| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: mehrere Schadsoftware und (fast) kein Programm lässt sich mehr öffnenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.04.2011, 19:53
| #46 |
 |  mehrere Schadsoftware und (fast) kein Programm lässt sich mehr öffnen Hallo, hier habe ich den neuen Log: Code:
ATTFilter Logfile of The Avenger Version 2.0, (c) by Swandog46
hxxp://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: file "C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\ysbfplsv.exe" not found!
Replacement with dummy of file "C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\ysbfplsv.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
File "C:\Dokumente und Einstellungen\Media\Startmenü\Programme\Autostart\ysbfplsv.exe" replaced with dummy successfully.
File "C:\WINDOWS\system32\config\systemprofile\Startmenü\Programme\Autostart\ysbfplsv.exe" replaced with dummy successfully.
File "C:\Programme\qmjsfiji\ysbfplsv.exe" replaced with dummy successfully.
Completed script processing.
*******************
Finished! Terminate.
Vielen Danke für deine Hilfe!!! Multivitamin |
|
17.04.2011, 12:53
| #48 |
| | mehrere Schadsoftware und (fast) kein Programm lässt sich mehr öffnen Hallo!
__________________Hier sind die neuen Logs: GMER: Code:
ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net Rootkit scan 2011-04-17 08:03:43 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST916031 rev.0002 Running: mokpcsdp.exe; Driver: C:\DOKUME~1\Media\LOKALE~1\Temp\ufdirpog.sys ---- System - GMER 1.0.15 ---- SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF761E87E] SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF761EBFE] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2C88 80504524 4 Bytes CALL 12073C8A ? kgohagz.sys Das System kann die angegebene Datei nicht finden. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Programme\Java\jre6\bin\jqs.exe[228] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2004FF3F .text C:\Programme\Java\jre6\bin\jqs.exe[228] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20047A40 .text C:\Programme\Java\jre6\bin\jqs.exe[228] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2004FDBB .text C:\Programme\Java\jre6\bin\jqs.exe[228] WS2_32.dll!sendto 71A12F51 5 Bytes JMP 2004D423 .text C:\Programme\Java\jre6\bin\jqs.exe[228] WS2_32.dll!recvfrom 71A12FF7 5 Bytes JMP 2004D74D .text C:\Programme\Java\jre6\bin\jqs.exe[228] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 2004DA66 .text C:\Programme\Java\jre6\bin\jqs.exe[228] WS2_32.dll!send 71A14C27 5 Bytes JMP 2004D3D5 .text C:\Programme\Java\jre6\bin\jqs.exe[228] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 2004D8AA .text C:\Programme\Java\jre6\bin\jqs.exe[228] WS2_32.dll!recv 71A1676F 5 Bytes JMP 2004D6DE .text C:\Programme\Java\jre6\bin\jqs.exe[228] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 2004D7C2 .text C:\Programme\Java\jre6\bin\jqs.exe[228] WS2_32.dll!WSARecvFrom 71A1F66A 5 Bytes JMP 2004D985 .text C:\Programme\Java\jre6\bin\jqs.exe[228] WS2_32.dll!WSASendTo 71A20AAD 5 Bytes JMP 2004D833 .text C:\Programme\Java\jre6\bin\jqs.exe[228] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2004C9AD ? C:\WINDOWS\System32\smss.exe[432] time/date stamp mismatch; ? C:\WINDOWS\system32\csrss.exe[488] time/date stamp mismatch; unknown module: CSRSRV.dll .text C:\WINDOWS\system32\csrss.exe[488] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2004FF3F .text C:\WINDOWS\system32\csrss.exe[488] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20047A40 .text C:\WINDOWS\system32\csrss.exe[488] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2004FDBB .text C:\WINDOWS\system32\csrss.exe[488] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2004C9AD ? C:\WINDOWS\system32\winlogon.exe[512] time/date stamp mismatch; unknown module: WINMM.dllunknown module: MSGINA.dllunknown module: RASAPI32.dllunknown module: MPR.dllunknown module: AUTHZ.dllunknown module: NDdeApi.dllunknown module: PROFMAP.dllunknown module: SETUPAPI.dllunknown module: VERSION.dllunknown module: WINSTA.dllunknown module: WINTRUST.dll .text C:\WINDOWS\system32\winlogon.exe[512] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2004FF3F .text C:\WINDOWS\system32\winlogon.exe[512] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20047A40 .text C:\WINDOWS\system32\winlogon.exe[512] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2004FDBB .text C:\WINDOWS\system32\winlogon.exe[512] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2004C9AD .text C:\WINDOWS\system32\winlogon.exe[512] WS2_32.dll!sendto 71A12F51 5 Bytes JMP 2004D423 .text C:\WINDOWS\system32\winlogon.exe[512] WS2_32.dll!recvfrom 71A12FF7 5 Bytes JMP 2004D74D .text C:\WINDOWS\system32\winlogon.exe[512] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 2004DA66 .text C:\WINDOWS\system32\winlogon.exe[512] WS2_32.dll!send 71A14C27 5 Bytes JMP 2004D3D5 .text C:\WINDOWS\system32\winlogon.exe[512] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 2004D8AA .text C:\WINDOWS\system32\winlogon.exe[512] WS2_32.dll!recv 71A1676F 5 Bytes JMP 2004D6DE .text C:\WINDOWS\system32\winlogon.exe[512] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 2004D7C2 .text C:\WINDOWS\system32\winlogon.exe[512] WS2_32.dll!WSARecvFrom 71A1F66A 5 Bytes JMP 2004D985 .text C:\WINDOWS\system32\winlogon.exe[512] WS2_32.dll!WSASendTo 71A20AAD 5 Bytes JMP 2004D833 ? C:\WINDOWS\system32\services.exe[556] time/date stamp mismatch; unknown module: NTDSAPI.dllunknown module: NCObjAPI.DLLunknown module: SCESRV.dllunknown module: umpnpmgr.dll .text C:\WINDOWS\system32\services.exe[556] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2004FF3F .text C:\WINDOWS\system32\services.exe[556] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20047A40 .text C:\WINDOWS\system32\services.exe[556] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2004FDBB .text C:\WINDOWS\system32\services.exe[556] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2004C9AD .text C:\WINDOWS\system32\services.exe[556] WS2_32.dll!sendto 71A12F51 5 Bytes JMP 2004D423 .text C:\WINDOWS\system32\services.exe[556] WS2_32.dll!recvfrom 71A12FF7 5 Bytes JMP 2004D74D .text C:\WINDOWS\system32\services.exe[556] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 2004DA66 .text C:\WINDOWS\system32\services.exe[556] WS2_32.dll!send 71A14C27 5 Bytes JMP 2004D3D5 .text C:\WINDOWS\system32\services.exe[556] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 2004D8AA .text C:\WINDOWS\system32\services.exe[556] WS2_32.dll!recv 71A1676F 5 Bytes JMP 2004D6DE .text C:\WINDOWS\system32\services.exe[556] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 2004D7C2 .text C:\WINDOWS\system32\services.exe[556] WS2_32.dll!WSARecvFrom 71A1F66A 5 Bytes JMP 2004D985 .text C:\WINDOWS\system32\services.exe[556] WS2_32.dll!WSASendTo 71A20AAD 5 Bytes JMP 2004D833 .text C:\WINDOWS\system32\lsass.exe[568] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2004FF3F .text C:\WINDOWS\system32\lsass.exe[568] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20047A40 .text C:\WINDOWS\system32\lsass.exe[568] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2004FDBB .text C:\WINDOWS\system32\lsass.exe[568] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2004C9AD .text C:\WINDOWS\system32\lsass.exe[568] WS2_32.dll!sendto 71A12F51 5 Bytes JMP 2004D423 .text C:\WINDOWS\system32\lsass.exe[568] WS2_32.dll!recvfrom 71A12FF7 5 Bytes JMP 2004D74D .text C:\WINDOWS\system32\lsass.exe[568] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 2004DA66 .text C:\WINDOWS\system32\lsass.exe[568] WS2_32.dll!send 71A14C27 5 Bytes JMP 2004D3D5 .text C:\WINDOWS\system32\lsass.exe[568] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 2004D8AA .text C:\WINDOWS\system32\lsass.exe[568] WS2_32.dll!recv 71A1676F 5 Bytes JMP 2004D6DE .text C:\WINDOWS\system32\lsass.exe[568] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 2004D7C2 .text C:\WINDOWS\system32\lsass.exe[568] WS2_32.dll!WSARecvFrom 71A1F66A 5 Bytes JMP 2004D985 .text C:\WINDOWS\system32\lsass.exe[568] WS2_32.dll!WSASendTo 71A20AAD 5 Bytes JMP 2004D833 .text C:\Programme\Asus\Game Park\GameConsole\OberonGameConsoleService.exe[592] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2004FF3F .text C:\Programme\Asus\Game Park\GameConsole\OberonGameConsoleService.exe[592] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20047A40 .text C:\Programme\Asus\Game Park\GameConsole\OberonGameConsoleService.exe[592] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2004FDBB .text C:\Programme\Asus\Game Park\GameConsole\OberonGameConsoleService.exe[592] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2004C9AD .text C:\Programme\Asus\Game Park\GameConsole\OberonGameConsoleService.exe[592] ws2_32.dll!sendto 71A12F51 5 Bytes JMP 2004D423 .text C:\Programme\Asus\Game Park\GameConsole\OberonGameConsoleService.exe[592] ws2_32.dll!recvfrom 71A12FF7 5 Bytes JMP 2004D74D .text C:\Programme\Asus\Game Park\GameConsole\OberonGameConsoleService.exe[592] ws2_32.dll!closesocket 71A13E2B 5 Bytes JMP 2004DA66 .text C:\Programme\Asus\Game Park\GameConsole\OberonGameConsoleService.exe[592] ws2_32.dll!send 71A14C27 5 Bytes JMP 2004D3D5 .text C:\Programme\Asus\Game Park\GameConsole\OberonGameConsoleService.exe[592] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 2004D8AA .text C:\Programme\Asus\Game Park\GameConsole\OberonGameConsoleService.exe[592] ws2_32.dll!recv 71A1676F 5 Bytes JMP 2004D6DE .text C:\Programme\Asus\Game Park\GameConsole\OberonGameConsoleService.exe[592] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 2004D7C2 .text C:\Programme\Asus\Game