Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   PC läuft sehr langsam, svchost.exe lastet das System extrem aus (https://www.trojaner-board.de/89994-pc-laeuft-sehr-langsam-svchost-exe-lastet-system-extrem.html)

intrus 25.08.2010 22:07
PC läuft sehr langsam, svchost.exe lastet das System extrem aus
 
Hallo zusammen,

mein notebook läuft extrem langsam, besonders der Seitenaufbau von Internetseiten ist slow-motion. Google hat mich auch mit diesem Problem auf dieses Forum geführt. Ich habe hier gelesen habe, dass ggf. fehlende Windows-Updates zu diesem Problem führen. Mein Vista weigert sich standhaft das update KB973917 zu installieren. Der Ressourcen-Monitor zeigt an, dass svchost.exe das System extrem auslastet.

Hier der Malwarebytes Bericht

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4447

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

18.08.2010 23:50:01
mbam-log-2010-08-18 (23-50-01).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 134803
Laufzeit: 9 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 27
Infizierte Registrierungswerte: 5
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 7
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8bd4438c-2511-4b93-ad34-2bdcd0ff78d2} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\e404.e404mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\e404.e404mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\***\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.

habe heute noch einen Scan gemacht:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4478

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

25.08.2010 22:05:07
mbam-log-2010-08-25 (22-05-07).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 135694
Laufzeit: 9 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Hier der OTL LogFile:OTL Logfile:
Code:
OTL logfile created on: 25.08.2010 22:26:58 - Run 1
OTL by OldTimer - Version 3.2.10.0    Folder = C:\Users\*****\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): c:\pagefile.sys 4000 4000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 88,31 Gb Total Space | 30,33 Gb Free Space | 34,35% Space Free | Partition Type: NTFS
Drive D: | 88,00 Gb Total Space | 49,25 Gb Free Space | 55,97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: *****-PC
Current User Name: *****
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*****\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\*****\AppData\Local\Apps\2.0\A6LEZJWD.ORC\NPZEZQ0N.7ZL\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\fritzbox-usb-fernanschluss.exe (AVM Berlin)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Common Files\McAfee\MSC\McUICnt.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\MSM\McSmtFwk.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\swriter.exe ()
PRC - C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Logitech\SetPoint\LBTWiz.exe (Logitech Inc.)
PRC - C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Programme\Windows Mail\WinMail.exe (Microsoft Corporation)
PRC - C:\Windows\System32\perfmon.exe (Microsoft Corporation)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.)
PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)
PRC - C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Samsung\Samsung Recovery Solution II\WCScheduler.exe ()
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\*****\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (RoxLiveShare9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (MsDepSvc) -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe (Microsoft Corporation)
SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (MSSQLServerADHelper100) -- C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMSvc) -- C:\Windows\System32\inetsrv\WMSvc.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\Sandra.sys File not found
DRV - (RimUsb) -- C:\Windows\System32\Drivers\RimUsb.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (avmaudio) -- C:\Windows\System32\drivers\avmaudio.sys (AVM Berlin)
DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation)
DRV - (VMC302) -- C:\Windows\System32\drivers\vmc302.sys (Vimicro Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ssm_mdm) -- C:\Windows\System32\drivers\ssm_mdm.sys (MCCI Corporation)
DRV - (ssm_mdfl) -- C:\Windows\System32\drivers\ssm_mdfl.sys (MCCI Corporation)
DRV - (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) -- C:\Windows\System32\drivers\ssm_bus.sys (MCCI Corporation)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (mod7700) -- C:\Windows\System32\drivers\dvb7700all.sys (DiBcom)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (NETw2v32) Intel(R) -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                          )
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (USB28xxBGA) -- C:\Windows\System32\drivers\emBDA.sys (eMPIA Technology, Inc.)
DRV - (USB28xxOEM) -- C:\Windows\System32\drivers\emOEM.sys (eMPIA Technology, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p:\\***.samsungcomputer.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://***.myownstartpage.net/?cm=640368&lt=2&it=2008-02-16%2000%3A06%3A17&dt=2008-02-16%2000%3A52%3A40&q=about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://dsl-start.computerbild.de/"
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.11
FF - prefs.js..extensions.enabledItems: {63df8e21-711c-4074-a257-b065cadc28d8}:1.9.3
FF - prefs.js..extensions.enabledItems: de-DE(at)dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: {9fb7d178-155a-4318-9173-1a8eaaea7fe4}:2.1.10
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4
FF - prefs.js..extensions.enabledItems: {62760FD6-B943-48C9-AB09-F99C6FE96088}:2.0.5
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: DeviceDetection(at)logitech.com:1.0.176.0
FF - prefs.js..keyword.URL: "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.11.17 01:13:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.02.16 21:25:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.28 21:25:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.25 23:48:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.02.16 21:25:16 | 000,000,000 | ---D | M]
 
[2008.06.18 21:12:50 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Extensions
[2010.08.24 22:57:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\idf69tkz.default\extensions
[2010.01.18 20:39:57 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\idf69tkz.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2010.01.18 20:39:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\idf69tkz.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}-trash
[2010.02.13 20:48:25 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\idf69tkz.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010.05.12 21:29:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\idf69tkz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.04 10:30:11 | 000,000,000 | ---D | M] (eBay Sidebar for Firefox) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\idf69tkz.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
[2008.06.22 16:27:46 | 000,000,000 | ---D | M] (CuteMenus - Crystal SVG) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\idf69tkz.default\extensions\{63df8e21-711c-4074-a257-b065cadc28d8}
[2010.06.22 09:51:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\idf69tkz.default\extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4}
[2010.02.13 20:48:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\idf69tkz.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.08.12 22:33:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\idf69tkz.default\extensions\DeviceDetection@logitech.com
[2010.08.22 20:44:19 | 000,001,496 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\idf69tkz.default\searchplugins\altavista-deutschland.xml
[2009.02.11 23:53:13 | 000,000,681 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\idf69tkz.default\searchplugins\ask.xml
[2009.06.16 23:58:08 | 000,002,836 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\idf69tkz.default\searchplugins\bing.xml
[2008.07.12 14:00:06 | 000,001,722 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\idf69tkz.default\searchplugins\computer-bild-suche.xml
[2008.12.19 22:56:48 | 000,005,310 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\idf69tkz.default\searchplugins\footiefox.xml
[2008.07.11 23:11:18 | 000,001,504 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\idf69tkz.default\searchplugins\imdb.xml
[2010.08.23 22:50:43 | 000,001,595 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\idf69tkz.default\searchplugins\ixquick---deutsch.xml
[2008.10.03 01:10:14 | 000,001,733 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\idf69tkz.default\searchplugins\live-search.xml
[2010.08.22 20:44:20 | 000,001,659 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\idf69tkz.default\searchplugins\metacrawlerde.xml
[2010.08.22 20:44:19 | 000,002,271 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\idf69tkz.default\searchplugins\xing.xml
[2010.04.27 21:56:49 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.27 21:56:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.05.31 20:32:58 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Programme\Mozilla Firefox\components\Scriptff.dll
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.02.12 20:13:13 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010.01.26 01:27:26 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.26 01:27:26 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.26 01:27:27 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.26 01:27:27 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.26 01:27:27 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20100728212538.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No CLSID value found.
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\*****\AppData\Local\Apps\2.0\A6LEZJWD.ORC\NPZEZQ0N.7ZL\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\AVMAutoStart.exe (AVM Berlin)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoHotStart = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\*****\Pictures\Madeira 2008\Madeira 2008 054.JPG
O24 - Desktop BackupWallPaper: C:\Users\*****\Pictures\Madeira 2008\Madeira 2008 054.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5963dc93-afa3-11de-b6b8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5963dc93-afa3-11de-b6b8-806e6f6e6963}\Shell\AutoRun\command - "" = E:\zdata\cobi.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.18 23:36:37 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes
[2010.08.18 23:36:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.18 23:36:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.18 23:36:24 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.18 23:36:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.17 20:46:48 | 000,000,000 | ---D | C] -- C:\Programme\Defraggler
[2010.08.17 20:39:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
[2010.08.17 20:26:00 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.08.11 23:49:27 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.08.11 23:49:26 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.11 23:49:26 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.08.11 23:49:25 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.08.11 23:49:24 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.11 23:49:23 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.11 23:49:23 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.11 23:49:23 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.08.11 23:49:23 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.08.11 23:49:23 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.08.11 23:49:23 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.08.11 23:49:23 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.11 23:49:23 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.11 23:49:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.11 23:49:22 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.11 23:49:20 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.11 23:49:07 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.11 23:49:05 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.11 23:49:00 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.11 23:49:00 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.08.07 13:56:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2010.08.07 13:55:54 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2010.08.07 13:55:54 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2010.08.07 13:55:54 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2010.08.07 13:55:53 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2010.08.07 13:55:53 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2010.08.07 13:55:52 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2010.08.07 13:55:52 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2010.08.07 13:55:52 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2010.08.07 13:55:52 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2010.08.07 13:55:52 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2010.08.07 13:55:47 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2010.08.07 13:55:47 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2010.08.07 13:55:47 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2010.08.07 13:55:47 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2010.08.07 13:55:47 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2010.08.07 13:52:06 | 000,092,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SQSRVRES.DLL
[2010.07.30 11:15:01 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.07.30 11:11:15 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.07.30 10:38:40 | 000,101,248 | ---- | C] (AVM Berlin) -- C:\Windows\System32\drivers\avmaudio.sys
[2010.07.30 10:38:40 | 000,032,256 | ---- | C] (AVM Berlin) -- C:\Windows\System32\MiniInstaller.dll
[2010.07.30 10:38:10 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Deployment
[2010.07.30 10:38:10 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Apps
[2010.07.28 23:56:33 | 000,000,000 | ---D | C] -- C:\Programme\SystemRequirementsLab
[2010.07.28 23:56:28 | 000,000,000 | ---D | C] -- C:\Users\*****\SystemRequirementsLab
[2010.07.28 23:35:27 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.07.28 21:25:36 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys
[2010.07.28 21:24:26 | 000,160,720 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys
[2010.07.28 21:24:25 | 000,385,880 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2010.07.28 21:24:25 | 000,312,616 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys
[2010.07.28 21:24:25 | 000,083,496 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2010.07.28 21:24:25 | 000,064,304 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys
[2010.07.28 21:24:24 | 000,152,320 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2010.07.28 21:24:24 | 000,095,568 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys
[2010.07.28 21:24:24 | 000,055,456 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys
[2010.07.28 21:24:24 | 000,051,688 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2007.04.26 21:36:39 | 000,528,040 | ---- | C] (Samsung Electronics Co., Ltd.) -- C:\Programme\MSetup.exe
[2006.11.24 07:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll
[2006.11.24 07:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.25 22:25:31 | 003,932,160 | ---- | M] () -- C:\Users\*****\NTUSER.DAT
[2010.08.25 22:24:49 | 000,083,438 | ---- | M] () -- C:\Users\*****\AppData\Roaming\nvModes.001
[2010.08.25 22:00:02 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2010.08.25 21:42:31 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\SupBackGroundTask.job
[2010.08.25 21:31:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.25 21:21:38 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.08.25 21:19:12 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.25 21:19:10 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.25 21:19:10 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.25 21:19:10 | 000,000,202 | ---- | M] () -- C:\Windows\System32\PSLOG
[2010.08.25 21:19:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.25 21:19:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.25 11:07:21 | 000,007,692 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.08.25 11:07:01 | 000,524,288 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{632c543c-546a-11df-92c9-00027875610f}.TMContainer00000000000000000001.regtrans-ms
[2010.08.25 11:07:01 | 000,065,536 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{632c543c-546a-11df-92c9-00027875610f}.TM.blf
[2010.08.25 11:06:26 | 003,947,799 | -H-- | M] () -- C:\Users\*****\AppData\Local\IconCache.db
[2010.08.24 21:55:07 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8E8A436B-0DAD-463B-A292-076DE172E0AC}.job
[2010.08.18 23:36:28 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.18 15:12:22 | 000,122,241 | ---- | M] () -- C:\Users\*****\Desktop\Adecco    Senior Persona....pdf
[2010.08.17 20:46:50 | 000,001,702 | ---- | M] () -- C:\Users\*****\Desktop\Defraggler.lnk
[2010.08.17 20:32:53 | 000,027,296 | ---- | M] () -- C:\Users\*****\Documents\cc_20100817_203240.reg
[2010.08.17 20:26:03 | 000,000,804 | ---- | M] () -- C:\Users\*****\Desktop\CCleaner.lnk
[2010.08.17 19:08:04 | 000,083,438 | ---- | M] () -- C:\Users\*****\AppData\Roaming\nvModes.dat
[2010.08.16 23:24:26 | 000,142,935 | ---- | M] () -- C:\Windows\hppins23.dat
[2010.08.12 21:01:16 | 000,396,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.12 19:46:57 | 000,000,186 | ---- | M] () -- C:\Users\*****\Desktop\Synchronisierungsergebnisse - Verknüpfung.lnk
[2010.07.30 11:54:54 | 001,867,652 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.30 11:54:54 | 000,788,886 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.07.30 11:54:54 | 000,738,608 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.30 11:54:54 | 000,185,136 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.07.30 11:54:54 | 000,156,754 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.07.30 10:38:35 | 000,101,248 | ---- | M] (AVM Berlin) -- C:\Windows\System32\drivers\avmaudio.sys
[2010.07.30 10:38:35 | 000,032,256 | ---- | M] (AVM Berlin) -- C:\Windows\System32\MiniInstaller.dll
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.18 23:36:28 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.18 15:12:22 | 000,122,241 | ---- | C] () -- C:\Users\*****\Desktop\Adecco    Senior Persona....pdf
[2010.08.17 20:46:50 | 000,001,702 | ---- | C] () -- C:\Users\*****\Desktop\Defraggler.lnk
[2010.08.17 20:32:47 | 000,027,296 | ---- | C] () -- C:\Users\*****\Documents\cc_20100817_203240.reg
[2010.08.17 20:26:03 | 000,000,804 | ---- | C] () -- C:\Users\*****\Desktop\CCleaner.lnk
[2010.08.12 19:46:57 | 000,000,186 | ---- | C] () -- C:\Users\*****\Desktop\Synchronisierungsergebnisse - Verknüpfung.lnk
[2010.08.07 13:55:48 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2010.08.07 13:55:48 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2010.08.07 13:55:48 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2009.06.13 17:01:56 | 000,022,016 | ---- | C] () -- C:\Windows\System32\msdri32.dll
[2009.06.07 16:29:51 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008.12.06 23:44:36 | 000,000,938 | ---- | C] () -- C:\Windows\WISO.INI
[2008.07.12 16:15:08 | 000,000,669 | -H-- | C] () -- C:\Users\*****\AppData\Roaming\vispa.ini
[2008.05.17 09:38:30 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008.04.13 16:08:16 | 000,000,037 | ---- | C] () -- C:\Windows\easyprint.INI
[2007.12.08 19:59:57 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2007.11.03 19:05:49 | 000,212,992 | ---- | C] () -- C:\Windows\System32\Bot.dll
[2007.11.03 19:05:49 | 000,000,101 | ---- | C] () -- C:\Windows\PSXLPR.INI
[2007.09.03 11:57:34 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.08.04 01:12:11 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2007.08.02 08:15:56 | 000,024,206 | ---- | C] () -- C:\Users\*****\AppData\Roaming\UserTile.png
[2007.07.22 21:25:35 | 000,001,356 | ---- | C] () -- C:\Users\*****\AppData\Local\d3d9caps.dat
[2007.07.22 17:19:50 | 000,083,438 | ---- | C] () -- C:\Users\*****\AppData\Roaming\nvModes.001
[2007.07.22 00:31:09 | 000,083,438 | ---- | C] () -- C:\Users\*****\AppData\Roaming\nvModes.dat
[2007.07.21 21:31:24 | 000,019,456 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.04.26 21:37:33 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2007.04.26 21:37:33 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2007.04.26 21:36:39 | 000,003,062 | ---- | C] () -- C:\Programme\MSetup.xml
[2007.04.26 21:36:39 | 000,002,010 | ---- | C] () -- C:\Programme\MSetup.ini
[2007.04.26 03:53:02 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.04.26 03:52:55 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.02.15 09:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll
[2006.12.20 05:00:12 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006.11.29 10:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.10.09 03:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll
[2006.09.20 09:34:10 | 000,000,186 | ---- | C] () -- C:\Windows\Buhl.ini
[2001.11.14 05:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1997.06.14 10:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
 
