Und jetzt Teil 2 vom GMER:
Code:
.text C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe[3308] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00310804
.text C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe[3308] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00310A08
.text C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe[3308] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00310C0C
.text C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe[3308] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00310E10
.text C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe[3308] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003101F8
.text C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe[3308] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003103FC
.text C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe[3308] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00310600
.text C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe[3308] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804
.text C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe[3308] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08
.text C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe[3308] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600
.text C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe[3308] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8
.text C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe[3308] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC
.text C:\WINDOWS\system32\svchost.exe[3356] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[3356] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3356] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[3356] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3356] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[3356] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[3356] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[3356] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[3356] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[3356] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[3356] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[3356] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[3356] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[3356] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[3356] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[3356] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[3356] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe[3396] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe[3396] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe[3396] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe[3396] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe[3396] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe[3396] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe[3396] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe[3396] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe[3396] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe[3396] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe[3396] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003A1014
.text C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe[3396] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003A0804
.text C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe[3396] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003A0A08
.text C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe[3396] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003A0C0C
.text C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe[3396] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003A0E10
.text C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe[3396] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003A01F8
.text C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe[3396] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003A03FC
.text C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe[3396] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003A0600
.text C:\Programme\Gemeinsame Dateien\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe[3404] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Programme\Gemeinsame Dateien\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe[3404] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe[3404] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Programme\Gemeinsame Dateien\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe[3404] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe[3404] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\Programme\Gemeinsame Dateien\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe[3404] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\Programme\Gemeinsame Dateien\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe[3404] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\Programme\Gemeinsame Dateien\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe[3404] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\Programme\Gemeinsame Dateien\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe[3404] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\Programme\Gemeinsame Dateien\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe[3404] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\Programme\Gemeinsame Dateien\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe[3404] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\Programme\Gemeinsame Dateien\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe[3404] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\Programme\Gemeinsame Dateien\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe[3404] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\Programme\Gemeinsame Dateien\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe[3404] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003A0804
.text C:\Programme\Gemeinsame Dateien\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe[3404] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003A0A08