Park\GameConsole\OberonGameConsoleService.exe[592] ws2_32.dll!WSARecvFrom 71A1F66A 5 Bytes JMP 2004D985 .text C:\Programme\Asus\Game Park\GameConsole\OberonGameConsoleService.exe[592] ws2_32.dll!WSASendTo 71A20AAD 5 Bytes JMP 2004D833 .text C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[664] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2001FF3F .text C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[664] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20017A40 .text C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[664] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2001FDBB .text C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[664] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C9AD .text C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[664] WS2_32.dll!sendto 71A12F51 5 Bytes JMP 2001D423 .text C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[664] WS2_32.dll!recvfrom 71A12FF7 5 Bytes JMP 2001D74D .text C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[664] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 2001DA66 .text C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[664] WS2_32.dll!send 71A14C27 5 Bytes JMP 2001D3D5 .text C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[664] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 2001D8AA .text C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[664] WS2_32.dll!recv 71A1676F 5 Bytes JMP 2001D6DE .text C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[664] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 2001D7C2 .text C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[664] WS2_32.dll!WSARecvFrom 71A1F66A 5 Bytes JMP 2001D985 .text C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[664] WS2_32.dll!WSASendTo 71A20AAD 5 Bytes JMP 2001D833 ? C:\WINDOWS\system32\svchost.exe[936] time/date stamp mismatch; .text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2004FF3F .text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20047A40 .text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2004FDBB .text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2004C9AD .text C:\WINDOWS\system32\svchost.exe[936] WS2_32.dll!sendto 71A12F51 5 Bytes JMP 2004D423 .text C:\WINDOWS\system32\svchost.exe[936] WS2_32.dll!recvfrom 71A12FF7 5 Bytes JMP 2004D74D .text C:\WINDOWS\system32\svchost.exe[936] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 2004DA66 .text C:\WINDOWS\system32\svchost.exe[936] WS2_32.dll!send 71A14C27 5 Bytes JMP 2004D3D5 .text C:\WINDOWS\system32\svchost.exe[936] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 2004D8AA .text C:\WINDOWS\system32\svchost.exe[936] WS2_32.dll!recv 71A1676F 5 Bytes JMP 2004D6DE .text C:\WINDOWS\system32\svchost.exe[936] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 2004D7C2 .text C:\WINDOWS\system32\svchost.exe[936] WS2_32.dll!WSARecvFrom 71A1F66A 5 Bytes JMP 2004D985 .text C:\WINDOWS\system32\svchost.exe[936] WS2_32.dll!WSASendTo 71A20AAD 5 Bytes JMP 2004D833 ? C:\WINDOWS\system32\svchost.exe[1004] time/date stamp mismatch; .text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2004FF3F .text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20047A40 .text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2004FDBB .text C:\WINDOWS\system32\svchost.exe[1004] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2004C9AD .text C:\WINDOWS\system32\svchost.exe[1004] WS2_32.dll!sendto 71A12F51 5 Bytes JMP 2004D423 .text C:\WINDOWS\system32\svchost.exe[1004] WS2_32.dll!recvfrom 71A12FF7 5 Bytes JMP 2004D74D .text C:\WINDOWS\system32\svchost.exe[1004] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 2004DA66 .text C:\WINDOWS\system32\svchost.exe[1004] WS2_32.dll!send 71A14C27 5 Bytes JMP 2004D3D5 .text C:\WINDOWS\system32\svchost.exe[1004] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 2004D8AA .text C:\WINDOWS\system32\svchost.exe[1004] WS2_32.dll!recv 71A1676F 5 Bytes JMP 2004D6DE .text C:\WINDOWS\system32\svchost.exe[1004] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 2004D7C2 .text C:\WINDOWS\system32\svchost.exe[1004] WS2_32.dll!WSARecvFrom 71A1F66A 5 Bytes JMP 2004D985 .text C:\WINDOWS\system32\svchost.exe[1004] WS2_32.dll!WSASendTo 71A20AAD 5 Bytes JMP 2004D833 ? C:\WINDOWS\System32\svchost.exe[1044] time/date stamp mismatch; .text C:\WINDOWS\System32\svchost.exe[1044] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2004FF3F .text C:\WINDOWS\System32\svchost.exe[1044] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20047A40 .text C:\WINDOWS\System32\svchost.exe[1044] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2004FDBB .text C:\WINDOWS\System32\svchost.exe[1044] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2004C9AD .text C:\WINDOWS\System32\svchost.exe[1044] WS2_32.dll!sendto 71A12F51 5 Bytes JMP 2004D423 .text C:\WINDOWS\System32\svchost.exe[1044] WS2_32.dll!recvfrom 71A12FF7 5 Bytes JMP 2004D74D .text C:\WINDOWS\System32\svchost.exe[1044] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 2004DA66 .text C:\WINDOWS\System32\svchost.exe[1044] WS2_32.dll!send 71A14C27 5 Bytes JMP 2004D3D5 .text C:\WINDOWS\System32\svchost.exe[1044] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 2004D8AA .text C:\WINDOWS\System32\svchost.exe[1044] WS2_32.dll!recv 71A1676F 5 Bytes JMP 2004D6DE .text C:\WINDOWS\System32\svchost.exe[1044] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 2004D7C2 .text C:\WINDOWS\System32\svchost.exe[1044] WS2_32.dll!WSARecvFrom 71A1F66A 5 Bytes JMP 2004D985 .text C:\WINDOWS\System32\svchost.exe[1044] WS2_32.dll!WSASendTo 71A20AAD 5 Bytes JMP 2004D833 .text C:\WINDOWS\System32\svchost.exe[1044] WININET.dll!InternetReadFile 408C654B 5 Bytes JMP 2004EAD7 .text C:\WINDOWS\System32\svchost.exe[1044] WININET.dll!InternetCloseHandle 408C9088 5 Bytes JMP 2004E132 .text C:\WINDOWS\System32\svchost.exe[1044] WININET.dll!InternetQueryDataAvailable 408CBF83 5 Bytes JMP 2004E7B8 .text C:\WINDOWS\System32\svchost.exe[1044] WININET.dll!HttpOpenRequestA 408CD508 5 Bytes JMP 2004EB92 .text C:\WINDOWS\System32\svchost.exe[1044] WININET.dll!HttpSendRequestW 408CFABE 5 Bytes JMP 2004E0D3 .text C:\WINDOWS\System32\svchost.exe[1044] WININET.dll!HttpOpenRequestW 408CFBFB 5 Bytes JMP 2004EBBF .text C:\WINDOWS\System32\svchost.exe[1044] WININET.dll!HttpSendRequestA 408DEE89 5 Bytes JMP 2004E09E .text C:\WINDOWS\System32\svchost.exe[1044] WININET.dll!InternetOpenUrlA 408DF3A4 5 Bytes JMP 2004EBEC .text C:\WINDOWS\System32\svchost.exe[1044] WININET.dll!InternetReadFileExW 408E3349 5 Bytes JMP 2004E9BC .text C:\WINDOWS\System32\svchost.exe[1044] WININET.dll!InternetReadFileExA 408E3381 5 Bytes JMP 2004E915 .text C:\WINDOWS\System32\svchost.exe[1044] WININET.dll!InternetWriteFile 4092608E 5 Bytes JMP 2004E105 .text C:\WINDOWS\System32\svchost.exe[1044] WININET.dll!InternetOpenUrlW 40926D77 5 Bytes JMP 2004EC13 .text C:\WINDOWS\System32\svchost.exe[1044] WININET.dll!HttpSendRequestExA 4093A666 5 Bytes JMP 2004E058 .text C:\WINDOWS\System32\svchost.exe[1044] WININET.dll!HttpSendRequestExW 4093A6BF 5 Bytes JMP 2004E012 .text C:\Programme\TightVNC\tvnserver.exe[1084] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2001FF3F .text C:\Programme\TightVNC\tvnserver.exe[1084] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20017A40 .text C:\Programme\TightVNC\tvnserver.exe[1084] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2001FDBB .text C:\Programme\TightVNC\tvnserver.exe[1084] WS2_32.dll!sendto 71A12F51 5 Bytes JMP 2001D423 .text C:\Programme\TightVNC\tvnserver.exe[1084] WS2_32.dll!recvfrom 71A12FF7 5 Bytes JMP 2001D74D .text C:\Programme\TightVNC\tvnserver.exe[1084] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 2001DA66 .text C:\Programme\TightVNC\tvnserver.exe[1084] WS2_32.dll!send 71A14C27 5 Bytes JMP 2001D3D5 .text C:\Programme\TightVNC\tvnserver.exe[1084] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 2001D8AA .text C:\Programme\TightVNC\tvnserver.exe[1084] WS2_32.dll!recv 71A1676F 5 Bytes JMP 2001D6DE .text C:\Programme\TightVNC\tvnserver.exe[1084] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 2001D7C2 .text C:\Programme\TightVNC\tvnserver.exe[1084] WS2_32.dll!WSARecvFrom 71A1F66A 5 Bytes JMP 2001D985 .text C:\Programme\TightVNC\tvnserver.exe[1084] WS2_32.dll!WSASendTo 71A20AAD 5 Bytes JMP 2001D833 .text C:\Programme\TightVNC\tvnserver.exe[1084] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C9AD .text C:\Programme\Internet Explorer\iexplore.exe[1092] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2007FF3F .text C:\Programme\Internet Explorer\iexplore.exe[1092] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20077A40 .text C:\Programme\Internet Explorer\iexplore.exe[1092] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2007FDBB .text C:\Programme\Internet Explorer\iexplore.exe[1092] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2007C9AD .text C:\Programme\Internet Explorer\iexplore.exe[1092] ws2_32.dll!sendto 71A12F51 5 Bytes JMP 2007D423 .text C:\Programme\Internet Explorer\iexplore.exe[1092] ws2_32.dll!recvfrom 71A12FF7 5 Bytes JMP 2007D74D .text C:\Programme\Internet Explorer\iexplore.exe[1092] ws2_32.dll!closesocket 71A13E2B 5 Bytes JMP 2007DA66 .text C:\Programme\Internet Explorer\iexplore.exe[1092] ws2_32.dll!send 71A14C27 5 Bytes JMP 2007D3D5 .text C:\Programme\Internet Explorer\iexplore.exe[1092] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 2007D8AA .text C:\Programme\Internet Explorer\iexplore.exe[1092] ws2_32.dll!recv 71A1676F 5 Bytes JMP 2007D6DE .text C:\Programme\Internet Explorer\iexplore.exe[1092] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 2007D7C2 .text C:\Programme\Internet