|
Log-Analyse und Auswertung: Microsoft Security Essentials meldete W32.ramnit.aWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
26.03.2011, 10:38 | #1 |
| Microsoft Security Essentials meldete W32.ramnit.a Hallo, hab hier ein Rechner von einem bekannten der ursprünglich den oben genannten Virus drauf gehabt hat. Hab dann als erstes Live-CD von Avira und Kaspersky laufen lassen. Es wurden auch einige Sachen gefunden und entfernt. Logfiles hiervon habe ich leider nicht. Nach einem Neustart habe ich als erstes ein neues AV-Prog.(avast! Free Antivirus) installiert und Microsoft Security Essentials entfernt. Nach kurzer Zeit wurde wieder etwas gefunden und das Prog. empfahl eine Startzeit-Überprüfung die ich auch ausgeführt habe. Ergebniss: Frage: Kann ich den Rechner jetzt beruhigt zurückgeben? Vielen Dank Gruß OTL.txt Code:
ATTFilter OTL logfile created on: 21.03.2011 10:27:22 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 510,00 Mb Total Physical Memory | 153,00 Mb Available Physical Memory | 30,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): c:\pagefile.sys 768 768 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 78,13 Gb Total Space | 57,88 Gb Free Space | 74,08% Space Free | Partition Type: NTFS Drive E: | 67,31 Gb Total Space | 42,86 Gb Free Space | 63,67% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.03.21 10:21:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe PRC - [2011.03.20 05:49:53 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.02.23 16:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2011.02.23 16:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2010.10.22 23:57:40 | 000,210,240 | ---- | M] () -- C:\Programme\Motorola\MotoHelper\MotoHelperService.exe PRC - [2010.10.22 23:57:26 | 000,660,800 | ---- | M] () -- C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe PRC - [2008.09.05 02:01:00 | 000,364,544 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.02.02 16:26:44 | 000,283,136 | ---- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\FRITZWLANMini.exe ========== Modules (SafeList) ========== MOD - [2011.03.21 10:21:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe MOD - [2011.02.23 16:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\snxhk.dll MOD - [2011.02.23 16:04:11 | 000,122,512 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\ashShell.dll MOD - [2010.08.23 17:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2011.02.23 16:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2010.10.22 23:57:40 | 000,210,240 | ---- | M] () [Auto | Running] -- C:\Programme\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper) SRV - [2008.09.05 02:01:00 | 000,364,544 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) SRV - [2004.10.22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - [2011.02.23 15:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011.02.23 15:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011.02.23 15:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011.02.23 15:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2011.02.23 15:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011.02.23 15:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2011.02.23 15:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2009.05.11 09:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys -- (ssmdrv) DRV - [2008.09.05 02:01:00 | 000,265,088 | R--- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\fwlanusb.sys -- (FWLANUSB) DRV - [2008.04.13 19:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx) DRV - [2007.08.13 19:10:37 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbsermpt.sys -- (usbsermpt) DRV - [2007.06.15 02:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P17.sys -- (P17) DRV - [2007.03.25 10:57:17 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ACEDRV07.sys -- (ACEDRV07) DRV - [2006.08.22 16:03:32 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM) DRV - [2006.02.26 15:10:12 | 000,097,792 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ACEDRV05.sys -- (ACEDRV05) DRV - [2005.01.10 10:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv) DRV - [2005.01.10 10:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k) DRV - [2004.08.25 14:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag) DRV - [2004.08.17 13:00:27 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nwlnknb.sys -- (NwlnkNb) DRV - [2004.08.17 13:00:27 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nwlnkspx.sys -- (NwlnkSpx) DRV - [2004.06.15 23:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53) DRV - [2004.03.05 23:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52) DRV - [2004.03.05 23:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51) DRV - [2004.03.05 23:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt) DRV - [2002.11.08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.euro.dell.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908 FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Programme\AVAST Software\Avast\WebRep\FF [2011.03.20 15:53:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.03.20 05:50:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.03.20 23:45:27 | 000,000,000 | ---D | M] [2009.06.25 19:14:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions [2011.03.20 20:50:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\toti3rnq.default\extensions [2010.12.23 18:13:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\toti3rnq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.12.23 18:13:57 | 000,000,000 | ---D | M] (Flashblock) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\toti3rnq.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2011.03.20 20:50:47 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\toti3rnq.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011.01.30 14:57:03 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\toti3rnq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.12.23 18:13:35 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\toti3rnq.default\extensions\de-DE@dictionaries.addons.mozilla.org [2011.03.20 20:50:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.03.20 05:49:58 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.20 05:49:58 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.20 05:49:58 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.20 05:49:58 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.20 05:49:58 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.03.20 22:55:23 | 000,432,337 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.knuddels.de O1 - Hosts: 127.0.0.1 www.dugg.de O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 14882 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll () O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll () O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini.exe (AVM Berlin) O4 - HKLM..\RunOnceEx: [] File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Anleitung.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SYSTEM32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\haufereader {39198710-62F7-42CD-9458-069843FA5D32} - C:\Programme\Haufe\HaufeReader\HRInstmon.dll (Haufe Mediengruppe) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:AutorunsDisabled () - O24 - Desktop WallPaper: C:\WINDOWS\Jasc Paint Shop Photo Album Wallpaper.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Jasc Paint Shop Photo Album Wallpaper.bmp O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2004.08.18 14:18:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010.11.07 19:07:33 | 000,000,100 | ---- | M] () - E:\AUTORUN.INF -- [ NTFS ] O33 - MountPoints2\{00f734e6-d77b-11de-8d78-001f3f066a91}\Shell - "" = AutoRun O33 - MountPoints2\{00f734e6-d77b-11de-8d78-001f3f066a91}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{00f734e6-d77b-11de-8d78-001f3f066a91}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe R206PC16.vbs O33 - MountPoints2\{34d1e274-5bfc-11de-8cd9-0011119e48d2}\Shell - "" = AutoRun O33 - MountPoints2\{34d1e274-5bfc-11de-8cd9-0011119e48d2}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{34d1e274-5bfc-11de-8cd9-0011119e48d2}\Shell\AutoRun\command - "" = F:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: WmdmPmSp - File not found MsConfig - Services: "IDriverT" MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Kodak EasyShare Software.lnk - C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe - (Eastman Kodak Company) MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^KODAK Software Updater.lnk - C:\Programme\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe - () MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation) MsConfig - StartUpReg: ATIPTA - hkey= - key= - C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.) MsConfig - StartUpReg: CTSysVol - hkey= - key= - C:\Programme\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) MsConfig - StartUpReg: cxlacuxatx.exe - hkey= - key= - File not found MsConfig - StartUpReg: Dell AIO Printer A920 - hkey= - key= - C:\Programme\Dell AIO Printer A920\dlbkbmgr.exe (Dell Computer Corporation) MsConfig - StartUpReg: dla - hkey= - key= - File not found MsConfig - StartUpReg: DVDLauncher - hkey= - key= - C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.) MsConfig - StartUpReg: IntelMeM - hkey= - key= - C:\Programme\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation) MsConfig - StartUpReg: LexwareInfoService - hkey= - key= - C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG) MsConfig - StartUpReg: P17Helper - hkey= - key= - File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\qttask.exe (Apple Computer, Inc.) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: UpdateManager - hkey= - key= - C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe (Sonic Solutions) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Error starting restore point: System Restore is disabled. Error closing restore point: System Restore is disabled. ========== Files/Folders - Created Within 30 Days ========== [2011.03.21 10:26:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2011.03.21 10:26:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ERUNT [2011.03.21 10:26:01 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2011.03.21 10:21:02 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Dokumente und Einstellungen\***\Desktop\Erunt-setup.exe [2011.03.21 10:21:02 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2011.03.21 10:21:02 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\TFC.exe [2011.03.20 23:44:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.03.20 23:40:42 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent [2011.03.20 23:39:23 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2011.03.20 22:46:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy [2011.03.20 22:13:47 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\***\PrivacIE [2011.03.20 21:53:54 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\***\IETldCache [2011.03.20 21:12:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2011.03.20 21:09:37 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2011.03.20 16:56:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2011.03.20 16:15:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$ [2011.03.20 15:54:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus [2011.03.20 15:54:14 | 000,301,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2011.03.20 15:54:14 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2011.03.20 15:54:09 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2011.03.20 15:54:09 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2011.03.20 15:54:08 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2011.03.20 