========== LOP Check ==========
 
[2008.02.19 16:32:12 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\aignes
[2008.12.11 21:55:04 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Ashampoo
[2009.04.07 23:53:23 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\BOM
[2008.12.06 23:45:06 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Buhl Data Service
[2008.12.15 15:57:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Buhl Data Service GmbH
[2010.08.13 21:33:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Canon
[2007.07.29 14:42:13 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\CopyTrans
[2007.11.25 00:47:48 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DataDesign
[2009.06.06 00:14:02 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Foxit
[2010.04.22 22:26:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\GARMIN
[2009.02.11 23:41:41 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\GlarySoft
[2009.02.21 23:34:04 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\IrfanView
[2008.11.10 00:05:18 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\KeePass
[2010.02.15 23:39:39 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\LetsTrade
[2010.03.15 21:24:58 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Nokia
[2010.03.15 21:25:04 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Nokia Ovi Suite
[2008.11.15 15:42:27 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OpenOffice.org
[2009.05.02 21:18:36 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PC Suite
[2008.04.13 14:25:21 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Pixum
[2007.10.13 15:40:19 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Samsung
[2009.02.22 01:49:29 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TerraTec
[2009.06.11 15:38:27 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TuneUp Software
[2010.08.25 22:00:02 | 000,000,522 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2010.08.25 11:07:24 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.08.25 21:42:31 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\SupBackGroundTask.job
[2010.08.24 21:55:07 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8E8A436B-0DAD-463B-A292-076DE172E0AC}.job
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---

Und hier der 2. OTL LogFile:OTL Logfile:
Code:
OTL Extras logfile created on: 25.08.2010 22:26:58 - Run 1
OTL by OldTimer - Version 3.2.10.0    Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): c:\pagefile.sys 4000 4000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 88,31 Gb Total Space | 30,33 Gb Free Space | 34,35% Space Free | Partition Type: NTFS
Drive D: | 88,00 Gb Total Space | 49,25 Gb Free Space | 55,97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
h**p [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
h**ps [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Pixum EasyBook] -- "C:\Program Files\Pixum\Pixum EasyBook\Pixum EasyBook.exe" "%1" ()
Directory [Pixum EasyBook.exe] -- "C:\Program Files\Pixum\Pixum EasyBook\Pixum EasyBook.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"13364:UDP" = 13364:UDP:*:Enabled:Print Server Utility
"13107:UDP" = 13107:UDP:*:Enabled:Print Server Utility
"69:UDP" = 69:UDP:*:Enabled:Print Server Utility
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"13364:UDP" = 13364:UDP:*:Enabled:Print Server Utility
"13107:UDP" = 13107:UDP:*:Enabled:Print Server Utility
"69:UDP" = 69:UDP:*:Enabled:Print Server Utility
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19076740-DDD5-4B5E-BAEA-490EA2676657}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\wnt500x86\rpcsandrasrv.exe |
"{1CDA0482-07F9-4CF5-95FC-0793643CACBB}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\wnt500x86\rpcsandrasrv.exe |
"{485C1223-398B-4B2E-9430-2CF3D66E8FB2}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\wnt500x86\rpcsandrasrv.exe |
"{7C19A52B-6CD8-47BE-81A3-163FDCC2FAF9}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\wnt500x86\rpcsandrasrv.exe |
"{E0CD1A15-0050-48F7-9956-B2DE4E77DED2}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\wnt500x86\rpcsandrasrv.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0469BC87-F742-4E2F-A59C-6DA85E526EFB}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{13EB55C5-29D3-4D46-984D-E9E7B867F049}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{16D370B8-1B1B-40D9-B1B3-649CDCB2B38C}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{20111CF3-786A-4F4D-8A84-F7EF5D817CE2}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{21874EB7-8AFE-4523-B419-738AB1170B60}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{22053988-B2D0-44DA-8299-699DB30E98CB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2461A41F-5647-403B-8181-33C07A705C79}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\apps\2.0\a6lezjwd.orc\npzezq0n.7zl\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\fritzbox-usb-fernanschluss.exe |
"{2F5D5C3D-C0BA-49BC-808B-38D36443812A}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{36581106-7CE2-4880-9732-8B9BC04F0114}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{3D9AA6B1-B17B-41E1-A1B4-DB55D3BB50B1}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{43BF04D5-2979-4C85-8A70-07F7F8C7ED08}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5F11DDB2-3452-43C5-8BAF-55BFC24ED4EA}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe |
"{68A6F5CE-6A8A-4A5A-B173-09C0EC18CCEC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{87AD2AE4-02B9-433F-A39F-76EC29E78526}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe |
"{90BEF2A9-46EC-4B22-AA13-1B7ADA797246}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe |
"{91621E5D-8236-421C-926B-F4694D8A665A}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\apps\2.0\a6lezjwd.orc\npzezq0n.7zl\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\fritzbox-usb-fernanschluss.exe |
"{9A9D55DF-B2B9-428B-A23B-C84A9BDC21F2}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A6B89DF6-5104-48FF-BB56-3A697947D567}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B5B31BDE-32F2-4BD3-8D13-7C7D2E2C8316}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{BBA94029-BB11-49C2-B339-2EF0463C666A}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C3088EE2-2FD5-413E-879A-9592DE0A8DC5}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe |
"{D1F97D5D-B5A6-488F-8B6B-DD09B2BC746B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{DCF9452D-9B23-431F-8262-3A51260E44DF}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{E1DDEE71-BB06-4BB2-84C5-19CE28B8B55A}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{E586CCB6-6F09-4A2A-90EA-98331485675A}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{00B8E278-E260-43F9-A2A1-9705578D5294}" = Microsoft Web Farm Framework Version 1 for IIS 7
"{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}" = WISO Sparbuch 2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution II
"{15EFEBF6-E414-33EB-8710-A04AD1302BF8}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu
"{16376CAE-A46A-40a5-BD8D-A272F690A2E0}" = 8200
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1CE975D2-718E-465d-BBCB-8655F097C120}" = SF_CDD_Software
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{215C2536-35C7-4602-9612-A8833FBE0E20}" = SF_CDD_ProductContext
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2349E6AA-CFCA-4D17-B633-3ECDA92E38CD}" = Internet Information Services (IIS) 7.0 Manager
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{35ED8B97-897C-4BD1-AEAE-6FD3404BA082}" = Ovi Desktop Sync Engine
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{370BBA05-01E7-4BCC-9B38-E85DB8E13E11}" = Microsoft Silverlight 2 SDK
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{4112625F-2D38-49EF-924F-48511BC5CD34}" = Microsoft SQL Server 2008 Database Engine Services
"{44061C54-0775-4AE1-B433-79BCC6431817}" = WISO Mein Geld 2009 Professional
"{4448ABF6-786D-4C3D-A49D-7BB237E6DD17}" = Foxit PDF IFilter
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{481C9A00-91AC-4065-870C-BD4E28186E5A}" = PC Connectivity Solution
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{548EAC70-EE00-11DD-908C-005056806466}" = Google Earth
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{596A8F65-C705-4e68-B85E-CE0B45490712}" = HP Photosmart Appliance Printer Driver Software 8.0.D
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5C98D841-6392-41F1-A80E-B1A741F32A95}" = DSL-Speedtest
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{685A56F8-75B6-44AD-B3DA-FB0A3266B47C}" = Adobe Flash Player 9 ActiveX
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = Systemsteuerung "MobileMe"
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7729EC8B-AC5F-47A9-B825-C2BFB19A295C}" = Microsoft External Cache Version 1 for IIS 7
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite
"{927AA2A2-7631-4EA2-A1F9-252D27B9D0A2}" = Nokia Ovi Suite
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{971CB542-EB91-45D1-8D47-593A2F945BD4}" = Microsoft URL Rewrite Module for IIS 7.0
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A4394612-D02F-11DC-9BFF-D18556D89593}" = Microsoft ASP.NET MVC 1.0
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus
"{A6D39A1D-1797-44FF-91AD-66698188764F}" = IIS Media Pack 1.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB4EDC19-3B5E-4838-80E7-92454323B0FE}" = Garmin VoiceStudio v2.10
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = Microsoft SQL Server 2008 Database Engine Services
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BA4DA261-CB60-4690-B202-44998DFC6986}" = Microsoft SQL Server 2008 Setup Support Files
"{BA63348B-143D-4CAC-A355-3879402ED781}" = Nokia Ovi Suite Software Updater
"{BCE46757-7674-4416-BEDB-68205A60409E}" = CanoScan Toolbox Ver4.1
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE40A626-2967-40F3-9D6B-810511AF76BE}" = Microsoft Dynamic IP Restrictions for IIS 7 - Beta
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C1DBECBB-6A81-483C-9D27-D9F121D12EBC}" = Web Deployment Tool Release Candidate 1
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CA544957-00CB-4A5F-9A34-F49662C7DD5F}" = Microsoft Web Platform Installer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater
"{D9DA2DF6-8CB6-4E3C-A29E-FAECFBA3E9A7}" = Garmin POI Loader
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09B6E1D-2AFE-4EAA-A439-6389353B0780}" = Microsoft Application Request Routing Version 1 for IIS 7
"{E27DEAFD-1339-4D58-955D-06F6F7A35690}" = IIS Smooth Streaming - Beta
"{E36EE103-D2AA-41AD-81C4-0117A45B95AE}" = Microsoft Silverlight Tools for Visual Web Developer Express 2008 SP1 - ENU
"{E59555E2-6572-4BA5-90A9-3D2327739979}" = WebDAV 7.5 For IIS 7.0
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EFCC79EC-7CC0-46D6-A3D1-015169B6C293}" = OpenOffice.org 3.1
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F691A1F5-2789-46CE-A45A-57763198D384}" = FxVisor
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F992232D-9989-484f-8419-6D5CBD462615}" = 8200_Help
"{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem  (10/05/2009 4.2)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem  (06/01/2009 7.01.0.4)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"aignesamdeadlink" = AM-DeadLink 3.3
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"Biet-O-Matic v2.10.0" = Biet-O-Matic v2.10.0
"CCleaner" = CCleaner
"Cities of Earth 3D Screensaver_is1" = Cities of Earth 3D Screensaver v. 2.1
"Defraggler" = Defraggler
"FLV Player" = FLV Player 2.0 (build 25)
"Foxit Reader" = Foxit Reader
"Free YouTube Download_is1" = Free YouTube Download 2.3
"FreePDF_XP" = FreePDF XP (Remove only)
"Glary Registry Repair_is1" = Glary Registry Repair 3.0
"Google Updater" = Google Updater
"GPL Ghostscript 8.60" = GPL Ghostscript 8.60
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"InstallShield_{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus
"InstallShield_{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now
"IrfanView" = IrfanView (remove only)
"KeePass Password Safe_is1" = KeePass Password Safe 1.16
"KeePass-1.11" = KeePass-1.11
"LetsTrade" = LetsTrade Komponenten
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSC" = McAfee AntiVirus Plus
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"Pixum EasyBook" = Pixum EasyBook
"Pixum EasyPrint" = Pixum EasyPrint 1.2
"PrintServer Utilities" = PrintServer Utilities
"ProInst" = Intel(R) PROSet/Wireless Software
"RealPlayer 6.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Uninstall_is1" = Uninstall 1.0.0.1
"Vista Anti-Lag" = Vista Anti-Lag 1.1.1
"VistaGlazz_is1" = VistaGlazz 2.0
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 22.08.2010 16:07:41 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1974333
 