Explorer\iexplore.exe[1092] ws2_32.dll!WSARecvFrom 71A1F66A 5 Bytes JMP 2007D985 .text C:\Programme\Internet Explorer\iexplore.exe[1092] ws2_32.dll!WSASendTo 71A20AAD 5 Bytes JMP 2007D833 .text C:\Programme\Internet Explorer\iexplore.exe[1096] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2001FF3F .text C:\Programme\Internet Explorer\iexplore.exe[1096] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20017A40 .text C:\Programme\Internet Explorer\iexplore.exe[1096] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2001FDBB .text C:\Programme\Internet Explorer\iexplore.exe[1096] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C9AD ? C:\WINDOWS\system32\svchost.exe[1104] time/date stamp mismatch; .text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2004FF3F .text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20047A40 .text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2004FDBB .text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2004C9AD .text C:\WINDOWS\system32\svchost.exe[1104] WS2_32.dll!sendto 71A12F51 5 Bytes JMP 2004D423 .text C:\WINDOWS\system32\svchost.exe[1104] WS2_32.dll!recvfrom 71A12FF7 5 Bytes JMP 2004D74D .text C:\WINDOWS\system32\svchost.exe[1104] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 2004DA66 .text C:\WINDOWS\system32\svchost.exe[1104] WS2_32.dll!send 71A14C27 5 Bytes JMP 2004D3D5 .text C:\WINDOWS\system32\svchost.exe[1104] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 2004D8AA .text C:\WINDOWS\system32\svchost.exe[1104] WS2_32.dll!recv 71A1676F 5 Bytes JMP 2004D6DE .text C:\WINDOWS\system32\svchost.exe[1104] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 2004D7C2 .text C:\WINDOWS\system32\svchost.exe[1104] WS2_32.dll!WSARecvFrom 71A1F66A 5 Bytes JMP 2004D985 .text C:\WINDOWS\system32\svchost.exe[1104] WS2_32.dll!WSASendTo 71A20AAD 5 Bytes JMP 2004D833 ? C:\WINDOWS\system32\svchost.exe[1228] time/date stamp mismatch; .text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2004FF3F .text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20047A40 .text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2004FDBB .text C:\WINDOWS\system32\svchost.exe[1228] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2004C9AD .text C:\WINDOWS\system32\svchost.exe[1228] WS2_32.dll!sendto 71A12F51 5 Bytes JMP 2004D423 .text C:\WINDOWS\system32\svchost.exe[1228] WS2_32.dll!recvfrom 71A12FF7 5 Bytes JMP 2004D74D .text C:\WINDOWS\system32\svchost.exe[1228] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 2004DA66 .text C:\WINDOWS\system32\svchost.exe[1228] WS2_32.dll!send 71A14C27 5 Bytes JMP 2004D3D5 .text C:\WINDOWS\system32\svchost.exe[1228] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 2004D8AA .text C:\WINDOWS\system32\svchost.exe[1228] WS2_32.dll!recv 71A1676F 5 Bytes JMP 2004D6DE .text C:\WINDOWS\system32\svchost.exe[1228] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 2004D7C2 .text C:\WINDOWS\system32\svchost.exe[1228] WS2_32.dll!WSARecvFrom 71A1F66A 5 Bytes JMP 2004D985 .text C:\WINDOWS\system32\svchost.exe[1228] WS2_32.dll!WSASendTo 71A20AAD 5 Bytes JMP 2004D833 ? C:\WINDOWS\system32\svchost.exe[1304] time/date stamp mismatch; .text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2001FF3F .text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20017A40 .text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2001FDBB .text C:\WINDOWS\system32\svchost.exe[1304] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C9AD .text C:\WINDOWS\system32\spoolsv.exe[1516] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2004FF3F .text C:\WINDOWS\system32\spoolsv.exe[1516] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20047A40 .text C:\WINDOWS\system32\spoolsv.exe[1516] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2004FDBB .text C:\WINDOWS\system32\spoolsv.exe[1516] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2004C9AD ? C:\WINDOWS\system32\svchost.exe[1592] time/date stamp mismatch; .text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2004FF3F .text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20047A40 .text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2004FDBB .text C:\WINDOWS\system32\svchost.exe[1592] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2004C9AD .text C:\WINDOWS\system32\svchost.exe[1592] WININET.dll!InternetReadFile 408C654B 5 Bytes JMP 2004EAD7 .text C:\WINDOWS\system32\svchost.exe[1592] WININET.dll!InternetCloseHandle 408C9088 5 Bytes JMP 2004E132 .text C:\WINDOWS\system32\svchost.exe[1592] WININET.dll!InternetQueryDataAvailable 408CBF83 5 Bytes JMP 2004E7B8 .text C:\WINDOWS\system32\svchost.exe[1592] WININET.dll!HttpOpenRequestA 408CD508 5 Bytes JMP 2004EB92 .text C:\WINDOWS\system32\svchost.exe[1592] WININET.dll!HttpSendRequestW 408CFABE 5 Bytes JMP 2004E0D3 .text C:\WINDOWS\system32\svchost.exe[1592] WININET.dll!HttpOpenRequestW 408CFBFB 5 Bytes JMP 2004EBBF .text C:\WINDOWS\system32\svchost.exe[1592] WININET.dll!HttpSendRequestA 408DEE89 5 Bytes JMP 2004E09E .text C:\WINDOWS\system32\svchost.exe[1592] WININET.dll!InternetOpenUrlA 408DF3A4 5 Bytes JMP 2004EBEC .text C:\WINDOWS\system32\svchost.exe[1592] WININET.dll!InternetReadFileExW 408E3349 5 Bytes JMP 2004E9BC .text C:\WINDOWS\system32\svchost.exe[1592] WININET.dll!InternetReadFileExA 408E3381 5 Bytes JMP 2004E915 .text C:\WINDOWS\system32\svchost.exe[1592] WININET.dll!InternetWriteFile 4092608E 5 Bytes JMP 2004E105 .text C:\WINDOWS\system32\svchost.exe[1592] WININET.dll!InternetOpenUrlW 40926D77 5 Bytes JMP 2004EC13 .text C:\WINDOWS\system32\svchost.exe[1592] WININET.dll!HttpSendRequestExA 4093A666 5 Bytes JMP 2004E058 .text C:\WINDOWS\system32\svchost.exe[1592] WININET.dll!HttpSendRequestExW 4093A6BF 5 Bytes JMP 2004E012 .text C:\WINDOWS\system32\svchost.exe[1592] WS2_32.dll!sendto 71A12F51 5 Bytes JMP 2004D423 .text C:\WINDOWS\system32\svchost.exe[1592] WS2_32.dll!recvfrom 71A12FF7 5 Bytes JMP 2004D74D .text C:\WINDOWS\system32\svchost.exe[1592] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 2004DA66 .text C:\WINDOWS\system32\svchost.exe[1592] WS2_32.dll!send 71A14C27 5 Bytes JMP 2004D3D5 .text C:\WINDOWS\system32\svchost.exe[1592] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 2004D8AA .text C:\WINDOWS\system32\svchost.exe[1592] WS2_32.dll!recv 71A1676F 5 Bytes JMP 2004D6DE .text C:\WINDOWS\system32\svchost.exe[1592] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 2004D7C2 .text C:\WINDOWS\system32\svchost.exe[1592] WS2_32.dll!WSARecvFrom 71A1F66A 5 Bytes JMP 2004D985 .text C:\WINDOWS\system32\svchost.exe[1592] WS2_32.dll!WSASendTo 71A20AAD 5 Bytes JMP 2004D833 .text C:\Programme\Bonjour\mDNSResponder.exe[1628] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2004FF3F .text C:\Programme\Bonjour\mDNSResponder.exe[1628] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20047A40 .text C:\Programme\Bonjour\mDNSResponder.exe[1628] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2004FDBB .text C:\Programme\Bonjour\mDNSResponder.exe[1628] WS2_32.dll!sendto 71A12F51 5 Bytes JMP 2004D423 .text C:\Programme\Bonjour\mDNSResponder.exe[1628] WS2_32.dll!recvfrom 71A12FF7 5 Bytes JMP 2004D74D .text C:\Programme\Bonjour\mDNSResponder.exe[1628] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 2004DA66 .text C:\Programme\Bonjour\mDNSResponder.exe[1628] WS2_32.dll!send 71A14C27 5 Bytes JMP 2004D3D5 .text C:\Programme\Bonjour\mDNSResponder.exe[1628] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 2004D8AA .text C:\Programme\Bonjour\mDNSResponder.exe[1628] WS2_32.dll!recv 71A1676F 5 Bytes JMP 2004D6DE .text C:\Programme\Bonjour\mDNSResponder.exe[1628] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 2004D7C2 .text C:\Programme\Bonjour\mDNSResponder.exe[1628] WS2_32.dll!WSARecvFrom 71A1F66A 5 Bytes JMP 2004D985 .text C:\Programme\Bonjour\mDNSResponder.exe[1628] WS2_32.dll!WSASendTo 71A20AAD 5 Bytes JMP 2004D833 .text C:\Programme\Bonjour\mDNSResponder.exe[1628] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2004C9AD .text C:\Programme\EeePC\ACPI\AsAcpiSvr.exe[1780] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2004FF3F .text C:\Programme\EeePC\ACPI\AsAcpiSvr.exe[1780] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20047A40 .text C:\Programme\EeePC\ACPI\AsAcpiSvr.exe[1780] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2004FDBB .text C:\Programme\EeePC\ACPI\AsAcpiSvr.exe[1780] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2004C9AD ? C:\WINDOWS\Explorer.EXE[2008] time/date stamp mismatch; unknown module: WINMM.dllunknown module: SETUPAPI.dllunknown module: WINSTA.dllunknown module: OLEACC.dllunknown module: BROWSEUI.dllunknown module: OLEAUT32.dllunknown module: SHDOCVW.dllunknown module: UxTheme.dll .text C:\WINDOWS\Explorer.EXE[2008] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2004FF3F .text C:\WINDOWS\Explorer.EXE[2008] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20047A40 .text C:\WINDOWS\Explorer.EXE[2008] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2004FDBB .text C:\WINDOWS\Explorer.EXE[2008] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2004C9AD .text C:\WINDOWS\Explorer.EXE[2008] WININET.dll!InternetReadFile 408C654B 5 Bytes JMP 2004EAD7 .text C:\WINDOWS\Explorer.EXE[2008] WININET.dll!InternetCloseHandle 408C9088 5 Bytes JMP 2004E132 .text C:\WINDOWS\Explorer.EXE[2008] WININET.dll!InternetQueryDataAvailable 408CBF83 5 Bytes JMP 2004E7B8 .text C:\WINDOWS\Explorer.EXE[2008] WININET.dll!HttpOpenRequestA 408CD508 5 Bytes JMP 2004EB92 .text C:\WINDOWS\Explorer.EXE[2008] WININET.dll!HttpSendRequestW 408CFABE 5 Bytes JMP 2004E0D3 .text C:\WINDOWS\Explorer.EXE[2008] WININET.dll!HttpOpenRequestW 408CFBFB 5 Bytes JMP 2004EBBF .text C:\WINDOWS\Explorer.EXE[2008] WININET.dll!HttpSendRequestA 408DEE89 5 Bytes JMP 2004E09E .text C:\WINDOWS\Explorer.EXE[2008] WININET.dll!InternetOpenUrlA 408DF3A4 5 Bytes JMP 2004EBEC .text C:\WINDOWS\Explorer.EXE[2008] WININET.dll!InternetReadFileExW 408E3349 5 Bytes JMP 2004E9BC .text C:\WINDOWS\Explorer.EXE[2008] WININET.dll!InternetReadFileExA 408E3381 5 Bytes JMP 2004E915 .text C:\WINDOWS\Explorer.EXE[2008] WININET.dll!InternetWriteFile 4092608E 5 Bytes JMP 2004E105 .text C:\WINDOWS\Explorer.EXE[2008] WININET.dll!InternetOpenUrlW 40926D77 5 Bytes JMP 2004EC13 .text C:\WINDOWS\Explorer.EXE[2008] WININET.dll!HttpSendRequestExA 4093A666 5 Bytes JMP 2004E058 .text C:\WINDOWS\Explorer.EXE[2008] WININET.dll!HttpSendRequestExW 4093A6BF 5 Bytes JMP 2004E012 .text C:\Programme\ICQ6Toolbar\ICQ Service.exe[2044] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2004FF3F .text C:\Programme\ICQ6Toolbar\ICQ Service.exe[2044] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20047A40 .text C:\Programme\ICQ6Toolbar\ICQ Service.exe[2044] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2004FDBB .text C:\Programme\ICQ6Toolbar\ICQ Service.exe[2044] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2004C9AD .text C:\Programme\ICQ6Toolbar\ICQ Service.exe[2044] WININET.dll!InternetReadFile 408C654B 5 Bytes JMP 2004EAD7 .text C:\Programme\ICQ6Toolbar\ICQ Service.exe[2044] WININET.dll!InternetCloseHandle 408C9088 5 Bytes JMP 2004E132 .text C:\Programme\ICQ6Toolbar\ICQ Service.exe[2044] WININET.dll!InternetQueryDataAvailable 408CBF83 5 Bytes JMP 2004E7B8 .text C:\Programme\ICQ6Toolbar\ICQ Service.exe[2044] WININET.dll!HttpOpenRequestA 408CD508 5 Bytes JMP 2004EB92 .text C:\Programme\ICQ6Toolbar\ICQ Service.exe[2044] WININET.dll!HttpSendRequestW 408CFABE 5 Bytes JMP 2004E0D3 .text C:\Programme\ICQ6Toolbar\ICQ Service.exe[2044] WININET.dll!HttpOpenRequestW 408CFBFB 5 Bytes JMP 2004EBBF .text C:\Programme\ICQ6Toolbar\ICQ Service.exe[2044] WININET.dll!HttpSendRequestA 408DEE89 5 Bytes JMP 2004E09E .text C:\Programme\ICQ6Toolbar\ICQ Service.exe[2044] WININET.dll!InternetOpenUrlA 408DF3A4 5 Bytes JMP 2004EBEC .text C:\Programme\ICQ6Toolbar\ICQ Service.exe[2044] WININET.dll!InternetReadFileExW 408E3349 5 Bytes JMP 2004E9BC .text C:\Programme\ICQ6Toolbar\ICQ Service.exe[2044] WININET.dll!InternetReadFileExA 408E3381 5 Bytes JMP 2004E915 .text C:\Programme\ICQ6Toolbar\ICQ Service.exe[2044] WININET.dll!InternetWriteFile 4092608E 5 Bytes JMP 2004E105 .text C:\Programme\ICQ6Toolbar\ICQ Service.exe[2044] WININET.dll!InternetOpenUrlW 40926D77 5 Bytes JMP 2004EC13 .text C:\Programme\ICQ6Toolbar\ICQ Service.exe[2044] WININET.dll!HttpSendRequestExA 4093A666 5 Bytes JMP 2004E058 .text C:\Programme\ICQ6Toolbar\ICQ Service.exe[2044] WININET.dll!HttpSendRequestExW 4093A6BF 5 Bytes JMP 2004E012 .text C:\Programme\ICQ6Toolbar\ICQ Service.exe[2044] ws2_32.dll!sendto 71A12F51 5 Bytes JMP 2004D423 .text C:\Programme\ICQ6Toolbar\ICQ Service.exe[2044] ws2_32.dll!recvfrom 71A12FF7 5 Bytes JMP 2004D74D .text C:\Programme\ICQ6Toolbar\ICQ Service.exe[2044] ws2_32.dll!closesocket 71A13E2B 5 Bytes JMP 2004DA66 .text C:\Programme\ICQ6Toolbar\ICQ Service.exe[2044] ws2_32.dll!send 71A14C27 5 Bytes JMP 2004D3D5 .text C:\Programme\ICQ6Toolbar\ICQ Service.exe[2044] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 2004D8AA .text C:\Programme\ICQ6Toolbar\ICQ Service.exe[2044] ws2_32.dll!recv 71A1676F 5 Bytes JMP 2004D6DE .text C:\Programme\ICQ6Toolbar\ICQ Service.exe[2044] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 2004D7C2 .text C:\Programme\ICQ6Toolbar\ICQ Service.exe[2044] ws2_32.dll!WSARecvFrom 71A1F66A 5 Bytes JMP 2004D985 .text C:\Programme\ICQ6Toolbar\ICQ Service.exe[2044] ws2_32.dll!WSASendTo 71A20AAD 5 Bytes JMP 2004D833 .text C:\Dokumente und Einstellungen\Media\Desktop\osam_autorun_manager_5_0_portable(1)\osam.exe[2296] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2001FF3F .text C:\Dokumente und Einstellungen\Media\Desktop\osam_autorun_manager_5_0_portable(1)\osam.exe[2296] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20017A40 .text C:\Dokumente und Einstellungen\Media\Desktop\osam_autorun_manager_5_0_portable(1)\osam.exe[2296] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2001FDBB .text C:\Dokumente und Einstellungen\Media\Desktop\osam_autorun_manager_5_0_portable(1)\osam.exe[2296] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C9AD .text C:\Dokumente und Einstellungen\Media\Desktop\osam_autorun_manager_5_0_portable(1)\osam.exe[2296] WS2_32.dll!sendto 71A12F51 5 Bytes JMP 2001D423 .text C:\Dokumente und Einstellungen\Media\Desktop\osam_autorun_manager_5_0_portable(1)\osam.exe[2296] WS2_32.dll!recvfrom 71A12FF7 5 Bytes JMP 2001D74D .text C:\Dokumente und Einstellungen\Media\Desktop\osam_autorun_manager_5_0_portable(1)\osam.exe[2296] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 2001DA66 .text C:\Dokumente und Einstellungen\Media\Desktop\osam_autorun_manager_5_0_portable(1)\osam.exe[2296] WS2_32.dll!send 71A14C27 5 Bytes JMP 2001D3D5 .text C:\Dokumente und Einstellungen\Media\Desktop\osam_autorun_manager_5_0_portable(1)\osam.exe[2296] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 2001D8AA .text C:\Dokumente und Einstellungen\Media\Desktop\osam_autorun_manager_5_0_portable(1)\osam.exe[2296] WS2_32.dll!recv 71A1676F 5 Bytes JMP 2001D6DE .text C:\Dokumente und Einstellungen\Media\Desktop\osam_autorun_manager_5_0_portable(1)\osam.exe[2296] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 2001D7C2 .text C:\Dokumente und Einstellungen\Media\Desktop\osam_autorun_manager_5_0_portable(1)\osam.exe[2296] WS2_32.dll!WSARecvFrom 71A1F66A 5 Bytes JMP 2001D985 .text C:\Dokumente und Einstellungen\Media\Desktop\osam_autorun_manager_5_0_portable(1)\osam.exe[2296] WS2_32.dll!WSASendTo 71A20AAD 5 Bytes JMP 2001D833 .text C:\WINDOWS\system32\igfxtray.exe[2324] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2001FF3F .text C:\WINDOWS\system32\igfxtray.exe[2324] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20017A40 .text C:\WINDOWS\system32\igfxtray.exe[2324] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2001FDBB .text C:\WINDOWS\system32\igfxtray.exe[2324] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C9AD .text C:\WINDOWS\system32\hkcmd.exe[2336] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2001FF3F .text C:\WINDOWS\system32\hkcmd.exe[2336] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20017A40 .text C:\WINDOWS\system32\hkcmd.exe[2336] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2001FDBB .text C:\WINDOWS\system32\hkcmd.exe[2336] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C9AD .text C:\WINDOWS\RTHDCPL.EXE[2420] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2001FF3F .text C:\WINDOWS\RTHDCPL.EXE[2420] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20017A40 .text C:\WINDOWS\RTHDCPL.EXE[2420] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2001FDBB .text C:\WINDOWS\RTHDCPL.EXE[2420] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C9AD .text C:\Dokumente und Einstellungen\Media\Desktop\mokpcsdp.exe[2480] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2001FF3F .text C:\Dokumente und Einstellungen\Media\Desktop\mokpcsdp.exe[2480] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20017A40 .text C:\Dokumente und Einstellungen\Media\Desktop\mokpcsdp.exe[2480] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2001FDBB .text C:\Dokumente und Einstellungen\Media\Desktop\mokpcsdp.exe[2480] user32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C9AD .text C:\Programme\Asus\LiveUpdate\LiveUpdate.exe[2500] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2001FF3F .text C:\Programme\Asus\LiveUpdate\LiveUpdate.exe[2500] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20017A40 .text C:\Programme\Asus\LiveUpdate\LiveUpdate.exe[2500] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2001FDBB .text C:\Programme\Asus\LiveUpdate\LiveUpdate.exe[2500] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C9AD .text C:\Programme\Asus\LiveUpdate\LiveUpdate.exe[2500] WININET.dll!InternetReadFile 408C654B 5 Bytes JMP 2001EAD7 .text C:\Programme\Asus\LiveUpdate\LiveUpdate.exe[2500] WININET.dll!InternetCloseHandle 408C9088 5 Bytes JMP 2001E132 .text C:\Programme\Asus\LiveUpdate\LiveUpdate.exe[2500] WININET.dll!InternetQueryDataAvailable 408CBF83 5 Bytes JMP 2001E7B8 .text C:\Programme\Asus\LiveUpdate\LiveUpdate.exe[2500] WININET.dll!HttpOpenRequestA 408CD508 5 Bytes JMP 2001EB92 .text C:\Programme\Asus\LiveUpdate\LiveUpdate.exe[2500] WININET.dll!HttpSendRequestW 408CFABE 5 Bytes JMP 2001E0D3 .text C:\Programme\Asus\LiveUpdate\LiveUpdate.exe[2500] WININET.dll!HttpOpenRequestW 408CFBFB 5 Bytes JMP 2001EBBF .text C:\Programme\Asus\LiveUpdate\LiveUpdate.exe[2500] WININET.dll!HttpSendRequestA 408DEE89 5 Bytes JMP 2001E09E .text C:\Programme\Asus\LiveUpdate\LiveUpdate.exe[2500] WININET.dll!InternetOpenUrlA 408DF3A4 5 Bytes JMP 2001EBEC .text C:\Programme\Asus\LiveUpdate\LiveUpdate.exe[2500] WININET.dll!InternetReadFileExW 408E3349 5 Bytes JMP 2001E9BC .text C:\Programme\Asus\LiveUpdate\LiveUpdate.exe[2500] WININET.dll!InternetReadFileExA 408E3381 5 Bytes JMP 2001E915 .text C:\Programme\Asus\LiveUpdate\LiveUpdate.exe[2500] WININET.dll!InternetWriteFile 4092608E 5 Bytes JMP 2001E105 .text C:\Programme\Asus\LiveUpdate\LiveUpdate.exe[2500] WININET.dll!InternetOpenUrlW 40926D77 5 Bytes JMP 2001EC13 .text C:\Programme\Asus\LiveUpdate\LiveUpdate.exe[2500] WININET.dll!HttpSendRequestExA 4093A666 5 Bytes JMP 2001E058 .text C:\Programme\Asus\LiveUpdate\LiveUpdate.exe[2500] WININET.dll!HttpSendRequestExW 4093A6BF 5 Bytes JMP 2001E012 .text C:\Programme\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe[2628] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2001FF3F .text C:\Programme\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe[2628] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20017A40 .text C:\Programme\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe[2628] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2001FDBB .text C:\Programme\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe[2628] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C9AD .text C:\Programme\EeePC\ACPI\AsEPCMon.exe[2644] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2001FF3F .text C:\Programme\EeePC\ACPI\AsEPCMon.exe[2644] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20017A40 .text C:\Programme\EeePC\ACPI\AsEPCMon.exe[2644] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2001FDBB .text C:\Programme\EeePC\ACPI\AsEPCMon.exe[2644] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C9AD .text C:\Programme\EeePC\ACPI\AsTray.exe[2680] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2001FF3F .text C:\Programme\EeePC\ACPI\AsTray.exe[2680] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20017A40 .text C:\Programme\EeePC\ACPI\AsTray.exe[2680] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2001FDBB .text C:\Programme\EeePC\ACPI\AsTray.exe[2680] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C9AD .