| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Manche Internetseiten gehen nicht mehr sowie manche InternetprogrammeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.03.2011, 17:36
| #1 |
 |  Manche Internetseiten gehen nicht mehr sowie manche Internetprogramme Hallo miteinander, wie im Topic schon geschrieben, gehen bei mir einige Internetseiten seit gestern plötzlich nicht mehr (Firefox + IE). Betroffen speziell und mir bekannt sind hotmail.com und kwick.de! Erstere kann ich gar nicht aufrufen, bei letzterer komme ich bis zum login-screen. Nach kurzer Zeit kommt bei beiden: Fehler: Netzwerk Zeitüberschreitung. Ein betroffenes Programm bei mir ist Steam, das nicht mehr connecten kann. Habe mich nun durch zahlreiche Beiträge gelesen, und folgende Schritte getestet: - Router Reset (wobei mein 2. pc hier noch einwandfrei funktioniert) - Avast Antivi drüberlaufen lassen - keine Funde - diverse Anti-Spyware-Programme (Ad Aware, MWB, Spybot) auch ohne Erfolg - host-datei überprüft (C:\WINDOWS\system32\drivers\etc\hosts) - mit meinem 2.PC die Prozesse verglichen - auch mal das virenproggi ausgemacht - cache geleert, temp gelöscht, etc.. jedoch ist ja auch steam betroffen.... Jedoch bisher alles ohne Erfolg. Ich bitte um eure Hilfe  Vielen Dank im Voraus EDIT: HJT Log: HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:37:23, on 08.03.2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\WebCam\M1000\M1000Mnt.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\Nero\Update\NASvc.exe C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe D:\Programme\CyberLink\Power2Go\CLMLSvc.exe C:\Programme\Cyberlink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe D:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe C:\Programme\Cyberlink\Shared Files\brs.exe C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe C:\Programme\Alwil Software\Avast5\avastUI.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe D:\Programme\Lavasoft\Ad-Aware\AAWService.exe D:\Programme\Lavasoft\Ad-Aware\AAWTray.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\wuauclt.exe D:\downloads\HiJackThis204.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1700389 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt O4 - HKLM\..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe /installquiet O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [UpdateLBPShortCut] "D:\Programme\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "D:\Programme\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" O4 - HKLM\..\Run: [MDS_Menu] "D:\Programme\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "D:\Programme\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1" O4 - HKLM\..\Run: [CLMLServer] "D:\Programme\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [UpdateP2GoShortCut] "D:\Programme\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "D:\Programme\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [RemoteControl8] D:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe O4 - HKLM\..\Run: [PDVD8LanguageShortcut] D:\Programme\CyberLink\PowerDVD8\Language\Language.exe O4 - HKLM\..\Run: [BDRegion] C:\Programme\Cyberlink\Shared Files\brs.exe O4 - HKLM\..\Run: [UpdatePPShortCut] "D:\Programme\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "D:\Programme\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" O4 - HKLM\..\Run: [UCam_Menu] "D:\Programme\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "D:\Programme\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0" O4 - HKLM\..\Run: [LGODDFU] D:\Programme\lg_fwupdate\fwupdate.exe blrun O4 - HKLM\..\Run: [UpdatePSTShortCut] "D:\Programme\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "D:\Programme\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" O4 - HKLM\..\Run: [NBAgent] "D:\Programme\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [avast5] "C:\Programme\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [HTC Sync Loader] "D:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [EA Core] "D:\Programme\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [Steam] "D:\Programme\Steam\steam.exe" -silent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! Antivirus - AVAST Software - C:\Programme\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - D:\MAGIX\Common\Database\bin\fbserver.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - D:\Programme\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: @C:\Programme\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Programme\Nero\Update\NASvc.exe O23 - Service: NMIndexingService - Unknown owner - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\Cyberlink\Shared files\RichVideo.exe -- End of file - 9241 bytes Geändert von smex (08.03.2011 um 18:35 Uhr) |
|
08.03.2011, 20:25
| #2 |
| | Manche Internetseiten gehen nicht mehr sowie manche Internetprogramme Sorry habs nimmer in die Edit funktion geschafft.. hier die übrigen Logs:
__________________MWB: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5981 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 08.03.2011 17:08:17 mbam-log-2011-03-08 (17-08-17).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 377094 Laufzeit: 1 Stunde(n), 1 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 08.03.2011 19:30:34 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = D:\downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 81.00% Memory free 5.00 Gb Paging File | 5.00 Gb Available in Paging File | 93.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 14.65 Gb Total Space | 0.89 Gb Free Space | 6.04% Space Free | Partition Type: NTFS Drive D: | 451.10 Gb Total Space | 280.76 Gb Free Space | 62.24% Space Free | Partition Type: NTFS Computer Name: SMEXI | User Name: smex | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.03.08 19:22:05 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\downloads\OTL.exe PRC - [2011.03.06 14:05:01 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.02.23 16:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe PRC - [2011.02.23 16:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe PRC - [2010.09.16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe PRC - [2009.08.28 10:36:26 | 000,075,048 | ---- | M] (cyberlink) -- C:\Programme\Cyberlink\Shared files\brs.exe PRC - [2009.08.20 12:34:04 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe PRC - [2009.07.16 19:08:20 | 000,091,432 | ---- | M] (CyberLink Corp.) -- D:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe PRC - [2009.06.03 19:59:02 | 000,103,720 | ---- | M] (CyberLink) -- D:\Programme\CyberLink\Power2Go\CLMLSvc.exe PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2004.06.18 10:49:40 | 000,073,728 | ---- | M] () -- C:\WINDOWS\WebCam\M1000\M1000Mnt.exe ========== Modules (SafeList) ========== MOD - [2011.03.08 19:22:05 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\downloads\OTL.exe MOD - [2011.02.23 16:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\snxhk.dll MOD - [2010.08.23 17:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService) SRV - File not found [On_Demand | Stopped] -- -- (FirebirdServerMAGIXInstance) SRV - [2011.03.03 11:08:39 | 001,405,384 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- D:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011.02.23 16:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2010.09.16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2009.08.20 12:34:04 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2008.11.04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2005.04.03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - [2011.03.03 11:08:40 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer) DRV - [2011.02.23 15:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011.02.23 15:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011.02.23 15:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011.02.23 15:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2011.02.23 15:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011.02.23 15:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2011.02.23 15:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011.01.30 14:04:38 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2011.01.30 14:04:37 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010.12.13 16:33:03 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - [2010.12.01 20:06:29 | 000,108,104 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2010.06.22 18:01:50 | 000,021,248 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot) DRV - [2009.08.28 17:36:24 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/10/29 17:09:51] [Kernel | Auto | Running] -- D:\Programme\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) DRV - [2009.06.10 00:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32) DRV - [2009.06.02 11:02:46 | 005,085,184 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009.03.04 20:30:04 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV07.sys -- (ACEDRV07) DRV - [2008.11.13 21:33:11 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2008.10.20 17:23:22 | 000,154,368 | ---- | M] (CyberLink Corporation.