fremde seite öffnet sich In Mozilla firefox beim Surfen.

Andre1990 · 18.07.2010, 14:11

Hallo,leute.Mein problem ist,wenn ich am suerfen bin(ich benutze Mozilla Firefox)und dann zb geh ich auf w*w.google.de dann öffnet sich eine andere seite die den name Hat

hxxp://w*w.mybrowserbar.com/ und da steht dann Immer Oops this site has broken usw.

Nun bin ich mir nicht sicher Ob das ein Virus/trojaner etc ist.

Ich hoffe ihr könnt mir helfen. Danke

Ps,weiß nicht obs nötig ist aber mein antiviren programm ist McAfee Total protection 2010

Larusso · 18.07.2010, 14:12

Nur im Firefox oder auch mit dem IE ?

Andre1990 · 18.07.2010, 14:17

kann ich nicht beurteilen benutze Ie nicht aber ich werde es mal testen.

mfg Andre

Andre1990 · 18.07.2010, 14:21

und hier ist nochmal der genau name von der seite die sich öffnet hxxp://w*w.mybrowserbar.com/cgi/errors.cgi?q=http%3A%2F%2Fwww.google.de%2F&type=dns&ISN=A202A8BB94614DC8971AEBC200B26FB9&ccv=130&cnid=302398&cco=US&ct=12

Larusso · 18.07.2010, 14:22

Wie wärs wenn Du dich um das kümmerst was ich wissen muss ?

Andre1990 · 18.07.2010, 14:26

so ich hab jetzt ne weile mim Ie gesurft.Google,youtube,etc.Da ist nichts passiert.

Mfg Andre

Larusso · 18.07.2010, 14:27

Downloade dir bitte GooredFix.exe auf Deinem Desktop.

Schliesse bitte alle laufenden Programme inklusive Browser.
Doppelklick auf die .exe
Vista User: Mit Rechtsklick "als Administrator starten".
Gib bitte in folgendes Fenster 1 ein und drücke Enter.
Wenn der Scan beendet wurde, erstellt das Tool eine GooredLog.
Diese ist auch auf Deinem Desktop zu finden.

Poste mir bitte den Inhalt der GooredLog.txt
Hinweis: Bitte nicht Option 2 selbständig laufen lassen.

Andre1990 · 18.07.2010, 14:38

so,habe das programm runtergeladen.Wenn ich es starte kommt da gooredfix will automaticly check for and remove infection. Habe auf yes gedrückt da wenn ich auf No drücke es aus geht.Ich konnte in das fenster Keine 1 eingeben.

und hier der Log

Zitat:

GooredFix by jpshortstuff (03.07.10.1)
Log created at 15:34 on 18/07/2010 (*****)
Firefox version 3.6.6 (de)

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [18:01 15/01/2010]
{AB2CE124-6272-4b12-94A9-7303C7397BD1} [16:38 28/03/2010]
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [19:25 15/01/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor" [10:57 17/04/2010]

-=E.O.F=-

Larusso · 18.07.2010, 14:40

Ich steh drauf wenn was geändert wird und niemand sagt was -.-

Downloade Dir bitte Load.exe

Das Tool benötigt eine aktive Internetverbindung, aber keinen offenen Browser
Sollte deine Firewall meckern, die Anwendung bitte zulassen.

Speichere die Datei am Desktop.
Doppelklick auf die load.exe
Belasse die Häckchen wie sie sind.
Schließe nun alle offenen Programme.
Klicke auf Download
Bitte während dem Download nicht in das Fenster klicken.
Folge den Anweisungen auf dem Bildschirm.
Wenn das Fenster Status aufpoppt klicke Start.

Nach dem Neustart findest Du einen Ordner MFTools auf dem Desktop. Darin befindet sich eine Anleitung.pdf.
Diese bitte öffnen und die darin beschriebenen Schritte abarbeiten.

Andre1990 · 18.07.2010, 16:00

so bin fertig.hier die ganzen Logs

Otl.log
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 18.07.2010 16:36:49 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\****\Desktop\MFTools
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 60,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,52 Gb Total Space | 31,15 Gb Free Space | 44,81% Space Free | Partition Type: NTFS
Drive D: | 66,00 Gb Total Space | 30,42 Gb Free Space | 46,09% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ****
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.07.18 15:56:20 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\****\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2010.07.18 15:43:31 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Andre\Desktop\MFTools\OTL.exe
PRC - [2010.06.19 18:39:28 | 001,701,888 | ---- | M] (Curse) -- C:\Users\Andre\AppData\Local\Apps\2.0\V9WYWV5M.VJC\A76PHQKO.V9E\curs..tion_eee711038731a406_0004.0000_172b37d8269e5e48\CurseClient.exe
PRC - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.04.27 17:16:24 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2010.04.27 17:16:24 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe
PRC - [2010.04.01 23:05:04 | 001,180,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010.01.08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2010.01.05 18:04:02 | 000,170,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2010.01.03 18:07:48 | 000,246,520 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.12.14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.08.18 03:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.08.18 03:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.06.08 12:11:00 | 001,160,192 | ---- | M] (infoMantis GmbH) -- C:\Program Files\iSaver\iSaverCtrl.exe
PRC - [2009.04.10 21:11:00 | 007,399,968 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2008.07.29 20:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2008.07.11 02:27:52 | 040,999,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2008.07.10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.07.18 15:43:31 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Andre\Desktop\MFTools\OTL.exe
MOD - [2010.04.01 09:57:36 | 000,015,056 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010.02.23 09:55:24 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieproxy.dll
MOD - [2009.07.14 03:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2009.07.14 03:16:18 | 001,011,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2009.07.14 03:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009.07.14 03:16:16 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll
MOD - [2009.07.14 03:16:15 | 000,363,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll
MOD - [2009.07.14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009.07.14 03:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srvcli.dll
MOD - [2009.07.14 03:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slc.dll
MOD - [2009.07.14 03:16:13 | 000,643,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFolder.dll
MOD - [2009.07.14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009.07.14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009.07.14 03:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcRtRemote.dll
MOD - [2009.07.14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009.07.14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009.07.14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009.07.14 03:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
MOD - [2009.07.14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009.07.14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009.07.14 03:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptsp.dll
MOD - [2009.07.14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009.07.14 03:15:07 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2009.07.14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009.07.14 03:14:52 | 000,309,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.04.27 17:16:24 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010.04.27 17:16:24 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010.03.10 11:16:56 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010.01.08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2010.01.05 18:04:02 | 000,170,144 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010.01.03 18:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.12.14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2009.12.14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2009.12.14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2009.12.14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2009.12.14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2009.12.14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009.12.14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2009.08.18 03:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009.07.14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009.07.14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009.07.14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009.07.14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009.07.14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009.07.14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009.07.14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009.07.14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.07.14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009.07.14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009.07.14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV)
SRV - [2009.07.14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009.07.14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2008.07.11 02:27:52 | 040,999,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2008.07.11 02:27:52 | 000,369,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server-Agent (SQLEXPRESS)
SRV - [2008.07.11 02:27:48 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100)
SRV - [2008.07.10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008.07.10 02:49:34 | 000,258,072 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - [2010.04.27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010.04.27 17:16:24 | 000,312,616 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010.04.27 17:16:24 | 000,160,720 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2010.04.27 17:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010.04.27 17:16:24 | 000,095,568 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010.04.27 17:16:24 | 000,083,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010.04.27 17:16:24 | 000,064,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2010.04.27 17:16:24 | 000,055,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2010.04.27 17:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009.12.11 09:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009.08.18 04:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.24 00:48:00 | 000,103,440 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.07.20 20:39:20 | 000,116,136 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2009.07.14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009.07.14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009.07.14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009.07.14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009.07.14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009.07.14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009.07.14 03:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009.07.14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009.07.14 03:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009.07.14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009.07.14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009.07.14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009.07.14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009.07.14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009.07.14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009.07.14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009.07.14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009.07.14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009.07.14 03:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009.07.14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009.07.14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009.07.14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009.07.14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009.07.14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009.07.14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009.07.14 03:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009.07.14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009.07.14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009.07.14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009.07.14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009.07.14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009.07.14 03:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009.07.14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC-Seriellschnittstellentreiber (WDM)
DRV - [2009.07.14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009.07.14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009.07.14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009.07.14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009.07.14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009.07.14 01:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009.07.14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009.07.14 01:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009.07.14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009.07.14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009.07.14 01:45:42 | 000,465,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xnacc.sys -- (xnacc)
DRV - [2009.07.14 01:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009.07.14 01:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009.07.14 01:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009.07.14 01:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009.07.14 01:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009.07.14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdppm.sys -- (AmdPPM)
DRV - [2009.07.14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) Brother MFC-nur-Fax-Modem (USB)
DRV - [2009.07.14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) Brother MFC-WDM-Treiber (USB,seriell)
DRV - [2009.07.14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) Brother WDM-Treiber (seriell)
DRV - [2009.07.14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009.07.14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009.07.14 00:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)
DRV - [2009.07.14 00:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)
DRV - [2009.07.14 00:13:45 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (SrvHsfHDA)
DRV - [2009.07.14 00:02:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2009.07.14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009.07.14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009.07.14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.06.15 15:01:00 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2009.05.12 16:53:04 | 000,016,896 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FlashUsb.sys -- (FlashUSB)
DRV - [2009.05.04 22:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2009.04.10 17:50:00 | 002,358,112 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.04.03 07:39:58 | 000,027,320 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2008.11.08 10:55:24 | 000,101,760 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.07.10 02:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2008.04.29 02:54:58 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008.02.27 20:36:02 | 000,141,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E7 F9 98 F5 BC 96 CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010.07.02 14:43:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.30 17:06:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.30 17:06:43 | 000,000,000 | ---D | M]
 
[2010.01.15 20:01:39 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\mozilla\Extensions
[2010.07.18 15:24:16 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\mozilla\Firefox\Profiles\k2veblcu.default\extensions
[2010.04.20 17:47:27 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\mozilla\Firefox\Profiles\k2veblcu.default\extensions\SkipScreen@SkipScreen
[2010.04.05 21:16:46 | 000,002,252 | ---- | M] () -- C:\Users\Andre\AppData\Roaming\Mozilla\FireFox\Profiles\k2veblcu.default\searchplugins\askcom.xml
[2010.07.11 23:04:19 | 000,000,944 | ---- | M] () -- C:\Users\Andre\AppData\Roaming\Mozilla\FireFox\Profiles\k2veblcu.default\searchplugins\icqplugin.xml
[2010.06.24 18:53:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.03.28 18:39:00 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.04.27 17:16:24 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20100518172810.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O4 - HKLM..\Run: [iSaverCtrl] C:\Program Files\iSaver\iSaverCtrl.exe (infoMantis GmbH)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [WebcamMaxAutoRun] C:\Program Files\WebcamMax\WebcamMax.exe (CoolwareMax)
O4 - Startup: C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 149
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6f537000-86ea-11df-abbd-001eec5d905c}\Shell - "" = AutoRun
O33 - MountPoints2\{6f537000-86ea-11df-abbd-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{6f537002-86ea-11df-abbd-001eec5d905c}\Shell - "" = AutoRun
O33 - MountPoints2\{6f537002-86ea-11df-abbd-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{cb9ac6e2-7633-11df-8a3c-001eec5d905c}\Shell - "" = AutoRun
O33 - MountPoints2\{cb9ac6e2-7633-11df-8a3c-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{d05e8afd-696d-11df-bcf1-001eec5d905c}\Shell - "" = AutoRun
O33 - MountPoints2\{d05e8afd-696d-11df-bcf1-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{d05e8b02-696d-11df-bcf1-001eec5d905c}\Shell - "" = AutoRun
O33 - MountPoints2\{d05e8b02-696d-11df-bcf1-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{f116a294-5169-11df-86b7-001eec5d905c}\Shell - "" = AutoRun
O33 - MountPoints2\{f116a294-5169-11df-86b7-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{f116a299-5169-11df-86b7-001eec5d905c}\Shell - "" = AutoRun
O33 - MountPoints2\{f116a299-5169-11df-86b7-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{f116a2b6-5169-11df-86b7-001eec5d905c}\Shell - "" = AutoRun
O33 - MountPoints2\{f116a2b6-5169-11df-86b7-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.07.18 16:29:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.07.18 16:00:28 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.07.18 15:59:11 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010.07.18 15:47:30 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\Malwarebytes
[2010.07.18 15:47:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.07.18 15:47:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.07.18 15:47:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.18 15:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.07.18 15:42:11 | 000,000,000 | ---D | C] -- C:\Users\Andre\Desktop\MFTools
[2010.07.18 15:34:28 | 000,000,000 | ---D | C] -- C:\Users\Andre\Desktop\GooredFix Backups
[2010.07.18 15:33:19 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Andre\Desktop\GooredFix.exe
[2010.07.06 12:26:46 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\ScreeNet iSaver
[2010.07.06 12:26:46 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\ScreeNet iSaver
[2010.07.06 12:23:02 | 000,000,000 | ---D | C] -- C:\Program Files\iSaver
[2010.06.24 20:23:16 | 000,000,000 | ---D | C] -- C:\Users\Andre\Desktop\redsn0w_win_0.9.5b5-4
[2010.06.24 18:53:55 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2010.06.24 18:53:47 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
[2010.06.23 23:06:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010.06.23 23:06:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010.06.23 23:00:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010.06.12 17:32:19 | 000,621,056 | R--- | C] (DiBcom SA) -- C:\Windows\System32\drivers\mod7700.sys
[2010.06.12 17:32:19 | 000,113,152 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys
[2010.06.12 17:32:19 | 000,101,760 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2010.06.12 17:32:19 | 000,023,424 | R--- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2010.06.04 19:32:24 | 000,190,464 | ---- | C] (Tools & Components) -- C:\Windows\System32\sevImLib.dll
[2010.06.04 19:32:24 | 000,148,992 | ---- | C] (Tools & Components) -- C:\Windows\System32\sevMenuXP2.ocx
[2010.06.04 19:32:24 | 000,062,976 | ---- | C] (Tools & Components) -- C:\Windows\System32\sevList32.ocx
[2010.06.04 19:32:20 | 000,000,000 | ---D | C] -- C:\Stormblade
[2010.05.25 18:10:52 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\Blizzard Entertainment
[2010.05.22 23:32:07 | 000,000,000 | ---D | C] -- C:\Itemmall
[2010.05.14 12:18:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010.05.09 10:09:56 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\teamspeak2
[2010.05.09 10:09:05 | 000,000,000 | ---D | C] -- C:\Program Files\Teamspeak2_RC2
[2010.05.09 00:20:24 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\Apps
[2010.05.09 00:20:22 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\Deployment
[2010.05.07 19:50:54 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\QuickPar
[2010.05.07 19:50:09 | 000,000,000 | ---D | C] -- C:\Program Files\QuickPar
[2010.05.02 12:55:13 | 000,000,000 | ---D | C] -- C:\Program Files\Surf & E-Mail-Stick
[2010.04.23 16:04:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2010.04.23 16:03:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2010.04.22 20:27:17 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
 