.text C:\Programme\Gemeinsame Dateien\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe[3404] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003A0600
.text C:\Programme\Gemeinsame Dateien\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe[3404] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003A01F8
.text C:\Programme\Gemeinsame Dateien\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe[3404] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003A03FC
.text C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe[3428] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001401F8
.text C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe[3428] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe[3428] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001403FC
.text C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe[3428] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe[3428] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00381014
.text C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe[3428] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00380804
.text C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe[3428] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00380A08
.text C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe[3428] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00380C0C
.text C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe[3428] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00380E10
.text C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe[3428] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003801F8
.text C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe[3428] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003803FC
.text C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe[3428] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00380600
.text C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe[3428] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe[3428] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe[3428] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe[3428] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe[3428] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe[3428] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\WINDOWS\system32\SearchIndexer.exe[3436] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000D01F8
.text C:\WINDOWS\system32\SearchIndexer.exe[3436] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\SearchIndexer.exe[3436] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000D03FC
.text C:\WINDOWS\system32\SearchIndexer.exe[3436] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[3436] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\SearchIndexer.exe[3436] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00311014
.text C:\WINDOWS\system32\SearchIndexer.exe[3436] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\SearchIndexer.exe[3436] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\SearchIndexer.exe[3436] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00310C0C
.text C:\WINDOWS\system32\SearchIndexer.exe[3436] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00310E10
.text C:\WINDOWS\system32\SearchIndexer.exe[3436] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\SearchIndexer.exe[3436] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\SearchIndexer.exe[3436] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\SearchIndexer.exe[3436] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804
.text C:\WINDOWS\system32\SearchIndexer.exe[3436] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08
.text C:\WINDOWS\system32\SearchIndexer.exe[3436] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600
.text C:\WINDOWS\system32\SearchIndexer.exe[3436] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8
.text C:\WINDOWS\system32\SearchIndexer.exe[3436] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC
.text C:\Programme\FreePDF_XP\fpassist.exe[3512] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001401F8
.text C:\Programme\FreePDF_XP\fpassist.exe[3512] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\FreePDF_XP\fpassist.exe[3512] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001403FC
.text C:\Programme\FreePDF_XP\fpassist.exe[3512] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\FreePDF_XP\fpassist.exe[3512] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00380804
.text C:\Programme\FreePDF_XP\fpassist.exe[3512] USER32.dll!UnhookWindowsHookEx 7E37D5F3 3 Bytes JMP 00380A08
.text C:\Programme\FreePDF_XP\fpassist.exe[3512] USER32.dll!UnhookWindowsHookEx + 4 7E37D5F7 1 Byte [82]
.text C:\Programme\FreePDF_XP\fpassist.exe[3512] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00380600
.text C:\Programme\FreePDF_XP\fpassist.exe[3512] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003801F8
.text C:\Programme\FreePDF_XP\fpassist.exe[3512] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003803FC
.text C:\Programme\FreePDF_XP\fpassist.exe[3512] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\Programme\FreePDF_XP\fpassist.exe[3512] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\Programme\FreePDF_XP\fpassist.exe[3512] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\Programme\FreePDF_XP\fpassist.exe[3512] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\Programme\FreePDF_XP\fpassist.exe[3512] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\Programme\FreePDF_XP\fpassist.exe[3512] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\Programme\FreePDF_XP\fpassist.exe[3512] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\Programme\FreePDF_XP\fpassist.exe[3512] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\Programme\FreePDF_XP\fpassist.exe[3512] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\Programme\Samsung\Kies\KiesTrayAgent.exe[3528] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Programme\Samsung\Kies\KiesTrayAgent.exe[3528] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Samsung\Kies\KiesTrayAgent.exe[3528] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Programme\Samsung\Kies\KiesTrayAgent.exe[3528] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Samsung\Kies\KiesTrayAgent.exe[3528] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003A0804