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\CLBUDFR.sys -- (CLBUDFR) DRV - [2008.10.20 17:23:22 | 000,010,368 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\CLBStor.sys -- (CLBStor) DRV - [2008.08.05 13:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2008.01.03 15:10:16 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2006.09.05 19:09:26 | 000,086,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59obex.sys -- (se59obex) DRV - [2006.09.05 19:08:40 | 000,088,624 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59mgmt.sys -- (se59mgmt) Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM) DRV - [2006.09.05 19:07:52 | 000,097,088 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59mdm.sys -- (se59mdm) DRV - [2006.09.05 19:07:48 | 000,009,360 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59mdfl.sys -- (se59mdfl) DRV - [2006.09.05 19:07:00 | 000,061,536 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59bus.sys -- (se59bus) Sony Ericsson Device 089 driver (WDM) DRV - [2006.09.05 19:06:28 | 000,018,704 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59nd5.sys -- (se59nd5) Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS) DRV - [2006.09.05 19:06:22 | 000,090,800 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59unic.sys -- (se59unic) Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM) DRV - [2006.01.04 08:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2004.06.24 10:55:40 | 000,449,483 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\M1000KNT.sys -- (M1000Srv) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1700389 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: ikariam.gamestats.org@gmail.com:1.2 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.03.06 14:05:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.03.06 14:05:17 | 000,000,000 | ---D | M] [2008.11.13 21:29:53 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\smex\Anwendungsdaten\Mozilla\Extensions [2011.03.08 12:45:56 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\smex\Anwendungsdaten\Mozilla\Firefox\Profiles\4ck4htvm.default\extensions [2009.05.07 18:15:20 | 000,000,000 | ---D | M] (ikariam.GameStats.org) -- C:\Dokumente und Einstellungen\smex\Anwendungsdaten\Mozilla\Firefox\Profiles\4ck4htvm.default\extensions\ikariam.gamestats.org@gmail.com [2011.03.08 12:45:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2008.11.20 19:31:00 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2010.03.25 16:35:37 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.25 16:35:37 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.25 16:35:37 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.25 16:35:37 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.25 16:35:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.03.08 13:22:28 | 000,000,791 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [BDRegion] C:\Programme\Cyberlink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [CLMLServer] D:\Programme\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [HTC Sync Loader] D:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [LGODDFU] D:\Programme\lg_fwupdate\fwupdate.exe (BitLeader) O4 - HKLM..\Run: [M1000Mnt] File not found O4 - HKLM..\Run: [MDS_Menu] D:\Programme\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [NBAgent] D:\Programme\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe () O4 - HKLM..\Run: [PDVD8LanguageShortcut] D:\Programme\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl8] D:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateLBPShortCut] D:\Programme\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] D:\Programme\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePPShortCut] D:\Programme\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] D:\Programme\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] File not found O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [EA Core] File not found O4 - HKCU..\Run: [Steam] D:\Programme\Steam\steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.161 217.0.43.177 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\smex\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\smex\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.11.13 20:56:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{64db91ee-714c-11df-b4eb-001fd024d14e}\Shell - "" = AutoRun O33 - MountPoints2\{64db91ee-714c-11df-b4eb-001fd024d14e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{64db91ee-714c-11df-b4eb-001fd024d14e}\Shell\AutoRun\command - "" = I:\Startme.exe O33 - MountPoints2\{c01d4e54-10fd-11e0-b20f-001fd024d14e}\Shell\AutoRun\command - "" = H:\urDrive.exe O33 - MountPoints2\{c01d4e55-10fd-11e0-b20f-001fd024d14e}\Shell\AutoRun\command - "" = J:\setup.exe O33 - MountPoints2\{f3b243e2-308a-11e0-b23c-001fd024d14e}\Shell\AutoRun\command - "" = H:\Toshiba\Launcher\start.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - D:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: EA Core - hkey= - key= - File not found MsConfig - StartUpReg: GEST - hkey= - key= - File not found MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Error starting restore point: System Restore is disabled. Error closing restore point: System Restore is disabled. ========== Files/Folders - Created Within 30 Days ========== [2011.03.08 18:50:38 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\smex\Desktop\TFC.exe [2011.03.07 19:10:58 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2011.03.07 17:36:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\smex\Anwendungsdaten\Malwarebytes [2011.03.07 17:36:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.03.07 17:36:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2011.03.07 17:36:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2011.03.07 17:36:18 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.03.07 17:08:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\smex\Lokale Einstellungen\Anwendungsdaten\Sunbelt Software [2011.03.07 17:07:50 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{EBDD7DE0-D012-47DF-859B-DB1061E2D512} [2011.03.07 17:05:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Lavasoft [2011.03.07 16:56:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy [2011.03.07 16:55:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy [2011.03.07 16:54:34 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2011.03.06 19:32:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\World of Warcraft [2011.02.18 14:22:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\smex\Eigene Dateien\ANNO 1404 Venedig [2011.02.18 11:44:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InstallShield [2011.02.10 18:47:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\smex\Eigene Dateien\My Photos [2011.02.10 18:47:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\smex\Eigene Dateien\My Documents [2011.02.09 16:29:54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$ [1 C:\Programme\*.tmp files -> C:\Programme\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.03.08 18:56:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.03.08 18:55:21 | 000,000,333 | ---- | M] () -- C:\WINDOWS\lgfwup.ini [2011.03.08 18:54:47 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2011.03.08 18:54:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.03.08 18:52:00 | 000,452,576 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011.03.08 18:52:00 | 000,436,268 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.03.08 18:52:00 | 000,081,824 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011.03.08 18:52:00 | 000,069,164 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.03.08 18:50:45 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\smex\Desktop\TFC.exe [2011.03.07 19:10:58 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2011.03.07 17:36:22 | 000,000,630 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.07 17:07:42 | 000,000,731 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware.lnk [2011.03.07 16:56:01 | 000,000,773 | ---- | M] () -- C:\Dokumente und Einstellungen\smex\Desktop\Spybot - Search & Destroy.lnk [2011.03.07 16:54:34 | 000,003,002 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2011.03.05 19:40:13 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2011.03.03 11:08:40 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe [2011.02.23 16:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2011.02.23 16:04:17 | 000,190,016 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2011.02.23 15:56:55 | 000,371,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2011.02.23 15:56:45 | 000,301,528 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2011.02.23 15:55:49 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2011.02.23 15:55:47 | 000,102,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2011.02.23 15:55:44 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2011.02.23 15:55:10 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2011.02.23 15:54:57 | 000,030,680 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2011.02.23 15:54:55 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2011.02.16 16:27:04 | 000,046,592 | ---- | M] () -- C:\Dokumente und Einstellungen\smex\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.11 16:29:36 | 000,001,581 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk [2011.02.11 16:19:09 | 000,311,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.02.10 18:37:12 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [1 C:\Programme\*.tmp files -> C:\Programme\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.03.07 17:36:22 | 000,000,630 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.07 17:28:05 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2011.03.07 17:07:42 | 000,000,731 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware.lnk [2011.03.07 16:56:01 | 000,000,773 | ---- | C] () -- C:\Dokumente und Einstellungen\smex\Desktop\Spybot - Search & Destroy.lnk [2011.02.11 16:29:36 | 000,001,581 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk [2011.01.30 14:04:38 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2011.01.30 14:04:37 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2010.12.08 19:27:07 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini [2010.10.29 16:15:01 | 000,000,333 | ---- | C] () -- C:\WINDOWS\lgfwup.ini [2010.10.12 19:58:22 | 000,000,141 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI [2010.10.12 19:58:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini [2010.10.12 19:58:17 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\brlmw03a.ini [2010.10.12 19:58:16 | 000,009,030 | ---- | C] () -- C:\WINDOWS\HL-2030.INI [2010.10.12 19:58:09 | 000,000,432 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2010.10.12 19:57:00 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\bd2030.dat [2010.10.12 19:56:39 | 000,000,238 | ---- | C] () -- C:\WINDOWS\Brownie.ini [2010.10.08 19:42:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2010.09.15 17:06:49 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2010.09.15 17:06:45 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2010.09.15 17:06:45 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2010.07.02 19:49:37 | 000,000,281 | ---- | C] () -- C:\WINDOWS\EReg072.dat [2010.04.25 15:16:10 | 000,008,024 | ---- | C] () -- C:\Dokumente und Einstellungen\smex\Anwendungsdaten\.civclientrc [2010.02.26 22:25:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2009.11.28 19:43:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2009.10.31 