========== Files - Modified Within 90 Days ==========
 
[2010.07.18 16:42:30 | 002,097,152 | -HS- | M] () -- C:\Users\Andre\NTUSER.DAT
[2010.07.18 16:35:02 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.18 16:35:02 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.18 16:30:41 | 000,001,792 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2010.07.18 16:29:47 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.18 16:29:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.18 16:29:33 | 290,143,305 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.07.18 16:29:32 | 1408,045,056 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.18 16:14:38 | 000,293,376 | ---- | M] () -- C:\Users\Andre\Desktop\gmer.exe
[2010.07.18 15:59:14 | 000,000,858 | ---- | M] () -- C:\Users\Andre\Desktop\NTREGOPT.lnk
[2010.07.18 15:59:13 | 000,000,839 | ---- | M] () -- C:\Users\Andre\Desktop\ERUNT.lnk
[2010.07.18 15:47:08 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.18 15:42:43 | 000,284,915 | ---- | M] () -- C:\Users\Andre\Desktop\Gmer.zip
[2010.07.18 15:41:29 | 000,410,664 | ---- | M] () -- C:\Users\Andre\Desktop\Load.exe
[2010.07.18 15:33:21 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Andre\Desktop\GooredFix.exe
[2010.07.15 14:33:04 | 001,655,272 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.15 14:33:04 | 000,709,178 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.07.15 14:33:04 | 000,672,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.15 14:33:04 | 000,150,796 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.07.15 14:33:04 | 000,127,970 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.07.06 12:26:50 | 000,001,969 | ---- | M] () -- C:\Users\Public\Desktop\TV-Guide starten.lnk
[2010.07.02 14:42:20 | 002,689,576 | -H-- | M] () -- C:\Users\Andre\AppData\Local\IconCache.db
[2010.06.29 14:40:22 | 000,072,371 | ---- | M] () -- C:\Users\Andre\Desktop\dun-morogh1.jpg
[2010.06.24 19:02:24 | 000,151,295 | ---- | M] () -- C:\Users\Andre\Documents\DragonBall - Manga - Volume 01 - 001.pdf
[2010.06.24 18:59:35 | 007,311,952 | ---- | M] () -- C:\Users\Andre\Documents\C__Users_Andre_Desktop_Dragonball Manga Volume 1 - Das Geheimnis der Drachenkugeln_DragonBall - Manga - Volume 01 - 002_.pdf.ps
[2010.06.24 09:55:46 | 000,000,589 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft - Stormblade.lnk
[2010.06.23 23:08:02 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.06.23 22:07:19 | 001,662,622 | ---- | M] () -- C:\Users\Andre\Desktop\dnl-f10x.nzb
[2010.06.20 10:38:20 | 000,065,008 | ---- | M] () -- C:\Users\Andre\Desktop\brachland-zinnerz1.jpg
[2010.06.12 17:32:47 | 000,001,061 | ---- | M] () -- C:\Users\Public\Desktop\Surf & E-Mail-Stick.lnk
[2010.06.12 16:49:25 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.06.04 19:34:05 | 000,000,188 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2010.05.09 10:09:08 | 000,000,952 | ---- | M] () -- C:\Users\Andre\Desktop\Teamspeak 2 RC2.lnk
[2010.05.09 00:24:11 | 000,000,000 | ---- | M] () -- C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2010.05.09 00:23:19 | 000,000,312 | ---- | M] () -- C:\Users\Andre\Desktop\Curse Client.appref-ms
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.29 00:00:15 | 010,764,236 | ---- | M] () -- C:\Users\Andre\Desktop\Carry on my Wayward Son - Supernatural 2x22 (HQ;german).avi
[2010.04.27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2010.04.27 17:16:24 | 000,312,616 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys
[2010.04.27 17:16:24 | 000,160,720 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys
[2010.04.27 17:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2010.04.27 17:16:24 | 000,095,568 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys
[2010.04.27 17:16:24 | 000,083,496 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2010.04.27 17:16:24 | 000,064,304 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys
[2010.04.27 17:16:24 | 000,055,456 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys
[2010.04.27 17:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2010.04.27 17:16:24 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys
[2010.04.21 21:42:44 | 1548,398,592 | ---- | M] () -- C:\Users\Andre\Desktop\The.Descent.2.2009.HDRip.AC3.German.XviD-2Brothers.avi
 
========== Files Created - No Company Name ==========
 
[2010.07.18 16:29:33 | 290,143,305 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.07.18 16:14:37 | 000,293,376 | ---- | C] () -- C:\Users\Andre\Desktop\gmer.exe
[2010.07.18 15:59:14 | 000,000,858 | ---- | C] () -- C:\Users\Andre\Desktop\NTREGOPT.lnk
[2010.07.18 15:59:13 | 000,000,839 | ---- | C] () -- C:\Users\Andre\Desktop\ERUNT.lnk
[2010.07.18 15:47:08 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.18 15:42:36 | 000,284,915 | ---- | C] () -- C:\Users\Andre\Desktop\Gmer.zip
[2010.07.18 15:41:17 | 000,410,664 | ---- | C] () -- C:\Users\Andre\Desktop\Load.exe
[2010.07.06 12:26:50 | 000,001,969 | ---- | C] () -- C:\Users\Public\Desktop\TV-Guide starten.lnk
[2010.06.29 14:40:16 | 000,072,371 | ---- | C] () -- C:\Users\Andre\Desktop\dun-morogh1.jpg
[2010.06.24 19:02:23 | 000,151,295 | ---- | C] () -- C:\Users\Andre\Documents\DragonBall - Manga - Volume 01 - 001.pdf
[2010.06.24 18:59:35 | 007,311,952 | ---- | C] () -- C:\Users\Andre\Documents\C__Users_Andre_Desktop_Dragonball Manga Volume 1 - Das Geheimnis der Drachenkugeln_DragonBall - Manga - Volume 01 - 002_.pdf.ps
[2010.06.24 09:55:46 | 000,000,589 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft - Stormblade.lnk
[2010.06.23 23:08:02 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.06.23 22:07:07 | 001,662,622 | ---- | C] () -- C:\Users\Andre\Desktop\dnl-f10x.nzb
[2010.06.20 10:38:15 | 000,065,008 | ---- | C] () -- C:\Users\Andre\Desktop\brachland-zinnerz1.jpg
[2010.06.12 17:32:47 | 000,001,061 | ---- | C] () -- C:\Users\Public\Desktop\Surf & E-Mail-Stick.lnk
[2010.06.04 19:32:23 | 000,002,463 | ---- | C] () -- C:\Windows\System32\MSWINSCK.DEP
[2010.06.04 19:32:22 | 000,002,768 | ---- | C] () -- C:\Windows\System32\classFileDownload.lib
[2010.06.04 19:32:22 | 000,001,049 | ---- | C] () -- C:\Windows\System32\classFileDownload.exp
[2010.05.29 20:59:44 | 1548,398,592 | ---- | C] () -- C:\Users\Andre\Desktop\The.Descent.2.2009.HDRip.AC3.German.XviD-2Brothers.avi
[2010.05.28 14:49:36 | 2644,133,888 | ---- | C] () -- C:\Users\Andre\Desktop\Transformers.Die.Rache.IMAX.EDITION.2009.DL.German.AC3.5.1.HD2DVDRip.XviD-Ms89.avi
[2010.05.09 10:09:08 | 000,000,952 | ---- | C] () -- C:\Users\Andre\Desktop\Teamspeak 2 RC2.lnk
[2010.05.09 00:24:11 | 000,000,000 | ---- | C] () -- C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2010.05.09 00:23:19 | 000,000,312 | ---- | C] () -- C:\Users\Andre\Desktop\Curse Client.appref-ms
[2010.04.28 23:59:53 | 010,764,236 | ---- | C] () -- C:\Users\Andre\Desktop\Carry on my Wayward Son - Supernatural 2x22 (HQ;german).avi
[2010.03.13 17:26:38 | 000,000,000 | ---- | C] () -- C:\Windows\iplayer.INI
[2010.01.23 18:42:10 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.01.15 20:40:32 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2010.01.15 20:40:32 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.04.22 01:19:06 | 000,172,173 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.08.18 18:16:08 | 001,634,304 | ---- | C] () -- C:\Windows\System32\myodbc5S.dll
 
========== LOP Check ==========
 
[2010.02.01 23:24:01 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\abgx360
[2010.03.18 20:45:45 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\Ashampoo
[2010.07.16 21:30:05 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\ICQ
[2010.01.29 14:24:55 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\ImgBurn
[2010.01.27 18:04:37 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\log
[2010.07.06 12:27:03 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\ScreeNet iSaver
[2010.02.13 22:22:58 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\ShareTV
[2010.02.20 13:09:50 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\ShareTV2
[2010.05.11 21:36:57 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\UseNeXT
[2010.01.26 21:58:47 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\Vso
[2010.04.05 19:28:06 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\WebcamMax
[2009.07.14 06:53:46 | 000,022,048 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2009.06.10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009.07.14 03:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010.01.15 19:24:10 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009.06.10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008.10.25 10:06:11 | 000,002,560 | ---- | M] () -- C:\DVDSample.bmk
[2010.07.18 16:29:32 | 1408,045,056 | -HS- | M] () -- C:\hiberfil.sys
[2009.08.11 22:42:51 | 000,123,195 | ---- | M] () -- C:\Hugo.huc
[2008.10.05 22:17:18 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009.07.21 21:57:34 | 000,578,600 | ---- | M] () -- C:\KP500.flb
[2009.02.06 21:50:06 | 000,000,090 | ---- | M] () -- C:\LogiSetup.log
[2008.08.21 05:22:17 | 000,000,020 | ---- | M] () -- C:\Medion.ini
[2008.10.05 22:17:18 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008.06.30 22:27:28 | 000,016,384 | ---- | M] (Egis Incorporated) -- C:\msimg32.dll
[2010.07.18 16:29:36 | 1877,393,408 | -HS- | M] () -- C:\pagefile.sys
[2008.08.21 05:17:42 | 000,000,060 | ---- | M] () -- C:\Partition.txt
[2008.05.20 23:00:53 | 000,000,650 | ---- | M] () -- C:\RHDSetup.log
[2010.01.15 19:43:54 | 000,171,136 | RHS- | M] () -- C:\w7ldr
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009.07.14 03:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\FirewallAPI.dll
[2009.07.14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\LocationApi.dll
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\drivers\*.sys /90 >
[2010.04.27 17:16:24 | 000,055,456 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.27 17:16:24 | 000,095,568 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys
[2010.04.27 17:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2010.04.27 17:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2010.04.27 17:16:24 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys
[2010.04.27 17:16:24 | 000,312,616 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys
[2010.04.27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2010.04.27 17:16:24 | 000,064,304 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys
[2010.04.27 17:16:24 | 000,083,496 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2010.04.27 17:16:24 | 000,160,720 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys
[2010.04.19 20:47:42 | 000,041,984 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\drivers\usbaapl.sys
 