.text C:\Programme\Samsung\Kies\KiesTrayAgent.exe[3528] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003A0A08
.text C:\Programme\Samsung\Kies\KiesTrayAgent.exe[3528] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003A0600
.text C:\Programme\Samsung\Kies\KiesTrayAgent.exe[3528] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003A01F8
.text C:\Programme\Samsung\Kies\KiesTrayAgent.exe[3528] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003A03FC
.text C:\Programme\Samsung\Kies\KiesTrayAgent.exe[3528] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003B1014
.text C:\Programme\Samsung\Kies\KiesTrayAgent.exe[3528] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003B0804
.text C:\Programme\Samsung\Kies\KiesTrayAgent.exe[3528] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003B0A08
.text C:\Programme\Samsung\Kies\KiesTrayAgent.exe[3528] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003B0C0C
.text C:\Programme\Samsung\Kies\KiesTrayAgent.exe[3528] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003B0E10
.text C:\Programme\Samsung\Kies\KiesTrayAgent.exe[3528] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003B01F8
.text C:\Programme\Samsung\Kies\KiesTrayAgent.exe[3528] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003B03FC
.text C:\Programme\Samsung\Kies\KiesTrayAgent.exe[3528] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003B0600
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3748] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3748] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3748] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3748] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3748] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003A1014
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3748] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003A0804
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3748] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003A0A08
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3748] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003A0C0C
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3748] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003A0E10
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3748] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003A01F8
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3748] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003A03FC
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3748] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003A0600
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3748] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003B0804
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3748] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003B0A08
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3748] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003B0600
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3748] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003B01F8
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3748] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003B03FC
.text C:\WINDOWS\Twain_32\fjscan32\FjtwMkup.exe[3836] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\Twain_32\fjscan32\FjtwMkup.exe[3836] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\Twain_32\fjscan32\FjtwMkup.exe[3836] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\Twain_32\fjscan32\FjtwMkup.exe[3836] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Twain_32\fjscan32\FjtwMkup.exe[3836] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00381014
.text C:\WINDOWS\Twain_32\fjscan32\FjtwMkup.exe[3836] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00380804
.text C:\WINDOWS\Twain_32\fjscan32\FjtwMkup.exe[3836] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00380A08
.text C:\WINDOWS\Twain_32\fjscan32\FjtwMkup.exe[3836] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\Twain_32\fjscan32\FjtwMkup.exe[3836] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00380E10
.text C:\WINDOWS\Twain_32\fjscan32\FjtwMkup.exe[3836] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003801F8
.text C:\WINDOWS\Twain_32\fjscan32\FjtwMkup.exe[3836] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\Twain_32\fjscan32\FjtwMkup.exe[3836] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00380600
.text C:\WINDOWS\Twain_32\fjscan32\FjtwMkup.exe[3836] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\WINDOWS\Twain_32\fjscan32\FjtwMkup.exe[3836] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\Twain_32\fjscan32\FjtwMkup.exe[3836] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\WINDOWS\Twain_32\fjscan32\FjtwMkup.exe[3836] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\Twain_32\fjscan32\FjtwMkup.exe[3836] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\WINDOWS\Twain_32\fjscan32\FjtwMkup.exe[3836] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\PROGRA~1\Firebird\FIREBI~1\bin\fbserver.exe[3856] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 002401F8
.text C:\PROGRA~1\Firebird\FIREBI~1\bin\fbserver.exe[3856] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\PROGRA~1\Firebird\FIREBI~1\bin\fbserver.exe[3856] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 002403FC
.text C:\PROGRA~1\Firebird\FIREBI~1\bin\fbserver.exe[3856] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\PROGRA~1\Firebird\FIREBI~1\bin\fbserver.exe[3856] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00600804
.text C:\PROGRA~1\Firebird\FIREBI~1\bin\fbserver.exe[3856] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00600A08
.text C:\PROGRA~1\Firebird\FIREBI~1\bin\fbserver.exe[3856] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00600600