23:42:21 | 000,001,809 | ---- | C] () -- C:\WINDOWS\eReg.dat [2009.08.11 16:17:07 | 000,449,483 | ---- | C] () -- C:\WINDOWS\System32\drivers\M1000KNT.sys [2009.08.11 16:17:07 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\M1000DIF.dll [2009.08.11 16:17:07 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M1000Twn.ini [2009.08.11 16:17:07 | 000,003,053 | ---- | C] () -- C:\WINDOWS\System32\drivers\C10H3111.bin [2009.08.11 16:17:07 | 000,003,053 | ---- | C] () -- C:\WINDOWS\System32\drivers\C10H2111.bin [2009.08.11 16:17:07 | 000,003,053 | ---- | C] () -- C:\WINDOWS\System32\drivers\C10H0121.bin [2009.08.11 16:17:07 | 000,003,053 | ---- | C] () -- C:\WINDOWS\System32\drivers\C10H0111.bin [2009.08.11 16:17:07 | 000,003,053 | ---- | C] () -- C:\WINDOWS\System32\drivers\C10F3111.bin [2009.08.11 16:17:07 | 000,003,053 | ---- | C] () -- C:\WINDOWS\System32\drivers\C10F2111.bin [2009.08.11 16:17:07 | 000,003,053 | ---- | C] () -- C:\WINDOWS\System32\drivers\C10F0121.bin [2009.08.11 16:17:07 | 000,003,053 | ---- | C] () -- C:\WINDOWS\System32\drivers\C10F0111.bin [2009.06.27 16:02:41 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat [2009.06.10 17:33:00 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin [2009.04.14 16:20:01 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2009.04.14 16:16:09 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI [2009.03.07 01:03:11 | 000,006,740 | ---- | C] () -- C:\WINDOWS\AsphaltDuell.ini [2009.03.04 20:33:29 | 000,000,151 | ---- | C] () -- C:\WINDOWS\MusicMaker.INI [2009.03.04 20:24:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll [2009.03.04 20:17:20 | 000,006,537 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2008.11.21 17:32:04 | 000,000,183 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008.11.14 15:46:12 | 000,046,592 | ---- | C] () -- C:\Dokumente und Einstellungen\smex\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.11.13 21:29:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2008.11.13 21:08:10 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2008.11.13 20:57:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2008.11.13 20:54:12 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008.11.13 20:46:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008.11.13 20:43:39 | 000,311,584 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008.08.02 05:20:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2007.11.26 21:56:28 | 000,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2004.08.04 01:12:38 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004.08.02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2001.08.23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001.08.23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2001.08.18 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2001.08.18 13:00:00 | 000,452,576 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2001.08.18 13:00:00 | 000,436,268 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2001.08.18 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2001.08.18 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2001.08.18 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2001.08.18 13:00:00 | 000,081,824 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2001.08.18 13:00:00 | 000,069,164 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2001.08.18 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2001.08.18 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2001.08.18 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2001.08.18 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat ========== LOP Check ========== [2009.04.14 16:33:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Age of Empires 3 [2010.12.28 19:07:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software [2010.11.06 14:54:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EA Core [2009.02.13 16:58:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EA Logs [2010.10.19 15:34:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts [2010.10.29 16:25:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe [2009.03.04 20:28:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX [2010.06.26 12:38:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SimCity Societies [2010.12.11 16:18:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft [2011.02.18 14:18:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Solidshield [2009.08.14 16:59:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tages [2010.10.29 16:15:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp [2011.03.07 17:08:08 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{EBDD7DE0-D012-47DF-859B-DB1061E2D512} [2010.04.25 15:24:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\smex\Anwendungsdaten\.freeciv [2010.08.06 15:58:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\smex\Anwendungsdaten\Atari [2009.04.04 23:14:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\smex\Anwendungsdaten\Command & Conquer 3 Tiberium Wars [2008.11.13 21:33:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\smex\Anwendungsdaten\DAEMON Tools [2011.02.06 13:58:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\smex\Anwendungsdaten\HTC [2011.02.06 14:01:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\smex\Anwendungsdaten\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2008.11.14 20:10:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\smex\Anwendungsdaten\ICQ [2009.03.04 20:34:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\smex\Anwendungsdaten\MAGIX [2009.09.21 17:27:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\smex\Anwendungsdaten\MobMapUpdater [2011.03.08 13:14:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\smex\Anwendungsdaten\Teleca [2009.07.07 16:22:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\smex\Anwendungsdaten\temp [2010.12.13 17:22:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\smex\Anwendungsdaten\Transcend [2010.05.28 20:18:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\smex\Anwendungsdaten\TS3Client [2011.02.18 14:18:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\smex\Anwendungsdaten\Ubisoft [2010.10.08 19:28:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\smex\Anwendungsdaten\WinAVI [2010.10.10 15:07:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\smex\Anwendungsdaten\XMedia Recode [2011.03.08 18:54:47 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.03.08 13:14:49 | 000,000,000 | -H-D | M] -- C:\Config.Msi [2010.12.17 18:49:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2008.11.13 21:05:04 | 000,000,000 | ---D | M] -- C:\Intel [2009.08.14 20:45:20 | 000,000,000 | ---D | M] -- C:\Logs [2008.11.28 14:52:14 | 000,000,000 | RH-D | M] -- C:\MSOCache [2010.10.18 17:40:38 | 000,000,000 | ---D | M] -- C:\ProgramData [2011.03.08 12:57:39 | 000,000,000 | ---D | M] -- C:\Programme [2008.11.13 21:46:11 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2010.12.12 19:54:41 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.10.29 16:16:33 | 000,000,000 | ---D | M] -- C:\Temp [2011.03.08 18:52:38 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe < MD5 for: USERINIT.EXE > [2011.03.08 18:53:14 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-07 15:38:18 < > < End of report > Extra:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 08.03.2011 19:30:34 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = D:\downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 81.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 14.65 Gb Total Space | 0.89 Gb Free Space | 6.04% Space Free | Partition Type: NTFS
Drive D: | 451.10 Gb Total Space | 280.76 Gb Free Space | 62.24% Space Free | Partition Type: NTFS
Computer Name: SMEXI | User Name: smex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"D:\Programme\CyberLink\PowerDVD8\PowerDVD8.exe" = D:\Programme\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Trillian\trillian.exe" = C:\Programme\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"D:\Programme\ICQ6\ICQ.exe" = D:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6
"C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe" = C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup
"C:\Dokumente und Einstellungen\smex\Lokale Einstellungen\Temp\Nero Web\SetupXu.exe" = C:\Dokumente und Einstellungen\smex\Lokale Einstellungen\Temp\Nero Web\SetupXu.exe:*:Enabled:Nero ProductSetup
"D:\Programme\SopCast\adv\SopAdver.exe" = D:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver
"D:\Programme\SopCast\SopCast.exe" = D:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application
"\\192.168.0.2\VOLUME (I)\jannik\CS\cstrike -console.exe" = \\192.168.0.2\VOLUME (I)\jannik\CS\cstrike -console.exe:*:Enabled:cstrike -console.exe
"D:\Spiele\CS\cstrike -console.exe" = D:\Spiele\CS\cstrike -console.exe:*:Enabled:CounterStrike Launcher
"E:\AsphaltDuell.exe" = E:\AsphaltDuell.exe:*:Enabled:AsphaltDuell.exe
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"D:\Programme\Anno 1701\Anno1701.exe" = D:\Programme\Anno 1701\Anno1701.exe:*:Disabled:Anno 1701
"D:\Spiele\pc-spiele\Emp.Earth\ee\Empire Earth.exe" = D:\Spiele\pc-spiele\Emp.Earth\ee\Empire Earth.exe:*:Disabled:Empire Earth
"D:\Programme\Microsoft Games\Age of Empires III\age3y.exe" = D:\Programme\Microsoft Games\Age of Empires III\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties -- (Microsoft Corporation)
"D:\Programme\Microsoft Games\Rise of Nations\rise.exe" = D:\Programme\Microsoft Games\Rise of Nations\rise.exe:*:Enabled:Rise of Nations -- (Big Huge Games, Inc.)
"D:\Programme\Microsoft Games\Rise of Nations\nations.exe" = D:\Programme\Microsoft Games\Rise of Nations\nations.exe:*:Enabled:Rise of Nations -- (Big Huge Games, Inc.)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"D:\Programme\KONAMI\Pro Evolution Soccer 2009\pes2009.exe" = D:\Programme\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009
"D:\Programme\DreamCatcher\Genesis Rising\bin\GenesisRising.exe" = D:\Programme\DreamCatcher\Genesis Rising\bin\GenesisRising.exe:*:Enabled:GenesisRising
"D:\downloads\AOE\AOE II Conquerors Expansion\Age of Empires II Conquerors Expansion.exe" = D:\downloads\AOE\AOE II Conquerors Expansion\Age of Empires II Conquerors Expansion.exe:*:Enabled:Age of Empires II Expansion