15:54:07 | 000,102,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2011.03.20 15:54:07 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2011.03.20 15:54:06 | 000,030,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2011.03.20 15:53:40 | 000,040,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2011.03.20 15:53:37 | 000,190,016 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2011.03.20 15:53:02 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software [2011.03.20 15:53:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software [2011.03.20 15:12:37 | 000,000,000 | ---D | C] -- C:\Programme\MSXML 6.0 [2011.03.20 08:20:46 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2011.03.20 05:19:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2011.03.20 05:03:38 | 000,000,000 | -HSD | C] -- C:\found.000 [2011.03.19 15:12:47 | 000,000,000 | ---D | C] -- C:\Programme\esolmmro [2011.03.19 15:01:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$ [2011.03.19 14:48:50 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll [2011.03.19 14:48:50 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll [2011.03.19 14:47:16 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys [2011.03.19 12:00:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\dell [2011.03.19 09:36:33 | 000,000,000 | ---D | C] -- C:\d8update [2011.03.19 07:33:13 | 000,000,000 | ---D | C] -- C:\INFECTED [2011.03.14 13:26:11 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2011.03.14 11:42:39 | 000,000,000 | ---D | C] -- C:\Programme\tmp [2011.03.14 11:42:31 | 000,000,000 | ---D | C] -- C:\Programme\temp [2002.04.11 01:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll [1980.01.01 01:00:00 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll ========== Files - Modified Within 30 Days ========== [2011.03.21 10:26:02 | 000,000,591 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\NTREGOPT.lnk [2011.03.21 10:26:02 | 000,000,572 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\ERUNT.lnk [2011.03.21 10:22:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT [2011.03.21 10:22:40 | 534,925,312 | -HS- | M] () -- C:\hiberfil.sys [2011.03.21 10:21:12 | 000,301,568 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\g2m3e4r.exe [2011.03.21 10:21:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2011.03.21 10:21:10 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\TFC.exe [2011.03.21 10:21:05 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Dokumente und Einstellungen\***\Desktop\Erunt-setup.exe [2011.03.21 10:19:52 | 000,742,874 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Load.exe [2011.03.20 22:55:23 | 000,432,337 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts [2011.03.20 22:25:44 | 000,462,170 | ---- | M] () -- C:\WINDOWS\System32\PERFH007.DAT [2011.03.20 22:25:44 | 000,443,900 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT [2011.03.20 22:25:44 | 000,072,572 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT [2011.03.20 22:25:43 | 000,086,086 | ---- | M] () -- C:\WINDOWS\System32\PERFC007.DAT [2011.03.20 22:25:26 | 000,000,588 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2011.03.20 22:25:26 | 000,000,588 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm [2011.03.20 22:22:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL [2011.03.20 20:56:35 | 000,235,960 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.03.20 20:12:47 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2011.03.20 19:26:41 | 000,001,912 | ---- | M] () -- C:\WINDOWS\epplauncher.mif [2011.03.20 15:54:08 | 000,003,001 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2011.03.20 14:59:43 | 054,043,296 | ---- | M] () -- C:\Dokumente und Einstellungen\*** \Eigene Dateien\setup_av_free_ger6.exe [2011.03.20 05:10:33 | 000,047,332 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\wklnhst.dat [2011.03.20 05:08:41 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2011.03.19 14:52:02 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf [2011.03.19 14:46:15 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2011.03.19 14:46:15 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2011.03.19 14:46:03 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI [2011.03.19 14:43:52 | 000,023,604 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat [2011.03.19 14:42:48 | 000,000,525 | ---- | M] () -- C:\WINDOWS\System32\MAPISVC.INF [2011.03.19 11:13:24 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1 [2011.03.19 07:21:03 | 000,021,652 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\xxx.reg [2011.03.18 17:34:54 | 000,004,524 | ---- | M] () -- C:\safecd.tgz [2011.03.18 16:48:57 | 000,005,548 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Pellets.htm [2011.03.18 15:36:50 | 000,272,570 | ---- | M] () -- C:\WINDOWS\setupapi.old [2011.03.14 14:42:44 | 000,365,461 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Anleitung.exe [2011.03.14 13:50:55 | 000,021,728 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\xxx.reg~ [2011.03.14 13:40:56 | 000,009,216 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.03.14 12:18:07 | 000,000,412 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\spider.sav [2011.03.13 12:36:01 | 000,009,241 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Anleitung.html [2011.02.23 16:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2011.02.23 16:04:17 | 000,190,016 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2011.02.23 15:56:55 | 000,371,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2011.02.23 15:56:45 | 000,301,528 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2011.02.23 15:55:49 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2011.02.23 15:55:47 | 000,102,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2011.02.23 15:55:44 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2011.02.23 15:55:10 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2011.02.23 15:54:57 | 000,030,680 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2011.02.23 15:54:55 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys ========== Files Created - No Company Name ========== [2011.03.21 10:26:02 | 000,000,591 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\NTREGOPT.lnk [2011.03.21 10:26:02 | 000,000,572 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\ERUNT.lnk [2011.03.21 10:21:03 | 000,301,568 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\g2m3e4r.exe [2011.03.21 10:19:47 | 000,742,874 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Load.exe [2011.03.20 23:45:27 | 000,001,804 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader X.lnk [2011.03.20 21:54:00 | 000,000,783 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Internet Explorer.lnk [2011.03.20 20:41:35 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sbe.dll [2011.03.20 20:41:35 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\encdec.dll [2011.03.20 15:11:55 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta [2011.03.20 15:11:55 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css [2011.03.20 15:11:55 | 000,001,730 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf [2011.03.20 15:11:54 | 000,660,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm [2011.03.20 15:11:54 | 000,076,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm [2011.03.20 15:11:54 | 000,026,141 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm [2011.03.20 15:11:54 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js [2011.03.20 15:11:53 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav [2011.03.20 15:11:53 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav [2011.03.20 15:11:53 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav [2011.03.20 15:11:53 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav [2011.03.20 15:11:53 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav [2011.03.20 15:11:53 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav [2011.03.20 15:11:53 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav [2011.03.20 15:11:53 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav [2011.03.20 15:11:53 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav [2011.03.20 15:11:53 | 000,058,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf [2011.03.20 15:11:46 | 000,013,540 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf [2011.03.20 15:11:45 | 000,034,554 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf [2011.03.20 15:11:44 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif [2011.03.20 15:11:44 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif [2011.03.20 15:11:44 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif [2011.03.20 15:11:44 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif [2011.03.20 15:11:44 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif [2011.03.20 15:11:44 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif [2011.03.20 15:11:44 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif [2011.03.20 15:11:43 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif [2011.03.20 15:11:43 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif [2011.03.20 15:11:29 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv [2011.03.20 15:11:29 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif [2011.03.20 15:11:29 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif [2011.03.20 15:11:11 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif [2011.03.20 15:11:11 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js [2011.03.20 15:11:11 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif [2011.03.20 15:11:11 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif [2011.03.20 15:11:11 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif [2011.03.20 15:11:11 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif [2011.03.20 15:11:08 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif [2011.03.20 15:11:08 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif [2011.03.20 15:11:08 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif [2011.03.20 15:11:08 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif [2011.03.20 15:10:53 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm [2011.03.20 15:10:49 | 000,001,810 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf [2011.03.20 15:10:33 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv [2011.03.20 15:10:30 | 000,066,132 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz [2011.03.20 15:10:13 | 000,084,531 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm [2011.03.20 15:10:13 | 000,001,476 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl [2011.03.20 15:10:13 | 000,001,471 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl [2011.03.20 15:10:13 | 000,001,471 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl [2011.03.20 15:10:13 | 000,001,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl [2011.03.20 15:10:13 | 000,001,467 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl [2011.03.20 15:10:13 | 000,001,261 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl [2011.03.20 15:10:13 | 000,001,055 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl [2011.03.20 15:10:13 | 000,001,047 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl [2011.03.20 15:10:13 | 000,001,038 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl [2011.03.20 15:10:13 | 000,000,807 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl [2011.03.20 15:10:13 | 000,000,800 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl [2011.03.20 15:10:13 | 000,000,782 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl [2011.03.20 15:10:13 | 000,000,779 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl [2011.03.20 15:10:13 | 