.text C:\PROGRA~1\Firebird\FIREBI~1\bin\fbserver.exe[3856] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 006001F8
.text C:\PROGRA~1\Firebird\FIREBI~1\bin\fbserver.exe[3856] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 006003FC
.text C:\PROGRA~1\Firebird\FIREBI~1\bin\fbserver.exe[3856] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00611014
.text C:\PROGRA~1\Firebird\FIREBI~1\bin\fbserver.exe[3856] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00610804
.text C:\PROGRA~1\Firebird\FIREBI~1\bin\fbserver.exe[3856] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00610A08
.text C:\PROGRA~1\Firebird\FIREBI~1\bin\fbserver.exe[3856] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00610C0C
.text C:\PROGRA~1\Firebird\FIREBI~1\bin\fbserver.exe[3856] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00610E10
.text C:\PROGRA~1\Firebird\FIREBI~1\bin\fbserver.exe[3856] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 006101F8
.text C:\PROGRA~1\Firebird\FIREBI~1\bin\fbserver.exe[3856] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 006103FC
.text C:\PROGRA~1\Firebird\FIREBI~1\bin\fbserver.exe[3856] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00610600
.text C:\WINDOWS\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe[3880] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe[3880] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe[3880] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe[3880] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe[3880] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00380804
.text C:\WINDOWS\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe[3880] USER32.dll!UnhookWindowsHookEx 7E37D5F3 3 Bytes JMP 00380A08
.text C:\WINDOWS\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe[3880] USER32.dll!UnhookWindowsHookEx + 4 7E37D5F7 1 Byte [82]
.text C:\WINDOWS\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe[3880] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00380600
.text C:\WINDOWS\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe[3880] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe[3880] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe[3880] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\WINDOWS\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe[3880] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\WINDOWS\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe[3880] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\WINDOWS\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe[3880] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\WINDOWS\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe[3880] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe[3880] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\WINDOWS\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe[3880] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\WINDOWS\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe[3880] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe[3880] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\Programme\Microsoft ActiveSync\wcescomm.exe[3904] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001401F8
.text C:\Programme\Microsoft ActiveSync\wcescomm.exe[3904] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Microsoft ActiveSync\wcescomm.exe[3904] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001403FC
.text C:\Programme\Microsoft ActiveSync\wcescomm.exe[3904] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Microsoft ActiveSync\wcescomm.exe[3904] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003C1014
.text C:\Programme\Microsoft ActiveSync\wcescomm.exe[3904] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003C0804
.text C:\Programme\Microsoft ActiveSync\wcescomm.exe[3904] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003C0A08
.text C:\Programme\Microsoft ActiveSync\wcescomm.exe[3904] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003C0C0C
.text C:\Programme\Microsoft ActiveSync\wcescomm.exe[3904] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003C0E10
.text C:\Programme\Microsoft ActiveSync\wcescomm.exe[3904] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003C01F8
.text C:\Programme\Microsoft ActiveSync\wcescomm.exe[3904] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003C03FC
.text C:\Programme\Microsoft ActiveSync\wcescomm.exe[3904] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003C0600
.text C:\Programme\Microsoft ActiveSync\wcescomm.exe[3904] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804
.text C:\Programme\Microsoft ActiveSync\wcescomm.exe[3904] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08
.text C:\Programme\Microsoft ActiveSync\wcescomm.exe[3904] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600
.text C:\Programme\Microsoft ActiveSync\wcescomm.exe[3904] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8
.text C:\Programme\Microsoft ActiveSync\wcescomm.exe[3904] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC
.text C:\Programme\Glary Utilities\memdefrag.exe[3916] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Programme\Glary Utilities\memdefrag.exe[3916] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Glary Utilities\memdefrag.exe[3916] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Programme\Glary Utilities\memdefrag.exe[3916] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Glary Utilities\memdefrag.exe[3916] user32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00910804
.text C:\Programme\Glary Utilities\memdefrag.exe[3916] user32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00910A08
.text C:\Programme\Glary Utilities\memdefrag.exe[3916] user32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00910600
.text C:\Programme\Glary Utilities\memdefrag.exe[3916] user32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 009101F8
.text C:\Programme\Glary Utilities\memdefrag.exe[3916] user32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 009103FC