"D:\downloads\AOE\AOE II Conquerors Expansion\aoe2_appdata\1000000a00002i\dplaysvr.exe" = D:\downloads\AOE\AOE II Conquerors Expansion\aoe2_appdata\1000000a00002i\dplaysvr.exe:*:Enabled:dplaysvr
"D:\Programme\ICQ6.5\ICQ.exe" = D:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"D:\Programme\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe" = D:\Programme\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe:*:Enabled:Blizzard Downloader
"D:\Programme\EA GAMES\Battlefield 1942\BF1942.exe" = D:\Programme\EA GAMES\Battlefield 1942\BF1942.exe:*:Enabled:BF1942 -- ()
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"D:\Programme\Paradox Interactive\Doomsday\Hoi2.exe" = D:\Programme\Paradox Interactive\Doomsday\Hoi2.exe:*:Enabled:Hearts of Iron 2 -- (Paradox Interactive)
"D:\downloads\AOE II Conquerors Expansion\Age of Empires II Conquerors Expansion.exe" = D:\downloads\AOE II Conquerors Expansion\Age of Empires II Conquerors Expansion.exe:*:Enabled:Age of Empires II Expansion
"D:\downloads\AOE II Conquerors Expansion\aoe2_appdata\1000000a00002i\dplaysvr.exe" = D:\downloads\AOE II Conquerors Expansion\aoe2_appdata\1000000a00002i\dplaysvr.exe:*:Enabled:dplaysvr
"C:\Programme\Electronic Arts\EADM\Core.exe" = C:\Programme\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager
"D:\Programme\EA GAMES\Battlefield Vietnam\bfvietnam.exe" = D:\Programme\EA GAMES\Battlefield Vietnam\bfvietnam.exe:*:Enabled:bfvietnam
"D:\Programme\World of Warcraft\Launcher.exe" = D:\Programme\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher
"D:\Programme\Counter-Strike Source\hl2.exe" = D:\Programme\Counter-Strike Source\hl2.exe:*:Enabled:hl2 -- ()
"D:\Programme\Freeciv-2.1.10-win32\civserver.exe" = D:\Programme\Freeciv-2.1.10-win32\civserver.exe:*:Enabled:civserver
"D:\Programme\EA GAMES\Command and Conquer Generäle\game.dat" = D:\Programme\EA GAMES\Command and Conquer Generäle\game.dat:*:Enabled:game -- ()
"D:\Programme\EA GAMES\Command & Conquer Generäle Stunde Null\game.dat" = D:\Programme\EA GAMES\Command & Conquer Generäle Stunde Null\game.dat:*:Enabled:game -- ()
"D:\Programme\THQ\Zanzarah\System\zanthp.exe" = D:\Programme\THQ\Zanzarah\System\zanthp.exe:*:Enabled:Zanzarah
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"I:\Spiele\wc3tft\Warcraft III.exe" = I:\Spiele\wc3tft\Warcraft III.exe:*:Enabled:Warcraft III
"D:\Programme\EA SPORTS\FIFA 11\Game\fifa.exe" = D:\Programme\EA SPORTS\FIFA 11\Game\fifa.exe:*:Disabled:FIFA 11
"D:\Programme\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe" = D:\Programme\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2
"D:\Programme\CyberLink\PowerDVD8\PowerDVD8.exe" = D:\Programme\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)
"D:\Programme\StarCraft II\StarCraft II.exe" = D:\Programme\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher
"D:\Programme\Ascaron Entertainment\Sacred 2 - Fallen Angel\system\s2gs.exe" = D:\Programme\Ascaron Entertainment\Sacred 2 - Fallen Angel\system\s2gs.exe:*:Enabled:Sacred 2 Game Server -- (Ascaron Entertainment GmbH)
"D:\Programme\Ascaron Entertainment\Sacred 2 - Fallen Angel\system\sacred2.exe" = D:\Programme\Ascaron Entertainment\Sacred 2 - Fallen Angel\system\sacred2.exe:*:Enabled:Sacred 2 -- (Ascaron Entertainment GmbH)
"D:\Programme\Steam\Steam.exe" = D:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"D:\Programme\Paradox Interactive\Victoria 2\v2game.exe" = D:\Programme\Paradox Interactive\Victoria 2\v2game.exe:*:Enabled:v2game -- ()
"H:\Spiele\AOE II Conquerors Expansion\aoe2_appdata\1000000a00002i\dplaysvr.exe" = H:\Spiele\AOE II Conquerors Expansion\aoe2_appdata\1000000a00002i\dplaysvr.exe:*:Enabled:dplaysvr
"H:\Spiele\AOE II Conquerors Expansion\Age of Empires II Conquerors Expansion.exe" = H:\Spiele\AOE II Conquerors Expansion\Age of Empires II Conquerors Expansion.exe:*:Enabled:Age of Empires II Expansion
"D:\Programme\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe" = D:\Programme\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe:*:Disabled:Anno4Web -- ()
"D:\Programme\The Creative Assembly\Shogun - Total War Gold\ShogunM.exe" = D:\Programme\The Creative Assembly\Shogun - Total War Gold\ShogunM.exe:*:Enabled:Shog_CPP
"D:\Programme\Ubisoft\Related Designs\ANNO 1404\tools\AddonWeb.exe" = D:\Programme\Ubisoft\Related Designs\ANNO 1404\tools\AddonWeb.exe:*:Enabled:AddonWeb -- ()
"D:\Programme\Ubisoft\Related Designs\ANNO 1404\Addon.exe" = D:\Programme\Ubisoft\Related Designs\ANNO 1404\Addon.exe:*:Enabled:Anno 1404 - Addon -- (Related Designs)
"D:\Programme\Steam\SteamApps\stylo@haefft.de\counter-strike source\hl2.exe" = D:\Programme\Steam\SteamApps\stylo@haefft.de\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()
"D:\Programme\World of Warcraft 2\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe" = D:\Programme\World of Warcraft 2\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"D:\Programme\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe" = D:\Programme\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0F931735-0098-4FF6-A49D-17882A294F51}" = Microsoft VC90 CRT + OMP
"{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22D90DD2-8654-4E8A-B2F1-B6B86A2BF390}" = CyberLink UDF Reader 5.0
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 15
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5645FB61-898F-4F59-AF80-52FEF3D63A64}" = HTC Sync
"{56A648C2-D185-46A9-BBFF-78AE7A501000}" = USB2.0 Web Camera
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59C80C5E-8C92-40FF-B910-2BB5C7281F61}" = Europa Universalis III
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{69464949-AD9C-4C98-933F-C32FFC86F3C8}" = Doomsday
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{6D0042A0-9064-4C7F-B906-3EAC4427EE07}_is1" = Counter-Strike Source DZ
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87885939-F824-42bf-B790-231B1E8EF2BB}" = dj_sf_software
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9C3B7F54-C6E2-4A74-9937-9C6EBA10C4A2}" = Victoria 2
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7502939-A8CA-45FA-A211-E8E485787023}" = Brother HL-2035
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Programm für Prozessor-IDs
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.2 - Deutsch
"{ADD72094-D289-4714-A62E-70574478A2BC}" = System Requirements Lab for Intel
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BCAF3D46-3BDA-441F-97B9-3878ACD0CD4F}_is1" = Half-Life 2 (Addon) DZ
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0106CC2-E34B-4FA3-B6B6-91F0ACEA2CC3}" = Hearts of Iron III
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"7-Zip" = 7-Zip 9.20
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AnyDVD" = AnyDVD
"avast" = avast! Free Antivirus
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EADM" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition (D)
"FLV Player" = FLV Player 2.0 (build 25)
"Hearts of Iron 2 Doomsday Armageddon_is1" = HOI2 Doomsday Armageddon 1.2
"Hearts of Iron 2 Doomsday_is1" = Hearts of Iron 2 Doomsday Armageddon
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Listenserver Erweiterungssystem" = Listenserver Erweiterungssystem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Modern Day Scenario 2" = Modern Day Scenario 2 1.5
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"POD-Bot 2.5" = POD-Bot 2.5
"RiseOfNations 1.0" = Microsoft Rise Of Nations
"Semper Fi_is1" = Semper Fi 2.03
"Steam App 240" = Counter-Strike: Source
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Trillian" = Trillian
"VLC media player" = VLC media player 1.1.4
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WinUHA_is1" = WinUHA 2.0 RC1 (2005.02.27)
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"World of Warcraft" = World of Warcraft
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 21.03.2010 12:35:55 | Computer Name = SMEXI | Source = avast! | ID = 33554522
Description =
Error - 21.03.2010 12:35:55 | Computer Name = SMEXI | Source = avast! | ID = 33554522
Description =
Error - 21.03.2010 12:35:55 | Computer Name = SMEXI | Source = avast! | ID = 33554522
Description =
Error - 21.03.2010 12:35:55 | Computer Name = SMEXI | Source = avast! | ID = 33554522
Description =
Error - 21.03.2010 12:35:55 | Computer Name = SMEXI | Source = avast! | ID = 33554522
Description =
Error - 21.03.2010 12:35:55 | Computer Name = SMEXI | Source = avast! | ID = 33554522
Description =
Error - 21.03.2010 12:35:55 | Computer Name = SMEXI | Source = avast! | ID = 33554522
Description =
Error - 21.03.2010 12:35:55 | Computer Name = SMEXI | Source = avast! | ID = 33554522
Description =
Error - 11.05.2010 13:39:29 | Computer Name = SMEXI | Source = avast! | ID = 33554522
Description =
Error - 02.07.2010 15:25:00 | Computer Name = SMEXI | Source = avast! | ID = 33554522
Description =
[ Application Events ]
Error - 22.02.2011 11:36:54 | Computer Name = SMEXI | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.0-kb982168,
P2 1031, P3 1618, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
0.
Error - 22.02.2011 11:38:18 | Computer Name = SMEXI | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2418241,
P2 1031, P3 1618, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
0.
Error - 22.02.2011 11:39:16 | Computer Name = SMEXI | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb983583,
P2 1031, P3 1618, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
0.
Error - 26.02.2011 07:50:46 | Computer Name = SMEXI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 1.9.2.3989,
fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x0000100b.
Error - 26.02.2011 12:06:53 | Computer Name = SMEXI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung hoi2.exe, Version 1.0.0.1, fehlgeschlagenes
Modul hoi2.exe, Version 1.0.0.1, Fehleradresse 0x001f7b50.
Error - 26.02.2011 12:42:09 | Computer Name = SMEXI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung hoi2.exe, Version 1.0.0.1, fehlgeschlagenes
Modul hoi2.exe, Version 1.0.0.1, Fehleradresse 0x0009d251.
Error - 27.02.2011 12:50:52 | Computer Name = SMEXI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung hoi2.exe, Version 1.0.0.1, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x0003002b.
Error - 04.03.2011 15:50:42 | Computer Name = SMEXI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung hoi2.exe, Version 1.0.0.1, fehlgeschlagenes
Modul hoi2.exe, Version 1.0.0.1, Fehleradresse 0x0016e764.