< %systemroot%\system32\user32.dll /md5 >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2009.07.14 03:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\System32\ws2help.dll
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-05-02 16:35:52

< End of report >

--- --- ---

Andre1990 · 18.07.2010, 16:06

extras.log

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 18.07.2010 16:36:49 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Andre\Desktop\MFTools
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 60,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,52 Gb Total Space | 31,15 Gb Free Space | 44,81% Space Free | Partition Type: NTFS
Drive D: | 66,00 Gb Total Space | 30,42 Gb Free Space | 46,09% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MEIN-PC
Current User Name: Andre
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{0B9CCE86-8E60-4CE5-AE03-26F79D4D8FA9}" = Item-mall
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1
"{30355ED7-DE49-4C8D-BE23-2161D36E8A9A}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008-Browser
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE 
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{5A67EE53-2CE7-40CD-BA31-70F0C801A189}" = TV-Guide
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{81CC4D29-D7F2-7609-2833-C7AD6D363DF4}" = ATI Catalyst Install Manager
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{8F714418-F3C3-3BF0-B548-E4BDA7AD41DE}" = Microsoft Visual Basic 2008 Express Edition with SP1 - DEU
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C91C4EF4-63E1-41EE-AE6A-5152628FDC21}" = Microsoft SQL Server 2008 Native Client
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch)
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"4StoryDE_is1" = 4Story 3.3
"5D38134BF8A10D640B30E6B014EECDBC5F881E3D" = Windows Driver Package - ENE (enecir) HIDClass  (04/29/2008 2.5.0.0)
"7D6D030B3D73FCCA3D4E45319380F315DFBE7A54" = Windows-Treiberpaket - Infineon Technologies (FlashUSB) USB  (04/16/2009 1.0.0.6)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"ERUNT_is1" = ERUNT 1.1j
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"ICQToolbar" = ICQ Toolbar
"ImgBurn" = ImgBurn
"Infineon USB driver_is1" = Infineon USB driver 1.0.0.6
"InterActual Player" = InterActual Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Basic 2008 Express Edition with SP1 - DEU" = Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSC" = McAfee Total Protection
"OpenAL" = OpenAL
"Palringo" = Palringo
"QuickPar" = QuickPar 0.9
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"VSO Inspector_is1" = VSO Inspector 2.0.1.7
"WebcamMax" = WebcamMax
"WinImage" = WinImage
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 17.07.2010 20:48:43 | Computer Name = Mein-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4555
 
Error - 17.07.2010 20:48:43 | Computer Name = Mein-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4555
 
Error - 17.07.2010 20:48:44 | Computer Name = Mein-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 17.07.2010 20:48:44 | Computer Name = Mein-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5569
 
Error - 17.07.2010 20:48:44 | Computer Name = Mein-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5569
 
Error - 17.07.2010 20:48:45 | Computer Name = Mein-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 17.07.2010 20:48:45 | Computer Name = Mein-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6567
 
Error - 17.07.2010 20:48:45 | Computer Name = Mein-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6567
 
Error - 17.07.2010 20:48:46 | Computer Name = Mein-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 17.07.2010 20:48:46 | Computer Name = Mein-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7566
 
[ Media Center Events ]
Error - 25.01.2010 11:52:13 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0
Description = 16:52:06 - ClientUpdate konnte nicht abgerufen werden (Fehler: Die
 zugrunde liegende Verbindung wurde geschlossen: Die Verbindung wurde unerwartet
 getrennt..)  
 
Error - 09.02.2010 10:33:22 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0
Description = 15:33:22 - Fehler beim Herstellen der Internetverbindung.  15:33:22 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 09.02.2010 10:33:33 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0
Description = 15:33:28 - Fehler beim Herstellen der Internetverbindung.  15:33:28 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 18.02.2010 11:12:57 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0
Description = 16:12:56 - Directory konnte nicht abgerufen werden (Fehler: Der Remotename
 konnte nicht aufgelöst werden: 'data.tvdownload.microsoft.com')  
 
Error - 25.02.2010 11:13:19 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0
Description = 16:13:19 - Fehler beim Herstellen der Internetverbindung.  16:13:19 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 25.02.2010 11:13:53 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0
Description = 16:13:48 - Fehler beim Herstellen der Internetverbindung.  16:13:48 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 25.02.2010 12:15:51 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0
Description = 17:15:45 - Fehler beim Herstellen der Internetverbindung.  17:15:45 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 25.02.2010 13:17:14 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0
Description = 18:17:13 - Fehler beim Herstellen der Internetverbindung.  18:17:13 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 19.03.2010 06:31:29 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0
Description = 11:31:29 - Fehler beim Herstellen der Internetverbindung.  11:31:29 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 28.05.2010 14:06:19 | Computer Name = Mein-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 28.05.2010 14:06:24 | Computer Name = Mein-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 28.05.2010 14:06:29 | Computer Name = Mein-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 28.05.2010 14:06:34 | Computer Name = Mein-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 28.05.2010 14:06:38 | Computer Name = Mein-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 28.05.2010 14:06:43 | Computer Name = Mein-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 28.05.2010 14:06:48 | Computer Name = Mein-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 28.05.2010 14:06:53 | Computer Name = Mein-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 28.05.2010 14:06:58 | Computer Name = Mein-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 28.05.2010 14:07:02 | Computer Name = Mein-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
 
< End of report >

--- --- ---

Andre1990 · 18.07.2010, 16:07

extras.log
OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 18.07.2010 16:36:49 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Andre\Desktop\MFTools
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 60,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,52 Gb Total Space | 31,15 Gb Free Space | 44,81% Space Free | Partition Type: NTFS
Drive D: | 66,00 Gb Total Space | 30,42 Gb Free Space | 46,09% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MEIN-PC
Current User Name: Andre
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{0B9CCE86-8E60-4CE5-AE03-26F79D4D8FA9}" = Item-mall
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1
"{30355ED7-DE49-4C8D-BE23-2161D36E8A9A}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008-Browser
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE 
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{5A67EE53-2CE7-40CD-BA31-70F0C801A189}" = TV-Guide
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{81CC4D29-D7F2-7609-2833-C7AD6D363DF4}" = ATI Catalyst Install Manager
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{8F714418-F3C3-3BF0-B548-E4BDA7AD41DE}" = Microsoft Visual Basic 2008 Express Edition with SP1 - DEU
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C91C4EF4-63E1-41EE-AE6A-5152628FDC21}" = Microsoft SQL Server 2008 Native Client
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch)
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"4StoryDE_is1" = 4Story 3.3
"5D38134BF8A10D640B30E6B014EECDBC5F881E3D" = Windows Driver Package - ENE (enecir) HIDClass  (04/29/2008 2.5.0.0)
"7D6D030B3D73FCCA3D4E45319380F315DFBE7A54" = Windows-Treiberpaket - Infineon Technologies (FlashUSB) USB  (04/16/2009 1.0.0.6)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"ERUNT_is1" = ERUNT 1.1j
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"ICQToolbar" = ICQ Toolbar
"ImgBurn" = ImgBurn
"Infineon USB driver_is1" = Infineon USB driver 1.0.0.6
"InterActual Player" = InterActual Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Basic 2008 Express Edition with SP1 - DEU" = Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSC" = McAfee Total Protection
"OpenAL" = OpenAL
"Palringo" = Palringo
"QuickPar" = QuickPar 0.9
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"VSO Inspector_is1" = VSO Inspector 2.0.1.7
"WebcamMax" = WebcamMax
"WinImage" = WinImage
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 17.07.2010 20:48:43 | Computer Name = Mein-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4555
 
Error - 17.07.2010 20:48:43 | Computer Name = Mein-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4555
 
Error - 17.07.2010 20:48:44 | Computer Name = Mein-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 17.07.2010 20:48:44 | Computer Name = Mein-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5569
 
Error - 17.07.2010 20:48:44 | Computer Name = Mein-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5569
 
Error - 17.07.2010 20:48:45 | Computer Name = Mein-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 17.07.2010 20:48:45 | Computer Name = Mein-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6567
 
Error - 17.07.2010 20:48:45 | Computer Name = Mein-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6567
 
Error - 17.07.2010 20:48:46 | Computer Name = Mein-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 17.07.2010 20:48:46 | Computer Name = Mein-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7566
 
[ Media Center Events ]
Error - 25.01.2010 11:52:13 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0
Description = 16:52:06 - ClientUpdate konnte nicht abgerufen werden (Fehler: Die
 zugrunde liegende Verbindung wurde geschlossen: Die Verbindung wurde unerwartet
 getrennt..)  
 
Error - 09.02.2010 10:33:22 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0
Description = 15:33:22 - Fehler beim Herstellen der Internetverbindung.  15:33:22 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 09.02.2010 10:33:33 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0
Description = 15:33:28 - Fehler beim Herstellen der Internetverbindung.  15:33:28 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 18.02.2010 11:12:57 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0
Description = 16:12:56 - Directory konnte nicht abgerufen werden (Fehler: Der Remotename
 konnte nicht aufgelöst werden: 'data.tvdownload.microsoft.com')  
 
Error - 25.02.2010 11:13:19 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0
Description = 16:13:19 - Fehler beim Herstellen der Internetverbindung.  16:13:19 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 25.02.2010 11:13:53 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0
Description = 16:13:48 - Fehler beim Herstellen der Internetverbindung.  16:13:48 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 25.02.2010 12:15:51 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0
Description = 17:15:45 - Fehler beim Herstellen der Internetverbindung.  17:15:45 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 25.02.2010 13:17:14 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0
Description = 18:17:13 - Fehler beim Herstellen der Internetverbindung.  18:17:13 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 19.03.2010 06:31:29 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0
Description = 11:31:29 - Fehler beim Herstellen der Internetverbindung.  11:31:29 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 28.05.2010 14:06:19 | Computer Name = Mein-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 28.05.2010 14:06:24 | Computer Name = Mein-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 28.05.2010 14:06:29 | Computer Name = Mein-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 28.05.2010 14:06:34 | Computer Name = Mein-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 28.05.2010 14:06:38 | Computer Name = Mein-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 28.05.2010 14:06:43 | Computer Name = Mein-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 28.05.2010 14:06:48 | Computer Name = Mein-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 28.05.2010 14:06:53 | Computer Name = Mein-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 28.05.2010 14:06:58 | Computer Name = Mein-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 28.05.2010 14:07:02 | Computer Name = Mein-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
 
< End of report >

--- --- ---

Andre1990 · 18.07.2010, 16:11

der GMER log ist zulang wird mir gesagt

GMER

Andre1990 · 18.07.2010, 16:13

DER GMER Log ist zu lang hier teil1

Zitat:

GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-07-18 16:27:58
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\****\AppData\Local\Temp\kgtdypog.sys

---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8382AAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8382A104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8382A3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 838132D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83812898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8382A1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8382A958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8382A6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8382AF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8382B1A8