.text C:\Programme\Glary Utilities\memdefrag.exe[3916] advapi32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00921014
.text C:\Programme\Glary Utilities\memdefrag.exe[3916] advapi32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00920804
.text C:\Programme\Glary Utilities\memdefrag.exe[3916] advapi32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00920A08
.text C:\Programme\Glary Utilities\memdefrag.exe[3916] advapi32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00920C0C
.text C:\Programme\Glary Utilities\memdefrag.exe[3916] advapi32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00920E10
.text C:\Programme\Glary Utilities\memdefrag.exe[3916] advapi32.dll!CreateServiceA 77E07211 5 Bytes JMP 009201F8
.text C:\Programme\Glary Utilities\memdefrag.exe[3916] advapi32.dll!CreateServiceW 77E073A9 5 Bytes JMP 009203FC
.text C:\Programme\Glary Utilities\memdefrag.exe[3916] advapi32.dll!DeleteService 77E074B1 5 Bytes JMP 00920600
.text C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3972] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3972] ntdll.dll!DbgUiRemoteBreakin 7C9620EC 1 Byte [C3]
.text C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3972] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[4500] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[4500] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[4500] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[4500] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[4500] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[4500] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[4500] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\alg.exe[4500] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[4500] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[4500] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\alg.exe[4500] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\alg.exe[4500] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\alg.exe[4500] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\alg.exe[4500] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\alg.exe[4500] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[4500] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[4500] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C0600
.text C:\Programme\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebToolkitHost.exe[5284] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebToolkitHost.exe[5284] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Dokumente und Einstellungen\UK\Desktop\llrwyl4s.exe[6108] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Dokumente und Einstellungen\UK\Desktop\llrwyl4s.exe[6108] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Dokumente und Einstellungen\UK\Desktop\llrwyl4s.exe[6108] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Dokumente und Einstellungen\UK\Desktop\llrwyl4s.exe[6108] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Dokumente und Einstellungen\UK\Desktop\llrwyl4s.exe[6108] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003E1014
.text C:\Dokumente und Einstellungen\UK\Desktop\llrwyl4s.exe[6108] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003E0804
.text C:\Dokumente und Einstellungen\UK\Desktop\llrwyl4s.exe[6108] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003E0A08
.text C:\Dokumente und Einstellungen\UK\Desktop\llrwyl4s.exe[6108] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003E0C0C
.text C:\Dokumente und Einstellungen\UK\Desktop\llrwyl4s.exe[6108] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003E0E10
.text C:\Dokumente und Einstellungen\UK\Desktop\llrwyl4s.exe[6108] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003E01F8
.text C:\Dokumente und Einstellungen\UK\Desktop\llrwyl4s.exe[6108] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003E03FC
.text C:\Dokumente und Einstellungen\UK\Desktop\llrwyl4s.exe[6108] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003E0600
.text C:\Dokumente und Einstellungen\UK\Desktop\llrwyl4s.exe[6108] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\Dokumente und Einstellungen\UK\Desktop\llrwyl4s.exe[6108] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\Dokumente und Einstellungen\UK\Desktop\llrwyl4s.exe[6108] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\Dokumente und Einstellungen\UK\Desktop\llrwyl4s.exe[6108] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\Dokumente und Einstellungen\UK\Desktop\llrwyl4s.exe[6108] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[932] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[932] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000
IAT C:\Programme\Alwil Software\Avast5\AvastSvc.exe[1824] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Programme\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Programme\Alwil Software\Avast5\AvastUI.exe[2688] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Programme\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0x2E 0xE8 0xE1 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x6B 0x65 0x49 0x6A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...
---- EOF - GMER 1.0.15 ----
Hier das Log-File von OSAM (hoffe das ich es korrekt gemacht habe):
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:47:26 on 02.10.2012
OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Google Inc. Google Chrome 22.0.1229.79
Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures
Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries
[Common]
-----( %SystemRoot%\Tasks )-----
"avast! Emergency Update.job" - "AVAST Software" - C:\Programme\Alwil Software\Avast5\AvastEmUpdate.exe
"GlaryInitialize.job" - "Glarysoft Ltd" - C:\Programme\Glary Utilities\initialize.exe
"GoogleUpdateTaskUserS-1-5-21-507921405-413027322-682003330-1003Core.job" - "Google Inc." - C:\Dokumente und Einstellungen\UK\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-507921405-413027322-682003330-1003UA.job" - "Google Inc." - C:\Dokumente und Einstellungen\UK\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"RealUpgradeLogonTaskS-1-5-21-507921405-413027322-682003330-1003.job" - "RealNetworks, Inc." - C:\Programme\Real\RealUpgrade\realupgrade.exe