Error - 07.03.2011 12:08:24 | Computer Name = SMEXI | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 07.03.2011 12:23:01 | Computer Name = SMEXI | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Ad-AwareAdmin.exe, Version 9.0.0.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ OSession Events ]
Error - 07.01.2009 15:44:25 | Computer Name = SMEXI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 247 seconds with 240 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 08.03.2011 13:51:56 | Computer Name = SMEXI | Source = Service Control Manager | ID = 7034
Description = Dienst "@C:\Programme\Nero\Update\NASvc.exe,-200" wurde unerwartet
beendet. Dies ist bereits 1 Mal passiert.
Error - 08.03.2011 13:51:56 | Computer Name = SMEXI | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Internet Pass-Through Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000
Millisekunden durchgeführt: Starten Sie den Dienst neu..
Error - 08.03.2011 13:51:56 | Computer Name = SMEXI | Source = Service Control Manager | ID = 7034
Description = Dienst "Cyberlink RichVideo Service(CRVS)" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 08.03.2011 13:51:59 | Computer Name = SMEXI | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Lavasoft Ad-Aware Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden
durchgeführt: Starten Sie den Dienst neu..
Error - 08.03.2011 13:55:30 | Computer Name = SMEXI | Source = Service Control Manager | ID = 7000
Description = Der Dienst "PSTRIP" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 08.03.2011 13:56:50 | Computer Name = SMEXI | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Lbd
Error - 08.03.2011 14:22:58 | Computer Name = SMEXI | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
Error - 08.03.2011 14:22:59 | Computer Name = SMEXI | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
beendet: %%2
Error - 08.03.2011 14:30:50 | Computer Name = SMEXI | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
Error - 08.03.2011 14:30:50 | Computer Name = SMEXI | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
beendet: %%2
< End of report >
|
|
08.03.2011, 20:26
| #3 |
| | Manche Internetseiten gehen nicht mehr sowie manche Internetprogramme Sry 4 3 posts.. beim upload fürn anhang sagt der ständig: ungültige datei.. -.-
__________________gmer: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-03-08 20:21:50
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-1f SAMSUNG_HD502IJ rev.1AA01113
Running: vjmycum3.exe; Driver: C:\DOKUME~1\smex\LOKALE~1\Temp\pxtdypog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB33779CA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB33CCA68]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB3397AF5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB3379EAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB3379F04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB337A01A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB33974A9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB3379E02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB3379F54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB3379E56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB3379FC8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB33779EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB33981BB]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB3398471]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB337A29E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB3398026]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB3397E91]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB33CCB18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB33777B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB3377A12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB337A412]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB33784AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB3379EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB3379F2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB337A044]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB3397805]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB3379E2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB337A0D6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB3379F94]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB3379E84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB337A1BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB3379FF2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB33CCBB0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB3397D0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB3378370]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB3397B5E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB33D4E26]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB3396B1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB3377A36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB3377A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB3377812]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB337794E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB33982C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB337792A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB3377972]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB3377A7E]
INT 0x62 ? 8AF88BF8
INT 0x63 ? 8AD16BF8
INT 0x63 ? 8AD16BF8
INT 0x63 ? 8AD16BF8
INT 0x82 ? 8AF88BF8
INT 0x84 ? 8AD16BF8
INT 0xA4 ? 8AD16BF8
INT 0xB4 ? 8AF88BF8
INT 0xB4 ? 8AF88BF8
INT 0xB4 ? 8AF88BF8
INT 0xB4 ? 8AF88BF8
INT 0xB4 ? 8AD16BF8
INT 0xB4 ? 8AF88BF8
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB33E18DE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64A8 4 Bytes CALL B3378E25 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC556 5 Bytes JMP B33DD29E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FDA 5 Bytes JMP B33DED38 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D117A 7 Bytes JMP B33E18E2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? spra.sys Das System kann die angegebene Datei nicht finden. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB725A3A0, 0x59FFE5, 0xE8000020]
.text USBPORT.SYS!DllUnload B723A8AC 5 Bytes JMP 8AD161D8
.text a6pd1eh1.SYS B716D386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a6pd1eh1.SYS B716D3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a6pd1eh1.SYS B716D3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text a6pd1eh1.SYS B716D3C9 1 Byte [2E]
.text a6pd1eh1.SYS B716D3C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]
.text ...
.text C:\WINDOWS\system32\drivers\ACEDRV07.sys section is writeable [0xB3024000, 0x328BA, 0xE8000020]
.pklstb C:\WINDOWS\system32\drivers\ACEDRV07.sys entry point in ".pklstb" section [0xB3068000]
.relo2 C:\WINDOWS\system32\drivers\ACEDRV07.sys unknown last section [0xB3084000, 0x8E, 0x42000040]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB27BD300, 0x3B6D8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB369B300, 0x1BEE, 0xE8000020]
.text D:\Programme\CyberLink\PowerDVD8\000.fcl section is writeable [0xB24E2000, 0x2892, 0xE8000020]
.vmp2 D:\Programme\CyberLink\PowerDVD8\000.fcl entry point in ".vmp2" section [0xB2505050]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[172] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[172] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[172] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[172] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[172] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[172] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[172] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[172] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[172] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[172] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[172] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[172] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[172] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[172] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[172] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\RTHDCPL.EXE[184] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00140030
.text C:\WINDOWS\RTHDCPL.EXE[184] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0014006C
.text C:\WINDOWS\RTHDCPL.EXE[184] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003801D4
.text C:\WINDOWS\RTHDCPL.EXE[184] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003800E4
.text C:\WINDOWS\RTHDCPL.EXE[184] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00380120
.text C:\WINDOWS\RTHDCPL.EXE[184] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 0038015C
.text C:\WINDOWS\RTHDCPL.EXE[184] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00380198
.text C:\WINDOWS\RTHDCPL.EXE[184] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 00380030
.text C:\WINDOWS\RTHDCPL.EXE[184] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 0038006C
.text C:\WINDOWS\RTHDCPL.EXE[184] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003800A8
.text C:\WINDOWS\RTHDCPL.EXE[184] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003900E4
.text C:\WINDOWS\RTHDCPL.EXE[184] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390120
.text C:\WINDOWS\RTHDCPL.EXE[184] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003900A8
.text C:\WINDOWS\RTHDCPL.EXE[184] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00390030
.text C:\WINDOWS\RTHDCPL.EXE[184] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 0039006C
.text C:\WINDOWS\RTHDCPL.EXE[184] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\WINDOWS\WebCam\M1000\M1000Mnt.exe[248] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00140030
.text C:\WINDOWS\WebCam\M1000\M1000Mnt.exe[248] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0014006C
.text C:\WINDOWS\WebCam\M1000\M1000Mnt.exe[248] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003800E4
.text C:\WINDOWS\WebCam\M1000\M1000Mnt.exe[248] USER32.dll!UnhookWindowsHookEx 7E37D5F3 3 Bytes JMP 00380120
.text C:\WINDOWS\WebCam\M1000\M1000Mnt.exe[248] USER32.dll!UnhookWindowsHookEx + 4 7E37D5F7 1 Byte [82]
.text C:\WINDOWS\WebCam\M1000\M1000Mnt.exe[248] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003800A8
.text C:\WINDOWS\WebCam\M1000\M1000Mnt.exe[248] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00380030
.text C:\WINDOWS\WebCam\M1000\M1000Mnt.exe[248] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 0038006C
.text C:\WINDOWS\WebCam\M1000\M1000Mnt.exe[248] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 003901D4
.text C:\WINDOWS\WebCam\M1000\M1000Mnt.exe[248] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\WINDOWS\WebCam\M1000\M1000Mnt.exe[248] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003900E4
.text C:\WINDOWS\WebCam\M1000\M1000Mnt.exe[248] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390120
.text C:\WINDOWS\WebCam\M1000\M1000Mnt.exe[248] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 0039015C
.text C:\WINDOWS\WebCam\M1000\M1000Mnt.exe[248] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390198
.text C:\WINDOWS\WebCam\M1000\M1000Mnt.exe[248] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 00390030
.text C:\WINDOWS\WebCam\M1000\M1000Mnt.exe[248] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 0039006C
.text C:\WINDOWS\WebCam\M1000\M1000Mnt.exe[248] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003900A8
.text C:\WINDOWS\system32\RUNDLL32.EXE[264] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\RUNDLL32.EXE[264] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\RUNDLL32.EXE[264] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\RUNDLL32.EXE[264] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\RUNDLL32.EXE[264] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\RUNDLL32.EXE[264] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\RUNDLL32.EXE[264] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\RUNDLL32.EXE[264] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C01D4
.text C:\WINDOWS\system32\RUNDLL32.EXE[264] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\RUNDLL32.EXE[264] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\RUNDLL32.EXE[264] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C015C
.text C:\WINDOWS\system32\RUNDLL32.EXE[264] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0198
.text C:\WINDOWS\system32\RUNDLL32.EXE[264] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\RUNDLL32.EXE[264] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\RUNDLL32.EXE[264] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C00A8
.text D:\Programme\CyberLink\Power2Go\CLMLSvc.exe[412] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00150030
.text D:\Programme\CyberLink\Power2Go\CLMLSvc.exe[412] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0015006C
.text D:\Programme\CyberLink\Power2Go\CLMLSvc.exe[412] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003900E4
.text D:\Programme\CyberLink\Power2Go\CLMLSvc.exe[412] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390120
.text D:\Programme\CyberLink\Power2Go\CLMLSvc.exe[412] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003900A8
.text D:\Programme\CyberLink\Power2Go\CLMLSvc.exe[412] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00390030
.text D:\Programme\CyberLink\Power2Go\CLMLSvc.exe[412] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 0039006C
.text D:\Programme\CyberLink\Power2Go\CLMLSvc.exe[412] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text D:\Programme\CyberLink\Power2Go\CLMLSvc.exe[412] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003A01D4
.text D:\Programme\CyberLink\Power2Go\CLMLSvc.exe[412] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003A00E4