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x88C70D88]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x88C70DB2]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x88C70D9E]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x88C70D74]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 8342B148 5 Bytes JMP 88C70D78 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 83443599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83467F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8F013000, 0x2D5378, 0xE8000020]
.text peauth.sys 9863CC9D 28 Bytes [4F, 07, 60, DE, FC, ED, 7F, ...]
.text peauth.sys 9863CCC1 28 Bytes [4F, 07, 60, DE, FC, ED, 7F, ...]
PAGE peauth.sys 98642B9B 72 Bytes [E7, 47, 98, 9D, CF, 5D, E2, ...]
PAGE peauth.sys 98642BEC 16 Bytes [D0, 74, 44, D1, 54, 26, 49, ...]
PAGE peauth.sys 98642BFF 92 Bytes JMP 2502E8C2
PAGE ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] ntdll.dll!NtCreateFile 776D4A10 5 Bytes JMP 0373000A
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] ntdll.dll!NtCreateProcess 776D4AE0 5 Bytes JMP 03730FD4
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] ntdll.dll!NtProtectVirtualMemory 776D5360 5 Bytes JMP 03730FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!GetStartupInfoA 768D1DF0 5 Bytes JMP 03720F7C
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!CreateProcessW 768D202D 5 Bytes JMP 03720F32
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!CreateProcessA 768D2062 5 Bytes JMP 03720F4D
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!CreateNamedPipeW 76901FD6 5 Bytes JMP 03720040
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!CreatePipe 76904A8B 5 Bytes JMP 037200A5
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!VirtualProtect 769150AB 5 Bytes JMP 03720FA8
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!LoadLibraryExW 7691B6BF 5 Bytes JMP 03720FB9
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!LoadLibraryExA 7691BC8B 5 Bytes JMP 03720FCA
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!CreateFileW 76920B7D 5 Bytes JMP 0372001B
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!GetProcAddress 76921857 5 Bytes JMP 03720F21
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!LoadLibraryA 76922884 5 Bytes JMP 0372005B
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!LoadLibraryW 769228D2 5 Bytes JMP 0372006C
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!CreateFileA 7692291C 5 Bytes JMP 0372000A
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!GetStartupInfoW 76927CD5 5 Bytes JMP 037200B6
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!CreateNamedPipeA 7695D5BF 5 Bytes JMP 03720FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!WinExec 7695E76D 5 Bytes JMP 037200C7
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!VirtualProtectEx 7695F729 5 Bytes JMP 03720F97
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] msvcrt.dll!_open 769E7E48 5 Bytes JMP 03740FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] msvcrt.dll!_wsystem 76A1B04F 5 Bytes JMP 03740033
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] msvcrt.dll!system 76A1B16F 5 Bytes JMP 03740018
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] msvcrt.dll!_creat 76A1ED29 5 Bytes JMP 03740FCD
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] msvcrt.dll!_wcreat 76A2038E 5 Bytes JMP 03740FA8
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] msvcrt.dll!_wopen 76A20570 5 Bytes JMP 03740FDE
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] ADVAPI32.dll!RegOpenKeyA 76BDD2ED 5 Bytes JMP 03750FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] ADVAPI32.dll!RegCreateKeyA 76BDD3C1 5 Bytes JMP 03750FA8
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] ADVAPI32.dll!RegCreateKeyExA 76BE1B71 5 Bytes JMP 03750F8D
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] ADVAPI32.dll!RegCreateKeyW 76BE1CC0 5 Bytes JMP 0375002F
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] ADVAPI32.dll!RegOpenKeyW 76BE3129 5 Bytes JMP 03750FDE
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] ADVAPI32.dll!RegCreateKeyExW 76BEB946 5 Bytes JMP 03750F7C
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] ADVAPI32.dll!RegOpenKeyExA 76BEBC0D 5 Bytes JMP 03750FC3
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] ADVAPI32.dll!RegOpenKeyExW 76BEBEC4 5 Bytes JMP 03750014
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] WS2_32.dll!socket 771C3F00 5 Bytes JMP 03760FE5
.text C:\Windows\system32\wuauclt.exe[456] ntdll.dll!NtCreateFile 776D4A10 5 Bytes JMP 00040FEF
.text C:\Windows\system32\wuauclt.exe[456] ntdll.dll!NtCreateProcess 776D4AE0 5 Bytes JMP 00040FDE
.text C:\Windows\system32\wuauclt.exe[456] ntdll.dll!NtProtectVirtualMemory 776D5360 5 Bytes JMP 0004000A
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!GetStartupInfoA 768D1DF0 5 Bytes JMP 00010040
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!CreateProcessW 768D202D 5 Bytes JMP 00010076
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!CreateProcessA 768D2062 5 Bytes JMP 00010EE1
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!CreateNamedPipeW 76901FD6 5 Bytes JMP 00010FB9
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!CreatePipe 76904A8B 5 Bytes JMP 00010F21
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!VirtualProtect 769150AB 5 Bytes JMP 00010F57
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!LoadLibraryExW 7691B6BF 5 Bytes JMP 0001002F
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!LoadLibraryExA 7691BC8B 5 Bytes JMP 00010F72
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!CreateFileW 76920B7D 5 Bytes JMP 0001000A
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!GetProcAddress 76921857 5 Bytes JMP 00010091
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!LoadLibraryA 76922884 5 Bytes JMP 00010F9E
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!LoadLibraryW 769228D2 5 Bytes JMP 00010F8D
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!CreateFileA 7692291C 5 Bytes JMP 00010FEF
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!GetStartupInfoW 76927CD5 5 Bytes JMP 00010051
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!CreateNamedPipeA 7695D5BF 5 Bytes JMP 00010FD4
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!WinExec 7695E76D 5 Bytes JMP 00010EFC
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!VirtualProtectEx 7695F729 5 Bytes JMP 00010F32
.text C:\Windows\system32\wuauclt.exe[456] msvcrt.dll!_open 769E7E48 5 Bytes JMP 00080FEF
.text C:\Windows\system32\wuauclt.exe[456] msvcrt.dll!_wsystem 76A1B04F 5 Bytes JMP 0008004E
.text C:\Windows\system32\wuauclt.exe[456] msvcrt.dll!system 76A1B16F 5 Bytes JMP 0008003D
.text C:\Windows\system32\wuauclt.exe[456] msvcrt.dll!_creat 76A1ED29 5 Bytes JMP 00080FCD
.text C:\Windows\system32\wuauclt.exe[456] msvcrt.dll!_wcreat 76A2038E 5 Bytes JMP 00080022
.text C:\Windows\system32\wuauclt.exe[456] msvcrt.dll!_wopen 76A20570 5 Bytes JMP 00080FDE
.text C:\Windows\system32\wuauclt.exe[456] ADVAPI32.dll!RegOpenKeyA 76BDD2ED 5 Bytes JMP 00090FEF
.text C:\Windows\system32\wuauclt.exe[456] ADVAPI32.dll!RegCreateKeyA 76BDD3C1 5 Bytes JMP 00090FB9
.text C:\Windows\system32\wuauclt.exe[456] ADVAPI32.dll!RegCreateKeyExA 76BE1B71 5 Bytes JMP 0009005B
.text C:\Windows\system32\wuauclt.exe[456] ADVAPI32.dll!RegCreateKeyW 76BE1CC0 5 Bytes JMP 0009004A
.text C:\Windows\system32\wuauclt.exe[456] ADVAPI32.dll!RegOpenKeyW 76BE3129 5 Bytes JMP 00090014
.text C:\Windows\system32\wuauclt.exe[456] ADVAPI32.dll!RegCreateKeyExW 76BEB946 5 Bytes JMP 00090FA8
.text C:\Windows\system32\wuauclt.exe[456] ADVAPI32.dll!RegOpenKeyExA 76BEBC0D 5 Bytes JMP 00090FD4
.text C:\Windows\system32\wuauclt.exe[456] ADVAPI32.dll!RegOpenKeyExW 76BEBEC4 5 Bytes JMP 00090025
.text C:\Windows\system32\svchost.exe[564] ntdll.dll!NtCreateFile 776D4A10 5 Bytes JMP 00180FEF
.text C:\Windows\system32\svchost.exe[564] ntdll.dll!NtCreateProcess 776D4AE0 5 Bytes JMP 0018001B
.text C:\Windows\system32\svchost.exe[564] ntdll.dll!NtProtectVirtualMemory 776D5360 5 Bytes JMP 0018000A
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!GetStartupInfoA 768D1DF0 5 Bytes JMP 00170091
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!CreateProcessW 768D202D 5 Bytes JMP 00170F17
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!CreateProcessA 768D2062 5 Bytes JMP 00170F28
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!CreateNamedPipeW 76901FD6 5 Bytes JMP 00170040
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!CreatePipe 76904A8B 5 Bytes JMP 00170F68
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!VirtualProtect 769150AB 5 Bytes JMP 00170F83
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!LoadLibraryExW 7691B6BF 5 Bytes JMP 00170F9E
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!LoadLibraryExA 7691BC8B 5 Bytes JMP 00170FAF
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!CreateFileW 76920B7D 5 Bytes JMP 00170014
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!GetProcAddress 76921857 5 Bytes JMP 001700D1
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!LoadLibraryA 76922884 5 Bytes JMP 00170FD4
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!LoadLibraryW 769228D2 5 Bytes JMP 00170051
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!CreateFileA 7692291C 5 Bytes JMP 00170FEF
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!GetStartupInfoW 76927CD5 5 Bytes JMP 001700A2
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!CreateNamedPipeA 7695D5BF 5 Bytes JMP 00170025
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!WinExec 7695E76D 5 Bytes JMP 00170F39
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!VirtualProtectEx 7695F729 5 Bytes JMP 00170076
.text C:\Windows\system32\svchost.exe[564] msvcrt.dll!_open 769E7E48 5 Bytes JMP 001D0000
.text C:\Windows\system32\svchost.exe[564] msvcrt.dll!_wsystem 76A1B04F 5 Bytes JMP 001D0FAB
.text C:\Windows\system32\svchost.exe[564] msvcrt.dll!system 76A1B16F 5 Bytes JMP 001D0036
.text C:\Windows\system32\svchost.exe[564] msvcrt.dll!_creat 76A1ED29 5 Bytes JMP 001D0FD7
.text C:\Windows\system32\svchost.exe[564] msvcrt.dll!_wcreat 76A2038E 5 Bytes JMP 001D0FC6
.text C:\Windows\system32\svchost.exe[564] msvcrt.dll!_wopen 76A20570 5 Bytes JMP 001D0011
.text C:\Windows\system32\svchost.exe[564] ADVAPI32.dll!RegOpenKeyA 76BDD2ED 5 Bytes JMP 001E000A
.text C:\Windows\system32\svchost.exe[564] ADVAPI32.dll!RegCreateKeyA 76BDD3C1 5 Bytes JMP 001E0040
.text C:\Windows\system32\svchost.exe[564] ADVAPI32.dll!RegCreateKeyExA 76BE1B71 5 Bytes JMP 001E0065
.text C:\Windows\system32\svchost.exe[564] ADVAPI32.dll!RegCreateKeyW 76BE1CC0 5 Bytes JMP 001E0FC3
.text C:\Windows\system32\svchost.exe[564] ADVAPI32.dll!RegOpenKeyW 76BE3129 5 Bytes JMP 001E0FEF
.text C:\Windows\system32\svchost.exe[564] ADVAPI32.dll!RegCreateKeyExW 76BEB946 5 Bytes JMP 001E0FA8
.text C:\Windows\system32\svchost.exe[564] ADVAPI32.dll!RegOpenKeyExA 76BEBC0D 5 Bytes JMP 001E0025
.text C:\Windows\system32\svchost.exe[564] ADVAPI32.dll!RegOpenKeyExW 76BEBEC4 5 Bytes JMP 001E0FD4
.text C:\Windows\system32\services.exe[620] ntdll.dll!NtCreateFile 776D4A10 5 Bytes JMP 00980FEF
.text C:\Windows\system32\services.exe[620] ntdll.dll!NtCreateProcess 776D4AE0 5 Bytes JMP 00980025
.text C:\Windows\system32\services.exe[620] ntdll.dll!NtProtectVirtualMemory 776D5360 5 Bytes JMP 00980014
.text C:\Windows\system32\services.exe[620] kernel32.dll!GetStartupInfoA 768D1DF0 5 Bytes JMP 00950F51
.text C:\Windows\system32\services.exe[620] kernel32.dll!CreateProcessW 768D202D 5 Bytes JMP 009500BD
.text C:\Windows\system32\services.exe[620] kernel32.dll!CreateProcessA 768D2062 5 Bytes JMP 00950F1E
.text C:\Windows\system32\services.exe[620] kernel32.dll!CreateNamedPipeW 76901FD6 5 Bytes JMP 0095002C
.text C:\Windows\system32\services.exe[620] kernel32.dll!CreatePipe 76904A8B 5 Bytes JMP 00950F6C
.text C:\Windows\system32\services.exe[620] kernel32.dll!VirtualProtect 769150AB 5 Bytes JMP 0095005F
.text C:\Windows\system32\services.exe[620] kernel32.dll!LoadLibraryExW 7691B6BF 5 Bytes JMP 00950F91
.text C:\Windows\system32\services.exe[620] kernel32.dll!LoadLibraryExA 7691BC8B 5 Bytes JMP 0095004E
.text C:\Windows\system32\services.exe[620] kernel32.dll!CreateFileW 76920B7D 5 Bytes JMP 00950011
.text C:\Windows\system32\services.exe[620] kernel32.dll!GetProcAddress 76921857 5 Bytes JMP 009500D8
.text C:\Windows\system32\services.exe[620] kernel32.dll!LoadLibraryA 76922884 5 Bytes JMP 0095003D
.text C:\Windows\system32\services.exe[620] kernel32.dll!LoadLibraryW 769228D2 5 Bytes JMP 00950FAC
.text C:\Windows\system32\services.exe[620] kernel32.dll!CreateFileA 7692291C 5 Bytes JMP 00950000
.text C:\Windows\system32\services.exe[620] kernel32.dll!GetStartupInfoW 76927CD5 5 Bytes JMP 00950F40
.text C:\Windows\system32\services.exe[620] kernel32.dll!CreateNamedPipeA 7695D5BF 5 Bytes JMP 00950FDB
.text C:\Windows\system32\services.exe[620] kernel32.dll!WinExec 7695E76D 5 Bytes JMP 00950F2F
.text C:\Windows\system32\services.exe[620] kernel32.dll!VirtualProtectEx 7695F729 5 Bytes JMP 0095007A
.text C:\Windows\system32\services.exe[620] msvcrt.dll!_open 769E7E48 5 Bytes JMP 009D0000
.text C:\Windows\system32\services.exe[620] msvcrt.dll!_wsystem 76A1B04F 5 Bytes JMP 009D0FB2
.text C:\Windows\system32\services.exe[620] msvcrt.dll!system 76A1B16F 5 Bytes JMP 009D003D
.text C:\Windows\system32\services.exe[620] msvcrt.dll!_creat 76A1ED29 5 Bytes JMP 009D0022
.text C:\Windows\system32\services.exe[620] msvcrt.dll!_wcreat 76A2038E 5 Bytes JMP 009D0FCD
.text C:\Windows\system32\services.exe[620] msvcrt.dll!_wopen 76A20570 5 Bytes JMP 009D0011
.text C:\Windows\system32\services.exe[620] ADVAPI32.dll!RegOpenKeyA 76BDD2ED 5 Bytes JMP 00A60FEF
.text C:\Windows\system32\services.exe[620] ADVAPI32.dll!RegCreateKeyA 76BDD3C1 5 Bytes JMP 00A60025
.text C:\Windows\system32\services.exe[620] ADVAPI32.dll!RegCreateKeyExA 76BE1B71 5 Bytes JMP 00A60F83
.text C:\Windows\system32\services.exe[620] ADVAPI32.dll!RegCreateKeyW 76BE1CC0 5 Bytes JMP 00A60F94
.text C:\Windows\system32\services.exe[620] ADVAPI32.dll!RegOpenKeyW 76BE3129 5 Bytes JMP 00A60FCA
.text C:\Windows\system32\services.exe[620] ADVAPI32.dll!RegCreateKeyExW 76BEB946 5 Bytes JMP 00A60F72
.text C:\Windows\system32\services.exe[620] ADVAPI32.dll!RegOpenKeyExA 76BEBC0D 5 Bytes JMP 00A60FB9