000,000,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl [2011.03.20 15:10:13 | 000,000,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl [2011.03.20 15:09:45 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv [2011.03.20 15:09:40 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip [2011.03.20 15:09:39 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip [2011.03.20 15:08:48 | 000,036,610 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf [2011.03.20 15:08:48 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif [2011.03.20 15:08:48 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif [2011.03.20 15:08:34 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv [2011.03.20 15:07:21 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js [2011.03.20 15:06:51 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv [2011.03.20 15:06:51 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css [2011.03.20 15:06:51 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm [2011.03.20 15:06:51 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js [2011.03.20 15:06:48 | 000,184,109 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz [2011.03.20 15:06:47 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif [2011.03.20 15:06:47 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif [2011.03.20 15:06:47 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif [2011.03.20 15:06:46 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif [2011.03.20 15:06:46 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif [2011.03.20 15:06:37 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif [2011.03.20 14:59:32 | 054,043,296 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\setup_av_free_ger6.exe [2011.03.19 14:59:23 | 000,000,772 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Windows Media Player.lnk [2011.03.19 14:48:40 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll [2011.03.19 14:48:11 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex [2011.03.19 14:48:01 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe [2011.03.19 14:48:00 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe [2011.03.19 14:47:57 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex [2011.03.19 14:47:48 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll [2011.03.19 14:47:41 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex [2011.03.19 14:47:20 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll [2011.03.19 14:44:52 | 000,000,758 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Windows Movie Maker.lnk [2011.03.19 11:10:59 | 001,014,663 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT [2011.03.19 11:10:59 | 000,817,199 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT [2011.03.19 11:10:59 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT [2011.03.19 11:10:59 | 000,041,270 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT [2011.03.19 11:10:59 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT [2011.03.19 11:10:59 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT [2011.03.19 11:10:59 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT [2011.03.19 11:10:59 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat [2011.03.19 07:21:02 | 000,021,652 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\xxx.reg [2011.03.18 17:34:54 | 000,004,524 | ---- | C] () -- C:\safecd.tgz [2011.03.14 13:57:59 | 534,925,312 | -HS- | C] () -- C:\hiberfil.sys [2011.03.14 13:50:55 | 000,021,728 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\xxx.reg~ [2011.03.13 12:41:20 | 000,009,241 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Anleitung.html [2011.03.13 12:16:23 | 000,365,461 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Anleitung.exe [2009.11.15 18:14:35 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2009.11.15 18:14:35 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2009.11.15 18:14:35 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2009.06.18 12:35:44 | 000,097,360 | R--- | C] () -- C:\WINDOWS\System32\drivers\Fwusb1b.bin [2008.08.05 17:56:21 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2006.02.13 20:12:13 | 000,003,138 | ---- | C] () -- C:\WINDOWS\tm.ini [2006.02.04 15:07:47 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2006.02.04 15:07:42 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe [2006.02.04 15:07:36 | 000,002,901 | ---- | C] () -- C:\WINDOWS\mozver.dat [2005.10.23 17:00:18 | 000,000,110 | ---- | C] () -- C:\WINDOWS\ka.ini [2005.07.16 13:45:32 | 000,047,332 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\wklnhst.dat [2005.07.09 16:45:14 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005.07.09 16:45:13 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini [2005.02.24 12:24:45 | 000,009,216 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005.02.22 00:07:05 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2005.01.15 19:39:35 | 000,000,166 | ---- | C] () -- C:\WINDOWS\mandant.ini [2005.01.14 15:45:56 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat [2005.01.11 18:38:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini [2004.12.28 15:53:26 | 000,000,049 | ---- | C] () -- C:\WINDOWS\lexstat.ini [2004.12.28 15:47:36 | 000,000,772 | ---- | C] () -- C:\WINDOWS\dellstat.ini [2004.12.28 15:47:07 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2004.12.21 20:31:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004.12.21 20:27:49 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT [2004.12.21 20:27:49 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI [2004.12.21 20:27:38 | 000,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini [2004.12.21 20:27:38 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2004.12.21 20:27:32 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI [2004.12.21 20:17:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT [2004.12.21 20:16:58 | 000,462,170 | ---- | C] () -- C:\WINDOWS\System32\PERFH007.DAT [2004.12.21 20:16:58 | 000,443,900 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT [2004.12.21 20:16:58 | 000,086,086 | ---- | C] () -- C:\WINDOWS\System32\PERFC007.DAT [2004.12.21 20:16:58 | 000,072,572 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT [2004.12.21 20:06:52 | 000,000,558 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2004.09.15 23:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2004.08.18 14:27:54 | 000,000,849 | ---- | C] () -- C:\WINDOWS\ORUN32.INI [2004.08.18 14:22:44 | 000,235,960 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2004.08.18 14:18:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2004.08.18 14:16:56 | 000,023,604 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2004.08.17 13:09:36 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004.08.17 13:09:35 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004.08.17 13:02:39 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004.08.17 13:01:04 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004.08.17 13:01:04 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2004.08.17 13:01:02 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2004.08.17 13:01:02 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004.08.17 12:57:28 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004.08.17 12:57:22 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004.08.17 12:54:36 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004.08.17 12:54:13 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004.08.04 15:00:00 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI [2004.08.04 15:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT [2004.07.19 17:01:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SETPWRCG.EXE [2003.07.31 18:16:46 | 000,000,017 | -H-- | C] () -- C:\WINDOWS\System32\drivers\DVEMODEM.DAT [2003.04.22 16:37:50 | 000,000,141 | ---- | C] () -- C:\WINDOWS\System32\DLBKPLC.INI [2003.01.07 22:15:26 | 000,000,255 | ---- | C] () -- C:\WINDOWS\System32\dlbkcoin.ini [2002.11.13 20:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbkvs.dll [1980.01.01 01:00:00 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe [1980.01.01 01:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll [1980.01.01 01:00:00 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll [1980.01.01 01:00:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll ========== LOP Check ========== [2011.03.20 15:53:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software [2008.12.30 14:10:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve [2007.08.13 19:10:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software [2008.06.08 19:40:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ElsterFormular [2008.12.30 14:04:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe [2009.01.08 18:07:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware [2006.08.22 16:04:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint [2005.10.23 16:56:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vivendi Universal Games [2008.06.02 20:55:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WEBDE [2006.09.21 18:07:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ Toolbar [2008.11.19 11:35:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQLite [2004.12.30 16:46:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Leadertech [2008.12.31 11:20:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Lexware [2005.01.28 20:07:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MSNInstaller [2011.01.20 18:48:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SmartSurfer [2004.12.28 17:55:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Template [2005.10.13 23:51:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\WEBDE ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2006.03.31 17:58:13 | 000,000,000 | ---D | M] -- C:\Bibi_und_Tina [2006.11.19 16:57:38 | 000,000,000 | ---D | M] -- C:\CL [2011.03.20 23:48:08 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2010.12.03 14:00:55 | 000,000,000 | -H-D | M] -- C:\cxlacuxatx.exe [2011.03.19 08:12:24 | 000,000,000 | ---D | M] -- C:\d8update [2011.03.20 12:25:55 | 000,000,000 | ---D | M] -- C:\DELL [2011.03.14 13:23:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2011.03.19 11:13:25 | 000,000,000 | ---D | M] -- C:\DRIVERS [2011.03.20 05:03:38 | 000,000,000 | -HSD | M] -- C:\found.000 [2008.08.05 18:08:25 | 000,000,000 | ---D | M] -- C:\I386 [2011.03.19 07:33:13 | 000,000,000 | ---D | M] -- C:\INFECTED [2011.03.20 15:44:21 | 000,000,000 | ---D | M] -- C:\Kaspersky Rescue Disk 10.0 [2005.01.14 15:48:33 | 000,000,000 | ---D | M] -- C:\Lexware [2006.08.22 16:03:33 | 000,000,000 | ---D | M] -- C:\My Music [2010.11.26 20:57:43 | 000,000,000 | ---D | M] -- C:\Program Files [2011.03.21 10:26:01 | 000,000,000 | R--D | M] -- C:\Programme [2011.03.20 17:03:42 | 000,000,000 | -H-D | M] -- C:\Recycle.Bin [2011.03.14 13:25:01 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2011.03.19 14:54:00 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2007.02.25 13:41:37 | 000,000,000 | ---D | M] -- C:\Temp [2011.03.21 10:26:26 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2004.08.17 12:54:46 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\explorer.exe < MD5 for: USERINIT.EXE > [2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\userinit.exe [2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SYSTEM32\userinit.exe [2004.08.04 15:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\I386\USERINIT.EXE [2004.08.17 13:05:54 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 15:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\I386\WINLOGON.EXE [2004.08.17 13:07:21 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\winlogon.exe [2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SYSTEM32\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-20 20:57:31 < End of report > Code:
ATTFilter OTL Extras logfile created on: 21.03.2011 10:27:22 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 510,00 Mb Total Physical Memory | 153,00 Mb Available Physical Memory | 30,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): c:\pagefile.sys 768 768 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 78,13 Gb Total Space | 57,88 Gb Free Space | 74,08% Space Free | Partition Type: NTFS Drive E: | 67,31 Gb Total Space | 42,86 Gb Free Space | 63,67% Space Free | Partition Type: NTFS Computer Name: FELDMANN | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL "C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL "C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\ABBYY FineReader 5.0 Sprint\Sprint.exe" = C:\Programme\ABBYY FineReader 5.0 Sprint\Sprint.exe:*:Disabled:ABBYY FineReader 5.0 Sprint -- (ABBYY (BIT Software)) "C:\WINDOWS\SYSTEM32\FXSCLNT.EXE" = C:\WINDOWS\SYSTEM32\FXSCLNT.EXE:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation) "C:\WINDOWS\SYSTEM32\MMC.EXE" = C:\WINDOWS\SYSTEM32\MMC.EXE:*:Disabled:Microsoft Management Console -- (Microsoft Corporation) "C:\Programme\Motorola\Software Update\msu.exe" = C:\Programme\Motorola\Software Update\msu.exe:*:Enabled:msu "C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Disabled:AOL "C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Disabled:AOL "C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Disabled:AOL 9.0 "C:\Programme\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Programme\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater -- () "C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{03ED6584-5A5A-4CA3-B61D-741618E510DF}" = Steuer 2008 "{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn "{05440044-64A6-4248-A026-9745C1E9E159}" = Microsoft Encarta Enzyklopädie 2005 "{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{11CA6E01-3992-4115-AB6E-D325552C166D}" = WEB.DE SmartSurfer AutoUpdate 5.2 "{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD "{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel(R) PROSet for Wired Connections "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD "{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It!-Bibliothek 10 "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold "{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Foto Premium 10 "{56AB063D-1450-4BDE-9F0D-E9C693429C51}" = netbrdg "{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool "{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA "{6181E138-C21C-471C-9238-F2F59C314C6C}" = Steuer 2008 "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0 "{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN "{67DABCB4-239C-4E02-805E-DEA0DDCB1926}" = Steuer Hilfesammlung "{67E4EE98-59F4-4220-89A6-A20AF5BEC689}" = Microsoft AutoRoute 2005 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3 "{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids "{69496452-FAF3-43BC-9907-BA9CEC65FC10}" = Lexware Info Service "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03 "{74D2638F-E20C-4EC0-97AA-6B6ECACA5D5C}" = Motorola Mobile Drivers Installation 4.8.0 "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{76EA55BD-535F-4AB4-AD80-A8CA331F4E6F}" = Windows Messenger 5.1 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack "{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr "{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS "{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini "{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002 "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui "{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt "{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore "{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker "{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK "{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI "{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008 "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore "{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU "{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C438DF2B-C5DF-4783-9CA5-9B89E501FA62}" = Works Update "{C6A12D9B-D86A-4ee6-B980-95E4B26A2E13}" = Microsoft Works Suite-Add-Ins für Microsoft Word "{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}" = ElsterFormular 2006/2007 "{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEB481CC-F57C-4397-81A0-DADD22257047}" = Sound Blaster Live! 24-bit "{CF59708F-60F4-11D5-866A-00A0D2183227}" = On2 VP3 Video for Windows Codec "{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare Software "{D5C8E140-6E6F-11DD-9AA9-0050560400B1}" = Haufe iDesk-Service "{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR "{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby "{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips "{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0 "{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime "{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase "{F48AAE0F-52F4-11DD-B1F7-0050560400B1}" = Haufe iDesk-Browser "{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK "{F850185A-1BB1-41E8-8438-ABE28DFF5A9B}" = DA920GE "{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS "{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs "{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ATI Display Driver" = ATI Display Driver "avast" = avast! Free Antivirus "AVMWLANCLI" = AVM FRITZ!WLAN "CCleaner" = CCleaner "Dell AIO Printer A920" = Dell AIO Printer A920 "DFÜ-Optimierer" = DFÜ-Optimierer 1.25 "ERUNT_is1" = ERUNT 1.1j "HaufeReader" = HaufeReader "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "Intel(R) 537EP V9x DFV PCI Modem" = Intel(R) 537EP V9x DFV PCI Modem "MahJongg2003" = MahJongg2003 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MotoHelper" = MotoHelper 2.0.34 Driver 4.8.0 "Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15) "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "PictureItPrem_v10" = Microsoft Picture It! Foto Premium 10 "PROSet" = Intel(R) PRO Network Connections Drivers "RealPlayer 6.0" = RealPlayer Basic "Shockwave" = Shockwave "StreetPlugin" = Learn2 Player (Uninstall Only) "VAR_05" = Steuer Hilfesammlung Version 2 "ViewpointMediaPlayer" = Viewpoint Media Player "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "WEB.DE SmartSurfer" = WEB.DE SmartSurfer "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Works2005Setup" = Setup-Start von Microsoft Works 2005 "XTTB00001.XTTB00001Toolbar" = ICQ Toolbar ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 20.03.2011 10:44:38 | Computer Name = *** | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung logonui.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul kernel32.dll, Version 5.1.2600.2180, Fehleradresse 0x00039277. Error - 20.03.2011 10:45:08 | Computer Name = *** | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung logonui.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul kernel32.dll, Version 5.1.2600.2180, Fehleradresse 0x00039277. Error - 20.03.2011 10:48:15 | Computer Name = *** | Source = Application Error | ID = 1004 Description = Fehlgeschlagene Anwendung rundll32.exe, Version 5.1.2600.2180, fehlgeschlagenes Modul kernel32.dll, Version 5.1.2600.2180, Fehleradresse 0x00039277. Error - 20.03.2011 10:49:40 | Computer Name = *** | Source = Application Error | ID = 1004 Description = Fehlgeschlagene Anwendung MpCmdRun.exe, Version 3.0.8107.0, fehlgeschlagenes Modul kernel32.dll, Version 5.1.2600.2180, Fehleradresse 0x00039277. Error - 20.03.2011 10:49:43 | Computer Name = *** | Source = Application Error | ID = 1004 Description = Fehlgeschlagene Anwendung logonui.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul kernel32.dll, Version 5.1.2600.2180, Fehleradresse 0x00039277. Error - 20.03.2011 10:49:49 | Computer Name = *** | Source = Application Error | ID = 1004 Description = Fehlgeschlagene Anwendung logonui.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul kernel32.dll, Version 5.1.2600.2180, Fehleradresse 0x00039277. Error - 20.03.2011 10:49:50 | Computer Name = *** | Source = Application Error | ID = 1004 Description = Fehlgeschlagene Anwendung logonui.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul kernel32.dll, Version 5.1.2600.2180, Fehleradresse 0x00039277. Error - 20.03.2011 12:01:12 | Computer Name = *** | Source = MPSampleSubmission | ID = 5000 Description = Error - 20.03.2011 12:01:14 | Computer Name = *** | Source = MPSampleSubmission | ID = 5000 Description = Error - 20.03.2011 14:26:09 | Computer Name = *** | Source = Microsoft Security Client | ID = 1001 Description = [ System Events ] Error - 20.03.2011 10:44:25 | Computer Name = *** | Source = SideBySide | ID = 16842811 Description = Generate Activation Context ist für C:\WINDOWS\WindowsShell.Manifest fehlgeschlagen. Referenzfehlermeldung: Der Vorgang wurde erfolgreich beendet. . Error - 20.03.2011 12:03:39 | Computer Name = *** | Source = System Error | ID = 1003 Description = Fehlercode c000021a, 1. Parameter e2750738, 2. Parameter c0000005, 3. Parameter 00000000, 4. Parameter 00000000. Error - 21.03.2011 05:21:36 | Computer Name = *** | Source = Service Control Manager | ID = 7034 Description = Dienst "Ati HotKey Poller" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 21.03.2011 05:21:36 | Computer Name = *** | Source = Service Control Manager | ID = 7034 Description = Dienst "LexBce Server" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 21.03.2011 05:21:36 | Computer Name = *** | Source = Service Control Manager | ID = 7034 Description = Dienst "AVM WLAN Connection Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 21.03.2011 05:21:36 | Computer Name = *** | Source = Service Control Manager | ID = 7034 Description = Dienst "Creative Service for CDROM Access" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 21.03.2011 05:21:36 | Computer Name = *** | Source = Service Control Manager | ID = 7031 Description = Der Dienst "MotoHelper Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Starten Sie den Dienst neu.. Error - 21.03.2011 05:21:36 | Computer Name = *** | Source = Service Control Manager | ID = 7034 Description = Dienst "Windows-Bilderfassung (WIA)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 21.03.2011 05:28:12 | Computer Name = *** | Source = SRService | ID = 104 Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen. Error - 21.03.2011 05:28:13 | Computer Name = *** | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler beendet: %%2 < End of report > Code:
ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net Rootkit scan 2011-03-21 11:07:48 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e WDC_WD1600JD-75HBB0 rev.08.02D08 Running: g2m3e4r.exe; Driver: C:\DOKUME~1\***\LOKALE~1\Temp\awlyypob.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xEEBC99CA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xEEC1EA68] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xEEBE9AF5] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xEEBCBEAC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xEEBCBF04] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xEEBCC01A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xEEBE94A9] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xEEBCBE02] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xEEBCBF54] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xEEBCBE56] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xEEBCBFC8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xEEBC99EE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xEEBEA1BB] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xEEBEA471] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xEEBCC29E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xEEBEA026] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xEEBE9E91] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xEEC1EB18] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xEEBC97B8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xEEBC9A12] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xEEBCC412] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xEEBCA4AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xEEBCBEDC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xEEBCBF2C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xEEBCC044] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xEEBE9805] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xEEBCBE2E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xEEBCC0D6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xEEBCBF94] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xEEBCBE84] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xEEBCC1BA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xEEBCBFF2] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xEEC1EBB0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xEEBE9D0C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xEEBCA370] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xEEBE9B5E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xEEC26E26] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xEEBE8B1C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xEEBC9A36] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xEEBC9A5A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xEEBC9812] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xEEBC994E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xEEBEA2C2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xEEBC992A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xEEBC9972] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xEEBC9A7E] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xEEC338DE] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!ZwYieldExecution + BA 804E4914 4 Bytes JMP D9E8EEC1 PAGE ntoskrnl.exe!ObInsertObject 8056DA64 5 Bytes JMP EEC30D38 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 805766FB 4 Bytes CALL EEBCAE25 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntoskrnl.exe!ZwCreateProcessEx 8058B9EC 7 Bytes JMP EEC338E2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ObMakeTemporaryObject 805AD1E0 5 Bytes JMP EEC2F29E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xF8AEB760] .text C:\WINDOWS\system32\drivers\ACEDRV05.sys section is writeable [0xED9D9000, 0x30A4A, 0xE8000020] .pklstb C:\WINDOWS\system32\drivers\ACEDRV05.sys entry point in ".pklstb" section [0xEDA1B000] .relo2 C:\WINDOWS\system32\drivers\ACEDRV05.sys unknown last section [0xEDA36000, 0x8E, 0x42000040] .text C:\WINDOWS\system32\drivers\ACEDRV07.sys section is writeable [0xED977000, 0x328BA, 0xE8000020] .pklstb C:\WINDOWS\system32\drivers\ACEDRV07.sys entry point in ".pklstb" section [0xED9BB000] .relo2 C:\WINDOWS\system32\drivers\ACEDRV07.sys unknown last section [0xED9D7000, 0x8E, 0x42000040] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\MsPMSPSv.exe[320] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00140030 .text C:\WINDOWS\system32\MsPMSPSv.exe[320] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0014006C .text C:\WINDOWS\system32\MsPMSPSv.exe[320] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003801D4 .text C:\WINDOWS\system32\MsPMSPSv.exe[320] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003800E4 .text C:\WINDOWS\system32\MsPMSPSv.exe[320] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00380120 .text C:\WINDOWS\system32\MsPMSPSv.exe[320] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 0038015C .text C:\WINDOWS\system32\MsPMSPSv.exe[320] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00380198 .text C:\WINDOWS\system32\MsPMSPSv.exe[320] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 00380030 .text C:\WINDOWS\system32\MsPMSPSv.exe[320] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 0038006C .text C:\WINDOWS\system32\MsPMSPSv.exe[320] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003800A8 .text C:\WINDOWS\system32\MsPMSPSv.exe[320] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003900E4 .text C:\WINDOWS\system32\MsPMSPSv.exe[320] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390120 .text C:\WINDOWS\system32\MsPMSPSv.exe[320] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003900A8 .text C:\WINDOWS\system32\MsPMSPSv.exe[320] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00390030 .text C:\WINDOWS\system32\MsPMSPSv.exe[320] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 0039006C .text C:\WINDOWS\system32\MsPMSPSv.exe[320] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82] .text C:\WINDOWS\system32\fxssvc.exe[408] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00140030 .text C:\WINDOWS\system32\fxssvc.exe[408] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0014006C .text C:\WINDOWS\system32\fxssvc.exe[408] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003801D4 .text C:\WINDOWS\system32\fxssvc.exe[408] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003800E4 .text C:\WINDOWS\system32\fxssvc.exe[408] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00380120 .text C:\WINDOWS\system32\fxssvc.exe[408] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 0038015C .text C:\WINDOWS\system32\fxssvc.exe[408] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00380198 .text C:\WINDOWS\system32\fxssvc.exe[408] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 00380030 .text C:\WINDOWS\system32\fxssvc.exe[408] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 0038006C .text C:\WINDOWS\system32\fxssvc.exe[408] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003800A8 .text C:\WINDOWS\system32\fxssvc.exe[408] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003900E4 .text C:\WINDOWS\system32\fxssvc.exe[408] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390120 .text C:\WINDOWS\system32\fxssvc.exe[408] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003900A8 .text C:\WINDOWS\system32\fxssvc.exe[408] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00390030 .text C:\WINDOWS\system32\fxssvc.exe[408] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 0039006C .text C:\WINDOWS\system32\fxssvc.exe[408] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82] .text C:\WINDOWS\system32\winlogon.exe[704] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00070030 .text C:\WINDOWS\system32\winlogon.exe[704] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0007006C .text C:\WINDOWS\system32\winlogon.exe[704] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4 .text C:\WINDOWS\system32\winlogon.exe[704] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4 .text C:\WINDOWS\system32\winlogon.exe[704] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120 .text C:\WINDOWS\system32\winlogon.exe[704] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C .text C:\WINDOWS\system32\winlogon.exe[704] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198 .text C:\WINDOWS\system32\winlogon.exe[704] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030 .text C:\WINDOWS\system32\winlogon.exe[704] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C .text C:\WINDOWS\system32\winlogon.exe[704] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8 .text C:\WINDOWS\system32\winlogon.exe[704] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C00E4 .text C:\WINDOWS\system32\winlogon.exe[704] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0120 .text C:\WINDOWS\system32\winlogon.exe[704] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C00A8 .text C:\WINDOWS\system32\winlogon.exe[704] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C0030 .text C:\WINDOWS\system32\winlogon.exe[704] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C006C .text C:\WINDOWS\system32\services.exe[748] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030 .text C:\WINDOWS\system32\services.exe[748] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C .text C:\WINDOWS\system32\services.exe[748] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4 .text C:\WINDOWS\system32\services.exe[748] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4 .text C:\WINDOWS\system32\services.exe[748] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120 .text C:\WINDOWS\system32\services.exe[748] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C .text C:\WINDOWS\system32\services.exe[748] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198 .text C:\WINDOWS\system32\services.exe[748] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030 .text C:\WINDOWS\system32\services.exe[748] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C .text C:\WINDOWS\system32\services.exe[748] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8 .text C:\WINDOWS\system32\services.exe[748] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C00E4 .text C:\WINDOWS\system32\services.exe[748] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0120 .text C:\WINDOWS\system32\services.exe[748] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C00A8 .text C:\WINDOWS\system32\services.exe[748] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C0030 .text C:\WINDOWS\system32\services.exe[748] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C006C .text C:\WINDOWS\system32\lsass.exe[760] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030 .text C:\WINDOWS\system32\lsass.exe[760] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C .text C:\WINDOWS\system32\lsass.exe[760] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4 .text C:\WINDOWS\system32\lsass.exe[760] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4 .text C:\WINDOWS\system32\lsass.exe[760] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120 .text C:\WINDOWS\system32\lsass.exe[760] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C .text C:\WINDOWS\system32\lsass.exe[760] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198 .text C:\WINDOWS\system32\lsass.exe[760] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030 .text C:\WINDOWS\system32\lsass.exe[760] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C .text C:\WINDOWS\system32\lsass.exe[760] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8 .text C:\WINDOWS\system32\lsass.exe[760] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C00E4 .text C:\WINDOWS\system32\lsass.exe[760] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0120 .text C:\WINDOWS\system32\lsass.exe[760] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C00A8 .text C:\WINDOWS\system32\lsass.exe[760] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C0030 .text C:\WINDOWS\system32\lsass.exe[760] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C006C .text C:\WINDOWS\system32\Ati2evxx.exe[948] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00140030 .text C:\WINDOWS\system32\Ati2evxx.exe[948] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0014006C .text C:\WINDOWS\system32\Ati2evxx.exe[948] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003800E4 .text C:\WINDOWS\system32\Ati2evxx.exe[948] USER32.dll!UnhookWindowsHookEx 7E37D5F3 3 Bytes JMP 00380120 .text C:\WINDOWS\system32\Ati2evxx.exe[948] USER32.dll!UnhookWindowsHookEx + 4 7E37D5F7 1 Byte [82] .text C:\WINDOWS\system32\Ati2evxx.exe[948] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003800A8 .text C:\WINDOWS\system32\Ati2evxx.exe[948] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00380030 .text C:\WINDOWS\system32\Ati2evxx.exe[948] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 