.text D:\Programme\CyberLink\Power2Go\CLMLSvc.exe[412] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003A0120
.text D:\Programme\CyberLink\Power2Go\CLMLSvc.exe[412] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003A015C
.text D:\Programme\CyberLink\Power2Go\CLMLSvc.exe[412] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003A0198
.text D:\Programme\CyberLink\Power2Go\CLMLSvc.exe[412] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003A0030
.text D:\Programme\CyberLink\Power2Go\CLMLSvc.exe[412] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003A006C
.text D:\Programme\CyberLink\Power2Go\CLMLSvc.exe[412] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003A00A8
.text D:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe[524] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00150030
.text D:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe[524] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0015006C
.text D:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe[524] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 003901D4
.text D:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe[524] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text D:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe[524] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003900E4
.text D:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe[524] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390120
.text D:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe[524] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 0039015C
.text D:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe[524] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390198
.text D:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe[524] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 00390030
.text D:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe[524] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 0039006C
.text D:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe[524] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003900A8
.text D:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe[524] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003A00E4
.text D:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe[524] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003A0120
.text D:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe[524] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003A00A8
.text D:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe[524] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003A0030
.text D:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe[524] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003A006C
.text C:\Programme\Cyberlink\Shared Files\brs.exe[628] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00140030
.text C:\Programme\Cyberlink\Shared Files\brs.exe[628] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0014006C
.text C:\Programme\Cyberlink\Shared Files\brs.exe[628] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003800E4
.text C:\Programme\Cyberlink\Shared Files\brs.exe[628] USER32.dll!UnhookWindowsHookEx 7E37D5F3 3 Bytes JMP 00380120
.text C:\Programme\Cyberlink\Shared Files\brs.exe[628] USER32.dll!UnhookWindowsHookEx + 4 7E37D5F7 1 Byte [82]
.text C:\Programme\Cyberlink\Shared Files\brs.exe[628] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003800A8
.text C:\Programme\Cyberlink\Shared Files\brs.exe[628] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00380030
.text C:\Programme\Cyberlink\Shared Files\brs.exe[628] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 0038006C
.text C:\Programme\Cyberlink\Shared Files\brs.exe[628] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 003901D4
.text C:\Programme\Cyberlink\Shared Files\brs.exe[628] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\Programme\Cyberlink\Shared Files\brs.exe[628] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003900E4
.text C:\Programme\Cyberlink\Shared Files\brs.exe[628] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390120
.text C:\Programme\Cyberlink\Shared Files\brs.exe[628] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 0039015C
.text C:\Programme\Cyberlink\Shared Files\brs.exe[628] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390198
.text C:\Programme\Cyberlink\Shared Files\brs.exe[628] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 00390030
.text C:\Programme\Cyberlink\Shared Files\brs.exe[628] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 0039006C
.text C:\Programme\Cyberlink\Shared Files\brs.exe[628] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003900A8
.text C:\WINDOWS\system32\winlogon.exe[816] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00070030
.text C:\WINDOWS\system32\winlogon.exe[816] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0007006C
.text C:\WINDOWS\system32\winlogon.exe[816] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\winlogon.exe[816] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\winlogon.exe[816] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\winlogon.exe[816] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\winlogon.exe[816] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\winlogon.exe[816] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\winlogon.exe[816] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\winlogon.exe[816] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\winlogon.exe[816] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\winlogon.exe[816] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\winlogon.exe[816] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\winlogon.exe[816] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\winlogon.exe[816] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\services.exe[860] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\services.exe[860] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\services.exe[860] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\services.exe[860] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\services.exe[860] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\services.exe[860] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\services.exe[860] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\services.exe[860] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\services.exe[860] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\services.exe[860] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\services.exe[860] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\services.exe[860] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\services.exe[860] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\services.exe[860] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\services.exe[860] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\lsass.exe[872] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\lsass.exe[872] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\lsass.exe[872] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\lsass.exe[872] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\lsass.exe[872] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\lsass.exe[872] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\lsass.exe[872] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\lsass.exe[872] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\lsass.exe[872] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\lsass.exe[872] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\lsass.exe[872] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\lsass.exe[872] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\lsass.exe[872] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\lsass.exe[872] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\lsass.exe[872] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\nvsvc32.exe[1048] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00150030
.text C:\WINDOWS\system32\nvsvc32.exe[1048] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0015006C
.text C:\WINDOWS\system32\nvsvc32.exe[1048] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 003901D4
.text C:\WINDOWS\system32\nvsvc32.exe[1048] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\WINDOWS\system32\nvsvc32.exe[1048] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003900E4
.text C:\WINDOWS\system32\nvsvc32.exe[1048] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390120
.text C:\WINDOWS\system32\nvsvc32.exe[1048] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 0039015C
.text C:\WINDOWS\system32\nvsvc32.exe[1048] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390198
.text C:\WINDOWS\system32\nvsvc32.exe[1048] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 00390030
.text C:\WINDOWS\system32\nvsvc32.exe[1048] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 0039006C
.text C:\WINDOWS\system32\nvsvc32.exe[1048] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003900A8
.text C:\WINDOWS\system32\nvsvc32.exe[1048] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003A00E4
.text C:\WINDOWS\system32\nvsvc32.exe[1048] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003A0120
.text C:\WINDOWS\system32\nvsvc32.exe[1048] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003A00A8
.text C:\WINDOWS\system32\nvsvc32.exe[1048] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003A0030
.text C:\WINDOWS\system32\nvsvc32.exe[1048] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003A006C
.text C:\Programme\Java\jre6\bin\jqs.exe[1084] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00150030
.text C:\Programme\Java\jre6\bin\jqs.exe[1084] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0015006C
.text C:\Programme\Java\jre6\bin\jqs.exe[1084] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 003901D4
.text C:\Programme\Java\jre6\bin\jqs.exe[1084] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\Programme\Java\jre6\bin\jqs.exe[1084] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003900E4
.text C:\Programme\Java\jre6\bin\jqs.exe[1084] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390120
.text C:\Programme\Java\jre6\bin\jqs.exe[1084] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 0039015C
.text C:\Programme\Java\jre6\bin\jqs.exe[1084] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390198
.text C:\Programme\Java\jre6\bin\jqs.exe[1084] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 00390030
.text C:\Programme\Java\jre6\bin\jqs.exe[1084] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 0039006C
.text C:\Programme\Java\jre6\bin\jqs.exe[1084] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003900A8
.text C:\Programme\Java\jre6\bin\jqs.exe[1084] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003A00E4
.text C:\Programme\Java\jre6\bin\jqs.exe[1084] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003A0120
.text C:\Programme\Java\jre6\bin\jqs.exe[1084] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003A00A8
.text C:\Programme\Java\jre6\bin\jqs.exe[1084] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003A0030
.text C:\Programme\Java\jre6\bin\jqs.exe[1084] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003A006C
.text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1120] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[1120] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[1120] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[1120] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[1120] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1188] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[1188] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[1188] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[1188] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[1188] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\spoolsv.exe[1224] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\spoolsv.exe[1224] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\spoolsv.exe[1224] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\spoolsv.exe[1224] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\spoolsv.exe[1224] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\spoolsv.exe[1224] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\spoolsv.exe[1224] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\spoolsv.exe[1224] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\spoolsv.exe[1224] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\spoolsv.exe[1224] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\spoolsv.exe[1224] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\spoolsv.exe[1224] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\spoolsv.exe[1224] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\spoolsv.exe[1224] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\spoolsv.exe[1224] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\System32\svchost.exe[1284] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030