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[2692] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2001FF3F .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[2692] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20017A40 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[2692] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2001FDBB .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[2692] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C9AD .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[2692] WININET.dll!InternetReadFile 408C654B 5 Bytes JMP 2001EAD7 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[2692] WININET.dll!InternetCloseHandle 408C9088 5 Bytes JMP 2001E132 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[2692] WININET.dll!InternetQueryDataAvailable 408CBF83 5 Bytes JMP 2001E7B8 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[2692] WININET.dll!HttpOpenRequestA 408CD508 5 Bytes JMP 2001EB92 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[2692] WININET.dll!HttpSendRequestW 408CFABE 5 Bytes JMP 2001E0D3 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[2692] WININET.dll!HttpOpenRequestW 408CFBFB 5 Bytes JMP 2001EBBF .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[2692] WININET.dll!HttpSendRequestA 408DEE89 5 Bytes JMP 2001E09E .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[2692] WININET.dll!InternetOpenUrlA 408DF3A4 5 Bytes JMP 2001EBEC .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[2692] WININET.dll!InternetReadFileExW 408E3349 5 Bytes JMP 2001E9BC .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[2692] WININET.dll!InternetReadFileExA 408E3381 5 Bytes JMP 2001E915 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[2692] WININET.dll!InternetWriteFile 4092608E 5 Bytes JMP 2001E105 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[2692] WININET.dll!InternetOpenUrlW 40926D77 5 Bytes JMP 2001EC13 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[2692] WININET.dll!HttpSendRequestExA 4093A666 5 Bytes JMP 2001E058 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[2692] WININET.dll!HttpSendRequestExW 4093A6BF 5 Bytes JMP 2001E012 .text C:\Programme\TightVNC\tvnserver.exe[2748] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2001FF3F .text C:\Programme\TightVNC\tvnserver.exe[2748] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20017A40 .text C:\Programme\TightVNC\tvnserver.exe[2748] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2001FDBB .text C:\Programme\TightVNC\tvnserver.exe[2748] WS2_32.dll!sendto 71A12F51 5 Bytes JMP 2001D423 .text C:\Programme\TightVNC\tvnserver.exe[2748] WS2_32.dll!recvfrom 71A12FF7 5 Bytes JMP 2001D74D .text C:\Programme\TightVNC\tvnserver.exe[2748] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 2001DA66 .text C:\Programme\TightVNC\tvnserver.exe[2748] WS2_32.dll!send 71A14C27 5 Bytes JMP 2001D3D5 .text C:\Programme\TightVNC\tvnserver.exe[2748] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 2001D8AA .text C:\Programme\TightVNC\tvnserver.exe[2748] WS2_32.dll!recv 71A1676F 5 Bytes JMP 2001D6DE .text C:\Programme\TightVNC\tvnserver.exe[2748] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 2001D7C2 .text C:\Programme\TightVNC\tvnserver.exe[2748] WS2_32.dll!WSARecvFrom 71A1F66A 5 Bytes JMP 2001D985 .text C:\Programme\TightVNC\tvnserver.exe[2748] WS2_32.dll!WSASendTo 71A20AAD 5 Bytes JMP 2001D833 .text C:\Programme\TightVNC\tvnserver.exe[2748] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C9AD .text C:\Programme\ASUS\Eee Docking\Eee Docking.exe[2764] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2001FF3F .text C:\Programme\ASUS\Eee Docking\Eee Docking.exe[2764] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20017A40 .text C:\Programme\ASUS\Eee Docking\Eee Docking.exe[2764] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2001FDBB .text C:\Programme\ASUS\Eee Docking\Eee Docking.exe[2764] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C9AD .text C:\WINDOWS\System32\alg.exe[2876] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2001FF3F .text C:\WINDOWS\System32\alg.exe[2876] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20017A40 .text C:\WINDOWS\System32\alg.exe[2876] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2001FDBB .text C:\WINDOWS\System32\alg.exe[2876] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C9AD .text C:\WINDOWS\System32\alg.exe[2876] WS2_32.dll!sendto 71A12F51 5 Bytes JMP 2001D423 .text C:\WINDOWS\System32\alg.exe[2876] WS2_32.dll!recvfrom 71A12FF7 5 Bytes JMP 2001D74D .text C:\WINDOWS\System32\alg.exe[2876] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 2001DA66 .text C:\WINDOWS\System32\alg.exe[2876] WS2_32.dll!send 71A14C27 5 Bytes JMP 2001D3D5 .text C:\WINDOWS\System32\alg.exe[2876] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 2001D8AA .text C:\WINDOWS\System32\alg.exe[2876] WS2_32.dll!recv 71A1676F 5 Bytes JMP 2001D6DE .text C:\WINDOWS\System32\alg.exe[2876] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 2001D7C2 .text C:\WINDOWS\System32\alg.exe[2876] WS2_32.dll!WSARecvFrom 71A1F66A 5 Bytes JMP 2001D985 .text C:\WINDOWS\System32\alg.exe[2876] WS2_32.dll!WSASendTo 71A20AAD 5 Bytes JMP 2001D833 .text C:\WINDOWS\system32\ctfmon.exe[3020] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2001FF3F .text C:\WINDOWS\system32\ctfmon.exe[3020] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20017A40 .text C:\WINDOWS\system32\ctfmon.exe[3020] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2001FDBB .text C:\WINDOWS\system32\ctfmon.exe[3020] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C9AD .text C:\Programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[3228] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2001FF3F .text C:\Programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[3228] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20017A40 .text C:\Programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[3228] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2001FDBB .text C:\Programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[3228] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C9AD .text C:\Programme\OpenOffice.org 3\program\soffice.exe[3376] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2004FF3F .text C:\Programme\OpenOffice.org 3\program\soffice.exe[3376] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20047A40 .text C:\Programme\OpenOffice.org 3\program\soffice.exe[3376] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2004FDBB .text C:\Programme\OpenOffice.org 3\program\soffice.exe[3376] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2004C9AD .text C:\Programme\OpenOffice.org 3\program\soffice.bin[3396] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2001FF3F .text C:\Programme\OpenOffice.org 3\program\soffice.bin[3396] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20017A40 .text C:\Programme\OpenOffice.org 3\program\soffice.bin[3396] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2001FDBB .text C:\Programme\OpenOffice.org 3\program\soffice.bin[3396] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C9AD .text C:\Programme\OpenOffice.org 3\program\soffice.bin[3396] WS2_32.dll!sendto 71A12F51 5 Bytes JMP 2001D423 .text C:\Programme\OpenOffice.org 3\program\soffice.bin[3396] WS2_32.dll!recvfrom 71A12FF7 5 Bytes JMP 2001D74D .text C:\Programme\OpenOffice.org 3\program\soffice.bin[3396] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 2001DA66 .text C:\Programme\OpenOffice.org 3\program\soffice.bin[3396] WS2_32.dll!send 71A14C27 5 Bytes JMP 2001D3D5 .text C:\Programme\OpenOffice.org 3\program\soffice.bin[3396] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 2001D8AA .text C:\Programme\OpenOffice.org 3\program\soffice.bin[3396] WS2_32.dll!recv 71A1676F 5 Bytes JMP 2001D6DE .text C:\Programme\OpenOffice.org 3\program\soffice.bin[3396] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 2001D7C2 .text C:\Programme\OpenOffice.org 3\program\soffice.bin[3396] WS2_32.dll!WSARecvFrom 71A1F66A 5 Bytes JMP 2001D985 .text C:\Programme\OpenOffice.org 3\program\soffice.bin[3396] WS2_32.dll!WSASendTo 71A20AAD 5 Bytes JMP 2001D833 .text C:\WINDOWS\system32\dwwin.exe[3412] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2001FF3F .text C:\WINDOWS\system32\dwwin.exe[3412] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20017A40 .text C:\WINDOWS\system32\dwwin.exe[3412] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2001FDBB .text C:\WINDOWS\system32\dwwin.exe[3412] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C9AD .text C:\WINDOWS\system32\dwwin.exe[3412] WININET.DLL!InternetReadFile 408C654B 5 Bytes JMP 2001EAD7 .text C:\WINDOWS\system32\dwwin.exe[3412] WININET.DLL!InternetCloseHandle 408C9088 5 Bytes JMP 2001E132 .text C:\WINDOWS\system32\dwwin.exe[3412] WININET.DLL!InternetQueryDataAvailable 408CBF83 5 Bytes JMP 2001E7B8 .text C:\WINDOWS\system32\dwwin.exe[3412] WININET.DLL!HttpOpenRequestA 408CD508 5 Bytes JMP 2001EB92 .text C:\WINDOWS\system32\dwwin.exe[3412] WININET.DLL!HttpSendRequestW 408CFABE 5 Bytes JMP 2001E0D3 .text C:\WINDOWS\system32\dwwin.exe[3412] WININET.DLL!HttpOpenRequestW 408CFBFB 5 Bytes JMP 2001EBBF .text C:\WINDOWS\system32\dwwin.exe[3412] WININET.DLL!HttpSendRequestA 408DEE89 5 Bytes JMP 2001E09E .text C:\WINDOWS\system32\dwwin.exe[3412] WININET.DLL!InternetOpenUrlA 408DF3A4 5 Bytes JMP 2001EBEC .text C:\WINDOWS\system32\dwwin.exe[3412] WININET.DLL!InternetReadFileExW 408E3349 5 Bytes JMP 2001E9BC .text C:\WINDOWS\system32\dwwin.exe[3412] WININET.DLL!InternetReadFileExA 408E3381 5 Bytes JMP 2001E915 .text C:\WINDOWS\system32\dwwin.exe[3412] WININET.DLL!InternetWriteFile 4092608E 5 Bytes JMP 2001E105 .text C:\WINDOWS\system32\dwwin.exe[3412] WININET.DLL!InternetOpenUrlW 40926D77 5 Bytes JMP 2001EC13 .text C:\WINDOWS\system32\dwwin.exe[3412] WININET.DLL!HttpSendRequestExA 4093A666 5 Bytes JMP 2001E058 .text C:\WINDOWS\system32\dwwin.exe[3412] WININET.DLL!HttpSendRequestExW 4093A6BF 5 Bytes JMP 2001E012 .text C:\WINDOWS\system32\wscntfy.exe[3632] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2001FF3F .text C:\WINDOWS\system32\wscntfy.exe[3632] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20017A40 .text C:\WINDOWS\system32\wscntfy.exe[3632] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2001FDBB .text C:\WINDOWS\system32\wscntfy.exe[3632] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C9AD ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Files - GMER 1.0.15 ---- File C:\Avenger\ysbfplsv.exe 167414 bytes executable File C:\Dokumente und Einstellungen\Media\Startmenü\Programme\Autostart\ysbfplsv.exe 0 bytes File C:\Programme\qmjsfiji\ysbfplsv.exe 167414 bytes executable File C:\WINDOWS\system32\config\systemprofile\Startmenü\Programme\Autostart\ysbfplsv.exe 167414 bytes executable File C:\_OTL\MovedFiles\04102011_212831\C_Programme\qmjsfiji\ysbfplsv.exe 167414 bytes executable ---- EOF - GMER 1.0.15 ---- und OSAM: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 20:43:41 on 16.04.2011 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - ? - C:\WINDOWS\system32\lsdelete.exe (File found, but it contains no detailed information) [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe "Ad-Aware Update (Weekly).job" - "Lavasoft " - C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AsUpIO" (AsUpIO) - ? - C:\WINDOWS\System32\drivers\AsUpIO.sys (File found, but it contains no detailed information) "Bluetooth-Audiogerät" (btaudio) - ? - C:\WINDOWS\System32\drivers\btaudio.sys (File not found) "Bluetooth-LAN-Zugangsserver" (BTWDNDIS) - ? - C:\WINDOWS\System32\DRIVERS\btwdndis.sys (File not found) "btwhid" (btwhid) - ? - C:\WINDOWS\System32\DRIVERS\btwhid.sys (File not found) "catchme" (catchme) - ? - C:\DOKUME~1\Media\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "FssFltr" (fssfltr) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys "Huawei DataCard USB Modem and USB Serial" (hwdatacard) - ? - C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys (File not found) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "Lbd" (Lbd) - "Lavasoft AB" - C:\WINDOWS\System32\DRIVERS\Lbd.sys "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "PCASp50 NDIS Protocol Driver" (PCASp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\System32\Drivers\PCASp50.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "Virtueller Bluetooth-Kommunikationstreiber" (BTDriver) - ? - C:\WINDOWS\System32\DRIVERS\btport.sys (File not found) "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "WIDCOMM USB Bluetooth Driver" (BTWUSB) - ? - C:\WINDOWS\System32\Drivers\btwusb.sys (File not found) "WPS NDIS Usermode I/O Protocol" (Wpsnuio) - "Skyhook Wireless" - C:\WINDOWS\System32\DRIVERS\wpsnuio.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor" - ? - (File not found | COM-object registry key not found) {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "&Windows Live Toolbar" - ? - C:\Programme\Windows Live\Toolbar\wltcore.dll (File not found) <binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found) {855F3B16-6D32-4fe6-8A56-BBB695989046} "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll {E601996F-E400-41CA-804B-CD6373A7EEE2} "ClsidExtension" - ? - (File not found | COM-object registry key not found) {77BF5300-1474-4EC7-9980-D32B190E9B07} "ClsidExtension" - ? - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (File not found) "ICQ7.2" - "ICQ, LLC." - C:\Programme\ICQ7.2\ICQ.exe {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL {77BF5300-1474-4EC7-9980-D32B190E9B07} "Skype" - ? - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "SuperHybridEngine.lnk" - "ASUSTeK Computer Inc." - C:\Programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Media\Startmenü\Programme\Autostart\desktop.ini "OpenOffice.org 3.2.lnk" - ? - C:\Programme\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists) "ysbfplsv.exe" - ? - C:\Dokumente und Einstellungen\Media\Startmenü\Programme\Autostart\ysbfplsv.exe (Hidden file, rootkit activity) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Eee Docking" - ? - C:\Programme\ASUS\Eee Docking\Eee Docking.exe "ICQ" - "ICQ, LLC." - "C:\Programme\ICQ7.2\ICQ.exe" silent loginmode=4 "msnmsgr" - "Microsoft Corporation" - "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background "swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )----- "Userinit" - ? - C:\Programme\qmjsfiji\ysbfplsv.exe (File is exclusively opened, access blocked) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "ASUS VIBE" - "ecm" - C:\Programme\ASUS\ASUS VIBE\ASUS VIBE.exe /S "AsusACPIServer" - "ASUSTeK Computer Inc." - C:\Programme\EeePC\ACPI\AsAcpiSvr.exe "AsusEPCMonitor" - "ASUSTeK Computer Inc." - C:\Programme\EeePC\ACPI\AsEPCMon.exe "AsusTray" - "ASUSTeK Computer Inc." - C:\Programme\EeePC\ACPI\AsTray.exe "Boingo Wi-Fi" - ? - "C:\Programme\Boingo\Boingo Wi-Fi\Boingo.lnk" "LiveUpdate" - ? - C:\Programme\Asus\LiveUpdate\LiveUpdate.exe auto (File found, but it contains no detailed information) "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" "tvncontrol" - "GlavSoft LLC." - "C:\Programme\TightVNC\tvnserver.exe" -controlservice -slave [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe "Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "ICQ Service" (ICQ Service) - ? - C:\Programme\ICQ6Toolbar\ICQ Service.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) - "Lavasoft" - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE "Oberon Media Game Console service" (OberonGameConsoleService) - ? - C:\Programme\Asus\Game Park\GameConsole\OberonGameConsoleService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe "SearchAnonymizer" (SearchAnonymizer) - ? - C:\Dokumente und Einstellungen\Media\Anwendungsdaten\OCS\SM\SearchAnonymizerHelper.exe "TightVNC Server" (tvnserver) - "GlavSoft LLC." - C:\Programme\TightVNC\tvnserver.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Programme\Windows Live\Family Safety\fsssvc.exe "Windows Media Player-Netzwerkfreigabedienst" (WMPNetworkSvc) - "Microsoft Corporation" - C:\Programme\Windows Media Player\WMPNetwk.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\Desktop )----- "SCRNSAVE.EXE" - ? - C:\DOKUME~1\Media\Desktop\IMG020~1.SCR (File not found) -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru gruss Multivitamin |
|
17.04.2011, 20:43
| #49 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | mehrere Schadsoftware und (fast) kein Programm lässt sich mehr öffnenZitat:
 Willst du noch weitermachen oder formatieren 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
17.04.2011, 21:06
| #50 |
| | mehrere Schadsoftware und (fast) kein Programm lässt sich mehr öffnen Hallo, ich würde wenn es unbedingt sein muss neu aufsetzen aber da gibt es zwei probleme: 1. meine Schwester hat irgendwie die xp CD Verdödelt ich hätte noch zwei (xp) recovery cd's von meinen pc'S aber kann ich einfach diese verwenden? 2. der "Aktivirungscode" der auf der Unterseide aufgedruckt ist ist soo verwischt das man ihn nicht mehr lesen kann. Ist der im System irgendwo gespeichert weil es ist ja eine legale Version und es wäre ja shcon blöd deswegen sich eine neue kaufen zu müssen. aber kannst du mit bitte noch sagen wo soetwas herkommt und wie man das nächste mal so viele(???) sachen verhindern kann. Ich weis nicht ob das jetzt viel ist aber mit den Funden die ICH auf meinen Pc's bis jetzt hatte (insgesammt 4 stück in vielen jahren) ist das doch relativ viel ;-) trozdem DANKE für die Hilfe die du dir bis jetzt gemacht hast!!! viele grüsse multivitamin |
|
17.04.2011, 21:27
| #51 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | mehrere Schadsoftware und (fast) kein Programm lässt sich mehr öffnen Wir können noch eine Analyse mit OTLPE machen und dann einen Fix und hoffen, dass der Dreck nicht wieder auftaucht Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.