.text C:\Windows\system32\services.exe[620] ADVAPI32.dll!RegOpenKeyExW 76BEBEC4 5 Bytes JMP 00A6000A
.text C:\Windows\system32\services.exe[620] WS2_32.dll!socket 771C3F00 5 Bytes JMP 00B3000A
.text C:\Windows\system32\lsass.exe[644] ntdll.dll!NtCreateFile 776D4A10 5 Bytes JMP 00230FE5
.text C:\Windows\system32\lsass.exe[644] ntdll.dll!NtCreateProcess 776D4AE0 5 Bytes JMP 00230FD4
.text C:\Windows\system32\lsass.exe[644] ntdll.dll!NtProtectVirtualMemory 776D5360 5 Bytes JMP 00230000
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!GetStartupInfoA 768D1DF0 5 Bytes JMP 0022008E
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!CreateProcessW 768D202D 5 Bytes JMP 002200B0
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!CreateProcessA 768D2062 5 Bytes JMP 00220F25
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!CreateNamedPipeW 76901FD6 5 Bytes JMP 00220025
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!CreatePipe 76904A8B 5 Bytes JMP 00220F6F
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!VirtualProtect 769150AB 5 Bytes JMP 0022007D
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!LoadLibraryExW 7691B6BF 5 Bytes JMP 0022006C
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!LoadLibraryExA 7691BC8B 5 Bytes JMP 00220051
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!CreateFileW 76920B7D 5 Bytes JMP 00220FE5
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!GetProcAddress 76921857 5 Bytes JMP 00220F0A
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!LoadLibraryA 76922884 5 Bytes JMP 00220FB9
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!LoadLibraryW 769228D2 5 Bytes JMP 00220036
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!CreateFileA 7692291C 5 Bytes JMP 00220000
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!GetStartupInfoW 76927CD5 5 Bytes JMP 00220F4A
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!CreateNamedPipeA 7695D5BF 5 Bytes JMP 00220FD4
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!WinExec 7695E76D 5 Bytes JMP 0022009F
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!VirtualProtectEx 7695F729 5 Bytes JMP 00220F80
.text C:\Windows\system32\lsass.exe[644] msvcrt.dll!_open 769E7E48 5 Bytes JMP 00240FEF
.text C:\Windows\system32\lsass.exe[644] msvcrt.dll!_wsystem 76A1B04F 5 Bytes JMP 00240F92
.text C:\Windows\system32\lsass.exe[644] msvcrt.dll!system 76A1B16F 5 Bytes JMP 0024001D
.text C:\Windows\system32\lsass.exe[644] msvcrt.dll!_creat 76A1ED29 5 Bytes JMP 0024000C
.text C:\Windows\system32\lsass.exe[644] msvcrt.dll!_wcreat 76A2038E 5 Bytes JMP 00240FB7
.text C:\Windows\system32\lsass.exe[644] msvcrt.dll!_wopen 76A20570 5 Bytes JMP 00240FD2
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegOpenKeyA 76BDD2ED 5 Bytes JMP 00250FEF
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegCreateKeyA 76BDD3C1 5 Bytes JMP 0025002F
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegCreateKeyExA 76BE1B71 5 Bytes JMP 00250F9E
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegCreateKeyW 76BE1CC0 5 Bytes JMP 00250040
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegOpenKeyW 76BE3129 5 Bytes JMP 00250FDE
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegCreateKeyExW 76BEB946 5 Bytes JMP 00250F8D
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegOpenKeyExA 76BEBC0D 5 Bytes JMP 00250014
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegOpenKeyExW 76BEBEC4 5 Bytes JMP 00250FC3
.text C:\Windows\system32\lsass.exe[644] WS2_32.dll!socket 771C3F00 5 Bytes JMP 005E000A
.text C:\Windows\system32\svchost.exe[752] ntdll.dll!NtCreateFile 776D4A10 5 Bytes JMP 001B0FEF
.text C:\Windows\system32\svchost.exe[752] ntdll.dll!NtCreateProcess 776D4AE0 5 Bytes JMP 001B0011
.text C:\Windows\system32\svchost.exe[752] ntdll.dll!NtProtectVirtualMemory 776D5360 5 Bytes JMP 001B0000
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!GetStartupInfoA 768D1DF0 5 Bytes JMP 001A00C0
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!CreateProcessW 768D202D 5 Bytes JMP 001A0F4D
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!CreateProcessA 768D2062 5 Bytes JMP 001A00EC
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!CreateNamedPipeW 76901FD6 5 Bytes JMP 001A002F
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!CreatePipe 76904A8B 5 Bytes JMP 001A009B
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!VirtualProtect 769150AB 5 Bytes JMP 001A008A
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!LoadLibraryExW 7691B6BF 5 Bytes JMP 001A0FB2
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!LoadLibraryExA 7691BC8B 5 Bytes JMP 001A0079
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!CreateFileW 76920B7D 5 Bytes JMP 001A0FEF
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!GetProcAddress 76921857 5 Bytes JMP 001A0F32
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!LoadLibraryA 76922884 5 Bytes JMP 001A0FCD
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!LoadLibraryW 769228D2 5 Bytes JMP 001A005E
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!CreateFileA 7692291C 5 Bytes JMP 001A0000
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!GetStartupInfoW 76927CD5 5 Bytes JMP 001A00D1
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!CreateNamedPipeA 7695D5BF 5 Bytes JMP 001A0FDE
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!WinExec 7695E76D 5 Bytes JMP 001A0F72
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!VirtualProtectEx 7695F729 5 Bytes JMP 001A0F97
.text C:\Windows\system32\svchost.exe[752] msvcrt.dll!_open 769E7E48 5 Bytes JMP 00310FEF
.text C:\Windows\system32\svchost.exe[752] msvcrt.dll!_wsystem 76A1B04F 5 Bytes JMP 00310F97
.text C:\Windows\system32\svchost.exe[752] msvcrt.dll!system 76A1B16F 5 Bytes JMP 00310FA8
.text C:\Windows\system32\svchost.exe[752] msvcrt.dll!_creat 76A1ED29 5 Bytes JMP 00310FC3
.text C:\Windows\system32\svchost.exe[752] msvcrt.dll!_wcreat 76A2038E 5 Bytes JMP 00310018
.text C:\Windows\system32\svchost.exe[752] msvcrt.dll!_wopen 76A20570 5 Bytes JMP 00310FDE
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegOpenKeyA 76BDD2ED 5 Bytes JMP 00320FEF
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegCreateKeyA 76BDD3C1 5 Bytes JMP 00320043
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegCreateKeyExA 76BE1B71 5 Bytes JMP 0032006F
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegCreateKeyW 76BE1CC0 5 Bytes JMP 00320054
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegOpenKeyW 76BE3129 5 Bytes JMP 00320FDE
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegCreateKeyExW 76BEB946 5 Bytes JMP 00320080
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegOpenKeyExA 76BEBC0D 5 Bytes JMP 00320FCD
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegOpenKeyExW 76BEBEC4 5 Bytes JMP 00320028
.text C:\Windows\system32\svchost.exe[752] WS2_32.dll!socket 771C3F00 5 Bytes JMP 0039000A
.text C:\Windows\system32\svchost.exe[876] ntdll.dll!NtCreateFile 776D4A10 5 Bytes JMP 00310000
.text C:\Windows\system32\svchost.exe[876] ntdll.dll!NtCreateProcess 776D4AE0 5 Bytes JMP 0031002C
.text C:\Windows\system32\svchost.exe[876] ntdll.dll!NtProtectVirtualMemory 776D5360 5 Bytes JMP 00310011
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!GetStartupInfoA 768D1DF0 5 Bytes JMP 0030006C
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!CreateProcessW 768D202D 5 Bytes JMP 00300EE8
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!CreateProcessA 768D2062 5 Bytes JMP 00300F03
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!CreateNamedPipeW 76901FD6 5 Bytes JMP 00300000
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!CreatePipe 76904A8B 5 Bytes JMP 00300F43
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!VirtualProtect 769150AB 5 Bytes JMP 00300051
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!LoadLibraryExW 7691B6BF 5 Bytes JMP 0030002C
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!LoadLibraryExA 7691BC8B 5 Bytes JMP 00300011
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!CreateFileW 76920B7D 5 Bytes JMP 00300FCA
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!GetProcAddress 76921857 5 Bytes JMP 00300098
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!LoadLibraryA 76922884 5 Bytes JMP 00300F8A
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!LoadLibraryW 769228D2 5 Bytes JMP 00300F79
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!CreateFileA 7692291C 5 Bytes JMP 00300FE5
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!GetStartupInfoW 76927CD5 5 Bytes JMP 0030007D
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!CreateNamedPipeA 7695D5BF 5 Bytes JMP 00300FAF
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!WinExec 7695E76D 5 Bytes JMP 00300F1E
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!VirtualProtectEx 7695F729 5 Bytes JMP 00300F5E
.text C:\Windows\system32\svchost.exe[876] msvcrt.dll!_open 769E7E48 5 Bytes JMP 00320FE3
.text C:\Windows\system32\svchost.exe[876] msvcrt.dll!_wsystem 76A1B04F 5 Bytes JMP 00320049
.text C:\Windows\system32\svchost.exe[876] msvcrt.dll!system 76A1B16F 5 Bytes JMP 00320FC8
.text C:\Windows\system32\svchost.exe[876] msvcrt.dll!_creat 76A1ED29 5 Bytes JMP 0032001D
.text C:\Windows\system32\svchost.exe[876] msvcrt.dll!_wcreat 76A2038E 5 Bytes JMP 0032002E
.text C:\Windows\system32\svchost.exe[876] msvcrt.dll!_wopen 76A20570 5 Bytes JMP 0032000C
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegOpenKeyA 76BDD2ED 5 Bytes JMP 0033000A
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegCreateKeyA 76BDD3C1 5 Bytes JMP 00330047
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegCreateKeyExA 76BE1B71 5 Bytes JMP 00330FC0
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegCreateKeyW 76BE1CC0 5 Bytes JMP 00330062
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegOpenKeyW 76BE3129 5 Bytes JMP 00330FEF
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegCreateKeyExW 76BEB946 5 Bytes JMP 0033007D
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegOpenKeyExA 76BEBC0D 5 Bytes JMP 0033001B
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegOpenKeyExW 76BEBEC4 5 Bytes JMP 00330036
.text C:\Windows\system32\svchost.exe[876] WS2_32.dll!socket 771C3F00 5 Bytes JMP 00340000
.text C:\Windows\System32\svchost.exe[1000] ntdll.dll!NtCreateFile 776D4A10 5 Bytes JMP 00AE0FE5
.text C:\Windows\System32\svchost.exe[1000] ntdll.dll!NtCreateProcess 776D4AE0 5 Bytes JMP 00AE000A
.text C:\Windows\System32\svchost.exe[1000] ntdll.dll!NtProtectVirtualMemory 776D5360 5 Bytes JMP 00AE0FD4
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!GetStartupInfoA 768D1DF0 5 Bytes JMP 00A90F57
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!CreateProcessW 768D202D 5 Bytes JMP 00A90F17
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!CreateProcessA 768D2062 5 Bytes JMP 00A90F28
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!CreateNamedPipeW 76901FD6 5 Bytes JMP 00A90FAF
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!CreatePipe 76904A8B 5 Bytes JMP 00A90F72
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!VirtualProtect 769150AB 5 Bytes JMP 00A9006C
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!LoadLibraryExW 7691B6BF 5 Bytes JMP 00A9005B
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!LoadLibraryExA 7691BC8B 5 Bytes JMP 00A90040
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!CreateFileW 76920B7D 5 Bytes JMP 00A90FD4
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!GetProcAddress 76921857 5 Bytes JMP 00A90EFC
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!LoadLibraryA 76922884 5 Bytes JMP 00A90F9E
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!LoadLibraryW 769228D2 5 Bytes JMP 00A9002F
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!CreateFileA 7692291C 5 Bytes JMP 00A90FE5
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!GetStartupInfoW 76927CD5 5 Bytes JMP 00A9009B
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!CreateNamedPipeA 7695D5BF 5 Bytes JMP 00A90000
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!WinExec 7695E76D 5 Bytes JMP 00A900AC
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!VirtualProtectEx 7695F729 5 Bytes JMP 00A90F83
.text C:\Windows\System32\svchost.exe[1000] msvcrt.dll!_open 769E7E48 5 Bytes JMP 00AF000C
.text C:\Windows\System32\svchost.exe[1000] msvcrt.dll!_wsystem 76A1B04F 5 Bytes JMP 00AF0FBE
.text C:\Windows\System32\svchost.exe[1000] msvcrt.dll!system 76A1B16F 5 Bytes JMP 00AF0049
.text C:\Windows\System32\svchost.exe[1000] msvcrt.dll!_creat 76A1ED29 5 Bytes JMP 00AF0038
.text C:\Windows\System32\svchost.exe[1000] msvcrt.dll!_wcreat 76A2038E 5 Bytes JMP 00AF0FD9
.text C:\Windows\System32\svchost.exe[1000] msvcrt.dll!_wopen 76A20570 5 Bytes JMP 00AF001D
.text C:\Windows\System32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyA 76BDD2ED 5 Bytes JMP 00B00FEF
.text C:\Windows\System32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyA 76BDD3C1 5 Bytes JMP 00B00040
.text C:\Windows\System32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyExA 76BE1B71 5 Bytes JMP 00B00051
.text C:\Windows\System32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyW 76BE1CC0 5 Bytes JMP 00B00FB9
.text C:\Windows\System32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyW 76BE3129 5 Bytes JMP 00B0000A
.text C:\Windows\System32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyExW 76BEB946 5 Bytes JMP 00B00F94
.text C:\Windows\System32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyExA 76BEBC0D 5 Bytes JMP 00B00025
.text C:\Windows\System32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyExW 76BEBEC4 5 Bytes JMP 00B00FD4
.text C:\Windows\System32\svchost.exe[1000] WS2_32.dll!socket 771C3F00 5 Bytes JMP 00B10FEF
.text C:\Windows\System32\svchost.exe[1056] ntdll.dll!NtCreateFile 776D4A10 5 Bytes JMP 00A60000
.text C:\Windows\System32\svchost.exe[1056] ntdll.dll!NtCreateProcess 776D4AE0 5 Bytes JMP 00A60FDB
.text C:\Windows\System32\svchost.exe[1056] ntdll.dll!NtProtectVirtualMemory 776D5360 5 Bytes JMP 00A60011
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!GetStartupInfoA 768D1DF0 5 Bytes JMP 00910F5B
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreateProcessW 768D202D 5 Bytes JMP 00910F0D