Error - 22.08.2010 16:07:42 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 22.08.2010 16:07:42 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1975877
 
Error - 22.08.2010 16:07:42 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1975877
 
Error - 22.08.2010 16:07:44 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 22.08.2010 16:07:44 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1977468
 
Error - 22.08.2010 16:07:44 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1977468
 
Error - 22.08.2010 16:07:45 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 22.08.2010 16:07:45 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1978935
 
Error - 22.08.2010 16:07:45 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1978935
 
[ System Events ]
Error - 25.08.2010 04:59:20 | Computer Name = ***-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 25.08.2010 04:59:20 | Computer Name = ***-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 25.08.2010 04:59:20 | Computer Name = ***-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 25.08.2010 04:59:20 | Computer Name = ***-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
 
Error - 25.08.2010 05:06:50 | Computer Name = ***-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
 
Error - 25.08.2010 15:19:41 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 25.08.2010 15:19:41 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 25.08.2010 15:19:41 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 25.08.2010 15:19:41 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 25.08.2010 15:21:28 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description =
 
[ TuneUp Events ]
Error - 18.08.2010 17:36:38 | Computer Name = ***-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-18 23:36:37', '\device\harddiskvolume2\program
 files\malwarebytes' anti-malware\mbam.exe','332',0)
 
Error - 18.08.2010 17:37:18 | Computer Name = ***-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-18 23:37:18', '\device\harddiskvolume2\program
 files\malwarebytes' anti-malware\mbam.exe','3376',0)
 
Error - 18.08.2010 17:57:08 | Computer Name = ***-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-18 23:57:08', '\device\harddiskvolume2\program
 files\malwarebytes' anti-malware\mbam.exe','2196',0)
 
Error - 18.08.2010 17:57:18 | Computer Name = ***-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-18 23:57:18', '\device\harddiskvolume2\program
 files\malwarebytes' anti-malware\mbam.exe','4248',0)
 
 
< End of report >
--- --- ---



Ich würde mich sehr freuen, wenn mir jemand helfen könnte, den Rechner wieder auf Trab zu bringen. Schon jetzt vielen Dank im Voraus

Grüße

cosinus 25.08.2010 22:23
Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

intrus 26.08.2010 06:16
Hallo Arne,

hier der Log des Vollscans mit Malwarebyte:

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4479

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

26.08.2010 01:17:59
mbam-log-2010-08-26 (01-17-59).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 277994
Laufzeit: 1 Stunde(n), 51 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Grüße
Holger

intrus 29.08.2010 10:37
Hallo cosinus,

auf den Thread "was tun, wenn niemand antwortet" kann ich nicht antworten. Ich bekomme nur die Meldung, dass ich dazu keine Rechte habe. Woran kann das liegen?

Vielleicht findest Du diese Anfrage ja jetzt wieder. Das Problem ist das alte. Der Vollscan mit Mawarebytes hat das oben stehende ERgebnis gebracht.

Danke für Deine Mühe

Grüße

intrus

cosinus 29.08.2010 20:05
Sry hab Deinen Strang übersehen. Hier ist zuviel los, passiert leider.
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

intrus 30.08.2010 18:57
Hallo cosinus,

vielen Dank für Deine Antwort. CC Cleaner und ComboFix habe ich wie vorgeschlagen durchgeführt.

Grüße
intrus

Hier die Log-Datei von ComboFix:

Combofix Logfile:
Code:
ComboFix 10-08-29.04 - *** 30.08.2010  19:23:42.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.2046.988 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
SP: Windows-Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Helper
c:\users\***\AppData\Local\Temp\ppcrlui_3136_2
c:\windows\SEC
c:\windows\SEC\172100logo.bmp
c:\windows\SEC\banner.png
c:\windows\SEC\Computer.png
c:\windows\SEC\Media _S_ Logo.png
c:\windows\SEC\Samsung.png
c:\windows\SEC\Samsung2.png
c:\windows\SEC\SamsungLogo.png
c:\windows\SEC\Wallpapers\wallpaper.jpg
c:\windows\SEC\Wallpapers\wallpaper1.jpg
c:\windows\SEC\Wallpapers\Wallpaper2.jpg

.
(((((((((((((((((((((((  Dateien erstellt von 2010-07-28 bis 2010-08-30  ))))))))))))))))))))))))))))))
.

2010-08-30 17:34 . 2010-08-30 17:34        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-08-18 21:36 . 2010-08-18 21:36        --------        d-----w-        c:\users\***\AppData\Roaming\Malwarebytes
2010-08-18 21:36 . 2010-04-29 10:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-18 21:36 . 2010-08-18 21:36        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-08-18 21:36 . 2010-04-29 10:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-08-17 18:46 . 2010-08-17 18:46        --------        d-----w-        c:\program files\Defraggler
2010-08-17 18:26 . 2010-08-30 17:10        --------        d-----w-        c:\program files\CCleaner
2010-08-12 20:33 . 2010-01-21 09:46        441168        ----a-w-        c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\idf69tkz.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
2010-08-11 21:48 . 2010-06-11 16:15        1248768        ----a-w-        c:\windows\system32\msxml3.dll
2010-08-11 21:48 . 2010-06-18 15:04        302080        ----a-w-        c:\windows\system32\drivers\srv.sys
2010-08-11 21:48 . 2010-06-18 15:04        144896        ----a-w-        c:\windows\system32\drivers\srv2.sys
2010-08-11 21:48 . 2010-06-16 16:04        905088        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2010-08-07 11:56 . 2009-10-09 21:56        2048        ----a-w-        c:\windows\system32\winrsmgr.dll
2010-08-07 11:52 . 2008-07-11 00:28        92184        ----a-w-        c:\windows\system32\SQSRVRES.DLL

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-30 16:00 . 2008-11-15 13:42        1        ----a-w-        c:\users\***\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-29 22:23 . 2007-04-26 19:10        7692        ----a-w-        c:\windows\bthservsdp.dat
2010-08-29 16:30 . 2007-11-24 22:50        --------        d-----w-        c:\users\***\AppData\Roaming\Buhl Data Service GmbH
2010-08-29 16:15 . 2007-07-21 15:36        105800        ----a-w-        c:\users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-29 11:27 . 2007-11-24 22:38        --------        d-----w-        c:\program files\Buhl
2010-08-29 11:27 . 2007-11-24 22:39        --------        d-----w-        c:\program files\Common Files\Buhl Data Service
2010-08-17 17:08 . 2007-07-21 22:31        83438        ----a-w-        c:\users\***\AppData\Roaming\nvModes.dat
2010-08-16 21:24 . 2009-11-24 22:48        142935        ----a-w-        c:\windows\hppins23.dat
2010-08-13 19:33 . 2007-08-03 20:58        --------        d-----w-        c:\users\***\AppData\Roaming\Canon
2010-08-12 18:06 . 2006-11-02 11:18        --------        d-----w-        c:\program files\Windows Mail
2010-08-07 11:49 . 2007-04-26 20:02        --------        d-----w-        c:\program files\Microsoft.NET
2010-08-07 11:46 . 2007-04-26 20:05        --------        d-----w-        c:\program files\Microsoft SQL Server
2010-07-30 09:54 . 2007-04-26 01:59        788886        ----a-w-        c:\windows\system32\perfh007.dat
2010-07-30 09:54 . 2007-04-26 01:59        185136        ----a-w-        c:\windows\system32\perfc007.dat
2010-07-30 09:15 . 2010-06-21 19:17        --------        d-----w-        c:\program files\iTunes
2010-07-30 09:15 . 2010-07-30 09:15        --------        d-----w-        c:\program files\iPod
2010-07-30 09:15 . 2007-07-29 12:11        --------        d-----w-        c:\program files\Common Files\Apple
2010-07-30 09:11 . 2010-07-30 09:11        --------        d-----w-        c:\program files\Bonjour
2010-07-30 08:38 . 2010-07-30 08:38        32256        ----a-w-        c:\windows\system32\MiniInstaller.dll
2010-07-30 08:38 . 2010-07-30 08:38        101248        ----a-w-        c:\windows\system32\drivers\avmaudio.sys
2010-07-29 21:52 . 2007-04-26 20:11        --------        d-----w-        c:\program files\McAfee.com
2010-07-28 22:20 . 2009-11-25 07:21        --------        d-----w-        c:\users\***\AppData\Roaming\HP
2010-07-28 21:56 . 2010-07-28 21:56        --------        d-----w-        c:\program files\SystemRequirementsLab
2010-07-28 21:47 . 2007-04-26 19:29        --------        d-----w-        c:\program files\Samsung
2010-07-28 21:47 . 2007-04-26 19:19        --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-07-28 21:40 . 2007-12-26 13:30        --------        d-----w-        c:\users\***\AppData\Roaming\InstallShield
2010-07-28 21:11 . 2009-04-27 21:23        --------        d-----w-        c:\program files\Microsoft Visual Studio 9.0
2010-07-28 19:35 . 2007-04-26 20:10        --------        d-----w-        c:\program files\McAfee
2010-07-28 19:33 . 2007-04-26 20:11        --------        d-----w-        c:\program files\Common Files\McAfee
2010-07-06 21:57 . 2008-12-30 22:55        --------        d-----w-        c:\users\***\AppData\Roaming\Skype
2010-07-06 18:19 . 2008-12-30 23:15        --------        d-----w-        c:\users\***\AppData\Roaming\skypePM
2010-06-26 06:05 . 2010-08-11 21:49        916480        ----a-w-        c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 21:49        71680        ----a-w-        c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-11 21:49        109056        ----a-w-        c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-11 21:49        133632        ----a-w-        c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-11 21:49        2037760        ----a-w-        c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-11 21:49        36864        ----a-w-        c:\windows\system32\rtutils.dll
2010-06-11 16:16 . 2010-08-11 21:49        274944        ----a-w-        c:\windows\system32\schannel.dll
2010-06-08 17:35 . 2010-08-11 21:49        3548040        ----a-w-        c:\windows\system32\ntoskrnl.exe
2010-06-08 17:35 . 2010-08-11 21:49        3600768        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2010-06-03 02:41 . 2010-06-03 02:41        3600384        ----a-w-        c:\windows\system32\GPhotos.scr
2010-06-02 09:37 . 2010-06-04 08:30        50176        ----a-w-        c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\idf69tkz.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayShortcutMaker.dll
2010-06-02 09:37 . 2010-06-04 08:30        80896        ----a-w-        c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\idf69tkz.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayAccessComponent.dll
2007-03-21 00:32 . 2007-04-26 19:36        3062        ----a-w-        c:\program files\MSetup.xml
2007-02-12 03:12 . 2007-04-26 19:36        2010        ----a-w-        c:\program files\MSetup.ini
2007-01-09 00:43 . 2007-04-26 19:36        528040        ----a-w-        c:\program files\MSetup.exe
2010-05-31 18:32 . 2010-07-28 19:25        24376        ----a-w-        c:\program files\mozilla firefox\components\Scriptff.dll
.

------- Sigcheck -------

[-] 2009-11-24 . 690D53BD10A804BB6D0A772D1C0E6907 . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"AVMUSBFernanschluss"="c:\users\***\AppData\Local\Apps\2.0\A6LEZJWD.ORC\NPZEZQ0N.7ZL\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\AVMAutoStart.exe" [2010-07-30 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-14 4399104]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-06 839680]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2007-04-25 311296]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-22 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-22 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-22 81920]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-24 1193848]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-20 719664]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-16 805392]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoHotStart"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Remote Control Editor"="c:\program files\Common Files\TerraTec\Remote\TTTvRc.exe"
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe"  -osboot
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Play AVStation TV Scheduler"=c:\program files\Samsung\Play AVStation\TvScheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):1f,24,48,2a,81,e7,c9,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-05-31 83496]
R3 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2009-04-08 42888]
R3 NETw2v32;Intel(R) PRO/Wireless 2915ABG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R3 WMSvc;Webverwaltungsdienst;c:\windows\system32\inetsrv\wmsvc.exe [2008-01-19 11264]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-05-31 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-05-31 160720]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2007-04-26 13312]
S2 McMPFSvc;McAfee Personal Firewall-Dienst;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-05-31 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-05-31 141792]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [2010-07-30 101248]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-05-31 55456]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-05-31 312616]
S3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\Drivers\VMC302.sys [2009-01-23 243840]


--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners

2010-08-30 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 12:00]

2010-08-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-03 20:29]

2010-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 20:20]

2010-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 20:20]

2010-08-30 c:\windows\Tasks\SupBackGroundTask.job
- c:\program files\Samsung\Samsung Update Plus\SUPBackGround.exe [2008-09-25 12:26]

2010-08-30 c:\windows\Tasks\User_Feed_Synchronization-{8E8A436B-0DAD-463B-A292-076DE172E0AC}.job
- c:\windows\system32\msfeedssync.exe [2010-08-11 04:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.myownstartpage.net/?cm=640368&lt=2&it=2008-02-16%2000%3A06%3A17&dt=2008-02-16%2000%3A52%3A40&q=about:blank
uInternet Settings,ProxyOverride = *.local
IE: add to &BOM - c:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\idf69tkz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://dsl-start.computerbild.de/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q=
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - component: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\idf69tkz.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayAccessComponent.dll
FF - component: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\idf69tkz.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayShortcutMaker.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\idf69tkz.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: yahoo.homepage.dontask - true
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-30 19:34
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2010-08-30  19:38:59
ComboFix-quarantined-files.txt  2010-08-30 17:38

Vor Suchlauf: 13 Verzeichnis(se), 27.746.078.720 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 27.553.845.248 Bytes frei

- - End Of File - - 2EE07E69FDE79A5DBB11AEB5B7FC41B0
--- --- ---

cosinus 30.08.2010 19:06
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
Filelook::
c:\windows\system32\msxml3.dll
c:\windows\system32\drivers\srv.sys
c:\windows\system32\drivers\srv2.sys
c:\windows\system32\drivers\tcpip.sys
c:\windows\system32\winrsmgr.dll
c:\windows\system32\SQSRVRES.DLL
c:\windows\System32\shsvcs.dll
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

intrus 30.08.2010 23:22
So, alles wie beschrieben gemacht. Bin gespannt, wie es weiter geht.