"RealUpgradeScheduledTaskS-1-5-21-507921405-413027322-682003330-1003.job" - "RealNetworks, Inc." - C:\Programme\Real\RealUpgrade\realupgrade.exe
[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"cmmx01.cpl" - "combit GmbH" - C:\WINDOWS\system32\cmmx01.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl
"viahdcpl.cpl" - "VIA Technologies, Inc" - C:\WINDOWS\system32\viahdcpl.cpl
[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Adaptec USB2-Xchange Firmware Installer" (ADPUSBLD) - "Adaptec, Inc." - C:\WINDOWS\System32\Drivers\Adpusbld.sys
"Adaptec USB2-Xchange Mass Storage Driver" (ADPUSBMS) - "Adaptec, Inc." - C:\WINDOWS\System32\Drivers\Adpusbst.sys
"ArcCD Filter Driver Service" (ArcCD) - "ArcSoft Inc." - C:\WINDOWS\system32\drivers\ArcCD.sys
"ArcRec" (ArcRec) - "ArcSoft Inc." - C:\WINDOWS\system32\drivers\ArcRec.sys
"aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswFsBlk.sys
"aswRdr" (aswRdr) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswRdr.sys
"aswSnx" (aswSnx) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswSnx.sys
"aswSP" (aswSP) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswSP.sys
"avast! Asynchronous Virus Monitor" (Aavmker4) - "AVAST Software" - C:\WINDOWS\system32\drivers\Aavmker4.sys
"avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswTdi.sys
"avast! Standard Shield Support" (aswMon2) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswMon2.sys
"BVRPMPR5 NDIS Protocol Driver" (BVRPMPR5) - "Avanquest Software" - C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found)
"CrystalSysInfo" (CrystalSysInfo) - ? - H:\MediaCoder\SysInfo.sys (File found, but it contains no detailed information)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found)
"kgtdapob" (kgtdapob) - ? - C:\DOKUME~1\UK\LOKALE~1\Temp\kgtdapob.sys (Hidden registry entry, rootkit activity | File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
"Logitech HD Webcam C270(UVC)" (LVUVC) - "Logitech Inc." - C:\WINDOWS\System32\DRIVERS\lvuvc.sys
"Logitech RightSound Filter Driver" (LVRS) - "Logitech Inc." - C:\WINDOWS\System32\DRIVERS\lvrs.sys
"magicpvt" (magicpvt) - "Samsung Electronics, Inc." - C:\WINDOWS\System32\drivers\magicpvt.sys
"nv" (nv) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\nv4_mini.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
"PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\WINDOWS\System32\drivers\Afc.sys
"PQNTDrv" (PQNTDrv) - "PowerQuest Corporation" - C:\WINDOWS\system32\drivers\PQNTDrv.sys
"RT73 USB Wireless LAN Card Driver" (RT73) - ? - C:\WINDOWS\System32\DRIVERS\rt73.sys (File not found)
"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys (File found, but it contains no detailed information)
"TeamViewer VPN Adapter" (teamviewervpn) - "TeamViewer GmbH" - C:\WINDOWS\System32\DRIVERS\teamviewervpn.sys
"TMPassthruMP" (TMPassthruMP) - ? - C:\WINDOWS\System32\DRIVERS\TMPassthru.sys (File not found)
"UIM Drive Backup Image Plugin" (Uim_IM) - "Paragon" - C:\WINDOWS\System32\Drivers\Uim_IM.sys
"UIM Virtual Image Plugin" (Uim_Vim) - "Paragon" - C:\WINDOWS\System32\Drivers\Uim_Vim.sys
"Universal Image Mounter Controller" (UimBus) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\System32\DRIVERS\UimBus.sys
"UVC Filter Service" (FilterService) - "Logitech Inc." - C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found)
"Windows CE USB Serial Host Driver" (wceusbsh) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\wceusbsh.sys
[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{56F9679E-7826-4C84-81F3-532071A8BCC5} "Windows Desktop Search Namespace Manager" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{79BC0345-1015-11D2-A299-006008312725} "///FAST project settings" - ? - H:\Programme\Pinnacle\VideoSpin\Programs\BlueShellExt.dll (File found, but it contains no detailed information)
{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Programme\Alwil Software\Avast5\ashShell.dll
{9E5E1445-6CEA-4761-8E45-AA19F654571E} "BkgndCtxMenuExt Class" - "Samsung Electronics, Inc." - C:\WINDOWS\system32\mpvthook.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{BB7DFDE3-8629-41BF-BCEC-90F436E2A0AE} "ELOShellExtension.ShellExt" - "ELO Digital Office GmbH" - G:\ELOoffice\ELOShl.dll
{1B96FAD8-1C10-416E-8027-6EFF94045F6F} "FoxitPDFPreviewHandlerHost Class" - "Foxit Corporation" - H:\Programme\Foxit Software\Foxit Reader\Shell Extensions\FoxitPrevhost.exe
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{72923739-5A47-40A3-9895-25AF0DFBB9E4} "Glary Utilities Context Menu Shell Extension" - "Glarysoft Ltd" - C:\PROGRA~1\GLARYU~1\CONTEX~1.DLL
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll
{49BF5420-FA7F-11cf-8011-00A0C90A8F78} "Mobiles Gerät" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Wcesview.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{209F971E-F11E-41E8-B6ED-592E85DBA1E4} "One.com Cloud Drive" - ? - H:\Programme\OnecomCloudDrive\Extensions\OneComCloudDrive.dll
{B7C3CFFF-AA74-4460-8C29-DD146FAFF8BA} "OneComWebDrive" - ? - H:\Programme\OnecomCloudDrive\Extensions\OneComNSE.dll (File found, but it contains no detailed information)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\OFFICE11\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\programme\real\realplayer\rpshell.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{13E7F612-F261-4391-BEA2-39DF4F3FA311} "Windows Desktop Search" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\msnlExt.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll
[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{B7C49732-4761-4A66-9945-BAF55E98E0E4} "COCKPIT Client" - "Jetro Platforms" - C:\WINDOWS\DOWNLO~1\JDsAx.ocx / hxxp://212.204.62.140/cockpit/Webclient/JDsAx.cab
{A796D216-2DE1-4EA8-BABB-FE6E7C959098} "HPSDDX Class" - "Hewlett-Packard Company" - C:\WINDOWS\Downloaded Program Files\sdd.dll / hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_35.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_35.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_35.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} "MUWebControl Class" - "Microsoft Corporation" - C:\WINDOWS\system32\muweb.dll / hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343944352421