__________________ --> mehrere Schadsoftware und (fast) kein Programm lässt sich mehr öffnen |
|
17.04.2011, 21:36
| #52 |
| | mehrere Schadsoftware und (fast) kein Programm lässt sich mehr öffnen Hallo! so das Programm downloadet und ist dann in einer Stunde fertig. Mir ist dann noch etwas eingefallen was wohl von mir zimloch fahrlässig war  und zwar habe ich immer die logs auf einem USB stick gespeichert und dann über meinen PC gepostet. Kann es jetzt sein das ich meinen PC infiziert habe oder das sich der andere PC immer wieder damit selbst infiziert? Das booten von einem USB DVD Laufwerk dürfte ja kein PRoblem sein?! Und könnte man nicht einfach die dateien die immer wieder kommen mit Notepad öffnen und da dann die zahlen zum teil löschen und etwas anderes reinschreiben? Ich finds echt Super wie du mir hilfst!! gruss Multivitamin |
|
18.04.2011, 13:20
| #53 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | mehrere Schadsoftware und (fast) kein Programm lässt sich mehr öffnenZitat:
Wir sollten uns erst um einen Rechner kümmern. Mach bitte die OTLPE-Logs.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.04.2011, 14:07
| #54 |
| | mehrere Schadsoftware und (fast) kein Programm lässt sich mehr öffnen Halo! Hier sind die 2 Logs Es waren die einzigen zwei neuen unter C:. Gut bei meinem PC kann nichts passiert sein da ich eigentlich nie mit Adminrechten dran bin. Hoffe es sind die richtigen Logs, da ich keine EXTRAS.TXT fnde. gruss Multivitamin |
|
18.04.2011, 14:35
| #55 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | mehrere Schadsoftware und (fast) kein Programm lässt sich mehr öffnen Auha, da ist doch noch einiges! Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\Media_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\Media_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\Media_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
O4 - Startup: C:\Dokumente und Einstellungen\Media\Startmenü\Programme\Autostart\ysbfplsv.exe ()
O20 - HKLM Winlogon: UserInit - (C:\Programme\qmjsfiji\ysbfplsv.exe) - C:\Programme\qmjsfiji\ysbfplsv.exe ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/10 23:05:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\ncg.exe" -a "%1" %*
[2011/04/15 16:00:06 | 000,472,001 | ---- | M] () -- C:\Dokumente und Einstellungen\Media\Desktop\mokpcsdp.exe
[2011/04/15 14:51:28 | 000,167,414 | --S- | M] () -- C:\WINDOWS\system32\config\systemprofile\Startmenü\Programme\Autostart\ysbfplsv.exe
[2011/04/15 14:51:28 | 000,167,414 | --S- | M] () -- C:\Dokumente und Einstellungen\Media\Startmenü\Programme\Autostart\ysbfplsv.exe
[2011/04/14 15:45:17 | 000,167,414 | ---- | M] () -- C:\WINDOWS\Explorermgr.exe
[2011/04/05 15:26:38 | 000,016,614 | -HS- | M] () -- C:\Dokumente und Einstellungen\Media\Lokale Einstellungen\Anwendungsdaten\2t082038vv3fl5we64v2j037hlimvlnj5
[2011/04/05 15:26:38 | 000,016,614 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2t082038vv3fl5we64v2j037hlimvlnj5
[2011/04/02 17:14:15 | 000,015,662 | -HS- | M] () -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\2t082038vv3fl5we64v2j037hlimvlnj5
[2011/04/02 16:46:38 | 000,016,742 | -HS- | M] () -- C:\Dokumente und Einstellungen\Media\Lokale Einstellungen\Anwendungsdaten\1537817555
[2011/04/02 16:45:08 | 000,016,714 | -HS- | M] () -- C:\Dokumente und Einstellungen\Media\Lokale Einstellungen\Anwendungsdaten\4152838253
[2011/04/02 16:45:08 | 000,016,714 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1537817555
[2011/04/02 16:44:29 | 000,016,702 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\4152838253
[2011/04/01 18:21:30 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Flegurupohof.dat
:Files
C:\Dokumente und Einstellungen\Media\Startmenü\Programme\Autostart\*.exe
C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\*.exe
C:\Dokumente und Einstellungen\Media\Startmenü\Programme\Autostart\*.exe
C:\WINDOWS\system32\config\systemprofile\Startmenü\Programme\Autostart\*.exe
C:\Programme\qmjsfiji
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\*.exe
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.04.2011, 15:05
| #56 |
| | mehrere Schadsoftware und (fast) kein Programm lässt sich mehr öffnen HALLO!! Hier ist das neue LOG: Code:
ATTFilter ========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
HKU\Media_ON_C\Software\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\Media_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\Media_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
C:\Dokumente und Einstellungen\Media\Startmenü\Programme\Autostart\ysbfplsv.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Programme\qmjsfiji\ysbfplsv.exe deleted successfully.
C:\Programme\qmjsfiji\ysbfplsv.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.
Registry key HKEY_USERS\.DEFAULT\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Classes\exefile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\Dokumente und Einstellungen\Media\Desktop\mokpcsdp.exe moved successfully.
C:\WINDOWS\System32\config\systemprofile\Startmenü\Programme\Autostart\ysbfplsv.exe moved successfully.
File C:\Dokumente und Einstellungen\Media\Startmenü\Programme\Autostart\ysbfplsv.exe not found.
C:\WINDOWS\Explorermgr.exe moved successfully.
C:\Dokumente und Einstellungen\Media\Lokale Einstellungen\Anwendungsdaten\2t082038vv3fl5we64v2j037hlimvlnj5 moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2t082038vv3fl5we64v2j037hlimvlnj5 moved successfully.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\2t082038vv3fl5we64v2j037hlimvlnj5 moved successfully.
C:\Dokumente und Einstellungen\Media\Lokale Einstellungen\Anwendungsdaten\1537817555 moved successfully.
C:\Dokumente und Einstellungen\Media\Lokale Einstellungen\Anwendungsdaten\4152838253 moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1537817555 moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\4152838253 moved successfully.
C:\WINDOWS\Flegurupohof.dat moved successfully.
========== FILES ==========
File\Folder C:\Dokumente und Einstellungen\Media\Startmenü\Programme\Autostart\*.exe not found.
File\Folder C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\*.exe not found.
File\Folder C:\Dokumente und Einstellungen\Media\Startmenü\Programme\Autostart\*.exe not found.
File\Folder C:\WINDOWS\system32\config\systemprofile\Startmenü\Programme\Autostart\*.exe not found.
C:\Programme\qmjsfiji folder moved successfully.
File\Folder C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\*.exe not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 405 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes
User: Media
->Temp folder emptied: 14995893 bytes
->Temporary Internet Files folder emptied: 7204347 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 8921088 bytes
->Flash cache emptied: 584 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1788 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 4560 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
Total Files Cleaned = 30.00 mb
OTLPE by OldTimer - Version 3.1.46.0 log created on 04182011_185915
Files\Folders moved on Reboot...
File\Folder X:\AUTORUN.INF not found!
Registry entries deleted on Reboot...
Vielen Dank für de Hlfe die du dr machst!!!  gruss Multivitamin |
|
18.04.2011, 15:08
| #57 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | mehrere Schadsoftware und (fast) kein Programm lässt sich mehr öffnen OTLPE noch am Laufen? Mach bitte neue OTL-Logs damit.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.04.2011, 19:12
| #58 |
| | mehrere Schadsoftware und (fast) kein Programm lässt sich mehr öffnen Hallo! Sorry hat etwas gedauert aber her das neue Log (eine Datei mit dem Namen EXTRAS.TXT gibt es bei mir nicht) Code:
ATTFilter OTL logfile created on: 4/19/2011 11:49:40 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,014.00 Mb Total Physical Memory | 827.00 Mb Available Physical Memory | 82.00% Memory free
902.00 Mb Paging File | 848.00 Mb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 80.01 Gb Total Space | 57.38 Gb Free Space | 71.72% Space Free | Partition Type: NTFS
Drive D: | 62.16 Gb Total Space | 62.07 Gb Free Space | 99.86% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2010/07/08 09:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) [Auto] -- C:\Programme\TightVNC\tvnserver.exe -- (tvnserver)
SRV - [2010/06/30 08:26:19 | 001,352,832 | ---- | M] (Lavasoft) [Auto] -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/05/01 11:55:30 | 000,040,960 | ---- | M] () [Auto] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2010/03/28 11:47:30 | 000,246,520 | ---- | M] () [Auto] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009/09/14 21:05:56 | 000,044,312 | ---- | M] () [Auto] -- C:\Programme\Asus\Game Park\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2008/11/03 20:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 18:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (hwdatacard)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | On_Demand] -- -- (BTWUSB)
DRV - File not found [Kernel | On_Demand] -- -- (btwhid)
DRV - File not found [Kernel | On_Demand] -- -- (BTWDNDIS)
DRV - File not found [Kernel | On_Demand] -- -- (BTDriver)
DRV - File not found [Kernel | On_Demand] -- -- (btaudio)
DRV - [2010/06/05 09:54:49 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2009/12/16 08:30:35 | 000,013,696 | ---- | M] (Skyhook Wireless) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\wpsnuio.sys -- (Wpsnuio)
DRV - [2009/11/17 07:51:38 | 005,956,608 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/10/01 09:39:14 | 000,182,656 | ---- | M] (SMI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SMIksdrv.sys -- (usbsmi)
DRV - [2009/08/11 20:04:30 | 001,582,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/08/06 02:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/07/27 03:09:52 | 000,044,032 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/07/05 22:48:02 | 000,011,448 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2008/11/03 03:03:28 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2008/08/05 08:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/24 04:56:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/04/08 13:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI)
DRV - [2006/01/04 03:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com/
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Media_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\Media_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\Media_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\Media_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\Media_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Media_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
O1 HOSTS File: ([2011/04/18 18:59:21 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKU\Media_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - File not found
O4 - HKLM..\Run: [ASUS VIBE] C:\Programme\ASUS\ASUS VIBE\ASUS VIBE.exe (ecm)
O4 - HKLM..\Run: [AsusACPIServer] C:\Programme\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Programme\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Programme\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Programme\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [LiveUpdate] C:\Programme\Asus\LiveUpdate\LiveUpdate.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [tvncontrol] C:\Programme\TightVNC\tvnserver.exe (GlavSoft LLC.)