Grüße und Danke
intrus

Hier der Log-File von Combo-Fix:

Combofix Logfile:
Code:
ComboFix 10-08-29.04 - *** 31.08.2010  0:01.2.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.2046.1121 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\users\***\Desktop\CFScript.txt
SP: Windows-Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\***\AppData\Local\Temp\ppcrlui_1852_2

.
(((((((((((((((((((((((  Dateien erstellt von 2010-07-28 bis 2010-08-30  ))))))))))))))))))))))))))))))
.

2010-08-30 22:11 . 2010-08-30 22:11        --------        d-----w-        c:\users\Public\AppData\Local\temp
2010-08-30 22:11 . 2010-08-30 22:11        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-08-30 17:19 . 2010-08-30 17:39        --------        d-----w-        C:\cofi
2010-08-18 21:36 . 2010-08-18 21:36        --------        d-----w-        c:\users\***\AppData\Roaming\Malwarebytes
2010-08-18 21:36 . 2010-04-29 10:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-18 21:36 . 2010-08-18 21:36        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-08-18 21:36 . 2010-04-29 10:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-08-17 18:46 . 2010-08-17 18:46        --------        d-----w-        c:\program files\Defraggler
2010-08-17 18:26 . 2010-08-30 17:10        --------        d-----w-        c:\program files\CCleaner
2010-08-12 20:33 . 2010-01-21 09:46        441168        ----a-w-        c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\idf69tkz.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
2010-08-11 21:48 . 2010-06-11 16:15        1248768        ----a-w-        c:\windows\system32\msxml3.dll
2010-08-11 21:48 . 2010-06-18 15:04        302080        ----a-w-        c:\windows\system32\drivers\srv.sys
2010-08-11 21:48 . 2010-06-18 15:04        144896        ----a-w-        c:\windows\system32\drivers\srv2.sys
2010-08-11 21:48 . 2010-06-16 16:04        905088        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2010-08-07 11:56 . 2009-10-09 21:56        2048        ----a-w-        c:\windows\system32\winrsmgr.dll
2010-08-07 11:52 . 2008-07-11 00:28        92184        ----a-w-        c:\windows\system32\SQSRVRES.DLL

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-30 17:54 . 2007-04-26 19:10        7692        ----a-w-        c:\windows\bthservsdp.dat
2010-08-30 16:00 . 2008-11-15 13:42        1        ----a-w-        c:\users\***\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-29 16:30 . 2007-11-24 22:50        --------        d-----w-        c:\users\***\AppData\Roaming\Buhl Data Service GmbH
2010-08-29 16:15 . 2007-07-21 15:36        105800        ----a-w-        c:\users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-29 11:27 . 2007-11-24 22:38        --------        d-----w-        c:\program files\Buhl
2010-08-29 11:27 . 2007-11-24 22:39        --------        d-----w-        c:\program files\Common Files\Buhl Data Service
2010-08-17 17:08 . 2007-07-21 22:31        83438        ----a-w-        c:\users\***\AppData\Roaming\nvModes.dat
2010-08-16 21:24 . 2009-11-24 22:48        142935        ----a-w-        c:\windows\hppins23.dat
2010-08-13 19:33 . 2007-08-03 20:58        --------        d-----w-        c:\users\***\AppData\Roaming\Canon
2010-08-12 18:06 . 2006-11-02 11:18        --------        d-----w-        c:\program files\Windows Mail
2010-08-07 11:49 . 2007-04-26 20:02        --------        d-----w-        c:\program files\Microsoft.NET
2010-08-07 11:46 . 2007-04-26 20:05        --------        d-----w-        c:\program files\Microsoft SQL Server
2010-07-30 09:54 . 2007-04-26 01:59        788886        ----a-w-        c:\windows\system32\perfh007.dat
2010-07-30 09:54 . 2007-04-26 01:59        185136        ----a-w-        c:\windows\system32\perfc007.dat
2010-07-30 09:15 . 2010-06-21 19:17        --------        d-----w-        c:\program files\iTunes
2010-07-30 09:15 . 2010-07-30 09:15        --------        d-----w-        c:\program files\iPod
2010-07-30 09:15 . 2007-07-29 12:11        --------        d-----w-        c:\program files\Common Files\Apple
2010-07-30 09:11 . 2010-07-30 09:11        --------        d-----w-        c:\program files\Bonjour
2010-07-30 08:38 . 2010-07-30 08:38        32256        ----a-w-        c:\windows\system32\MiniInstaller.dll
2010-07-30 08:38 . 2010-07-30 08:38        101248        ----a-w-        c:\windows\system32\drivers\avmaudio.sys
2010-07-29 21:52 . 2007-04-26 20:11        --------        d-----w-        c:\program files\McAfee.com
2010-07-28 22:20 . 2009-11-25 07:21        --------        d-----w-        c:\users\***\AppData\Roaming\HP
2010-07-28 21:56 . 2010-07-28 21:56        --------        d-----w-        c:\program files\SystemRequirementsLab
2010-07-28 21:47 . 2007-04-26 19:29        --------        d-----w-        c:\program files\Samsung
2010-07-28 21:47 . 2007-04-26 19:19        --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-07-28 21:40 . 2007-12-26 13:30        --------        d-----w-        c:\users\***\AppData\Roaming\InstallShield
2010-07-28 21:11 . 2009-04-27 21:23        --------        d-----w-        c:\program files\Microsoft Visual Studio 9.0
2010-07-28 19:35 . 2007-04-26 20:10        --------        d-----w-        c:\program files\McAfee
2010-07-28 19:33 . 2007-04-26 20:11        --------        d-----w-        c:\program files\Common Files\McAfee
2010-07-06 21:57 . 2008-12-30 22:55        --------        d-----w-        c:\users\***\AppData\Roaming\Skype
2010-07-06 18:19 . 2008-12-30 23:15        --------        d-----w-        c:\users\***\AppData\Roaming\skypePM
2010-06-26 06:05 . 2010-08-11 21:49        916480        ----a-w-        c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 21:49        71680        ----a-w-        c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-11 21:49        109056        ----a-w-        c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-11 21:49        133632        ----a-w-        c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-11 21:49        2037760        ----a-w-        c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-11 21:49        36864        ----a-w-        c:\windows\system32\rtutils.dll
2010-06-11 16:16 . 2010-08-11 21:49        274944        ----a-w-        c:\windows\system32\schannel.dll
2010-06-08 17:35 . 2010-08-11 21:49        3548040        ----a-w-        c:\windows\system32\ntoskrnl.exe
2010-06-08 17:35 . 2010-08-11 21:49        3600768        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2010-06-03 02:41 . 2010-06-03 02:41        3600384        ----a-w-        c:\windows\system32\GPhotos.scr
2010-06-02 09:37 . 2010-06-04 08:30        50176        ----a-w-        c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\idf69tkz.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayShortcutMaker.dll
2010-06-02 09:37 . 2010-06-04 08:30        80896        ----a-w-        c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\idf69tkz.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayAccessComponent.dll
2007-03-21 00:32 . 2007-04-26 19:36        3062        ----a-w-        c:\program files\MSetup.xml
2007-02-12 03:12 . 2007-04-26 19:36        2010        ----a-w-        c:\program files\MSetup.ini
2007-01-09 00:43 . 2007-04-26 19:36        528040        ----a-w-        c:\program files\MSetup.exe
2010-05-31 18:32 . 2010-07-28 19:25        24376        ----a-w-        c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((((((((((((((((((  Look  )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\system32\drivers\srv.sys ---
Company: Microsoft Corporation
File Description: Server driver
File Version: 6.0.6000.16386 (vista_rtm.061101-2205)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: SRV.SYS.MUI
File size: 302080
Created time: 2010-08-11 21:48
Modified time: 2010-06-18 15:04
MD5: 96A5E2C642AF8F591A7366429809506B
SHA1: FB97D29B586DF5E6F8B0834E60452ACE07E7A284


--- c:\windows\system32\drivers\srv2.sys ---
Company: Microsoft Corporation
File Description: Smb 2.0 Server driver
File Version: 6.0.6002.18274 (vistasp2_gdr.100618-0530)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: SRV2.SYS
File size: 144896
Created time: 2010-08-11 21:48
Modified time: 2010-06-18 15:04
MD5: 71DA2D64880C97E5FFC3C81761632751
SHA1: D5F4D1673C2EC8132836A83A74E06AE9757A83F2


--- c:\windows\system32\drivers\tcpip.sys ---
Company: Microsoft Corporation
File Description: TCP/IP Driver
File Version: 6.0.6002.18272 (vistasp2_gdr.100616-0352)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: tcpip.sys
File size: 905088
Created time: 2010-08-11 21:48
Modified time: 2010-06-16 16:04
MD5: A474879AFA4A596B3A531F3E69730DBF
SHA1: 2B3E360D5E13F513640865CFC1F111620B5A8DD5


--- c:\windows\system32\msxml3.dll ---
Company: Microsoft Corporation
File Description: MSXML 3.0 SP10
File Version: 8.100.5003.0
Product Name: Microsoft(R) MSXML 3.0 SP10
Copyright: Copyright (C) Microsoft Corporation. 1981-2007
Original Filename: MSXML3.dll
File size: 1248768
Created time: 2010-08-11 21:48
Modified time: 2010-06-11 16:15
MD5: 2B338AB80CF27D14CB75D94E294A1AB8
SHA1: 0545925B9D7450A717FDECBBC764DDE238F34D87


--- c:\windows\System32\shsvcs.dll ---
Company: Microsoft Corporation
File Description: Windows-Shelldienste-DLL
File Version: 6.0.6000.16386 (vista_rtm.061101-2205)
Product Name: Betriebssystem Microsoft® Windows®
Copyright: © Microsoft Corporation. Alle Rechte vorbehalten.
Original Filename: SHSVCS.DLL.MUI
File size: 247296
Created time: 2009-06-07 14:28
Modified time: 2009-11-24 09:03
MD5: 690D53BD10A804BB6D0A772D1C0E6907
SHA1: 017BDF4DF8D78179CE6E2B76C097F91451784CD4


--- c:\windows\system32\SQSRVRES.DLL ---
Company: Microsoft Corporation
File Description: SQL Server Cluster Resource DLL
File Version: 2007.0100.1600.022 ((SQL_PreRelease).080709-1414 )
Product Name: Microsoft SQL Server
Copyright: Microsoft Corp. All rights reserved.
Original Filename: sqsrvres.dll
File size: 92184
Created time: 2010-08-07 11:52
Modified time: 2008-07-11 00:28
MD5: D99329DDB92A0C3F1DCE29B706514A2E
SHA1: 28F56B97EFB1F46D384E699EBBDAFA01CB075E3C


--- c:\windows\system32\winrsmgr.dll ---
Company: Microsoft Corporation
File Description: WSMan Shell API
File Version: 6.0.6002.18111 (vistasp2_gdr_win7ip_winman(wmbla).091009-1451)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: winrsmgr.dll
File size: 2048
Created time: 2010-08-07 11:56
Modified time: 2009-10-09 21:56
MD5: 3FA837E3C30334BA8CA5EEB2B375D50C
SHA1: 7D913CC7280CB6F2CBB9B016C7A3C92EE9314C2F