.text C:\WINDOWS\System32\svchost.exe[1284] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\System32\svchost.exe[1284] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\System32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\System32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\WINDOWS\System32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\WINDOWS\System32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\WINDOWS\System32\svchost.exe[1284] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\WINDOWS\System32\svchost.exe[1284] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\System32\svchost.exe[1284] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\System32\svchost.exe[1284] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\System32\svchost.exe[1284] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\System32\svchost.exe[1284] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\System32\svchost.exe[1284] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\System32\svchost.exe[1284] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1376] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[1376] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[1376] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[1376] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[1376] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1488] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[1488] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[1488] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[1488] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[1488] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\svchost.exe[1616] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1616] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1616] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[1616] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[1616] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[1616] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[1616] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\Explorer.EXE[1712] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030
.text C:\WINDOWS\Explorer.EXE[1712] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\Explorer.EXE[1712] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C01D4
.text C:\WINDOWS\Explorer.EXE[1712] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C00E4
.text C:\WINDOWS\Explorer.EXE[1712] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0120
.text C:\WINDOWS\Explorer.EXE[1712] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C015C
.text C:\WINDOWS\Explorer.EXE[1712] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0198
.text C:\WINDOWS\Explorer.EXE[1712] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C0030
.text C:\WINDOWS\Explorer.EXE[1712] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C006C
.text C:\WINDOWS\Explorer.EXE[1712] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C00A8
.text C:\WINDOWS\Explorer.EXE[1712] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002D00E4
.text C:\WINDOWS\Explorer.EXE[1712] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002D0120
.text C:\WINDOWS\Explorer.EXE[1712] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002D00A8
.text C:\WINDOWS\Explorer.EXE[1712] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002D0030
.text C:\WINDOWS\Explorer.EXE[1712] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002D006C
.text C:\Programme\Alwil Software\Avast5\AvastSvc.exe[1844] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2040] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00150030
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2040] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0015006C
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2040] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003B01D4
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2040] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003B00E4
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2040] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003B0120
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2040] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003B015C
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2040] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003B0198
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2040] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003B0030
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2040] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003B006C
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2040] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003B00A8
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2040] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003C00E4
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2040] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003C0120
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2040] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003C00A8
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2040] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003C0030
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2040] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003C006C
.text D:\downloads\vjmycum3.exe[2176] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00150030
.text D:\downloads\vjmycum3.exe[2176] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0015006C
.text D:\downloads\vjmycum3.exe[2176] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 029401D4
.text D:\downloads\vjmycum3.exe[2176] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 029400E4
.text D:\downloads\vjmycum3.exe[2176] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 02940120
.text D:\downloads\vjmycum3.exe[2176] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 0294015C
.text D:\downloads\vjmycum3.exe[2176] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 02940198
.text D:\downloads\vjmycum3.exe[2176] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 02940030
.text D:\downloads\vjmycum3.exe[2176] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 0294006C
.text D:\downloads\vjmycum3.exe[2176] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 029400A8
.text D:\downloads\vjmycum3.exe[2176] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 013100E4
.text D:\downloads\vjmycum3.exe[2176] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 01310120
.text D:\downloads\vjmycum3.exe[2176] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 013100A8
.text D:\downloads\vjmycum3.exe[2176] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 01310030
.text D:\downloads\vjmycum3.exe[2176] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 0131006C
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2236] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00150030
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2236] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0015006C
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2236] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003C00E4
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2236] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003C0120
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2236] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003C00A8
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2236] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003C0030
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2236] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003C006C
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2236] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003D01D4
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2236] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003D00E4
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2236] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003D0120
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2236] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003D015C
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2236] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003D0198
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2236] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003D0030
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2236] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003D006C
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2236] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003D00A8
.text C:\Programme\Nero\Update\NASvc.exe[2408] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00150030
.text C:\Programme\Nero\Update\NASvc.exe[2408] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0015006C
.text C:\Programme\Nero\Update\NASvc.exe[2408] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003900E4
.text C:\Programme\Nero\Update\NASvc.exe[2408] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390120
.text C:\Programme\Nero\Update\NASvc.exe[2408] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003900A8
.text C:\Programme\Nero\Update\NASvc.exe[2408] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00390030
.text C:\Programme\Nero\Update\NASvc.exe[2408] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 0039006C
.text C:\Programme\Nero\Update\NASvc.exe[2408] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\Programme\Nero\Update\NASvc.exe[2408] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003A01D4
.text C:\Programme\Nero\Update\NASvc.exe[2408] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003A00E4
.text C:\Programme\Nero\Update\NASvc.exe[2408] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003A0120
.text C:\Programme\Nero\Update\NASvc.exe[2408] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003A015C
.text C:\Programme\Nero\Update\NASvc.exe[2408] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003A0198
.text C:\Programme\Nero\Update\NASvc.exe[2408] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003A0030
.text C:\Programme\Nero\Update\NASvc.exe[2408] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003A006C
.text C:\Programme\Nero\Update\NASvc.exe[2408] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003A00A8
.text C:\WINDOWS\system32\ctfmon.exe[2448] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000A0030
.text C:\WINDOWS\system32\ctfmon.exe[2448] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000A006C
.text C:\WINDOWS\system32\ctfmon.exe[2448] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C01D4
.text C:\WINDOWS\system32\ctfmon.exe[2448] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\ctfmon.exe[2448] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\ctfmon.exe[2448] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C015C
.text C:\WINDOWS\system32\ctfmon.exe[2448] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0198
.text C:\WINDOWS\system32\ctfmon.exe[2448] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\ctfmon.exe[2448] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\ctfmon.exe[2448] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\ctfmon.exe[2448] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002D00E4
.text C:\WINDOWS\system32\ctfmon.exe[2448] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002D0120
.text C:\WINDOWS\system32\ctfmon.exe[2448] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002D00A8
.text C:\WINDOWS\system32\ctfmon.exe[2448] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002D0030
.text C:\WINDOWS\system32\ctfmon.exe[2448] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002D006C
.text C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe[2668] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00150030
.text C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe[2668] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0015006C
.text C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe[2668] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 003901D4
.text C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe[2668] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe[2668] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003900E4
.text C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe[2668] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390120
.text C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe[2668] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 0039015C
.text C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe[2668] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390198
.text C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe[2668] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 00390030
.text C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe[2668] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 0039006C
.text C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe[2668] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003900A8
.text C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe[2668] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003A00E4
.text C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe[2668] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003A0120
.text C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe[2668] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003A00A8
.text C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe[2668] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003A0030
.text C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe[2668] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003A006C
.text C:\WINDOWS\System32\alg.exe[2688] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030
.text C:\WINDOWS\System32\alg.exe[2688] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\System32\alg.exe[2688] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002B00E4
.text C:\WINDOWS\System32\alg.exe[2688] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002B0120
.text C:\WINDOWS\System32\alg.exe[2688] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002B00A8
.text C:\WINDOWS\System32\alg.exe[2688] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002B0030
.text C:\WINDOWS\System32\alg.exe[2688] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002B006C
.text C:\WINDOWS\System32\alg.exe[2688] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C01D4
.text C:\WINDOWS\System32\alg.exe[2688] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C00E4