Andre1990 · 18.07.2010, 16:14

DER GMER Log ist zu lang hier teil1

Zitat:

GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-07-18 16:27:58
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\****\AppData\Local\Temp\kgtdypog.sys

---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8382AAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8382A104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8382A3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 838132D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83812898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8382A1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8382A958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8382A6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8382AF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8382B1A8

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x88C70D88]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x88C70DB2]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x88C70D9E]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x88C70D74]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 8342B148 5 Bytes JMP 88C70D78 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 83443599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83467F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8F013000, 0x2D5378, 0xE8000020]
.text peauth.sys 9863CC9D 28 Bytes [4F, 07, 60, DE, FC, ED, 7F, ...]
.text peauth.sys 9863CCC1 28 Bytes [4F, 07, 60, DE, FC, ED, 7F, ...]
PAGE peauth.sys 98642B9B 72 Bytes [E7, 47, 98, 9D, CF, 5D, E2, ...]
PAGE peauth.sys 98642BEC 16 Bytes [D0, 74, 44, D1, 54, 26, 49, ...]
PAGE peauth.sys 98642BFF 92 Bytes JMP 2502E8C2
PAGE ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] ntdll.dll!NtCreateFile 776D4A10 5 Bytes JMP 0373000A
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] ntdll.dll!NtCreateProcess 776D4AE0 5 Bytes JMP 03730FD4
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] ntdll.dll!NtProtectVirtualMemory 776D5360 5 Bytes JMP 03730FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!GetStartupInfoA 768D1DF0 5 Bytes JMP 03720F7C
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!CreateProcessW 768D202D 5 Bytes JMP 03720F32
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!CreateProcessA 768D2062 5 Bytes JMP 03720F4D
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!CreateNamedPipeW 76901FD6 5 Bytes JMP 03720040
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!CreatePipe 76904A8B 5 Bytes JMP 037200A5
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!VirtualProtect 769150AB 5 Bytes JMP 03720FA8
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!LoadLibraryExW 7691B6BF 5 Bytes JMP 03720FB9
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!LoadLibraryExA 7691BC8B 5 Bytes JMP 03720FCA
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!CreateFileW 76920B7D 5 Bytes JMP 0372001B
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!GetProcAddress 76921857 5 Bytes JMP 03720F21
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!LoadLibraryA 76922884 5 Bytes JMP 0372005B
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!LoadLibraryW 769228D2 5 Bytes JMP 0372006C
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!CreateFileA 7692291C 5 Bytes JMP 0372000A
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!GetStartupInfoW 76927CD5 5 Bytes JMP 037200B6
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!CreateNamedPipeA 7695D5BF 5 Bytes JMP 03720FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!WinExec 7695E76D 5 Bytes JMP 037200C7
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!VirtualProtectEx 7695F729 5 Bytes JMP 03720F97
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] msvcrt.dll!_open 769E7E48 5 Bytes JMP 03740FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] msvcrt.dll!_wsystem 76A1B04F 5 Bytes JMP 03740033
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] msvcrt.dll!system 76A1B16F 5 Bytes JMP 03740018
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] msvcrt.dll!_creat 76A1ED29 5 Bytes JMP 03740FCD
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] msvcrt.dll!_wcreat 76A2038E 5 Bytes JMP 03740FA8
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] msvcrt.dll!_wopen 76A20570 5 Bytes JMP 03740FDE
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] ADVAPI32.dll!RegOpenKeyA 76BDD2ED 5 Bytes JMP 03750FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] ADVAPI32.dll!RegCreateKeyA 76BDD3C1 5 Bytes JMP 03750FA8
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] ADVAPI32.dll!RegCreateKeyExA 76BE1B71 5 Bytes JMP 03750F8D
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] ADVAPI32.dll!RegCreateKeyW 76BE1CC0 5 Bytes JMP 0375002F
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] ADVAPI32.dll!RegOpenKeyW 76BE3129 5 Bytes JMP 03750FDE
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] ADVAPI32.dll!RegCreateKeyExW 76BEB946 5 Bytes JMP 03750F7C
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] ADVAPI32.dll!RegOpenKeyExA 76BEBC0D 5 Bytes JMP 03750FC3
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] ADVAPI32.dll!RegOpenKeyExW 76BEBEC4 5 Bytes JMP 03750014
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] WS2_32.dll!socket 771C3F00 5 Bytes JMP 03760FE5
.text C:\Windows\system32\wuauclt.exe[456] ntdll.dll!NtCreateFile 776D4A10 5 Bytes JMP 00040FEF
.text C:\Windows\system32\wuauclt.exe[456] ntdll.dll!NtCreateProcess 776D4AE0 5 Bytes JMP 00040FDE
.text C:\Windows\system32\wuauclt.exe[456] ntdll.dll!NtProtectVirtualMemory 776D5360 5 Bytes JMP 0004000A
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!GetStartupInfoA 768D1DF0 5 Bytes JMP 00010040
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!CreateProcessW 768D202D 5 Bytes JMP 00010076
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!CreateProcessA 768D2062 5 Bytes JMP 00010EE1
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!CreateNamedPipeW 76901FD6 5 Bytes JMP 00010FB9
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!CreatePipe 76904A8B 5 Bytes JMP 00010F21
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!VirtualProtect 769150AB 5 Bytes JMP 00010F57
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!LoadLibraryExW 7691B6BF 5 Bytes JMP 0001002F
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!LoadLibraryExA 7691BC8B 5 Bytes JMP 00010F72
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!CreateFileW 76920B7D 5 Bytes JMP 0001000A
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!GetProcAddress 76921857 5 Bytes JMP 00010091
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!LoadLibraryA 76922884 5 Bytes JMP 00010F9E
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!LoadLibraryW 769228D2 5 Bytes JMP 00010F8D
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!CreateFileA 7692291C 5 Bytes JMP 00010FEF
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!GetStartupInfoW 76927CD5 5 Bytes JMP 00010051
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!CreateNamedPipeA 7695D5BF 5 Bytes JMP 00010FD4
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!WinExec 7695E76D 5 Bytes JMP 00010EFC
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!VirtualProtectEx 7695F729 5 Bytes JMP 00010F32
.text C:\Windows\system32\wuauclt.exe[456] msvcrt.dll!_open 769E7E48 5 Bytes JMP 00080FEF
.text C:\Windows\system32\wuauclt.exe[456] msvcrt.dll!_wsystem 76A1B04F 5 Bytes JMP 0008004E
.text C:\Windows\system32\wuauclt.exe[456] msvcrt.dll!system 76A1B16F 5 Bytes JMP 0008003D
.text C:\Windows\system32\wuauclt.exe[456] msvcrt.dll!_creat 76A1ED29 5 Bytes JMP 00080FCD
.text C:\Windows\system32\wuauclt.exe[456] msvcrt.dll!_wcreat 76A2038E 5 Bytes JMP 00080022
.text C:\Windows\system32\wuauclt.exe[456] msvcrt.dll!_wopen 76A20570 5 Bytes JMP 00080FDE
.text C:\Windows\system32\wuauclt.exe[456] ADVAPI32.dll!RegOpenKeyA 76BDD2ED 5 Bytes JMP 00090FEF
.text C:\Windows\system32\wuauclt.exe[456] ADVAPI32.dll!RegCreateKeyA 76BDD3C1 5 Bytes JMP 00090FB9
.text C:\Windows\system32\wuauclt.exe[456] ADVAPI32.dll!RegCreateKeyExA 76BE1B71 5 Bytes JMP 0009005B
.text C:\Windows\system32\wuauclt.exe[456] ADVAPI32.dll!RegCreateKeyW 76BE1CC0 5 Bytes JMP 0009004A
.text C:\Windows\system32\wuauclt.exe[456] ADVAPI32.dll!RegOpenKeyW 76BE3129 5 Bytes JMP 00090014
.text C:\Windows\system32\wuauclt.exe[456] ADVAPI32.dll!RegCreateKeyExW 76BEB946 5 Bytes JMP 00090FA8
.text C:\Windows\system32\wuauclt.exe[456] ADVAPI32.dll!RegOpenKeyExA 76BEBC0D 5 Bytes JMP 00090FD4
.text C:\Windows\system32\wuauclt.exe[456] ADVAPI32.dll!RegOpenKeyExW 76BEBEC4 5 Bytes JMP 00090025
.text C:\Windows\system32\svchost.exe[564] ntdll.dll!NtCreateFile 776D4A10 5 Bytes JMP 00180FEF
.text C:\Windows\system32\svchost.exe[564] ntdll.dll!NtCreateProcess 776D4AE0 5 Bytes JMP 0018001B
.text C:\Windows\system32\svchost.exe[564] ntdll.dll!NtProtectVirtualMemory 776D5360 5 Bytes JMP 0018000A
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!GetStartupInfoA 768D1DF0 5 Bytes JMP 00170091
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!CreateProcessW 768D202D 5 Bytes JMP 00170F17
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!CreateProcessA 768D2062 5 Bytes JMP 00170F28
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!CreateNamedPipeW 76901FD6 5 Bytes JMP 00170040
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!CreatePipe 76904A8B 5 Bytes JMP 00170F68
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!VirtualProtect 769150AB 5 Bytes JMP 00170F83
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!LoadLibraryExW 7691B6BF 5 Bytes JMP 00170F9E
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!LoadLibraryExA 7691BC8B 5 Bytes JMP 00170FAF
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!CreateFileW 76920B7D 5 Bytes JMP 00170014
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!GetProcAddress 76921857 5 Bytes JMP 001700D1
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!LoadLibraryA 76922884 5 Bytes JMP 00170FD4