------- Sigcheck -------

[-] 2009-11-24 . 690D53BD10A804BB6D0A772D1C0E6907 . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
.
(((((((((((((((((((((((((((((  SnapShot@2010-08-30_17.34.21  )))))))))))))))))))))))))))))))))))))))))
.
- 2007-07-21 14:33 . 2010-08-30 16:16        32768              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-07-21 14:33 . 2010-08-30 20:24        32768              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-07-21 14:33 . 2010-08-30 20:24        32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-07-21 14:33 . 2010-08-30 16:16        32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-07-21 14:33 . 2010-08-30 20:24        16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-07-21 14:33 . 2010-08-30 16:16        16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-06-16 15:21 . 2010-08-30 15:38        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-06-16 15:21 . 2010-08-30 17:56        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-06-16 15:21 . 2010-08-30 17:56        32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-16 15:21 . 2010-08-30 15:38        32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-16 15:21 . 2010-08-30 15:38        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-16 15:21 . 2010-08-30 17:56        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-30 18:14 . 2010-08-30 18:14        25214              c:\windows\Installer\{BF1EC9C0-9C10-11DF-BBC7-005056C00008}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-08-30 18:14 . 2010-08-30 18:14        25214              c:\windows\Installer\{BF1EC9C0-9C10-11DF-BBC7-005056C00008}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-08-30 18:14 . 2010-08-30 18:14        25214              c:\windows\Installer\{BF1EC9C0-9C10-11DF-BBC7-005056C00008}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-08-30 18:14 . 2010-08-30 18:14        25214              c:\windows\Installer\{BF1EC9C0-9C10-11DF-BBC7-005056C00008}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-08-30 18:14 . 2010-08-30 18:14        25214              c:\windows\Installer\{BF1EC9C0-9C10-11DF-BBC7-005056C00008}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-08-30 18:14 . 2010-08-30 18:14        25214              c:\windows\Installer\{BF1EC9C0-9C10-11DF-BBC7-005056C00008}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-08-30 18:14 . 2010-08-30 18:14        25214              c:\windows\Installer\{BF1EC9C0-9C10-11DF-BBC7-005056C00008}\ARPPRODUCTICON.exe
+ 2010-08-30 17:56 . 2010-08-30 17:56        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-08-30 15:37 . 2010-08-30 15:37        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-08-30 17:56 . 2010-08-30 17:56        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-08-30 15:37 . 2010-08-30 15:37        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-08-30 18:14 . 2010-08-30 18:14        1219584              c:\windows\Installer\a1b5e.msi
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"AVMUSBFernanschluss"="c:\users\***\AppData\Local\Apps\2.0\A6LEZJWD.ORC\NPZEZQ0N.7ZL\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\AVMAutoStart.exe" [2010-07-30 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-14 4399104]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-06 839680]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2007-04-25 311296]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-22 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-22 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-22 81920]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-24 1193848]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-20 719664]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-16 805392]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoHotStart"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Remote Control Editor"="c:\program files\Common Files\TerraTec\Remote\TTTvRc.exe"
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe"  -osboot
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Play AVStation TV Scheduler"=c:\program files\Samsung\Play AVStation\TvScheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):1f,24,48,2a,81,e7,c9,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-05-31 83496]
R3 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2009-04-08 42888]
R3 NETw2v32;Intel(R) PRO/Wireless 2915ABG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R3 WMSvc;Webverwaltungsdienst;c:\windows\system32\inetsrv\wmsvc.exe [2008-01-19 11264]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-05-31 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-05-31 160720]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2007-04-26 13312]
S2 McMPFSvc;McAfee Personal Firewall-Dienst;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-05-31 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-05-31 141792]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [2010-07-30 101248]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-05-31 55456]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-05-31 312616]
S3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\Drivers\VMC302.sys [2009-01-23 243840]


--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners

2010-08-30 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 12:00]

2010-08-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-03 20:29]

2010-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 20:20]

2010-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 20:20]

2010-08-30 c:\windows\Tasks\SupBackGroundTask.job
- c:\program files\Samsung\Samsung Update Plus\SUPBackGround.exe [2008-09-25 12:26]

2010-08-30 c:\windows\Tasks\User_Feed_Synchronization-{8E8A436B-0DAD-463B-A292-076DE172E0AC}.job
- c:\windows\system32\msfeedssync.exe [2010-08-11 04:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.myownstartpage.net/?cm=640368&lt=2&it=2008-02-16%2000%3A06%3A17&dt=2008-02-16%2000%3A52%3A40&q=about:blank
uInternet Settings,ProxyOverride = *.local
IE: add to &BOM - c:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\idf69tkz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://dsl-start.computerbild.de/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q=
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - component: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\idf69tkz.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayAccessComponent.dll
FF - component: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\idf69tkz.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayShortcutMaker.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\idf69tkz.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: yahoo.homepage.dontask - true
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-31 00:11
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2010-08-31  00:16:09
ComboFix-quarantined-files.txt  2010-08-30 22:16
ComboFix2.txt  2010-08-30 17:39

Vor Suchlauf: 19 Verzeichnis(se), 27.162.263.552 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 27.209.764.864 Bytes frei

- - End Of File - - CC0814742260491A473D60761B4B7911
--- --- ---

cosinus 31.08.2010 08:30
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

intrus 31.08.2010 21:38
Hallo cosinus,

GMER ist beim 2. Mal gelaufen. Die osam.exe wird sofort von McAfee als Trojaner gelöscht. Wenn ich McAfee abschalte beendet OSAM den Scan nicht. Das Ergebnis des Remover darunter

Grüße
intrus

Hier der GMER Log-File:

{\rtf1\ansi\ansicpg1252\deff0\deflang1031{\fonttbl{\f0\fswiss\fcharset0 Arial;}}
{\*\generator Msftedit 5.41.21.2509;}\viewkind4\uc1\pard\f0\fs20 GMER 1.0.15.15281 - hxxp://www.gmer.net\par
Rootkit scan 2010-08-31 21:08:38\par
Windows 6.0.6002 Service Pack 2\par
Running: 8qhdetxd.exe; Driver: C:\\Users\\***\\AppData\\Local\\Temp\\ufryrpod.sys\par
\par
\par
---- System - GMER 1.0.15 ----\par
\par
Code \\SystemRoot\\system32\\drivers\\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x88434D88]\par
Code \\SystemRoot\\system32\\drivers\\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x88434DB2]\par
Code \\SystemRoot\\system32\\drivers\\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x88434D9E]\par
Code \\SystemRoot\\system32\\drivers\\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x88434D74]\par
Code \\SystemRoot\\system32\\drivers\\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection\par
\par
---- Kernel code sections - GMER 1.0.15 ----\par
\par
.text ntoskrnl.exe!ZwYieldExecution 82879C0E 5 Bytes JMP 88434D78 \\SystemRoot\\system32\\drivers\\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)\par
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 82A50510 5 Bytes JMP 88434DA2 \\SystemRoot\\system32\\drivers\\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)\par
PAGE ntoskrnl.exe!NtMapViewOfSection 82A50899 7 Bytes JMP 88434D8C \\SystemRoot\\system32\\drivers\\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)\par
PAGE ntoskrnl.exe!ZwTerminateProcess 82A6004F 5 Bytes JMP 88434DB6 \\SystemRoot\\system32\\drivers\\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)\par
.text C:\\Windows\\system32\\DRIVERS\\nvlddmkm.sys section is writeable [0x8CC0F340, 0x3448B7, 0xE8000020]\par
\par
---- User code sections - GMER 1.0.15 ----\par
\par
.text C:\\Windows\\system32\\svchost.exe[308] ntdll.dll!NtCreateFile 77D243D4 5 Bytes JMP 00240FE5 \par
.text C:\\Windows\\system32\\svchost.exe[308] ntdll.dll!NtCreateProcess 77D24494 5 Bytes JMP 00240000 \par
.text C:\\Windows\\system32\\svchost.exe[308] ntdll.dll!NtProtectVirtualMemory 77D24D34 5 Bytes JMP 00240FCA \par
.text C:\\Windows\\system32\\svchost.exe[308] kernel32.dll!GetStartupInfoW 769C1929 5 Bytes JMP 002200A7 \par
.text C:\\Windows\\system32\\svchost.exe[308] kernel32.dll!GetStartupInfoA 769C19C9 5 Bytes JMP 00220F61 \par
.text C:\\Windows\\system32\\svchost.exe[308] kernel32.dll!CreateProcessW 769C1BF3 5 Bytes JMP 002200E7 \par
.text C:\\Windows\\system32\\svchost.exe[308] kernel32.dll!CreateProcessA 769C1C28 5 Bytes JMP 002200D6 \par
.text C:\\Windows\\system32\\svchost.exe[308] kernel32.dll!VirtualProtect 769C1DC3 5 Bytes JMP 00220060 \par
.text C:\\Windows\\system32\\svchost.exe[308] kernel32.dll!CreateNamedPipeA 769C2EF5 5 Bytes JMP 0022000A \par
.text C:\\Windows\\system32\\svchost.exe[308] kernel32.dll!CreateNamedPipeW 769C5C0C 5 Bytes JMP 00220FAF \par
.text C:\\Windows\\system32\\svchost.exe[308] kernel32.dll!CreatePipe 769E8E6E 5 Bytes JMP 0022008C \par
.text C:\\Windows\\system32\\svchost.exe[308] kernel32.dll!LoadLibraryExW 769E9109 5 Bytes JMP 00220F7C \par
.text C:\\Windows\\system32\\svchost.exe[308] kernel32.dll!LoadLibraryW 769E9362 5 Bytes JMP 00220F9E \par
.text C:\\Windows\\system32\\svchost.exe[308] kernel32.dll!LoadLibraryExA 769E94B4 5 Bytes JMP 00220F8D \par
.text C:\\Windows\\system32\\svchost.exe[308] kernel32.dll!LoadLibraryA 769E94DC 5 Bytes JMP 00220025 \par
.text C:\\Windows\\system32\\svchost.exe[308] kernel32.dll!VirtualProtectEx 769EDBDA 5 Bytes JMP 00220071 \par
.text C:\\Windows\\system32\\svchost.exe[308] kernel32.dll!GetProcAddress 76A0903B 5 Bytes JMP 00220F35 \par
.text C:\\Windows\\system32\\svchost.exe[308] kernel32.dll!CreateFileW 76A0AECB 5 Bytes JMP 00220FD4 \par
.text C:\\Windows\\system32\\svchost.exe[308] kernel32.dll!CreateFileA 76A0CE5F 5 Bytes JMP 00220FEF \par
.text C:\\Windows\\system32\\svchost.exe[308] kernel32.dll!WinExec 76A55CF7 5 Bytes JMP 00220F50 \par
.text C:\\Windows\\system32\\svchost.exe[308] msvcrt.dll!_wsystem 77C67F2F 5 Bytes JMP 00720042 \par
.text C:\\Windows\\system32\\svchost.exe[308] msvcrt.dll!system 77C6804B 5 Bytes JMP 00720027 \par
.text C:\\Windows\\system32\\svchost.exe[308] msvcrt.dll!_creat 77C6BBE1 5 Bytes JMP 00720FC8 \par
.text C:\\Windows\\system32\\svchost.exe[308] msvcrt.dll!_open 77C6D106 5 Bytes JMP 0072000C \par
.text C:\\Windows\\system32\\svchost.exe[308] msvcrt.dll!_wcreat 77C6D326 5 Bytes JMP 00720FB7 \par
.text C:\\Windows\\system32\\svchost.exe[308] msvcrt.dll!_wopen 77C6D501 5 Bytes JMP 00720FEF \par
.text C:\\Windows\\system32\\svchost.exe[308] ADVAPI32.dll!RegCreateKeyExA 77A139AB 5 Bytes JMP 00230F97 \par
.text C:\\Windows\\system32\\svchost.exe[308] ADVAPI32.dll!RegCreateKeyA 77A13BA9 5 Bytes JMP 00230FBC \par
.text C:\\Windows\\system32\\svchost.exe[308] ADVAPI32.dll!RegOpenKeyA 77A189C7 5 Bytes JMP 00230FEF \par
.text C:\\Windows\\system32\\svchost.exe[308] ADVAPI32.dll!RegCreateKeyW 77A2391E 5 Bytes JMP 00230039 \par
.text C:\\Windows\\system32\\svchost.exe[308] ADVAPI32.dll!RegCreateKeyExW 77A241F1 5 Bytes JMP 00230F86 \par
.text C:\\Windows\\system32\\svchost.exe[308] ADVAPI32.dll!RegOpenKeyExA 77A27C42 5 Bytes JMP 0023001E \par
.text C:\\Windows\\system32\\svchost.exe[308] ADVAPI32.dll!RegOpenKeyW 77A2E2B5 5 Bytes JMP 00230FDE \par
.text C:\\Windows\\system32\\svchost.exe[308] ADVAPI32.dll!RegOpenKeyExW 77A37BA1 5 Bytes JMP 00230FCD \par
.text C:\\Windows\\system32\\svchost.exe[308] WS2_32.dll!socket 769936D1 3 Bytes JMP 00250000 \par
.text C:\\Windows\\system32\\svchost.exe[308] WS2_32.dll!socket + 4 769936D5 1 Byte [89]\par
.text C:\\Windows\\Explorer.EXE[684] ntdll.dll!NtCreateFile 77D243D4 5 Bytes JMP 03FD000A \par
.text C:\\Windows\\Explorer.EXE[684] ntdll.dll!NtCreateProcess 77D24494 5 Bytes JMP 03FD0FEF \par
.text C:\\Windows\\Explorer.EXE[684] ntdll.dll!NtProtectVirtualMemory 77D24D34 5 Bytes JMP 03FD001B \par
.text C:\\Windows\\Explorer.EXE[684] kernel32.dll!GetStartupInfoW 769C1929 5 Bytes JMP 01CD00E2 \par
.text C:\\Windows\\Explorer.EXE[684] kernel32.dll!GetStartupInfoA 769C19C9 5 Bytes JMP 01CD0F9C \par
.text C:\\Windows\\Explorer.EXE[684] kernel32.dll!CreateProcessW 769C1BF3 5 Bytes JMP 01CD0F55 \par
.text C:\\Windows\\Explorer.EXE[684] kernel32.dll!CreateProcessA 769C1C28 5 Bytes JMP 01CD0F70 \par
.text C:\\Windows\\Explorer.EXE[684] kernel32.dll!VirtualProtect 769C1DC3 5 Bytes JMP 01CD00AC \par
.text C:\\Windows\\Explorer.EXE[684] kernel32.dll!CreateNamedPipeA 769C2EF5 5 Bytes JMP 01CD0040 \par
.text C:\\Windows\\Explorer.EXE[684] kernel32.dll!CreateNamedPipeW 769C5C0C 5 Bytes JMP 01CD0051 \par
.text C:\\Windows\\Explorer.EXE[684] kernel32.dll!CreatePipe 769E8E6E 5 Bytes JMP 01CD0FB7 \par
.text C:\\Windows\\Explorer.EXE[684] kernel32.dll!LoadLibraryExW 769E9109 5 Bytes JMP 01CD0091 \par
.text C:\\Windows\\Explorer.EXE[684] kernel32.dll!LoadLibraryW 769E9362 5 Bytes JMP 01CD0FD4 \par
.text C:\\Windows\\Explorer.EXE[684] kernel32.dll!LoadLibraryExA 769E94B4 5 Bytes JMP 01CD0080 \par
.text C:\\Windows\\Explorer.EXE[684] kernel32.dll!LoadLibraryA 769E94DC 5 Bytes JMP 01CD0FE5 \par
.text C:\\Windows\\Explorer.EXE[684] kernel32.dll!VirtualProtectEx 769EDBDA 5 Bytes JMP 01CD00C7 \par
.text C:\\Windows\\Explorer.EXE[684] kernel32.dll!GetProcAddress 76A0903B 5 Bytes JMP 01CD0F3A \par
.text C:\\Windows\\Explorer.EXE[684] kernel32.dll!CreateFileW 76A0AECB 5 Bytes JMP 01CD001B \par
.text C:\\Windows\\Explorer.EXE[684] kernel32.dll!CreateFileA 76A0CE5F 5 Bytes JMP 01CD000A \par
.text C:\\Windows\\Explorer.EXE[684] kernel32.dll!WinExec 76A55CF7 5 Bytes JMP 01CD0F81 \par
.text C:\\Windows\\Explorer.EXE[684] ADVAPI32.dll!RegCreateKeyExA 77A139AB 5 Bytes JMP 01CF0039 \par
.text C:\\Windows\\Explorer.EXE[684] ADVAPI32.dll!RegCreateKeyA 77A13BA9 5 Bytes JMP 01CF0FB2 \par
.text C:\\Windows\\Explorer.EXE[684] ADVAPI32.dll!RegOpenKeyA 77A189C7 5 Bytes JMP 01CF0FEF \par
.text C:\\Windows\\Explorer.EXE[684] ADVAPI32.dll!RegCreateKeyW 77A2391E 5 Bytes JMP 01CF0F97 \par
.text C:\\Windows\\Explorer.EXE[684] ADVAPI32.dll!RegCreateKeyExW 77A241F1 5 Bytes JMP 01CF004A \par
.text C:\\Windows\\Explorer.EXE[684] ADVAPI32.dll!RegOpenKeyExA 77A27C42 5 Bytes JMP 01CF0FCD \par
.text C:\\Windows\\Explorer.EXE[684] ADVAPI32.dll!RegOpenKeyW 77A2E2B5 5 Bytes JMP 01CF0FDE \par
.text C:\\Windows\\Explorer.EXE[684] ADVAPI32.dll!RegOpenKeyExW 77A37BA1 5 Bytes JMP 01CF001E \par
.text C:\\Windows\\Explorer.EXE[684] msvcrt.dll!_wsystem 77C67F2F 5 Bytes JMP 03FC003F \par
.text C:\\Windows\\Explorer.EXE[684] msvcrt.dll!system 77C6804B 5 Bytes JMP 03FC0FBE \par
.text C:\\Windows\\Explorer.EXE[684] msvcrt.dll!_creat 77C6BBE1 5 Bytes JMP 03FC001D \par
.text C:\\Windows\\Explorer.EXE[684] msvcrt.dll!_open 77C6D106 5 Bytes JMP 03FC0000 \par
.text C:\\Windows\\Explorer.EXE[684] msvcrt.dll!_wcreat 77C6D326 5 Bytes JMP 03FC002E \par
.text C:\\Windows\\Explorer.EXE[684] msvcrt.dll!_wopen 77C6D501 5 Bytes JMP 03FC0FE3 \par
.text C:\\Windows\\Explorer.EXE[684] WS2_32.dll!socket 769936D1 5 Bytes JMP 01CC0000 \par
.text C:\\Windows\\Explorer.EXE[684] WININET.dll!InternetOpenA 76ACD690 5 Bytes JMP 01CE000A \par
.text C:\\Windows\\Explorer.EXE[684] WININET.dll!InternetOpenW 76ACDB09 5 Bytes JMP 01CE0025 \par
.text C:\\Windows\\Explorer.EXE[684] WININET.dll!InternetOpenUrlA 76ACF3A4 5 Bytes JMP 01CE0FEF \par
.text C:\\Windows\\Explorer.EXE[684] WININET.dll!InternetOpenUrlW 76B16DDF 5 Bytes JMP 01CE0FCA \par
.text C:\\Windows\\system32\\services.exe[820] ntdll.dll!NtCreateFile 77D243D4 5 Bytes JMP 0019000A \par
.text C:\\Windows\\system32\\services.exe[820] ntdll.dll!NtCreateProcess 77D24494 5 Bytes JMP 00190036 \par
.text C:\\Windows\\system32\\services.exe[820] ntdll.dll!NtProtectVirtualMemory 77D24D34 5 Bytes JMP 00190025 \par
.text C:\\Windows\\system32\\services.exe[820] kernel32.dll!GetStartupInfoW 769C1929 5 Bytes JMP 00180F4D \par
.text C:\\Windows\\system32\\services.exe[820] kernel32.dll!GetStartupInfoA 769C19C9 5 Bytes JMP 00180F68 \par
.text C:\\Windows\\system32\\services.exe[820] kernel32.dll!CreateProcessW 769C1BF3 5 Bytes JMP 00180F32 \par
.text C:\\Windows\\system32\\services.exe[820] kernel32.dll!CreateProcessA 769C1C28 5 Bytes JMP 001800BF \par
.text C:\\Windows\\system32\\services.exe[820] kernel32.dll!VirtualProtect 769C1DC3 5 Bytes JMP 00180F8D \par
.text C:\\Windows\\system32\\services.exe[820] kernel32.dll!CreateNamedPipeA 769C2EF5 5 Bytes JMP 00180025 \par
.text C:\\Windows\\system32\\services.exe[820] kernel32.dll!CreateNamedPipeW 769C5C0C 5 Bytes JMP 00180040 \par
.text C:\\Windows\\system32\\services.exe[820] kernel32.dll!CreatePipe 769E8E6E 5 Bytes JMP 0018009D \par
.text C:\\Windows\\system32\\services.exe[820] kernel32.dll!LoadLibraryExW 769E9109 5 Bytes JMP 00180F9E \par
.text C:\\Windows\\system32\\services.exe[820] kernel32.dll!LoadLibraryW 769E9362 5 Bytes JMP 00180FCA \par
.text C:\\Windows\\system32\\services.exe[820] kernel32.dll!LoadLibraryExA 769E94B4 5 Bytes JMP 00180FAF \par
.text C:\\Windows\\system32\\services.exe[820] kernel32.dll!LoadLibraryA 769E94DC 5 Bytes JMP 0018005B \par
.text C:\\Windows\\system32\\services.exe[820] kernel32.dll!VirtualProtectEx 769EDBDA 5 Bytes JMP 00180082 \par
.text C:\\Windows\\system32\\services.exe[820] kernel32.dll!GetProcAddress 76A0903B 5 Bytes JMP 00180F17 \par
.text C:\\Windows\\system32\\services.exe[820] kernel32.dll!CreateFileW 76A0AECB 5 Bytes JMP 00180FEF \par
.text C:\\Windows\\system32\\services.exe[820] kernel32.dll!CreateFileA 76A0CE5F 5 Bytes JMP 0018000A \par
.text C:\\Windows\\system32\\services.exe[820] kernel32.dll!WinExec 76A55CF7 5 Bytes JMP 001800AE \par
.text C:\\Windows\\system32\\services.exe[820] ADVAPI32.dll!RegCreateKeyExA 77A139AB 5 Bytes JMP 001B0FBC \par
.text C:\\Windows\\system32\\services.exe[820] ADVAPI32.dll!RegCreateKeyA 77A13BA9 5 Bytes JMP 001B0FCD \par
.text C:\\Windows\\system32\\services.exe[820] ADVAPI32.dll!RegOpenKeyA 77A189C7 5 Bytes JMP 001B0000 \par
.text C:\\Windows\\system32\\services.exe[820] ADVAPI32.dll!RegCreateKeyW 77A2391E 5 Bytes JMP 001B0054 \par