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} "{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}" - ? - (File not found | COM-object registry key not found) / hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\INetRepl.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "Create Mobile Favorite" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\INetRepl.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - ? - (File not found | COM-object registry key not found)
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{E1F9EDE7-EF90-4A65-A5A4-D2FFEEA5D469} "&Netviewer Support" - "Netviewer AG" - C:\PROGRA~1\NETVIE~1\Support\Plugin\IEPLUG~1\NVIEPL~1.DLL
<binary data> "avast! WebRep" - "AVAST Software" - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! WebRep" - "AVAST Software" - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{4BE8B65B-EE14-40C1-B6BB-31E494FE6EBA} "Netviewer Support" - "Netviewer AG" - C:\PROGRA~1\NETVIE~1\Support\Plugin\IEPLUG~1\NVIEPL~1.DLL
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"Error Recovery Guide.lnk" - "PFU LIMITED" - C:\WINDOWS\twain_32\Fjscan32\ERG\FTErGuid.exe (Shortcut exists | File exists)
"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office\OSA9.EXE (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\UK\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"1und1Dispatcher" - "1&1 Mail & Media GmbH" - "C:\Programme\1und1Softwareaktualisierung\SchedDispatcher.exe" xp
"ccleaner" - "Piriform Ltd" - "C:\Programme\CCleaner\CCleaner.exe" /AUTO
"Glary Memory Optimizer" - "Glarysoft Ltd" - "C:\Programme\Glary Utilities\memdefrag.exe" /autostart
"H/PC Connection Agent" - "Microsoft Corporation" - "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
"KiesPDLR" - ? - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
"One.com" - ? - H:\Programme\OnecomCloudDrive\Dlls\AppLauncher.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"FJTWAIN Setup" - "FUJITSU LIMITED" - C:\WINDOWS\Twain_32\fjscan32\FjtwMkup.exe /Station
"FreePDF Assistant" - "shbox.de" - "C:\Programme\FreePDF_XP\fpassist.exe"
"FtLnSOP_setup" - "PFU LIMITED" - C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe
"FTPWRENV" - "PFU LIMITED" - C:\WINDOWS\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe
"HDAudDeck" - ? - C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe 1 (File found, but it contains no detailed information)
"KiesTrayAgent" - "Samsung Electronics Co., Ltd." - C:\Programme\Samsung\Kies\KiesTrayAgent.exe
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"nwiz" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nwiz.exe /installquiet
"RSA Card Conversion Utility" - "RSA, The Security Division of EMC." - C:\Programme\Gemeinsame Dateien\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe -background
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"avm:" - "AVM Berlin GmbH" - C:\WINDOWS\system32\avmprmon.dll
"FRITZ!fax Color Monitor" - "AVM Berlin" - C:\WINDOWS\system32\FritzVistaColorMon.dll
"FRITZ!fax Port Monitor" - "AVM Berlin" - C:\WINDOWS\system32\FritzVistaMon.dll
"HP Standard TCP/IP Port" - "Hewlett Packard" - C:\WINDOWS\system32\hptcpmon.dll
"HP Universal Print Monitor" - "Hewlett-Packard" - C:\WINDOWS\system32\HPMPW081.DLL
"HPPMOPJL" - "Hewlett-Packard Company" - C:\WINDOWS\system32\hppmopjl.dll
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll
"Redirected Port" - ? - C:\WINDOWS\system32\redmonnt.dll (File found, but it contains no detailed information)
[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Programme\Alwil Software\Avast5\AvastSvc.exe
"bitfarm-Archiv Archivierungsdienst" (bfaArchiveSrv) - ? - H:\Programme\Bitfarm-Archiv\bfaArchivierungsdienst.exe (File not found)
"bitfarm-Archiv Spooldienst" (bfaSpoolSrv) - ? - H:\Programme\Bitfarm-Archiv\bfaSpooldienst.exe (File not found)
"EMC Captiva Cloud Service" (Emc.Captiva.WebCaptureService) - "EMC Corporation" - C:\Programme\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebCaptureService.exe
"Firebird Guardian - DefaultInstance" (FirebirdGuardianDefaultInstance) - "The Firebird Project" - C:\PROGRA~1\Firebird\FIREBI~1\bin\fbguard.exe
"Firebird Server - DefaultInstance" (FirebirdServerDefaultInstance) - "The Firebird Project" - C:\PROGRA~1\Firebird\FIREBI~1\bin\fbserver.exe
"FJTWMKSV" (FJTWMKSV) - "PFU LIMITED" - C:\WINDOWS\twain_32\fjscan32\FJTWMKSV.exe
"getPlus(R) Helper" (getPlus(R) Helper) - "NOS Microsystems Ltd." - C:\Programme\NOS\bin\getPlus_HelperSvc.exe
"getPlus(R) Helper 3004" (nosGetPlusHelper) - "NOS Microsystems Ltd." - C:\Programme\NOS\bin\getPlus_Helper_3004.dll
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
"MySql-bf" (MySql-bf) - ? - H:\Programme\Bitfarm-Archiv\mysql-5.1.51-win32\bin\mysqld.exe --defaults-file=H:\Programme\Bitfarm-Archiv\mysql-5.1.51-win32\my.ini MySql-bf (File not found)
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZinw12.dll
"NMSAccess" (NMSAccess) - ? - C:\Programme\CDBurnerXP\NMSAccessU.exe (File found, but it contains no detailed information)
"NVIDIA Display Driver Service" (NVSvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"OnecomCloudDrive" (OnecomService) - ? - H:\Programme\OnecomCloudDrive\Dlls\OnecomService.exe
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZipm12.dll
"Radio.fx Server" (Radio.fx) - ? - H:\Tobit Radio.fx\Server\rfx-server.exe
"RSA Card Cache Service" (RSACardCacheSvc) - "RSA, The Security Division of EMC." - C:\Programme\Gemeinsame Dateien\RSA Shared\RSA Card Cache\RSACardCacheSvc.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Programme\Skype\Updater\Updater.exe
"SQL Server (INFOAGENT)" (MSSQL$INFOAGENT) - "Microsoft Corporation" - G:\Microsoft SQL Server\MSSQL10.INFOAGENT\MSSQL\Binn\sqlservr.exe
"SQL Server (SQLEXPRESS)" (MSSQL$SQLEXPRESS) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