.text C:\WINDOWS\System32\alg.exe[2688] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0120
.text C:\WINDOWS\System32\alg.exe[2688] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C015C
.text C:\WINDOWS\System32\alg.exe[2688] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0198
.text C:\WINDOWS\System32\alg.exe[2688] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C0030
.text C:\WINDOWS\System32\alg.exe[2688] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C006C
.text C:\WINDOWS\System32\alg.exe[2688] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C00A8
.text C:\Programme\Cyberlink\Shared files\RichVideo.exe[2740] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00150030
.text C:\Programme\Cyberlink\Shared files\RichVideo.exe[2740] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0015006C
.text C:\Programme\Cyberlink\Shared files\RichVideo.exe[2740] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003900E4
.text C:\Programme\Cyberlink\Shared files\RichVideo.exe[2740] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390120
.text C:\Programme\Cyberlink\Shared files\RichVideo.exe[2740] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003900A8
.text C:\Programme\Cyberlink\Shared files\RichVideo.exe[2740] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00390030
.text C:\Programme\Cyberlink\Shared files\RichVideo.exe[2740] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 0039006C
.text C:\Programme\Cyberlink\Shared files\RichVideo.exe[2740] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\Programme\Cyberlink\Shared files\RichVideo.exe[2740] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003A01D4
.text C:\Programme\Cyberlink\Shared files\RichVideo.exe[2740] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003A00E4
.text C:\Programme\Cyberlink\Shared files\RichVideo.exe[2740] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003A0120
.text C:\Programme\Cyberlink\Shared files\RichVideo.exe[2740] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003A015C
.text C:\Programme\Cyberlink\Shared files\RichVideo.exe[2740] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003A0198
.text C:\Programme\Cyberlink\Shared files\RichVideo.exe[2740] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003A0030
.text C:\Programme\Cyberlink\Shared files\RichVideo.exe[2740] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003A006C
.text C:\Programme\Cyberlink\Shared files\RichVideo.exe[2740] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003A00A8
.text C:\Programme\Mozilla Firefox\firefox.exe[2760] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00150030
.text C:\Programme\Mozilla Firefox\firefox.exe[2760] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0015006C
.text C:\Programme\Mozilla Firefox\firefox.exe[2760] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 006B01D4
.text C:\Programme\Mozilla Firefox\firefox.exe[2760] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 006B00E4
.text C:\Programme\Mozilla Firefox\firefox.exe[2760] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 006B0120
.text C:\Programme\Mozilla Firefox\firefox.exe[2760] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 006B015C
.text C:\Programme\Mozilla Firefox\firefox.exe[2760] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 006B0198
.text C:\Programme\Mozilla Firefox\firefox.exe[2760] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 006B0030
.text C:\Programme\Mozilla Firefox\firefox.exe[2760] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 006B006C
.text C:\Programme\Mozilla Firefox\firefox.exe[2760] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 006B00A8
.text C:\Programme\Mozilla Firefox\firefox.exe[2760] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 006C00E4
.text C:\Programme\Mozilla Firefox\firefox.exe[2760] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 006C0120
.text C:\Programme\Mozilla Firefox\firefox.exe[2760] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 006C00A8
.text C:\Programme\Mozilla Firefox\firefox.exe[2760] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 006C0030
.text C:\Programme\Mozilla Firefox\firefox.exe[2760] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 006C006C
.text C:\WINDOWS\system32\svchost.exe[2780] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[2780] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[2780] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[2780] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[2780] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[2780] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[2780] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[2780] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[2780] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[2780] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[2780] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[2780] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[2780] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[2780] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[2780] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\wdfmgr.exe[2864] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00080030
.text C:\WINDOWS\system32\wdfmgr.exe[2864] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0008006C
.text C:\WINDOWS\system32\wdfmgr.exe[2864] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C01D4
.text C:\WINDOWS\system32\wdfmgr.exe[2864] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\wdfmgr.exe[2864] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\wdfmgr.exe[2864] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C015C
.text C:\WINDOWS\system32\wdfmgr.exe[2864] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0198
.text C:\WINDOWS\system32\wdfmgr.exe[2864] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\wdfmgr.exe[2864] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\wdfmgr.exe[2864] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\wdfmgr.exe[2864] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002D00E4
.text C:\WINDOWS\system32\wdfmgr.exe[2864] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002D0120
.text C:\WINDOWS\system32\wdfmgr.exe[2864] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002D00A8
.text C:\WINDOWS\system32\wdfmgr.exe[2864] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002D0030
.text C:\WINDOWS\system32\wdfmgr.exe[2864] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002D006C
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 8AF871F8
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Fastfat \FatCdrom 8A0D6500
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\usbuhci \Device\USBPDO-0 8AD151F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{3A0EE99B-A0BE-4145-BF7A-F96235F18B7D} 8AB8D1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8AF141F8
Device \Driver\dmio \Device\DmControl\DmConfig 8AF141F8
Device \Driver\dmio \Device\DmControl\DmPnP 8AF141F8
Device \Driver\dmio \Device\DmControl\DmInfo 8AF141F8
Device \Driver\usbuhci \Device\USBPDO-1 8AD151F8
Device \Driver\usbuhci \Device\USBPDO-2 8AD151F8
Device \Driver\usbehci \Device\USBPDO-3 8ACF33E8
Device \Driver\usbuhci \Device\USBPDO-4 8AD151F8
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\usbuhci \Device\USBPDO-5 8AD151F8
Device \Driver\usbuhci \Device\USBPDO-6 8AD151F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8AF891F8
Device \Driver\usbehci \Device\USBPDO-7 8ACF33E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8AF891F8
Device \Driver\Cdrom \Device\CdRom0 8AC8B1F8
Device \Driver\atapi \Device\Ide\IdePort0 [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-1f [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort4 [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort5 [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-12 [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-7 [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 8AC8B1F8
Device \Driver\Cdrom \Device\CdRom2 8AC8B1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8AB8D1F8
Device \Driver\NetBT \Device\NetbiosSmb 8AB8D1F8
Device \Driver\PCI_PNP0640 \Device\0000004f spra.sys
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\usbuhci \Device\USBFDO-0 8AD151F8
Device \Driver\usbuhci \Device\USBFDO-1 8AD151F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8ACA81F8
Device \Driver\usbuhci \Device\USBFDO-2 8AD151F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8ACA81F8
Device \Driver\usbehci \Device\USBFDO-3 8ACF33E8
Device \Driver\Ftdisk \Device\FtControl 8AF891F8
Device \Driver\sptd \Device\3413464390 spra.sys
Device \Driver\usbuhci \Device\USBFDO-4 8AD151F8
Device \Driver\usbuhci \Device\USBFDO-5 8AD151F8
Device \Driver\usbuhci \Device\USBFDO-6 8AD151F8
Device \Driver\usbehci \Device\USBFDO-7 8ACF33E8
Device \Driver\a6pd1eh1 \Device\Scsi\a6pd1eh11 8AC6A1F8
Device \Driver\a6pd1eh1 \Device\Scsi\a6pd1eh11Port6Path0Target0Lun0 8AC6A1F8
Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Fastfat \Fat 8A0D6500
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
Device \FileSystem\Cdfs \Cdfs 8A0E81F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9D 0xE5 0xC2 0x42 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9F 0x6B 0xA9 0x6B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x32 0xC4 0x9E 0x8A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xDA 0x87 0xA9 0xAA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9D 0xE5 0xC2 0x42 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9F 0x6B 0xA9 0x6B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCD 0xDC 0xDE 0x46 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9D 0xE5 0xC2 0x42 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9F 0x6B 0xA9 0x6B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x32 0xC4 0x9E 0x8A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xDA 0x87 0xA9 0xAA ...
---- EOF - GMER 1.0.15 ----
|
|
11.03.2011, 09:46
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Manche Internetseiten gehen nicht mehr sowie manche Internetprogramme Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
11.03.2011, 16:21
| #5 |
| | Manche Internetseiten gehen nicht mehr sowie manche Internetprogramme sehen (leider) alle gleich aus.. hier der erste den ich gemacht habe: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5981 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 07.03.2011 22:06:35 mbam-log-2011-03-07 (22-06-35).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 274400 Laufzeit: 3 Stunde(n), 18 Minute(n), 49 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Geändert von smex (11.03.2011 um 16:33 Uhr) |
|
11.03.2011, 16:26
| #6 |
| | Manche Internetseiten gehen nicht mehr sowie manche Internetprogramme Doppelpost sry Geändert von smex (11.03.2011 um 16:29 Uhr) Grund: Doppelpost |
|
11.03.2011, 17:11
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Manche Internetseiten gehen nicht mehr sowie manche Internetprogramme Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O33 - MountPoints2\{64db91ee-714c-11df-b4eb-001fd024d14e}\Shell - "" = AutoRun
O33 - MountPoints2\{64db91ee-714c-11df-b4eb-001fd024d14e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{64db91ee-714c-11df-b4eb-001fd024d14e}\Shell\AutoRun\command - "" = I:\Startme.exe
O33 - MountPoints2\{c01d4e54-10fd-11e0-b20f-001fd024d14e}\Shell\AutoRun\command - "" = H:\urDrive.exe
O33 - MountPoints2\{c01d4e55-10fd-11e0-b20f-001fd024d14e}\Shell\AutoRun\command - "" = J:\setup.exe
O33 - MountPoints2\{f3b243e2-308a-11e0-b23c-001fd024d14e}\Shell\AutoRun\command - "" = H:\Toshiba\Launcher\start.exe
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.03.2011, 17:22
| #8 |
| | Manche Internetseiten gehen nicht mehr sowie manche Internetprogramme Hier: bisjetzt besteht der Fehler weiterhin All processes killed ========== OTL ========== Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64db91ee-714c-11df-b4eb-001fd024d14e}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64db91ee-714c-11df-b4eb-001fd024d14e}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64db91ee-714c-11df-b4eb-001fd024d14e}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64db91ee-714c-11df-b4eb-001fd024d14e}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64db91ee-714c-11df-b4eb-001fd024d14e}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64db91ee-714c-11df-b4eb-001fd024d14e}\ not found. File I:\Startme.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c01d4e54-10fd-11e0-b20f-001fd024d14e}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c01d4e54-10fd-11e0-b20f-001fd024d14e}\ not found. File H:\urDrive.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c01d4e55-10fd-11e0-b20f-001fd024d14e}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c01d4e55-10fd-11e0-b20f-001fd024d14e}\ not found. File J:\setup.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3b243e2-308a-11e0-b23c-001fd024d14e}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3b243e2-308a-11e0-b23c-001fd024d14e}\ not found. File H:\Toshiba\Launcher\start.exe not found. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: smex ->Temp folder emptied: 387829 bytes ->Temporary Internet Files folder emptied: 49554 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 25138015 bytes ->Flash cache emptied: 619 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 310643 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 25.00 mb OTL by OldTimer - Version 3.2.22.3 log created on 03112011_171516 Files\Folders moved on Reboot... File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot... |
|
11.03.2011, 17:56
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Manche Internetseiten gehen nicht mehr sowie manche Internetprogramme Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
Linear-Darstellung