.text C:\\Windows\\system32\\services.exe[820] ADVAPI32.dll!RegCreateKeyExW 77A241F1 5 Bytes JMP 001B006F \par
.text C:\\Windows\\system32\\services.exe[820] ADVAPI32.dll!RegOpenKeyExA 77A27C42 5 Bytes JMP 001B0FDE \par
.text C:\\Windows\\system32\\services.exe[820] ADVAPI32.dll!RegOpenKeyW 77A2E2B5 5 Bytes JMP 001B0FEF \par
.text C:\\Windows\\system32\\services.exe[820] ADVAPI32.dll!RegOpenKeyExW 77A37BA1 5 Bytes JMP 001B002F \par
.text C:\\Windows\\system32\\services.exe[820] msvcrt.dll!_wsystem 77C67F2F 5 Bytes JMP 00310FE5 \par
.text C:\\Windows\\system32\\services.exe[820] msvcrt.dll!system 77C6804B 5 Bytes JMP 00310070 \par
.text C:\\Windows\\system32\\services.exe[820] msvcrt.dll!_creat 77C6BBE1 5 Bytes JMP 0031003A \par
.text C:\\Windows\\system32\\services.exe[820] msvcrt.dll!_open 77C6D106 5 Bytes JMP 0031000C \par
.text C:\\Windows\\system32\\services.exe[820] msvcrt.dll!_wcreat 77C6D326 5 Bytes JMP 00310055 \par
.text C:\\Windows\\system32\\services.exe[820] msvcrt.dll!_wopen 77C6D501 5 Bytes JMP 00310029 \par
.text C:\\Windows\\system32\\services.exe[820] WS2_32.dll!socket 769936D1 5 Bytes JMP 001A0000 \par
.text C:\\Windows\\system32\\lsass.exe[948] ntdll.dll!NtCreateFile 77D243D4 5 Bytes JMP 000A0FE5 \par
.text C:\\Windows\\system32\\lsass.exe[948] ntdll.dll!NtCreateProcess 77D24494 5 Bytes JMP 000A0FC0 \par
.text C:\\Windows\\system32\\lsass.exe[948] ntdll.dll!NtProtectVirtualMemory 77D24D34 5 Bytes JMP 000A0000 \par
.text C:\\Windows\\system32\\lsass.exe[948] kernel32.dll!GetStartupInfoW 769C1929 5 Bytes JMP 00080F6D \par
.text C:\\Windows\\system32\\lsass.exe[948] kernel32.dll!GetStartupInfoA 769C19C9 5 Bytes JMP 00080F7E \par
.text C:\\Windows\\system32\\lsass.exe[948] kernel32.dll!CreateProcessW 769C1BF3 5 Bytes JMP 00080F26 \par
.text C:\\Windows\\system32\\lsass.exe[948] kernel32.dll!CreateProcessA 769C1C28 5 Bytes JMP 00080F37 \par
.text C:\\Windows\\system32\\lsass.exe[948] kernel32.dll!VirtualProtect 769C1DC3 5 Bytes JMP 000800A2 \par
.text C:\\Windows\\system32\\lsass.exe[948] kernel32.dll!CreateNamedPipeA 769C2EF5 5 Bytes JMP 00080036 \par
.text C:\\Windows\\system32\\lsass.exe[948] kernel32.dll!CreateNamedPipeW 769C5C0C 5 Bytes JMP 00080FDB \par
.text C:\\Windows\\system32\\lsass.exe[948] kernel32.dll!CreatePipe 769E8E6E 5 Bytes JMP 000800B3 \par
.text C:\\Windows\\system32\\lsass.exe[948] kernel32.dll!LoadLibraryExW 769E9109 5 Bytes JMP 00080087 \par
.text C:\\Windows\\system32\\lsass.exe[948] kernel32.dll!LoadLibraryW 769E9362 5 Bytes JMP 0008006C \par
.text C:\\Windows\\system32\\lsass.exe[948] kernel32.dll!LoadLibraryExA 769E94B4 5 Bytes JMP 00080FCA \par
.text C:\\Windows\\system32\\lsass.exe[948] kernel32.dll!LoadLibraryA 769E94DC 5 Bytes JMP 00080051 \par
.text C:\\Windows\\system32\\lsass.exe[948] kernel32.dll!VirtualProtectEx 769EDBDA 5 Bytes JMP 00080FAD \par
.text C:\\Windows\\system32\\lsass.exe[948] kernel32.dll!GetProcAddress 76A0903B 5 Bytes JMP 000800D8 \par
.text C:\\Windows\\system32\\lsass.exe[948] kernel32.dll!CreateFileW 76A0AECB 5 Bytes JMP 00080025 \par
.text C:\\Windows\\system32\\lsass.exe[948] kernel32.dll!CreateFileA 76A0CE5F 5 Bytes JMP 0008000A \par
.text C:\\Windows\\system32\\lsass.exe[948] kernel32.dll!WinExec 76A55CF7 5 Bytes JMP 00080F52 \par
.text C:\\Windows\\system32\\lsass.exe[948] ADVAPI32.dll!RegCreateKeyExA 77A139AB 5 Bytes JMP 00840F79 \par
.text C:\\Windows\\system32\\lsass.exe[948] ADVAPI32.dll!RegCreateKeyA 77A13BA9 5 Bytes JMP 00840FAF \par
.text C:\\Windows\\system32\\lsass.exe[948] ADVAPI32.dll!RegOpenKeyA 77A189C7 5 Bytes JMP 00840000 \par
.text C:\\Windows\\system32\\lsass.exe[948] ADVAPI32.dll!RegCreateKeyW 77A2391E 5 Bytes JMP 00840F9E \par
.text C:\\Windows\\system32\\lsass.exe[948] ADVAPI32.dll!RegCreateKeyExW 77A241F1 5 Bytes JMP 00840F68 \par
.text C:\\Windows\\system32\\lsass.exe[948] ADVAPI32.dll!RegOpenKeyExA 77A27C42 5 Bytes JMP 0084001B \par
.text C:\\Windows\\system32\\lsass.exe[948] ADVAPI32.dll!RegOpenKeyW 77A2E2B5 5 Bytes JMP 00840FE5 \par
.text C:\\Windows\\system32\\lsass.exe[948] ADVAPI32.dll!RegOpenKeyExW 77A37BA1 5 Bytes JMP 00840FCA \par
.text C:\\Windows\\system32\\lsass.exe[948] msvcrt.dll!_wsystem 77C67F2F 5 Bytes JMP 00850FA8 \par
.text C:\\Windows\\system32\\lsass.exe[948] msvcrt.dll!system 77C6804B 5 Bytes JMP 00850FB9 \par
.text C:\\Windows\\system32\\lsass.exe[948] msvcrt.dll!_creat 77C6BBE1 5 Bytes JMP 00850FD4 \par
.text C:\\Windows\\system32\\lsass.exe[948] msvcrt.dll!_open 77C6D106 5 Bytes JMP 00850FEF \par
.text C:\\Windows\\system32\\lsass.exe[948] msvcrt.dll!_wcreat 77C6D326 5 Bytes JMP 00850029 \par
.text C:\\Windows\\system32\\lsass.exe[948] msvcrt.dll!_wopen 77C6D501 5 Bytes JMP 00850018 \par
.text C:\\Windows\\system32\\lsass.exe[948] WS2_32.dll!socket 769936D1 5 Bytes JMP 00830FEF \par
.text C:\\Windows\\system32\\svchost.exe[1136] ntdll.dll!NtCreateFile 77D243D4 5 Bytes JMP 008A0000 \par
.text C:\\Windows\\system32\\svchost.exe[1136] ntdll.dll!NtCreateProcess 77D24494 5 Bytes JMP 008A0FE5 \par
.text C:\\Windows\\system32\\svchost.exe[1136] ntdll.dll!NtProtectVirtualMemory 77D24D34 5 Bytes JMP 008A001B \par
.text C:\\Windows\\system32\\svchost.exe[1136] kernel32.dll!GetStartupInfoW 769C1929 5 Bytes JMP 002A0F31 \par
.text C:\\Windows\\system32\\svchost.exe[1136] kernel32.dll!GetStartupInfoA 769C19C9 5 Bytes JMP 002A0F4C \par
.text C:\\Windows\\system32\\svchost.exe[1136] kernel32.dll!CreateProcessW 769C1BF3 5 Bytes JMP 002A0F05 \par
.text C:\\Windows\\system32\\svchost.exe[1136] kernel32.dll!CreateProcessA 769C1C28 5 Bytes JMP 002A0F16 \par
.text C:\\Windows\\system32\\svchost.exe[1136] kernel32.dll!VirtualProtect 769C1DC3 5 Bytes JMP 002A0F5D \par
.text C:\\Windows\\system32\\svchost.exe[1136] kernel32.dll!CreateNamedPipeA 769C2EF5 5 Bytes JMP 002A0FCD \par
.text C:\\Windows\\system32\\svchost.exe[1136] kernel32.dll!CreateNamedPipeW 769C5C0C 5 Bytes JMP 002A0FBC \par
.text C:\\Windows\\system32\\svchost.exe[1136] kernel32.dll!CreatePipe 769E8E6E 3 Bytes JMP 002A0077 \par
.text C:\\Windows\\system32\\svchost.exe[1136] kernel32.dll!CreatePipe + 4 769E8E72 1 Byte [89]\par
.text C:\\Windows\\system32\\svchost.exe[1136] kernel32.dll!LoadLibraryExW 769E9109 5 Bytes JMP 002A0F6E \par
.text C:\\Windows\\system32\\svchost.exe[1136] kernel32.dll!LoadLibraryW 769E9362 3 Bytes JMP 002A0F90 \par
.text C:\\Windows\\system32\\svchost.exe[1136] kernel32.dll!LoadLibraryW + 4 769E9366 1 Byte [89]\par
.text C:\\Windows\\system32\\svchost.exe[1136] kernel32.dll!LoadLibraryExA 769E94B4 3 Bytes JMP 002A0F7F \par
.text C:\\Windows\\system32\\svchost.exe[1136] kernel32.dll!LoadLibraryExA + 4 769E94B8 1 Byte [89]\par
.text C:\\Windows\\system32\\svchost.exe[1136] kernel32.dll!LoadLibraryA 769E94DC 3 Bytes JMP 002A0FAB \par
.text C:\\Windows\\system32\\svchost.exe[1136] kernel32.dll!LoadLibraryA + 4 769E94E0 1 Byte [89]\par
.text C:\\Windows\\system32\\svchost.exe[1136] kernel32.dll!VirtualProtectEx 769EDBDA 3 Bytes JMP 002A005C \par
.text C:\\Windows\\system32\\svchost.exe[1136] kernel32.dll!VirtualProtectEx + 4 769EDBDE 1 Byte [89]\par
.text C:\\Windows\\system32\\svchost.exe[1136] kernel32.dll!GetProcAddress 76A0903B 5 Bytes JMP 002A00B7 \par
.text C:\\Windows\\system32\\svchost.exe[1136] kernel32.dll!CreateFileW 76A0AECB 5 Bytes JMP 002A0FDE \par
.text C:\\Windows\\system32\\svchost.exe[1136] kernel32.dll!CreateFileA 76A0CE5F 5 Bytes JMP 002A0FEF \par
.text C:\\Windows\\system32\\svchost.exe[1136] kernel32.dll!WinExec 76A55CF7 5 Bytes JMP 002A0092 \par
.text C:\\Windows\\system32\\svchost.exe[1136] msvcrt.dll!_wsystem 77C67F2F 5 Bytes JMP 00300F8B \par
.text C:\\Windows\\system32\\svchost.exe[1136] msvcrt.dll!system 77C6804B 5 Bytes JMP 00300FA6 \par
.text C:\\Windows\\system32\\svchost.exe[1136] msvcrt.dll!_creat 77C6BBE1 5 Bytes JMP 00300FB7 \par
.text C:\\Windows\\system32\\svchost.exe[1136] msvcrt.dll!_open 77C6D106 5 Bytes JMP 00300FEF \par
.text C:\\Windows\\system32\\svchost.exe[1136] msvcrt.dll!_wcreat 77C6D326 5 Bytes JMP 0030000C \par
.text C:\\Windows\\system32\\svchost.exe[1136] msvcrt.dll!_wopen 77C6D501 5 Bytes JMP 00300FD2 \par
.text C:\\Windows\\system32\\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExA 77A139AB 5 Bytes JMP 002F0F9E \par
.text C:\\Windows\\system32\\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyA 77A13BA9 5 Bytes JMP 002F0FC0 \par
.text C:\\Windows\\system32\\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyA 77A189C7 5 Bytes JMP 002F0000 \par
.text C:\\Windows\\system32\\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyW 77A2391E 5 Bytes JMP 002F0FAF \par
.text C:\\Windows\\system32\\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExW 77A241F1 5 Bytes JMP 002F0F83 \par
.text C:\\Windows\\system32\\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExA 77A27C42 5 Bytes JMP 002F002C \par
.text C:\\Windows\\system32\\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyW 77A2E2B5 5 Bytes JMP 002F001B \par
.text C:\\Windows\\system32\\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExW 77A37BA1 3 Bytes JMP 002F0FDB \par
.text C:\\Windows\\system32\\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExW + 4 77A37BA5 1 Byte [88]\par
.text C:\\Windows\\system32\\svchost.exe[1136] WS2_32.dll!socket 769936D1 5 Bytes JMP 00290000 \par
.text C:\\Windows\\system32\\svchost.exe[1144] ntdll.dll!NtCreateFile 77D243D4 5 Bytes JMP 00750FEF \par
.text C:\\Windows\\system32\\svchost.exe[1144] ntdll.dll!NtCreateProcess 77D24494 5 Bytes JMP 00750011 \par
.text C:\\Windows\\system32\\svchost.exe[1144] ntdll.dll!NtProtectVirtualMemory 77D24D34 5 Bytes JMP 00750000 \par
.text C:\\Windows\\system32\\svchost.exe[1144] kernel32.dll!GetStartupInfoW 769C1929 5 Bytes JMP 00740F63 \par
.text C:\\Windows\\system32\\svchost.exe[1144] kernel32.dll!GetStartupInfoA 769C19C9 5 Bytes JMP 007400B3 \par
.text C:\\Windows\\system32\\svchost.exe[1144] kernel32.dll!CreateProcessW 769C1BF3 5 Bytes JMP 00740F34 \par
.text C:\\Windows\\system32\\svchost.exe[1144] kernel32.dll!CreateProcessA 769C1C28 5 Bytes JMP 007400D5 \par
.text C:\\Windows\\system32\\svchost.exe[1144] kernel32.dll!VirtualProtect 769C1DC3 5 Bytes JMP 00740F92 \par
.text C:\\Windows\\system32\\svchost.exe[1144] kernel32.dll!CreateNamedPipeA 769C2EF5 5 Bytes JMP 00740FEF \par
.text C:\\Windows\\system32\\svchost.exe[1144] kernel32.dll!CreateNamedPipeW 769C5C0C 5 Bytes JMP 00740040 \par
.text C:\\Windows\\system32\\svchost.exe[1144] kernel32.dll!CreatePipe 769E8E6E 5 Bytes JMP 007400A2 \par
.text C:\\Windows\\system32\\svchost.exe[1144] kernel32.dll!LoadLibraryExW 769E9109 5 Bytes JMP 00740FA3 \par
.text C:\\Windows\\system32\\svchost.exe[1144] kernel32.dll!LoadLibraryW 769E9362 5 Bytes JMP 00740051 \par
.text C:\\Windows\\system32\\svchost.exe[1144] kernel32.dll!LoadLibraryExA 769E94B4 5 Bytes JMP 0074006C \par
.text C:\\Windows\\system32\\svchost.exe[1144] kernel32.dll!LoadLibraryA 769E94DC 5 Bytes JMP 00740FD4 \par
.text C:\\Windows\\system32\\svchost.exe[1144] kernel32.dll!VirtualProtectEx 769EDBDA 5 Bytes JMP 00740091 \par
.text C:\\Windows\\system32\\svchost.exe[1144] kernel32.dll!GetProcAddress 76A0903B 5 Bytes JMP 007400E6 \par
.text C:\\Windows\\system32\\svchost.exe[1144] kernel32.dll!CreateFileW 76A0AECB 5 Bytes JMP 0074001B \par
.text C:\\Windows\\system32\\svchost.exe[1144] kernel32.dll!CreateFileA 76A0CE5F 5 Bytes JMP 0074000A \par
.text C:\\Windows\\system32\\svchost.exe[1144] kernel32.dll!WinExec 76A55CF7 5 Bytes JMP 007400C4 \par
.text C:\\Windows\\system32\\svchost.exe[1144] msvcrt.dll!_wsystem 77C67F2F 5 Bytes JMP 007A0F88 \par
.text C:\\Windows\\system32\\svchost.exe[1144] msvcrt.dll!system 77C6804B 5 Bytes JMP 007A0FA3 \par
.text C:\\Windows\\system32\\svchost.exe[1144] msvcrt.dll!_creat 77C6BBE1 5 Bytes JMP 007A0FC8 \par
.text C:\\Windows\\system32\\svchost.exe[1144] msvcrt.dll!_open 77C6D106 5 Bytes JMP 007A0000 \par
.text C:\\Windows\\system32\\svchost.exe[1144] msvcrt.dll!_wcreat 77C6D326 5 Bytes JMP 007A001D \par
.text C:\\Windows\\system32\\svchost.exe[1144] msvcrt.dll!_wopen 77C6D501 5 Bytes JMP 007A0FE3 \par
