\WINDOWS\System32\svchost.exe[2912] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A00B5
.text C:\WINDOWS\System32\svchost.exe[2912] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A0FD4
.text C:\WINDOWS\System32\svchost.exe[2912] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\System32\svchost.exe[2912] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A00E8
.text C:\WINDOWS\System32\svchost.exe[2912] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00290FC3
.text C:\WINDOWS\System32\svchost.exe[2912] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00290040
.text C:\WINDOWS\System32\svchost.exe[2912] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00290014
.text C:\WINDOWS\System32\svchost.exe[2912] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00290FDE
.text C:\WINDOWS\System32\svchost.exe[2912] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00290F83
.text C:\WINDOWS\System32\svchost.exe[2912] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00290FEF
.text C:\WINDOWS\System32\svchost.exe[2912] ADVAPI32.dll!RegCreateKeyW 77DCBA55 2 Bytes JMP 00290F94
.text C:\WINDOWS\System32\svchost.exe[2912] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA58 2 Bytes [4C, 88]
.text C:\WINDOWS\System32\svchost.exe[2912] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00290025
.text C:\WINDOWS\System32\svchost.exe[2912] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 003E0FB2
.text C:\WINDOWS\System32\svchost.exe[2912] msvcrt.dll!system 77BF93C7 5 Bytes JMP 003E0033
.text C:\WINDOWS\System32\svchost.exe[2912] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 003E0FDE
.text C:\WINDOWS\System32\svchost.exe[2912] msvcrt.dll!_open 77BFF566 5 Bytes JMP 003E0000
.text C:\WINDOWS\System32\svchost.exe[2912] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 003E0FCD
.text C:\WINDOWS\System32\svchost.exe[2912] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 003E0FEF
.text C:\WINDOWS\System32\svchost.exe[2912] WS2_32.dll!socket 71A14211 5 Bytes JMP 009C0000
.text C:\Programme\Windows Live\Messenger\MsnMsgr.Exe[3852] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0137EDC0 C:\Programme\McAfee\SiteAdvisor\saPlugin.dll

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6602C9E4] C:\Programme\Stardock\MyColors\WBlind.dll (WindowBlinds/Stardock Corporation)
IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6602C98D] C:\Programme\Stardock\MyColors\WBlind.dll (WindowBlinds/Stardock Corporation)
IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6602C98D] C:\Programme\Stardock\MyColors\WBlind.dll (WindowBlinds/Stardock Corporation)
IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6602C9E4] C:\Programme\Stardock\MyColors\WBlind.dll (WindowBlinds/Stardock Corporation)
IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6602C98D] C:\Programme\Stardock\MyColors\WBlind.dll (WindowBlinds/Stardock Corporation)
IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6602C9E4] C:\Programme\Stardock\MyColors\WBlind.dll (WindowBlinds/Stardock Corporation)
IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6602C98D] C:\Programme\Stardock\MyColors\WBlind.dll (WindowBlinds/Stardock Corporation)
IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6602C9E4] C:\Programme\Stardock\MyColors\WBlind.dll (WindowBlinds/Stardock Corporation)
IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6602C987] C:\Programme\Stardock\MyColors\WBlind.dll (WindowBlinds/Stardock Corporation)
IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowPos] [66603F82] C:\Programme\Stardock\MyColors\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetWindowRect] [66603FB5] C:\Programme\Stardock\MyColors\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowLongW] [66603EA3] C:\Programme\Stardock\MyColors\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DeferWindowPos] [66603E28] C:\Programme\Stardock\MyColors\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetWindowPlacement] [66603F30] C:\Programme\Stardock\MyColors\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!MoveWindow] [66603F52] C:\Programme\Stardock\MyColors\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6602C987] C:\Programme\Stardock\MyColors\WBlind.dll (WindowBlinds/Stardock Corporation)
IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6602C9E4] C:\Programme\Stardock\MyColors\WBlind.dll (WindowBlinds/Stardock Corporation)
IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6602C98D] C:\Programme\Stardock\MyColors\WBlind.dll (WindowBlinds/Stardock Corporation)
IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowLongA] [66603E7C] C:\Programme\Stardock\MyColors\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowLongW] [66603EA3] C:\Programme\Stardock\MyColors\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DeferWindowPos] [66603E28] C:\Programme\Stardock\MyColors\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowPos] [66603F82] C:\Programme\Stardock\MyColors\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetWindowRect] [66603FB5] C:\Programme\Stardock\MyColors\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6602C98D] C:\Programme\Stardock\MyColors\WBlind.dll (WindowBlinds/Stardock Corporation)
IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6602C9E4] C:\Programme\Stardock\MyColors\WBlind.dll (WindowBlinds/Stardock Corporation)
IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6602C987] C:\Programme\Stardock\MyColors\WBlind.dll (WindowBlinds/Stardock Corporation)
IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowLongW] [66603EA3] C:\Programme\Stardock\MyColors\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetWindowRect] [66603FB5] C:\Programme\Stardock\MyColors\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!MoveWindow] [66603F52] C:\Programme\Stardock\MyColors\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [6602C9E4] C:\Programme\Stardock\MyColors\WBlind.dll (WindowBlinds/Stardock Corporation)
IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [6602C987] C:\Programme\Stardock\MyColors\WBlind.dll (WindowBlinds/Stardock Corporation)
IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6602C98D] C:\Programme\Stardock\MyColors\WBlind.dll (WindowBlinds/Stardock Corporation)
IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!SetWindowPos] [66603F82] C:\Programme\Stardock\MyColors\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!GetWindowRect] [66603FB5] C:\Programme\Stardock\MyColors\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)