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!LoadLibraryW 769228D2 5 Bytes JMP 00170051
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!CreateFileA 7692291C 5 Bytes JMP 00170FEF
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!GetStartupInfoW 76927CD5 5 Bytes JMP 001700A2
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!CreateNamedPipeA 7695D5BF 5 Bytes JMP 00170025
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!WinExec 7695E76D 5 Bytes JMP 00170F39
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!VirtualProtectEx 7695F729 5 Bytes JMP 00170076
.text C:\Windows\system32\svchost.exe[564] msvcrt.dll!_open 769E7E48 5 Bytes JMP 001D0000
.text C:\Windows\system32\svchost.exe[564] msvcrt.dll!_wsystem 76A1B04F 5 Bytes JMP 001D0FAB
.text C:\Windows\system32\svchost.exe[564] msvcrt.dll!system 76A1B16F 5 Bytes JMP 001D0036
.text C:\Windows\system32\svchost.exe[564] msvcrt.dll!_creat 76A1ED29 5 Bytes JMP 001D0FD7
.text C:\Windows\system32\svchost.exe[564] msvcrt.dll!_wcreat 76A2038E 5 Bytes JMP 001D0FC6
.text C:\Windows\system32\svchost.exe[564] msvcrt.dll!_wopen 76A20570 5 Bytes JMP 001D0011
.text C:\Windows\system32\svchost.exe[564] ADVAPI32.dll!RegOpenKeyA 76BDD2ED 5 Bytes JMP 001E000A
.text C:\Windows\system32\svchost.exe[564] ADVAPI32.dll!RegCreateKeyA 76BDD3C1 5 Bytes JMP 001E0040
.text C:\Windows\system32\svchost.exe[564] ADVAPI32.dll!RegCreateKeyExA 76BE1B71 5 Bytes JMP 001E0065
.text C:\Windows\system32\svchost.exe[564] ADVAPI32.dll!RegCreateKeyW 76BE1CC0 5 Bytes JMP 001E0FC3
.text C:\Windows\system32\svchost.exe[564] ADVAPI32.dll!RegOpenKeyW 76BE3129 5 Bytes JMP 001E0FEF
.text C:\Windows\system32\svchost.exe[564] ADVAPI32.dll!RegCreateKeyExW 76BEB946 5 Bytes JMP 001E0FA8
.text C:\Windows\system32\svchost.exe[564] ADVAPI32.dll!RegOpenKeyExA 76BEBC0D 5 Bytes JMP 001E0025
.text C:\Windows\system32\svchost.exe[564] ADVAPI32.dll!RegOpenKeyExW 76BEBEC4 5 Bytes JMP 001E0FD4
.text C:\Windows\system32\services.exe[620] ntdll.dll!NtCreateFile 776D4A10 5 Bytes JMP 00980FEF
.text C:\Windows\system32\services.exe[620] ntdll.dll!NtCreateProcess 776D4AE0 5 Bytes JMP 00980025
.text C:\Windows\system32\services.exe[620] ntdll.dll!NtProtectVirtualMemory 776D5360 5 Bytes JMP 00980014
.text C:\Windows\system32\services.exe[620] kernel32.dll!GetStartupInfoA 768D1DF0 5 Bytes JMP 00950F51
.text C:\Windows\system32\services.exe[620] kernel32.dll!CreateProcessW 768D202D 5 Bytes JMP 009500BD
.text C:\Windows\system32\services.exe[620] kernel32.dll!CreateProcessA 768D2062 5 Bytes JMP 00950F1E
.text C:\Windows\system32\services.exe[620] kernel32.dll!CreateNamedPipeW 76901FD6 5 Bytes JMP 0095002C
.text C:\Windows\system32\services.exe[620] kernel32.dll!CreatePipe 76904A8B 5 Bytes JMP 00950F6C
.text C:\Windows\system32\services.exe[620] kernel32.dll!VirtualProtect 769150AB 5 Bytes JMP 0095005F
.text C:\Windows\system32\services.exe[620] kernel32.dll!LoadLibraryExW 7691B6BF 5 Bytes JMP 00950F91
.text C:\Windows\system32\services.exe[620] kernel32.dll!LoadLibraryExA 7691BC8B 5 Bytes JMP 0095004E
.text C:\Windows\system32\services.exe[620] kernel32.dll!CreateFileW 76920B7D 5 Bytes JMP 00950011
.text C:\Windows\system32\services.exe[620] kernel32.dll!GetProcAddress 76921857 5 Bytes JMP 009500D8
.text C:\Windows\system32\services.exe[620] kernel32.dll!LoadLibraryA 76922884 5 Bytes JMP 0095003D
.text C:\Windows\system32\services.exe[620] kernel32.dll!LoadLibraryW 769228D2 5 Bytes JMP 00950FAC
.text C:\Windows\system32\services.exe[620] kernel32.dll!CreateFileA 7692291C 5 Bytes JMP 00950000
.text C:\Windows\system32\services.exe[620] kernel32.dll!GetStartupInfoW 76927CD5 5 Bytes JMP 00950F40
.text C:\Windows\system32\services.exe[620] kernel32.dll!CreateNamedPipeA 7695D5BF 5 Bytes JMP 00950FDB
.text C:\Windows\system32\services.exe[620] kernel32.dll!WinExec 7695E76D 5 Bytes JMP 00950F2F
.text C:\Windows\system32\services.exe[620] kernel32.dll!VirtualProtectEx 7695F729 5 Bytes JMP 0095007A
.text C:\Windows\system32\services.exe[620] msvcrt.dll!_open 769E7E48 5 Bytes JMP 009D0000
.text C:\Windows\system32\services.exe[620] msvcrt.dll!_wsystem 76A1B04F 5 Bytes JMP 009D0FB2
.text C:\Windows\system32\services.exe[620] msvcrt.dll!system 76A1B16F 5 Bytes JMP 009D003D
.text C:\Windows\system32\services.exe[620] msvcrt.dll!_creat 76A1ED29 5 Bytes JMP 009D0022
.text C:\Windows\system32\services.exe[620] msvcrt.dll!_wcreat 76A2038E 5 Bytes JMP 009D0FCD
.text C:\Windows\system32\services.exe[620] msvcrt.dll!_wopen 76A20570 5 Bytes JMP 009D0011
.text C:\Windows\system32\services.exe[620] ADVAPI32.dll!RegOpenKeyA 76BDD2ED 5 Bytes JMP 00A60FEF
.text C:\Windows\system32\services.exe[620] ADVAPI32.dll!RegCreateKeyA 76BDD3C1 5 Bytes JMP 00A60025
.text C:\Windows\system32\services.exe[620] ADVAPI32.dll!RegCreateKeyExA 76BE1B71 5 Bytes JMP 00A60F83
.text C:\Windows\system32\services.exe[620] ADVAPI32.dll!RegCreateKeyW 76BE1CC0 5 Bytes JMP 00A60F94
.text C:\Windows\system32\services.exe[620] ADVAPI32.dll!RegOpenKeyW 76BE3129 5 Bytes JMP 00A60FCA
.text C:\Windows\system32\services.exe[620] ADVAPI32.dll!RegCreateKeyExW 76BEB946 5 Bytes JMP 00A60F72
.text C:\Windows\system32\services.exe[620] ADVAPI32.dll!RegOpenKeyExA 76BEBC0D 5 Bytes JMP 00A60FB9
.text C:\Windows\system32\services.exe[620] ADVAPI32.dll!RegOpenKeyExW 76BEBEC4 5 Bytes JMP 00A6000A
.text C:\Windows\system32\services.exe[620] WS2_32.dll!socket 771C3F00 5 Bytes JMP 00B3000A
.text C:\Windows\system32\lsass.exe[644] ntdll.dll!NtCreateFile 776D4A10 5 Bytes JMP 00230FE5
.text C:\Windows\system32\lsass.exe[644] ntdll.dll!NtCreateProcess 776D4AE0 5 Bytes JMP 00230FD4
.text C:\Windows\system32\lsass.exe[644] ntdll.dll!NtProtectVirtualMemory 776D5360 5 Bytes JMP 00230000
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!GetStartupInfoA 768D1DF0 5 Bytes JMP 0022008E
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!CreateProcessW 768D202D 5 Bytes JMP 002200B0
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!CreateProcessA 768D2062 5 Bytes JMP 00220F25
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!CreateNamedPipeW 76901FD6 5 Bytes JMP 00220025
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!CreatePipe 76904A8B 5 Bytes JMP 00220F6F
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!VirtualProtect 769150AB 5 Bytes JMP 0022007D
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!LoadLibraryExW 7691B6BF 5 Bytes JMP 0022006C
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!LoadLibraryExA 7691BC8B 5 Bytes JMP 00220051
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!CreateFileW 76920B7D 5 Bytes JMP 00220FE5
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!GetProcAddress 76921857 5 Bytes JMP 00220F0A
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!LoadLibraryA 76922884 5 Bytes JMP 00220FB9
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!LoadLibraryW 769228D2 5 Bytes JMP 00220036
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!CreateFileA 7692291C 5 Bytes JMP 00220000
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!GetStartupInfoW 76927CD5 5 Bytes JMP 00220F4A
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!CreateNamedPipeA 7695D5BF 5 Bytes JMP 00220FD4
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!WinExec 7695E76D 5 Bytes JMP 0022009F
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!VirtualProtectEx 7695F729 5 Bytes JMP 00220F80
.text C:\Windows\system32\lsass.exe[644] msvcrt.dll!_open 769E7E48 5 Bytes JMP 00240FEF
.text C:\Windows\system32\lsass.exe[644] msvcrt.dll!_wsystem 76A1B04F 5 Bytes JMP 00240F92
.text C:\Windows\system32\lsass.exe[644] msvcrt.dll!system 76A1B16F 5 Bytes JMP 0024001D
.text C:\Windows\system32\lsass.exe[644] msvcrt.dll!_creat 76A1ED29 5 Bytes JMP 0024000C
.text C:\Windows\system32\lsass.exe[644] msvcrt.dll!_wcreat 76A2038E 5 Bytes JMP 00240FB7
.text C:\Windows\system32\lsass.exe[644] msvcrt.dll!_wopen 76A20570 5 Bytes JMP 00240FD2
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegOpenKeyA 76BDD2ED 5 Bytes JMP 00250FEF
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegCreateKeyA 76BDD3C1 5 Bytes JMP 0025002F
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegCreateKeyExA 76BE1B71 5 Bytes JMP 00250F9E
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegCreateKeyW 76BE1CC0 5 Bytes JMP 00250040
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegOpenKeyW 76BE3129 5 Bytes JMP 00250FDE
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegCreateKeyExW 76BEB946 5 Bytes JMP 00250F8D
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegOpenKeyExA 76BEBC0D 5 Bytes JMP 00250014
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegOpenKeyExW 76BEBEC4 5 Bytes JMP 00250FC3
.text C:\Windows\system32\lsass.exe[644] WS2_32.dll!socket 771C3F00 5 Bytes JMP 005E000A
.text C:\Windows\system32\svchost.exe[752] ntdll.dll!NtCreateFile 776D4A10 5 Bytes JMP 001B0FEF
.text C:\Windows\system32\svchost.exe[752] ntdll.dll!NtCreateProcess 776D4AE0 5 Bytes JMP 001B0011
.text C:\Windows\system32\svchost.exe[752] ntdll.dll!NtProtectVirtualMemory 776D5360 5 Bytes JMP 001B0000
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!GetStartupInfoA 768D1DF0 5 Bytes JMP 001A00C0
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!CreateProcessW 768D202D 5 Bytes JMP 001A0F4D
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!CreateProcessA 768D2062 5 Bytes JMP 001A00EC
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!CreateNamedPipeW 76901FD6 5 Bytes JMP 001A002F
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!CreatePipe 76904A8B 5 Bytes JMP 001A009B
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!VirtualProtect 769150AB 5 Bytes JMP 001A008A
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!LoadLibraryExW 7691B6BF 5 Bytes JMP 001A0FB2
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!LoadLibraryExA 7691BC8B 5 Bytes JMP 001A0079
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!CreateFileW 76920B7D 5 Bytes JMP 001A0FEF
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!GetProcAddress 76921857 5 Bytes JMP 001A0F32