O4 - HKU\Administrator_ON_C..\Run: [Eee Docking] C:\Programme\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKU\Media_ON_C..\Run: [Eee Docking] C:\Programme\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKU\Media_ON_C..\Run: [ICQ] C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SuperHybridEngine.lnk = C:\Programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Media\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Media_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Media_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Media_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Media_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - File not found
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Programme\qmjsfiji\ysbfplsv.exe) - C:\Programme\qmjsfiji\ysbfplsv.exe ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Eee PC Seashell_1.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Eee PC Seashell_1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/04/18 18:59:17 | 002,234,368 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2011/04/18 13:01:00 | 000,000,000 | ---D | C] -- C:\Programme\qmjsfiji
[2011/04/16 17:47:45 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\NetworkService\Cookies
[2011/04/15 16:02:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Media\Desktop\osam_autorun_manager_5_0_portable(1)
[2011/04/15 14:48:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/13 16:04:54 | 000,000,000 | ---D | C] -- C:\cofi976c
[2011/04/13 15:12:26 | 000,000,000 | ---D | C] -- C:\Avenger
[2011/04/13 15:09:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Media\Desktop\avenger
[2011/04/12 15:03:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/04/12 14:55:36 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/12 14:48:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/12 14:48:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/12 14:48:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/12 14:48:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/11 15:34:13 | 000,000,000 | ---D | C] -- C:\cofi
[2011/04/11 15:24:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/11 15:21:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/11 15:19:57 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent
[2011/04/11 15:18:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner
[2011/04/11 15:18:26 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2011/04/11 15:17:30 | 003,050,664 | ---- | C] (Piriform Ltd) -- C:\Dokumente und Einstellungen\Administrator\Desktop\ccsetup305.exe
[2011/04/10 16:07:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\tdsskiller
[2011/04/10 16:04:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Media\Desktop\tdsskiller
[2011/04/10 15:28:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/10 15:13:27 | 000,751,091 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\OTL.exe
[2011/04/10 11:07:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia
[2011/04/10 09:46:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/04/09 17:10:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
[2011/04/09 16:54:00 | 000,429,012 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Media\Desktop\OTH.scr
[2011/04/09 16:39:48 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Media\Desktop\mbam-setup-1.50.1.1100.com
[2011/04/07 16:44:43 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\PrivacIE
[2011/04/07 16:44:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\vrs
[2011/04/02 17:15:55 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\NetworkService\PrivacIE
[2011/04/02 17:15:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Google
[2011/04/02 16:56:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\TeamViewer
[2011/04/02 16:56:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 6
[2011/04/02 16:55:50 | 000,000,000 | ---D | C] -- C:\Programme\TeamViewer
[2011/04/01 18:30:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Sun
[2011/03/31 15:47:42 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\NetworkService\Favoriten
[2011/03/29 13:29:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2011/03/29 13:28:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe
[2011/03/29 13:28:32 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\NetworkService\IETldCache
[2009/11/04 02:53:14 | 000,013,880 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\kbfiltr.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/04/18 18:59:21 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/04/18 13:14:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/18 13:02:30 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/18 13:01:16 | 000,002,181 | ---- | M] () -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Safari.lnk
[2011/04/18 13:01:00 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/18 13:00:59 | 000,167,414 | --S- | M] () -- C:\WINDOWS\system32\config\systemprofile\Startmenü\Programme\Autostart\ysbfplsv.exe
[2011/04/18 11:07:00 | 000,012,580 | ---- | M] () -- C:\Neu ZIP-komprimierter Ordner.zip
[2011/04/18 10:56:31 | 000,002,163 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Safari.lnk
[2011/04/18 06:54:05 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/14 08:01:36 | 000,250,865 | ---- | M] () -- C:\Dokumente und Einstellungen\Media\Desktop\MBRCheck.exe
[2011/04/13 16:02:24 | 004,320,019 | R--- | M] () -- C:\Dokumente und Einstellungen\Media\Desktop\cofi.exe
[2011/04/13 15:11:38 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/04/13 15:09:35 | 000,724,952 | ---- | M] () -- C:\Dokumente und Einstellungen\Media\Desktop\avenger.zip
[2011/04/12 14:55:40 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/12 14:47:25 | 004,319,653 | R--- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\cofi.exe
[2011/04/11 15:18:27 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2011/04/11 15:18:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner
[2011/04/11 15:17:44 | 003,050,664 | ---- | M] (Piriform Ltd) -- C:\Dokumente und Einstellungen\Administrator\Desktop\ccsetup305.exe
[2011/04/10 16:02:58 | 001,263,721 | ---- | M] () -- C:\Dokumente und Einstellungen\Media\Desktop\tdsskiller.zip
[2011/04/10 16:02:58 | 001,263,721 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\tdsskiller.zip
[2011/04/10 15:13:36 | 000,751,091 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\OTL.exe
[2011/04/09 17:59:12 | 000,001,174 | ---- | M] () -- C:\mbam-log-2011-04-09 (23-53-24).zip
[2011/04/09 16:51:21 | 000,429,012 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Media\Desktop\OTH.scr
[2011/04/09 16:43:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011/04/09 16:36:32 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Media\Desktop\mbam-setup-1.50.1.1100.com
[2011/04/02 16:56:04 | 000,000,787 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TeamViewer 6.lnk
[2011/04/02 16:56:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 6
[2011/03/21 16:15:32 | 000,158,889 | ---- | M] () -- C:\Dokumente und Einstellungen\Media\Desktop\B wie beck.odp
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/04/18 13:01:00 | 000,167,414 | --S- | C] () -- C:\WINDOWS\system32\config\systemprofile\Startmenü\Programme\Autostart\ysbfplsv.exe
[2011/04/18 11:06:52 | 000,012,580 | ---- | C] () -- C:\Neu ZIP-komprimierter Ordner.zip
[2011/04/14 08:06:58 | 000,250,865 | ---- | C] () -- C:\Dokumente und Einstellungen\Media\Desktop\MBRCheck.exe
[2011/04/13 16:03:36 | 004,320,019 | R--- | C] () -- C:\Dokumente und Einstellungen\Media\Desktop\cofi.exe
[2011/04/13 15:09:23 | 000,724,952 | ---- | C] () -- C:\Dokumente und Einstellungen\Media\Desktop\avenger.zip
[2011/04/12 14:55:40 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/04/12 14:55:37 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2011/04/12 14:48:21 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/12 14:48:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/12 14:48:21 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/12 14:48:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/12 14:48:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/11 15:18:27 | 000,000,654 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2011/04/11 15:16:35 | 004,319,653 | R--- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\cofi.exe
[2011/04/10 16:06:54 | 001,263,721 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\tdsskiller.zip
[2011/04/10 16:03:50 | 001,263,721 | ---- | C] () -- C:\Dokumente und Einstellungen\Media\Desktop\tdsskiller.zip
[2011/04/09 17:59:12 | 000,001,174 | ---- | C] () -- C:\mbam-log-2011-04-09 (23-53-24).zip
[2011/04/02 16:56:03 | 000,000,787 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TeamViewer 6.lnk
[2011/03/21 16:15:31 | 000,158,889 | ---- | C] () -- C:\Dokumente und Einstellungen\Media\Desktop\B wie beck.odp
[2011/03/10 14:43:06 | 000,006,057 | ---- | C] () -- C:\Dokumente und Einstellungen\Media\.recently-used.xbel
[2010/09/21 12:20:56 | 000,162,302 | ---- | C] () -- C:\Dokumente und Einstellungen\Media\Unbenannt.jpg
[2010/08/04 05:55:06 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\Unlha32.dll
[2010/08/04 05:55:06 | 000,087,040 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2010/08/04 05:55:05 | 000,473,600 | ---- | C] () -- C:\WINDOWS\System32\Harmony.dll
[2010/05/05 10:44:08 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/04/17 09:16:43 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/17 09:14:38 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010/03/22 13:04:03 | 000,007,680 | ---- | C] () -- C:\Dokumente und Einstellungen\Media\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/10 15:34:59 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\wklnhst.dat
[2010/03/09 13:35:25 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/03/09 13:35:25 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2010/02/15 13:16:07 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/02/10 08:27:56 | 000,041,768 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/02/04 21:49:20 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/01/27 13:13:52 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\Media\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009/12/16 09:36:47 | 000,025,616 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini
[2009/12/16 09:36:47 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini
[2009/12/11 21:28:45 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\SM37XCoInst.dll
[2009/12/11 19:45:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/12/11 16:47:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uvcrecordfix.exe
[2009/12/11 16:47:19 | 000,024,576 | ---- | C] () -- C:\WINDOWS\Sleep.exe
[2009/12/11 16:26:17 | 000,011,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsUpIO.sys
[2009/12/11 16:26:08 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2009/12/11 16:23:35 | 000,004,692 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2009/12/11 16:21:30 | 000,013,930 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2009/12/10 23:07:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/12/10 23:03:28 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/12/10 13:59:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/12/10 13:59:00 | 000,208,104 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/10 13:53:25 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/12/10 13:53:14 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/12/10 13:53:13 | 000,004,562 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/12/10 13:53:12 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/12/10 13:53:12 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/12/10 13:53:10 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/12/10 13:53:10 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/12/10 13:53:08 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/12/10 13:53:06 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
========== LOP Check ==========
[2010/08/30 14:59:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\OpenOffice.org
[2010/08/31 13:52:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\TightVNC
[2010/03/14 14:54:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\ABToolsToolbarEBay
[2010/06/16 15:24:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\Asus
[2011/03/10 14:36:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\gtk-2.0
[2011/04/18 10:59:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\ICQ
[2010/05/01 11:55:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\kikin
[2010/05/01 11:55:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\OCS
[2010/04/16 14:47:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\OpenOffice.org
[2010/05/01 11:55:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\Opera
[2010/03/14 14:54:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\SchnellSchreiben
[2011/04/02 16:56:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\TeamViewer
[2010/03/10 15:35:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\Template
[2010/06/16 13:15:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EBI
[2009/12/16 08:30:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GoBoingo
[2011/02/02 16:56:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2009/12/11 16:21:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ralink Driver
[2010/06/16 13:15:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RSMR
[2010/01/30 16:38:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2010/05/05 09:34:55 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2011/04/13 15:11:38 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
========== Purity Check ==========
< End of report >
gruss Multivitamin |
|
19.04.2011, 20:17
| #59 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | mehrere Schadsoftware und (fast) kein Programm lässt sich mehr öffnen Etwas besser ist es schon. hast du Windows seitdem wieder normal gestartet? Bitte nochmal über OTLPE fixen: Code:
ATTFilter :OTL
[2010/06/16 13:15:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RSMR
[2010/01/30 16:38:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2010/05/05 09:34:55 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2011/04/18 13:01:00 | 000,000,000 | ---D | C] -- C:\Programme\qmjsfiji
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.04.2011, 20:49
| #60 |
| | mehrere Schadsoftware und (fast) kein Programm lässt sich mehr öffnen Hallo! ich habe jetzt gefixt aber irgendwie ist das Log weg. Da war das nach dem Fixen offen ich hab neu gestartet aber unter c:/OTL.TXT steht nur das alte log. befindet sich das Log noch irgendwo?? gruss Multivitamin |
|
| Themen zu mehrere Schadsoftware und (fast) kein Programm lässt sich mehr öffnen |
| .exe anwendung, abgesicherte, abgesicherten, anwendung, asus netbook, blauer, c:\windows, c:\windows\system32\rundll32.exe, dll, ernst, erscheint, fenster, gen, meldungen, modus, namen, nenne, programm, rundll, rundll32.exe, system32, systems, systemsteuerung, titel, urlaub, versucht, windows, öffnen |
Linear-Darstellung