0038006C .text C:\WINDOWS\system32\Ati2evxx.exe[948] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 003901D4 .text C:\WINDOWS\system32\Ati2evxx.exe[948] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88] .text C:\WINDOWS\system32\Ati2evxx.exe[948] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003900E4 .text C:\WINDOWS\system32\Ati2evxx.exe[948] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390120 .text C:\WINDOWS\system32\Ati2evxx.exe[948] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 0039015C .text C:\WINDOWS\system32\Ati2evxx.exe[948] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390198 .text C:\WINDOWS\system32\Ati2evxx.exe[948] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 00390030 .text C:\WINDOWS\system32\Ati2evxx.exe[948] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 0039006C .text C:\WINDOWS\system32\Ati2evxx.exe[948] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003900A8 .text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030 .text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C .text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4 .text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4 .text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120 .text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C .text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198 .text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030 .text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C .text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8 .text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C00E4 .text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0120 .text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C00A8 .text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C0030 .text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C006C .text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030 .text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C .text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4 .text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4 .text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120 .text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C .text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198 .text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030 .text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C .text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8 .text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C00E4 .text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0120 .text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C00A8 .text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C0030 .text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C006C .text C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030 .text C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C .text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4 .text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4 .text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120 .text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C .text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198 .text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030 .text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C .text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8 .text C:\WINDOWS\system32\svchost.exe[1080] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C00E4 .text C:\WINDOWS\system32\svchost.exe[1080] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0120 .text C:\WINDOWS\system32\svchost.exe[1080] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C00A8 .text C:\WINDOWS\system32\svchost.exe[1080] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C0030 .text C:\WINDOWS\system32\svchost.exe[1080] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C006C .text C:\Programme\avmwlanstick\WlanNetService.exe[1112] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00150030 .text C:\Programme\avmwlanstick\WlanNetService.exe[1112] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0015006C .text C:\Programme\avmwlanstick\WlanNetService.exe[1112] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 003901D4 .text C:\Programme\avmwlanstick\WlanNetService.exe[1112] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88] .text C:\Programme\avmwlanstick\WlanNetService.exe[1112] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003900E4 .text C:\Programme\avmwlanstick\WlanNetService.exe[1112] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390120 .text C:\Programme\avmwlanstick\WlanNetService.exe[1112] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 0039015C .text C:\Programme\avmwlanstick\WlanNetService.exe[1112] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390198 .text C:\Programme\avmwlanstick\WlanNetService.exe[1112] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 00390030 .text C:\Programme\avmwlanstick\WlanNetService.exe[1112] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 0039006C .text C:\Programme\avmwlanstick\WlanNetService.exe[1112] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003900A8 .text C:\Programme\avmwlanstick\WlanNetService.exe[1112] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003A00E4 .text C:\Programme\avmwlanstick\WlanNetService.exe[1112] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003A0120 .text C:\Programme\avmwlanstick\WlanNetService.exe[1112] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003A00A8 .text C:\Programme\avmwlanstick\WlanNetService.exe[1112] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003A0030 .text C:\Programme\avmwlanstick\WlanNetService.exe[1112] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003A006C .text C:\WINDOWS\System32\svchost.exe[1132] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030 .text C:\WINDOWS\System32\svchost.exe[1132] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C .text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4 .text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4 .text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120 .text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C .text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198 .text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030 .text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C .text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8 .text C:\WINDOWS\System32\svchost.exe[1132] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C00E4 .text C:\WINDOWS\System32\svchost.exe[1132] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0120 .text C:\WINDOWS\System32\svchost.exe[1132] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C00A8 .text C:\WINDOWS\System32\svchost.exe[1132] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C0030 .text C:\WINDOWS\System32\svchost.exe[1132] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C006C .text C:\WINDOWS\system32\CTsvcCDA.EXE[1200] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00140030 .text C:\WINDOWS\system32\CTsvcCDA.EXE[1200] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0014006C .text C:\WINDOWS\system32\CTsvcCDA.EXE[1200] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003800E4 .text C:\WINDOWS\system32\CTsvcCDA.EXE[1200] USER32.dll!UnhookWindowsHookEx 7E37D5F3 3 Bytes JMP 00380120 .text C:\WINDOWS\system32\CTsvcCDA.EXE[1200] USER32.dll!UnhookWindowsHookEx + 4 7E37D5F7 1 Byte [82] .text C:\WINDOWS\system32\CTsvcCDA.EXE[1200] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003800A8 .text C:\WINDOWS\system32\CTsvcCDA.EXE[1200] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00380030 .text C:\WINDOWS\system32\CTsvcCDA.EXE[1200] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 0038006C .text C:\WINDOWS\system32\CTsvcCDA.EXE[1200] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 003901D4 .text C:\WINDOWS\system32\CTsvcCDA.EXE[1200] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88] .text C:\WINDOWS\system32\CTsvcCDA.EXE[1200] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003900E4 .text C:\WINDOWS\system32\CTsvcCDA.EXE[1200] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390120 .text C:\WINDOWS\system32\CTsvcCDA.EXE[1200] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 0039015C .text C:\WINDOWS\system32\CTsvcCDA.EXE[1200] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390198 .text C:\WINDOWS\system32\CTsvcCDA.EXE[1200] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 00390030 .text C:\WINDOWS\system32\CTsvcCDA.EXE[1200] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 0039006C .text C:\WINDOWS\system32\CTsvcCDA.EXE[1200] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003900A8 .text C:\Programme\Motorola\MotoHelper\MotoHelperService.exe[1232] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00150030 .text C:\Programme\Motorola\MotoHelper\MotoHelperService.exe[1232] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0015006C .text C:\Programme\Motorola\MotoHelper\MotoHelperService.exe[1232] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003B01D4 .text C:\Programme\Motorola\MotoHelper\MotoHelperService.exe[1232] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003B00E4 .text C:\Programme\Motorola\MotoHelper\MotoHelperService.exe[1232] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003B0120 .text C:\Programme\Motorola\MotoHelper\MotoHelperService.exe[1232] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003B015C .text C:\Programme\Motorola\MotoHelper\MotoHelperService.exe[1232] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003B0198 .text C:\Programme\Motorola\MotoHelper\MotoHelperService.exe[1232] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003B0030 .text C:\Programme\Motorola\MotoHelper\MotoHelperService.exe[1232] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003B006C .text C:\Programme\Motorola\MotoHelper\MotoHelperService.exe[1232] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003B00A8 .text C:\Programme\Motorola\MotoHelper\MotoHelperService.exe[1232] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003C00E4 .text C:\Programme\Motorola\MotoHelper\MotoHelperService.exe[1232] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003C0120 .text C:\Programme\Motorola\MotoHelper\MotoHelperService.exe[1232] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003C00A8 .text C:\Programme\Motorola\MotoHelper\MotoHelperService.exe[1232] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003C0030 .text C:\Programme\Motorola\MotoHelper\MotoHelperService.exe[1232] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003C006C .text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030 .text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C .text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4 .text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4 .text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120 .text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C .text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198 .text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030 .text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C .text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8 .text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C00E4 .text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0120 .text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C00A8 .text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C0030 .text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C006C .text C:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030 .text C:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C .text C:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4 .text C:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4 .text C:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120 .text C:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C .text C:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198 .text C:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030 .text C:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C .text C:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8 .text C:\WINDOWS\system32\svchost.exe[1392] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C00E4 .text C:\WINDOWS\system32\svchost.exe[1392] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0120 .text C:\WINDOWS\system32\svchost.exe[1392] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C00A8 .text C:\WINDOWS\system32\svchost.exe[1392] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C0030 .text C:\WINDOWS\system32\svchost.exe[1392] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C006C .text C:\Programme\AVAST Software\Avast\AvastSvc.exe[1460] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Dokumente und Einstellungen\***\Desktop\OTL.exe[1724] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00150030 .text C:\Dokumente und Einstellungen\***\Desktop\OTL.exe[1724] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0015006C .text C:\Dokumente und Einstellungen\***\Desktop\OTL.exe[1724] user32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 010700E4 .text C:\Dokumente und Einstellungen\***\Desktop\OTL.exe[1724] user32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 01070120 .text C:\Dokumente und Einstellungen\***\Desktop\OTL.exe[1724] user32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 010700A8 .text C:\Dokumente und Einstellungen\***\Desktop\OTL.exe[1724] user32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 01070030 .text C:\Dokumente und Einstellungen\***\Desktop\OTL.exe[1724] user32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 0107006C .text C:\Dokumente und Einstellungen\***\Desktop\OTL.exe[1724] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 010D01D4 .text C:\Dokumente und Einstellungen\***\Desktop\OTL.exe[1724] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 010D00E4 .text C:\Dokumente und Einstellungen\***\Desktop\OTL.exe[1724] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 010D0120 .text C:\Dokumente und Einstellungen\***\Desktop\OTL.exe[1724] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 010D015C .text C:\Dokumente und Einstellungen\***\Desktop\OTL.exe[1724] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 010D0198 .text C:\Dokumente und Einstellungen\***\Desktop\OTL.exe[1724] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 010D0030 .text C:\Dokumente und Einstellungen\***\Desktop\OTL.exe[1724] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 010D006C .text C:\Dokumente und Einstellungen\***\Desktop\OTL.exe[1724] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 010D00A8 .text C:\WINDOWS\system32\LEXBCES.EXE[1860] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00140030 .text C:\WINDOWS\system32\LEXBCES.EXE[1860] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0014006C .text C:\WINDOWS\system32\LEXBCES.EXE[1860] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003800E4 .text C:\WINDOWS\system32\LEXBCES.EXE[1860] USER32.dll!UnhookWindowsHookEx 7E37D5F3 3 Bytes JMP 00380120 .text C:\WINDOWS\system32\LEXBCES.EXE[1860] USER32.dll!UnhookWindowsHookEx + 4 7E37D5F7 1 Byte [82] .text C:\WINDOWS\system32\LEXBCES.EXE[1860] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003800A8 .text C:\WINDOWS\system32\LEXBCES.EXE[1860] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00380030 .text C:\WINDOWS\system32\LEXBCES.EXE[1860] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 0038006C .text C:\WINDOWS\system32\LEXBCES.EXE[1860] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 003901D4 .text C:\WINDOWS\system32\LEXBCES.EXE[1860] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88] .text C:\WINDOWS\system32\LEXBCES.EXE[1860] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003900E4 .text C:\WINDOWS\system32\LEXBCES.EXE[1860] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390120 .text C:\WINDOWS\system32\LEXBCES.EXE[1860] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 0039015C .text C:\WINDOWS\system32\LEXBCES.EXE[1860] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390198 .text C:\WINDOWS\system32\LEXBCES.EXE[1860] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 00390030 .text C:\WINDOWS\system32\LEXBCES.EXE[1860] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 0039006C .text C:\WINDOWS\system32\LEXBCES.EXE[1860] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003900A8 .text C:\WINDOWS\system32\svchost.exe[1920] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030 .text C:\WINDOWS\system32\svchost.exe[1920] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C .text C:\WINDOWS\system32\svchost.exe[1920] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4 .text C:\WINDOWS\system32\svchost.exe[1920] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4 .text C:\WINDOWS\system32\svchost.exe[1920] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120 .text C:\WINDOWS\system32\svchost.exe[1920] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C .text C:\WINDOWS\system32\svchost.exe[1920] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198 .text C:\WINDOWS\system32\svchost.exe[1920] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030 .text C:\WINDOWS\system32\svchost.exe[1920] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C .text C:\WINDOWS\system32\svchost.exe[1920] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8 .text C:\WINDOWS\system32\svchost.exe[1920] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C00E4 .text C:\WINDOWS\system32\svchost.exe[1920] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0120 .text C:\WINDOWS\system32\svchost.exe[1920] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C00A8 .text C:\WINDOWS\system32\svchost.exe[1920] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C0030 .text C:\WINDOWS\system32\svchost.exe[1920] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C006C .text C:\WINDOWS\system32\spoolsv.exe[2016] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030 .text C:\WINDOWS\system32\spoolsv.exe[2016] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C .text C:\WINDOWS\system32\spoolsv.exe[2016] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4 .text C:\WINDOWS\system32\spoolsv.exe[2016] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4 .text C:\WINDOWS\system32\spoolsv.exe[2016] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120 .text C:\WINDOWS\system32\spoolsv.exe[2016] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C .text C:\WINDOWS\system32\spoolsv.exe[2016] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198 .text C:\WINDOWS\system32\spoolsv.exe[2016] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030 .text C:\WINDOWS\system32\spoolsv.exe[2016] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C .text C:\WINDOWS\system32\spoolsv.exe[2016] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8 .text C:\WINDOWS\system32\spoolsv.exe[2016] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C00E4 .text C:\WINDOWS\system32\spoolsv.exe[2016] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0120 .text C:\WINDOWS\system32\spoolsv.exe[2016] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C00A8 .text C:\WINDOWS\system32\spoolsv.exe[2016] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C0030 .text C:\WINDOWS\system32\spoolsv.exe[2016] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C006C .text C:\WINDOWS\system32\LEXPPS.EXE[2024] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00140030 .text C:\WINDOWS\system32\LEXPPS.EXE[2024] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0014006C .text C:\WINDOWS\system32\LEXPPS.EXE[2024] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003801D4 .text C:\WINDOWS\system32\LEXPPS.EXE[2024] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003800E4 .text C:\WINDOWS\system32\LEXPPS.EXE[2024] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00380120 .text C:\WINDOWS\system32\LEXPPS.EXE[2024] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 0038015C .text C:\WINDOWS\system32\LEXPPS.EXE[2024] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00380198 .text C:\WINDOWS\system32\LEXPPS.EXE[2024] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 00380030 .text C:\WINDOWS\system32\LEXPPS.EXE[2024] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 0038006C .text C:\WINDOWS\system32\LEXPPS.EXE[2024] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003800A8 .text C:\WINDOWS\system32\LEXPPS.EXE[2024] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003900E4 .text C:\WINDOWS\system32\LEXPPS.EXE[2024] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390120 .text C:\WINDOWS\system32\LEXPPS.EXE[2024] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003900A8 .text C:\WINDOWS\system32\LEXPPS.EXE[2024] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00390030 .text C:\WINDOWS\system32\LEXPPS.EXE[2024] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 0039006C .text C:\WINDOWS\system32\LEXPPS.EXE[2024] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82] .text C:\WINDOWS\System32\alg.exe[2160] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030 .text C:\WINDOWS\System32\alg.exe[2160] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C .text C:\WINDOWS\System32\alg.exe[2160] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002B00E4 .text C:\WINDOWS\System32\alg.exe[2160] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002B0120 .text C:\WINDOWS\System32\alg.exe[2160] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002B00A8 .text C:\WINDOWS\System32\alg.exe[2160] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002B0030 .text C:\WINDOWS\System32\alg.exe[2160] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002B006C .text C:\WINDOWS\System32\alg.exe[2160] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C01D4 .text C:\WINDOWS\System32\alg.exe[2160] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C00E4 .text C:\WINDOWS\System32\alg.exe[2160] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0120 .text C:\WINDOWS\System32\alg.exe[2160] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C015C .text C:\WINDOWS\System32\alg.exe[2160] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0198 .text C:\WINDOWS\System32\alg.exe[2160] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C0030 .text C:\WINDOWS\System32\alg.exe[2160] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C006C .text C:\WINDOWS\System32\alg.exe[2160] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C00A8 .text C:\WINDOWS\Explorer.EXE[2744] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030 .text C:\WINDOWS\Explorer.EXE[2744] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C .text C:\WINDOWS\Explorer.EXE[2744] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C01D4 .text C:\WINDOWS\Explorer.EXE[2744] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C00E4 .text C:\WINDOWS\Explorer.EXE[2744] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0120 .text C:\WINDOWS\Explorer.EXE[2744] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C015C .text C:\WINDOWS\Explorer.EXE[2744] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0198 .text C:\WINDOWS\Explorer.EXE[2744] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C0030 .text C:\WINDOWS\Explorer.EXE[2744] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C006C .text C:\WINDOWS\Explorer.EXE[2744] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C00A8 .text C:\WINDOWS\Explorer.EXE[2744] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002D00E4 .text C:\WINDOWS\Explorer.EXE[2744] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002D0120 .text C:\WINDOWS\Explorer.EXE[2744] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002D00A8 .text C:\WINDOWS\Explorer.EXE[2744] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002D0030 .text C:\WINDOWS\Explorer.EXE[2744] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002D006C .text C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe[2776] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00150030 .text C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe[2776] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0015006C .text C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe[2776] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003A01D4 .text C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe[2776] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003A00E4 .text C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe[2776] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003A0120 .text C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe[2776] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003A015C .text C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe[2776] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003A0198 .text C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe[2776] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003A0030 .text C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe[2776] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003A006C .text C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe[2776] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003A00A8 .text C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe[2776] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003B00E4 .text C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe[2776] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003B0120 .text C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe[2776] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003B00A8 .text C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe[2776] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003B0030 .text C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe[2776] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003B006C .text C:\Programme\avmwlanstick\FRITZWLANMini.exe[2848] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030 .text C:\Programme\avmwlanstick\FRITZWLANMini.exe[2848] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C .text C:\Programme\avmwlanstick\FRITZWLANMini.exe[2848] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002D01D4 .text C:\Programme\avmwlanstick\FRITZWLANMini.exe[2848] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002D00E4 .text C:\Programme\avmwlanstick\FRITZWLANMini.exe[2848] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002D0120 .text C:\Programme\avmwlanstick\FRITZWLANMini.exe[2848] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002D015C .text C:\Programme\avmwlanstick\FRITZWLANMini.exe[2848] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002D0198 .text C:\Programme\avmwlanstick\FRITZWLANMini.exe[2848] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002D0030 .text C:\Programme\avmwlanstick\FRITZWLANMini.exe[2848] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002D006C .text C:\Programme\avmwlanstick\FRITZWLANMini.exe[2848] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002D00A8 .text C:\Programme\avmwlanstick\FRITZWLANMini.exe[2848] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002E00E4 .text C:\Programme\avmwlanstick\FRITZWLANMini.exe[2848] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002E0120 .text C:\Programme\avmwlanstick\FRITZWLANMini.exe[2848] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002E00A8 .text C:\Programme\avmwlanstick\FRITZWLANMini.exe[2848] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002E0030 .text C:\Programme\avmwlanstick\FRITZWLANMini.exe[2848] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002E006C .text C:\Programme\Messenger\Msmsgs.exe[3156] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030 .text C:\Programme\Messenger\Msmsgs.exe[3156] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C .text C:\Programme\Messenger\Msmsgs.exe[3156] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002D01D4 .text C:\Programme\Messenger\Msmsgs.exe[3156] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002D00E4 .text C:\Programme\Messenger\Msmsgs.exe[3156] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002D0120 .text C:\Programme\Messenger\Msmsgs.exe[3156] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002D015C .text C:\Programme\Messenger\Msmsgs.exe[3156] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002D0198 .text C:\Programme\Messenger\Msmsgs.exe[3156] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002D0030 .text C:\Programme\Messenger\Msmsgs.exe[3156] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002D006C .text C:\Programme\Messenger\Msmsgs.exe[3156] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002D00A8 .text C:\Programme\Messenger\Msmsgs.exe[3156] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002E00E4 .text C:\Programme\Messenger\Msmsgs.exe[3156] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002E0120 .text C:\Programme\Messenger\Msmsgs.exe[3156] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002E00A8 .text C:\Programme\Messenger\Msmsgs.exe[3156] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002E0030 .text C:\Programme\Messenger\Msmsgs.exe[3156] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002E006C .text C:\WINDOWS\system32\ctfmon.exe[3284] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000A0030 .text C:\WINDOWS\system32\ctfmon.exe[3284] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000A006C .text C:\WINDOWS\system32\ctfmon.exe[3284] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C01D4 .text C:\WINDOWS\system32\ctfmon.exe[3284] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C00E4 .text C:\WINDOWS\system32\ctfmon.exe[3284] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0120 .text C:\WINDOWS\system32\ctfmon.exe[3284] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C015C .text C:\WINDOWS\system32\ctfmon.exe[3284] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0198 .text C:\WINDOWS\system32\ctfmon.exe[3284] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C0030 .text C:\WINDOWS\system32\ctfmon.exe[3284] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C006C .text C:\WINDOWS\system32\ctfmon.exe[3284] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C00A8 .text C:\WINDOWS\system32\ctfmon.exe[3284] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002D00E4 .text C:\WINDOWS\system32\ctfmon.exe[3284] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002D0120 .text C:\WINDOWS\system32\ctfmon.exe[3284] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002D00A8 .text C:\WINDOWS\system32\ctfmon.exe[3284] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002D0030 .text C:\WINDOWS\system32\ctfmon.exe[3284] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002D006C .text C:\WINDOWS\System32\svchost.exe[3360] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030 .text C:\WINDOWS\System32\svchost.exe[3360] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C .text C:\WINDOWS\System32\svchost.exe[3360] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4 .text C:\WINDOWS\System32\svchost.exe[3360] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4 .text C:\WINDOWS\System32\svchost.exe[3360] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120 .text C:\WINDOWS\System32\svchost.exe[3360] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C .text C:\WINDOWS\System32\svchost.exe[3360] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198 .text C:\WINDOWS\System32\svchost.exe[3360] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030 .text C:\WINDOWS\System32\svchost.exe[3360] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C .text C:\WINDOWS\System32\svchost.exe[3360] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8 .text C:\WINDOWS\System32\svchost.exe[3360] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C00E4 .text C:\WINDOWS\System32\svchost.exe[3360] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0120 .text C:\WINDOWS\System32\svchost.exe[3360] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C00A8 .text C:\WINDOWS\System32\svchost.exe[3360] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C0030 .text C:\WINDOWS\System32\svchost.exe[3360] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C006C .text C:\Programme\Mozilla Firefox\firefox.exe[3636] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00150030 .text C:\Programme\Mozilla Firefox\firefox.exe[3636] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0015006C .text C:\Programme\Mozilla Firefox\firefox.exe[3636] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 006B01D4 .text C:\Programme\Mozilla Firefox\firefox.exe[3636] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 006B00E4 .text C:\Programme\Mozilla Firefox\firefox.exe[3636] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 006B0120 .text C:\Programme\Mozilla Firefox\firefox.exe[3636] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 006B015C .text C:\Programme\Mozilla Firefox\firefox.exe[3636] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 006B0198 .text C:\Programme\Mozilla Firefox\firefox.exe[3636] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 006B0030 .text C:\Programme\Mozilla Firefox\firefox.exe[3636] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 006B006C .text C:\Programme\Mozilla Firefox\firefox.exe[3636] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 006B00A8 .text C:\Programme\Mozilla Firefox\firefox.exe[3636] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 006C00E4 .text C:\Programme\Mozilla Firefox\firefox.exe[3636] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 006C0120 .text C:\Programme\Mozilla Firefox\firefox.exe[3636] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 006C00A8 .text C:\Programme\Mozilla Firefox\firefox.exe[3636] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 006C0030 .text C:\Programme\Mozilla Firefox\firefox.exe[3636] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 006C006C ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \FileSystem\Fastfat \Fat EC9B4D20 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) ---- EOF - GMER 1.0.15 ---- Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6173 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 26.03.2011 10:51:13 mbam-log-2011-03-26 (10-51-13).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 169608 Laufzeit: 3 Minute(n), 3 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
28.03.2011, 11:08 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Microsoft Security Essentials meldete W32.ramnit.aZitat:
Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ |
Themen zu Microsoft Security Essentials meldete W32.ramnit.a |
0x00000001, acedrv05.sys, adblock, adobe, antivirus, avast, avast!, avira, bho, c:\windows\system32\rundll32.exe, c:\windows\system32\services.exe, dell computer, einstellungen, error, firefox, flash player, format, gruppe, home, installation, kaspersky, kaspersky rescue, location, microsoft security, microsoft security essentials, mmc.exe, monitor, mozilla, ntdll.dll, oldtimer, plug-in, registry, rundll, safer networking, saver, scan, searchplugins, security, shell32.dll, software, starten, stick, system error, udp, virus, windows internet, wscript.exe |