"SQL Server Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
"SQL Server Reporting Services (INFOAGENT)" (ReportServer$INFOAGENT) - "Microsoft Corporation" - G:\Microsoft SQL Server\MSRS10.INFOAGENT\Reporting Services\ReportServer\bin\ReportingServicesService.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
"UMVPFSrv" (UMVPFSrv) - "Logitech Inc." - C:\Programme\Gemeinsame Dateien\logishrd\LVMVFM\UMVPFSrv.exe
"vToolbarUpdater12.2.6" (vToolbarUpdater12.2.6) - ? - C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe (File not found)
"WebOptimizer" (WebOptimizer) - ? - C:\WINDOWS\system32\dmwu.exe (File not found)
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll
===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
[/code]
Und noch die aswMBR.txt:
[code]
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-02 19:53:58
-----------------------------
19:53:58.906 OS Version: Windows 5.1.2600 Service Pack 3
19:53:58.906 Number of processors: 2 586 0x6B02
19:53:58.906 ComputerName: UK-VFM UserName: UK
19:54:00.843 Initialize success
19:54:04.000 AVAST engine defs: 12100200
19:54:58.234 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
19:54:58.234 Disk 0 Vendor: WDC_WD2500AAKS-00L9A0 01.03E01 Size: 238475MB BusType: 3
19:54:58.265 Disk 0 MBR read successfully
19:54:58.265 Disk 0 MBR scan
19:54:58.265 Disk 0 Windows XP default MBR code
19:54:58.343 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 41998 MB offset 63
19:54:58.343 Disk 0 Partition - 00 0F Extended LBA 196475 MB offset 86012010
19:54:58.390 Disk 0 Partition - 00 05 Extended 10001 MB offset 86013951
19:54:58.406 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10001 MB offset 86013952
19:54:58.406 Disk 0 Partition - 00 05 Extended 49999 MB offset 106499988
19:54:58.421 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 49999 MB offset 106498048
19:54:58.421 Disk 0 Partition - 00 05 Extended 49999 MB offset 249862037
19:54:58.453 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 49999 MB offset 229376133
19:54:58.453 Disk 0 Partition - 00 05 Extended 49999 MB offset 475138432
19:54:58.515 Disk 0 Partition 5 00 07 HPFS/NTFS NTFS 49999 MB offset 331774443
19:54:58.515 Disk 0 Partition - 00 05 Extended 26466 MB offset 679935184
19:54:58.531 Disk 0 Partition 6 00 07 HPFS/NTFS NTFS 26466 MB offset 434172753
19:54:58.578 Disk 0 scanning sectors +488394752
19:54:58.703 Disk 0 scanning C:\WINDOWS\system32\drivers
19:55:39.437 Service scanning
19:55:52.109 Modules scanning
19:56:14.265 Disk 0 trace - called modules:
19:56:14.281 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:56:14.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ab61ab8]
19:56:14.281 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\0000006b[0x8ab7e510]
19:56:14.281 5 ACPI.sys[b7f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8ab76940]
19:56:15.312 AVAST engine scan C:\WINDOWS
19:56:29.406 AVAST engine scan C:\WINDOWS\system32
20:04:57.875 AVAST engine scan C:\WINDOWS\system32\drivers
20:05:13.078 AVAST engine scan C:\Dokumente und Einstellungen\UK
20:12:15.703 AVAST engine scan C:\Dokumente und Einstellungen\All Users
20:14:25.546 Scan finished successfully
20:15:37.984 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\UK\Desktop\MBR.dat"
20:15:37.984 The log file has been saved successfully to "C:\Dokumente und Einstellungen\UK\Desktop\aswMBR.txt"
]/code]
Sorry, kann nicht mehr editieren, deshalb nochmal neu:
aswMBR.txt:
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-02 19:53:58
-----------------------------
19:53:58.906 OS Version: Windows 5.1.2600 Service Pack 3
19:53:58.906 Number of processors: 2 586 0x6B02
19:53:58.906 ComputerName: UK-VFM UserName: UK
19:54:00.843 Initialize success
19:54:04.000 AVAST engine defs: 12100200
19:54:58.234 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
19:54:58.234 Disk 0 Vendor: WDC_WD2500AAKS-00L9A0 01.03E01 Size: 238475MB BusType: 3
19:54:58.265 Disk 0 MBR read successfully
19:54:58.265 Disk 0 MBR scan
19:54:58.265 Disk 0 Windows XP default MBR code
19:54:58.343 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 41998 MB offset 63
19:54:58.343 Disk 0 Partition - 00 0F Extended LBA 196475 MB offset 86012010
19:54:58.390 Disk 0 Partition - 00 05 Extended 10001 MB offset 86013951
19:54:58.406 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10001 MB offset 86013952
19:54:58.406 Disk 0 Partition - 00 05 Extended 49999 MB offset 106499988
19:54:58.421 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 49999 MB offset 106498048
19:54:58.421 Disk 0 Partition - 00 05 Extended 49999 MB offset 249862037
19:54:58.453 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 49999 MB offset 229376133
19:54:58.453 Disk 0 Partition - 00 05 Extended 49999 MB offset 475138432
19:54:58.515 Disk 0 Partition 5 00 07 HPFS/NTFS NTFS 49999 MB offset 331774443
19:54:58.515 Disk 0 Partition - 00 05 Extended 26466 MB offset 679935184
19:54:58.531 Disk 0 Partition 6 00 07 HPFS/NTFS NTFS 26466 MB offset 434172753
19:54:58.578 Disk 0 scanning sectors +488394752
19:54:58.703 Disk 0 scanning C:\WINDOWS\system32\drivers
19:55:39.437 Service scanning
19:55:52.109 Modules scanning
19:56:14.265 Disk 0 trace - called modules:
19:56:14.281 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:56:14.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ab61ab8]
19:56:14.281 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\0000006b[0x8ab7e510]
19:56:14.281 5 ACPI.sys[b7f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8ab76940]
19:56:15.312 AVAST engine scan C:\WINDOWS
19:56:29.406 AVAST engine scan C:\WINDOWS\system32
20:04:57.875 AVAST engine scan C:\WINDOWS\system32\drivers
20:05:13.078 AVAST engine scan C:\Dokumente und Einstellungen\UK
20:12:15.703 AVAST engine scan C:\Dokumente und Einstellungen\All Users
20:14:25.546 Scan finished successfully
20:15:37.984 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\UK\Desktop\MBR.dat"
20:15:37.984 The log file has been saved successfully to "C:\Dokumente und Einstellungen\UK\Desktop\aswMBR.txt"
aswMBR.exe und speichere die Datei auf deinem Desktop.