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!LoadLibraryA 76922884 5 Bytes JMP 001A0FCD
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!LoadLibraryW 769228D2 5 Bytes JMP 001A005E
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!CreateFileA 7692291C 5 Bytes JMP 001A0000
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!GetStartupInfoW 76927CD5 5 Bytes JMP 001A00D1
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!CreateNamedPipeA 7695D5BF 5 Bytes JMP 001A0FDE
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!WinExec 7695E76D 5 Bytes JMP 001A0F72
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!VirtualProtectEx 7695F729 5 Bytes JMP 001A0F97
.text C:\Windows\system32\svchost.exe[752] msvcrt.dll!_open 769E7E48 5 Bytes JMP 00310FEF
.text C:\Windows\system32\svchost.exe[752] msvcrt.dll!_wsystem 76A1B04F 5 Bytes JMP 00310F97
.text C:\Windows\system32\svchost.exe[752] msvcrt.dll!system 76A1B16F 5 Bytes JMP 00310FA8
.text C:\Windows\system32\svchost.exe[752] msvcrt.dll!_creat 76A1ED29 5 Bytes JMP 00310FC3
.text C:\Windows\system32\svchost.exe[752] msvcrt.dll!_wcreat 76A2038E 5 Bytes JMP 00310018
.text C:\Windows\system32\svchost.exe[752] msvcrt.dll!_wopen 76A20570 5 Bytes JMP 00310FDE
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegOpenKeyA 76BDD2ED 5 Bytes JMP 00320FEF
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegCreateKeyA 76BDD3C1 5 Bytes JMP 00320043
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegCreateKeyExA 76BE1B71 5 Bytes JMP 0032006F
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegCreateKeyW 76BE1CC0 5 Bytes JMP 00320054
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegOpenKeyW 76BE3129 5 Bytes JMP 00320FDE
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegCreateKeyExW 76BEB946 5 Bytes JMP 00320080
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegOpenKeyExA 76BEBC0D 5 Bytes JMP 00320FCD
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegOpenKeyExW 76BEBEC4 5 Bytes JMP 00320028
.text C:\Windows\system32\svchost.exe[752] WS2_32.dll!socket 771C3F00 5 Bytes JMP 0039000A
.text C:\Windows\system32\svchost.exe[876] ntdll.dll!NtCreateFile 776D4A10 5 Bytes JMP 00310000
.text C:\Windows\system32\svchost.exe[876] ntdll.dll!NtCreateProcess 776D4AE0 5 Bytes JMP 0031002C
.text C:\Windows\system32\svchost.exe[876] ntdll.dll!NtProtectVirtualMemory 776D5360 5 Bytes JMP 00310011
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!GetStartupInfoA 768D1DF0 5 Bytes JMP 0030006C
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!CreateProcessW 768D202D 5 Bytes JMP 00300EE8
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!CreateProcessA 768D2062 5 Bytes JMP 00300F03
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!CreateNamedPipeW 76901FD6 5 Bytes JMP 00300000
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!CreatePipe 76904A8B 5 Bytes JMP 00300F43
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!VirtualProtect 769150AB 5 Bytes JMP 00300051
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!LoadLibraryExW 7691B6BF 5 Bytes JMP 0030002C
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!LoadLibraryExA 7691BC8B 5 Bytes JMP 00300011
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!CreateFileW 76920B7D 5 Bytes JMP 00300FCA
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!GetProcAddress 76921857 5 Bytes JMP 00300098
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!LoadLibraryA 76922884 5 Bytes JMP 00300F8A
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!LoadLibraryW 769228D2 5 Bytes JMP 00300F79
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!CreateFileA 7692291C 5 Bytes JMP 00300FE5
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!GetStartupInfoW 76927CD5 5 Bytes JMP 0030007D
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!CreateNamedPipeA 7695D5BF 5 Bytes JMP 00300FAF
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!WinExec 7695E76D 5 Bytes JMP 00300F1E
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!VirtualProtectEx 7695F729 5 Bytes JMP 00300F5E
.text C:\Windows\system32\svchost.exe[876] msvcrt.dll!_open 769E7E48 5 Bytes JMP 00320FE3
.text C:\Windows\system32\svchost.exe[876] msvcrt.dll!_wsystem 76A1B04F 5 Bytes JMP 00320049
.text C:\Windows\system32\svchost.exe[876] msvcrt.dll!system 76A1B16F 5 Bytes JMP 00320FC8
.text C:\Windows\system32\svchost.exe[876] msvcrt.dll!_creat 76A1ED29 5 Bytes JMP 0032001D
.text C:\Windows\system32\svchost.exe[876] msvcrt.dll!_wcreat 76A2038E 5 Bytes JMP 0032002E
.text C:\Windows\system32\svchost.exe[876] msvcrt.dll!_wopen 76A20570 5 Bytes JMP 0032000C
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegOpenKeyA 76BDD2ED 5 Bytes JMP 0033000A
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegCreateKeyA 76BDD3C1 5 Bytes JMP 00330047
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegCreateKeyExA 76BE1B71 5 Bytes JMP 00330FC0
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegCreateKeyW 76BE1CC0 5 Bytes JMP 00330062
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegOpenKeyW 76BE3129 5 Bytes JMP 00330FEF
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegCreateKeyExW 76BEB946 5 Bytes JMP 0033007D
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegOpenKeyExA 76BEBC0D 5 Bytes JMP 0033001B
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegOpenKeyExW 76BEBEC4 5 Bytes JMP 00330036
.text C:\Windows\system32\svchost.exe[876] WS2_32.dll!socket 771C3F00 5 Bytes JMP 00340000
.text C:\Windows\System32\svchost.exe[1000] ntdll.dll!NtCreateFile 776D4A10 5 Bytes JMP 00AE0FE5
.text C:\Windows\System32\svchost.exe[1000] ntdll.dll!NtCreateProcess 776D4AE0 5 Bytes JMP 00AE000A
.text C:\Windows\System32\svchost.exe[1000] ntdll.dll!NtProtectVirtualMemory 776D5360 5 Bytes JMP 00AE0FD4
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!GetStartupInfoA 768D1DF0 5 Bytes JMP 00A90F57
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!CreateProcessW 768D202D 5 Bytes JMP 00A90F17
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!CreateProcessA 768D2062 5 Bytes JMP 00A90F28
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!CreateNamedPipeW 76901FD6 5 Bytes JMP 00A90FAF
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!CreatePipe 76904A8B 5 Bytes JMP 00A90F72
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!VirtualProtect 769150AB 5 Bytes JMP 00A9006C
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!LoadLibraryExW 7691B6BF 5 Bytes JMP 00A9005B
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!LoadLibraryExA 7691BC8B 5 Bytes JMP 00A90040
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!CreateFileW 76920B7D 5 Bytes JMP 00A90FD4
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!GetProcAddress 76921857 5 Bytes JMP 00A90EFC
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!LoadLibraryA 76922884 5 Bytes JMP 00A90F9E
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!LoadLibraryW 769228D2 5 Bytes JMP 00A9002F
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!CreateFileA 7692291C 5 Bytes JMP 00A90FE5
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!GetStartupInfoW 76927CD5 5 Bytes JMP 00A9009B
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!CreateNamedPipeA 7695D5BF 5 Bytes JMP 00A90000
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!WinExec 7695E76D 5 Bytes JMP 00A900AC
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!VirtualProtectEx 7695F729 5 Bytes JMP 00A90F83
.text C:\Windows\System32\svchost.exe[1000] msvcrt.dll!_open 769E7E48 5 Bytes JMP 00AF000C
.text C:\Windows\System32\svchost.exe[1000] msvcrt.dll!_wsystem 76A1B04F 5 Bytes JMP 00AF0FBE
.text C:\Windows\System32\svchost.exe[1000] msvcrt.dll!system 76A1B16F 5 Bytes JMP 00AF0049
.text C:\Windows\System32\svchost.exe[1000] msvcrt.dll!_creat 76A1ED29 5 Bytes JMP 00AF0038
.text C:\Windows\System32\svchost.exe[1000] msvcrt.dll!_wcreat 76A2038E 5 Bytes JMP 00AF0FD9
.text C:\Windows\System32\svchost.exe[1000] msvcrt.dll!_wopen 76A20570 5 Bytes JMP 00AF001D
.text C:\Windows\System32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyA 76BDD2ED 5 Bytes JMP 00B00FEF
.text C:\Windows\System32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyA 76BDD3C1 5 Bytes JMP 00B00040
.text C:\Windows\System32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyExA 76BE1B71 5 Bytes JMP 00B00051
.text C:\Windows\System32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyW 76BE1CC0 5 Bytes JMP 00B00FB9
.text C:\Windows\System32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyW 76BE3129 5 Bytes JMP 00B0000A
.text C:\Windows\System32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyExW 76BEB946 5 Bytes JMP 00B00F94
.text C:\Windows\System32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyExA 76BEBC0D 5 Bytes JMP 00B00025
.text C:\Windows\System32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyExW 76BEBEC4 5 Bytes JMP 00B00FD4
.text C:\Windows\System32\svchost.exe[1000] WS2_32.dll!socket 771C3F00 5 Bytes JMP 00B10FEF
.text C:\Windows\System32\svchost.exe[1056] ntdll.dll!NtCreateFile 776D4A10 5 Bytes JMP 00A60000
.text C:\Windows\System32\svchost.exe[1056] ntdll.dll!NtCreateProcess 776D4AE0 5 Bytes JMP 00A60FDB
.text C:\Windows\System32\svchost.exe[1056] ntdll.dll!NtProtectVirtualMemory 776D5360 5 Bytes JMP 00A60011
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!GetStartupInfoA 768D1DF0 5 Bytes JMP 00910F5B
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreateProcessW 768D202D 5 Bytes JMP 00910F0D

18.07.2010, 14:12	#2
Larusso /// Selecta Jahrusso	fremde seite öffnet sich In Mozilla firefox beim Surfen. Nur im Firefox oder auch mit dem IE ? __________________ __________________

18.07.2010, 14:22	#5
Larusso /// Selecta Jahrusso	fremde seite öffnet sich In Mozilla firefox beim Surfen. Wie wärs wenn Du dich um das kümmerst was ich wissen muss ? __________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie

fremde seite öffnet sich In Mozilla firefox beim Surfen.

Plagegeister aller Art und deren Bekämpfung: fremde seite öffnet sich In Mozilla firefox beim Surfen.