.text C:\\Windows\\system32\\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyExA 77A139AB 5 Bytes JMP 00770F7C \par
.text C:\\Windows\\system32\\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyA 77A13BA9 5 Bytes JMP 00770FB2 \par
.text C:\\Windows\\system32\\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyA 77A189C7 5 Bytes JMP 00770FEF \par
.text C:\\Windows\\system32\\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyW 77A2391E 5 Bytes JMP 00770F97 \par
.text C:\\Windows\\system32\\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyExW 77A241F1 5 Bytes JMP 00770F6B \par
.text C:\\Windows\\system32\\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyExA 77A27C42 5 Bytes JMP 00770FCD \par
.text C:\\Windows\\system32\\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyW 77A2E2B5 5 Bytes JMP 00770FDE \par
.text C:\\Windows\\system32\\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyExW 77A37BA1 5 Bytes JMP 0077001E \par
.text C:\\Windows\\system32\\svchost.exe[1144] WS2_32.dll!socket 769936D1 5 Bytes JMP 00760FE5 \par
.text C:\\Windows\\system32\\svchost.exe[1204] ntdll.dll!NtCreateFile 77D243D4 5 Bytes JMP 00850FEF \par
.text C:\\Windows\\system32\\svchost.exe[1204] ntdll.dll!NtCreateProcess 77D24494 5 Bytes JMP 00850FD4 \par
.text C:\\Windows\\system32\\svchost.exe[1204] ntdll.dll!NtProtectVirtualMemory 77D24D34 5 Bytes JMP 0085000A \par
.text C:\\Windows\\system32\\svchost.exe[1204] kernel32.dll!GetStartupInfoW 769C1929 5 Bytes JMP 00840F28 \par
.text C:\\Windows\\system32\\svchost.exe[1204] kernel32.dll!GetStartupInfoA 769C19C9 5 Bytes JMP 00840F4D \par
.text C:\\Windows\\system32\\svchost.exe[1204] kernel32.dll!CreateProcessW 769C1BF3 5 Bytes JMP 00840EF2 \par
.text C:\\Windows\\system32\\svchost.exe[1204] kernel32.dll!CreateProcessA 769C1C28 5 Bytes JMP 00840089 \par
.text C:\\Windows\\system32\\svchost.exe[1204] kernel32.dll!VirtualProtect 769C1DC3 5 Bytes JMP 00840067 \par
.text C:\\Windows\\system32\\svchost.exe[1204] kernel32.dll!CreateNamedPipeA 769C2EF5 5 Bytes JMP 00840FD4 \par
.text C:\\Windows\\system32\\svchost.exe[1204] kernel32.dll!CreateNamedPipeW 769C5C0C 5 Bytes JMP 00840FB9 \par
.text C:\\Windows\\system32\\svchost.exe[1204] kernel32.dll!CreatePipe 769E8E6E 5 Bytes JMP 00840F5E \par
.text C:\\Windows\\system32\\svchost.exe[1204] kernel32.dll!LoadLibraryExW 769E9109 5 Bytes JMP 00840F8D \par
.text C:\\Windows\\system32\\svchost.exe[1204] kernel32.dll!LoadLibraryW 769E9362 5 Bytes JMP 00840025 \par
.text C:\\Windows\\system32\\svchost.exe[1204] kernel32.dll!LoadLibraryExA 769E94B4 5 Bytes JMP 00840040 \par
.text C:\\Windows\\system32\\svchost.exe[1204] kernel32.dll!LoadLibraryA 769E94DC 5 Bytes JMP 00840F9E \par
.text C:\\Windows\\system32\\svchost.exe[1204] kernel32.dll!VirtualProtectEx 769EDBDA 5 Bytes JMP 00840078 \par
.text C:\\Windows\\system32\\svchost.exe[1204] kernel32.dll!GetProcAddress 76A0903B 5 Bytes JMP 0084009A \par
.text C:\\Windows\\system32\\svchost.exe[1204] kernel32.dll!CreateFileW 76A0AECB 5 Bytes JMP 0084000A \par
.text C:\\Windows\\system32\\svchost.exe[1204] kernel32.dll!CreateFileA 76A0CE5F 5 Bytes JMP 00840FE5 \par
.text C:\\Windows\\system32\\svchost.exe[1204] kernel32.dll!WinExec 76A55CF7 5 Bytes JMP 00840F17 \par
.text C:\\Windows\\system32\\svchost.exe[1204] msvcrt.dll!_wsystem 77C67F2F 5 Bytes JMP 008E0031 \par
.text C:\\Windows\\system32\\svchost.exe[1204] msvcrt.dll!system 77C6804B 5 Bytes JMP 008E0FA6 \par
.text C:\\Windows\\system32\\svchost.exe[1204] msvcrt.dll!_creat 77C6BBE1 5 Bytes JMP 008E0FC1 \par
.text C:\\Windows\\system32\\svchost.exe[1204] msvcrt.dll!_open 77C6D106 5 Bytes JMP 008E0FEF \par
.text C:\\Windows\\system32\\svchost.exe[1204] msvcrt.dll!_wcreat 77C6D326 5 Bytes JMP 008E0016 \par
.text C:\\Windows\\system32\\svchost.exe[1204] msvcrt.dll!_wopen 77C6D501 5 Bytes JMP 008E0FD2 \par
.text C:\\Windows\\system32\\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyExA 77A139AB 5 Bytes JMP 00870F83 \par
.text C:\\Windows\\system32\\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyA 77A13BA9 5 Bytes JMP 0087001B \par
.text C:\\Windows\\system32\\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyA 77A189C7 5 Bytes JMP 00870FEF \par
.text C:\\Windows\\system32\\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyW 77A2391E 5 Bytes JMP 00870F94 \par
.text C:\\Windows\\system32\\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyExW 77A241F1 5 Bytes JMP 0087004A \par
.text C:\\Windows\\system32\\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyExA 77A27C42 5 Bytes JMP 00870FCA \par
.text C:\\Windows\\system32\\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyW 77A2E2B5 5 Bytes JMP 00870000 \par
.text C:\\Windows\\system32\\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyExW 77A37BA1 5 Bytes JMP 00870FAF \par
.text C:\\Windows\\system32\\svchost.exe[1204] WS2_32.dll!socket 769936D1 5 Bytes JMP 00860FE5 \par
.text C:\\Windows\\System32\\svchost.exe[1268] ntdll.dll!NtCreateFile 77D243D4 5 Bytes JMP 00BB000A \par
.text C:\\Windows\\System32\\svchost.exe[1268] ntdll.dll!NtCreateProcess 77D24494 5 Bytes JMP 00BB0FD4 \par
.text C:\\Windows\\System32\\svchost.exe[1268] ntdll.dll!NtProtectVirtualMemory 77D24D34 5 Bytes JMP 00BB0FE5 \par
.text C:\\Windows\\System32\\svchost.exe[1268] kernel32.dll!GetStartupInfoW 769C1929 5 Bytes JMP 00AD00B5 \par
.text C:\\Windows\\System32\\svchost.exe[1268] kernel32.dll!GetStartupInfoA 769C19C9 5 Bytes JMP 00AD009A \par
.text C:\\Windows\\System32\\svchost.exe[1268] kernel32.dll!CreateProcessW 769C1BF3 5 Bytes JMP 00AD00D7 \par
.text C:\\Windows\\System32\\svchost.exe[1268] kernel32.dll!CreateProcessA 769C1C28 5 Bytes JMP 00AD00C6 \par
.text C:\\Windows\\System32\\svchost.exe[1268] kernel32.dll!VirtualProtect 769C1DC3 5 Bytes JMP 00AD005D \par
.text C:\\Windows\\System32\\svchost.exe[1268] kernel32.dll!CreateNamedPipeA 769C2EF5 5 Bytes JMP 00AD0FD4 \par
.text C:\\Windows\\System32\\svchost.exe[1268] kernel32.dll!CreateNamedPipeW 769C5C0C 5 Bytes JMP 00AD0FB9 \par
.text C:\\Windows\\System32\\svchost.exe[1268] kernel32.dll!CreatePipe 769E8E6E 5 Bytes JMP 00AD0089 \par
.text C:\\Windows\\System32\\svchost.exe[1268] kernel32.dll!LoadLibraryExW 769E9109 5 Bytes JMP 00AD004C \par
.text C:\\Windows\\System32\\svchost.exe[1268] kernel32.dll!LoadLibraryW 769E9362 5 Bytes JMP 00AD0F8D \par
.text C:\\Windows\\System32\\svchost.exe[1268] kernel32.dll!LoadLibraryExA 769E94B4 5 Bytes JMP 00AD002F \par
.text C:\\Windows\\System32\\svchost.exe[1268] kernel32.dll!LoadLibraryA 769E94DC 5 Bytes JMP 00AD0FA8 \par
.text C:\\Windows\\System32\\svchost.exe[1268] kernel32.dll!VirtualProtectEx 769EDBDA 5 Bytes JMP 00AD0078 \par
.text C:\\Windows\\System32\\svchost.exe[1268] kernel32.dll!GetProcAddress 76A0903B 5 Bytes JMP 00AD00E8 \par
.text C:\\Windows\\System32\\svchost.exe[1268] kernel32.dll!CreateFileW 76A0AECB 5 Bytes JMP 00AD0000 \par
.text C:\\Windows\\System32\\svchost.exe[1268] kernel32.dll!CreateFileA 76A0CE5F 5 Bytes JMP 00AD0FE5 \par
.text C:\\Windows\\System32\\svchost.exe[1268] kernel32.dll!WinExec 76A55CF7 5 Bytes JMP 00AD0F54 \par
.text C:\\Windows\\System32\\svchost.exe[1268] msvcrt.dll!_wsystem 77C67F2F 5 Bytes JMP 00F7005F \par
.text C:\\Windows\\System32\\svchost.exe[1268] msvcrt.dll!system 77C6804B 5 Bytes JMP 00F70FDE \par
.text C:\\Windows\\System32\\svchost.exe[1268] msvcrt.dll!_creat 77C6BBE1 5 Bytes JMP 00F70033 \par
.text C:\\Windows\\System32\\svchost.exe[1268] msvcrt.dll!_open 77C6D106 5 Bytes JMP 00F70000 \par
.text C:\\Windows\\System32\\svchost.exe[1268] msvcrt.dll!_wcreat 77C6D326 5 Bytes JMP 00F70044 \par
.text C:\\Windows\\System32\\svchost.exe[1268] msvcrt.dll!_wopen 77C6D501 5 Bytes JMP 00F70FEF \par
.text C:\\Windows\\System32\\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyExA 77A139AB 5 Bytes JMP 00F60F94 \par
.text C:\\Windows\\System32\\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyA 77A13BA9 5 Bytes JMP 00F60FC0 \par
.text C:\\Windows\\System32\\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyA 77A189C7 5 Bytes JMP 00F60000 \par
.text C:\\Windows\\System32\\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyW 77A2391E 5 Bytes JMP 00F60FAF \par
.text C:\\Windows\\System32\\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyExW 77A241F1 5 Bytes JMP 00F60F83 \par
.text C:\\Windows\\System32\\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyExA 77A27C42 5 Bytes JMP 00F60FE5 \par
.text C:\\Windows\\System32\\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyW 77A2E2B5 5 Bytes JMP 00F60011 \par
.text C:\\Windows\\System32\\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyExW 77A37BA1 5 Bytes JMP 00F60036 \par
.text C:\\Windows\\System32\\svchost.exe[1268] WS2_32.dll!socket 769936D1 5 Bytes JMP 00BC0000 \par
.text C:\\Windows\\system32\\svchost.exe[1308] ntdll.dll!NtCreateFile 77D243D4 5 Bytes JMP 00650000 \par
.text C:\\Windows\\system32\\svchost.exe[1308] ntdll.dll!NtCreateProcess 77D24494 5 Bytes JMP 00650FE5 \par
.text C:\\Windows\\system32\\svchost.exe[1308] ntdll.dll!NtProtectVirtualMemory 77D24D34 5 Bytes JMP 0065001B \par
.text C:\\Windows\\system32\\svchost.exe[1308] kernel32.dll!GetStartupInfoW 769C1929 5 Bytes JMP 0062007B \par
.text C:\\Windows\\system32\\svchost.exe[1308] kernel32.dll!GetStartupInfoA 769C19C9 5 Bytes JMP 00620F2B \par
.text C:\\Windows\\system32\\svchost.exe[1308] kernel32.dll!CreateProcessW 769C1BF3 5 Bytes JMP 00620EE4 \par
.text C:\\Windows\\system32\\svchost.exe[1308] kernel32.dll!CreateProcessA 769C1C28 5 Bytes JMP 00620EFF \par
.text C:\\Windows\\system32\\svchost.exe[1308] kernel32.dll!VirtualProtect 769C1DC3 5 Bytes JMP 00620F5E \par
.text C:\\Windows\\system32\\svchost.exe[1308] kernel32.dll!CreateNamedPipeA 769C2EF5 5 Bytes JMP 0062000A \par
.text C:\\Windows\\system32\\svchost.exe[1308] kernel32.dll!CreateNamedPipeW 769C5C0C 5 Bytes JMP 0062001B \par
.text C:\\Windows\\system32\\svchost.exe[1308] kernel32.dll!CreatePipe 769E8E6E 5 Bytes JMP 00620F3C \par
.text C:\\Windows\\system32\\svchost.exe[1308] kernel32.dll!LoadLibraryExW 769E9109 5 Bytes JMP 00620F6F \par
.text C:\\Windows\\system32\\svchost.exe[1308] kernel32.dll!LoadLibraryW 769E9362 5 Bytes JMP 0062002C \par
.text C:\\Windows\\system32\\svchost.exe[1308] kernel32.dll!LoadLibraryExA 769E94B4 5 Bytes JMP 00620F80 \par
.text C:\\Windows\\system32\\svchost.exe[1308] kernel32.dll!LoadLibraryA 769E94DC 5 Bytes JMP 00620FAF \par
.text C:\\Windows\\system32\\svchost.exe[1308] kernel32.dll!VirtualProtectEx 769EDBDA 5 Bytes JMP 00620F4D \par
.text C:\\Windows\\system32\\svchost.exe[1308] kernel32.dll!GetProcAddress 76A0903B 5 Bytes JMP 00620ED3 \par
.text C:\\Windows\\system32\\svchost.exe[1308] kernel32.dll!CreateFileW 76A0AECB 5 Bytes JMP 00620FD4 \par
.text C:\\Windows\\system32\\svchost.exe[1308] kernel32.dll!CreateFileA 76A0CE5F 5 Bytes JMP 00620FE5 \par
.text C:\\Windows\\system32\\svchost.exe[1308] kernel32.dll!WinExec 76A55CF7 5 Bytes JMP 00620F10 \par
.text C:\\Windows\\system32\\svchost.exe[1308] msvcrt.dll!_wsystem 77C67F2F 5 Bytes JMP 00640FBC \par
.text C:\\Windows\\system32\\svchost.exe[1308] msvcrt.dll!system 77C6804B 5 Bytes JMP 00640047 \par
.text C:\\Windows\\system32\\svchost.exe[1308] msvcrt.dll!_creat 77C6BBE1 5 Bytes JMP 00640022 \par
.text C:\\Windows\\system32\\svchost.exe[1308] msvcrt.dll!_open 77C6D106 5 Bytes JMP 00640FEF \par
.text C:\\Windows\\system32\\svchost.exe[1308] msvcrt.dll!_wcreat 77C6D326 5 Bytes JMP 00640FCD \par
.text C:\\Windows\\system32\\svchost.exe[1308] msvcrt.dll!_wopen 77C6D501 5 Bytes JMP 00640FDE \par
.text C:\\Windows\\system32\\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExA 77A139AB 5 Bytes JMP 00630062 \par
.text C:\\Windows\\system32\\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyA 77A13BA9 5 Bytes JMP 00630040 \par
.text C:\\Windows\\system32\\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyA 77A189C7 5 Bytes JMP 00630FE5 \par
.text C:\\Windows\\system32\\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyW 77A2391E 5 Bytes JMP 00630051 \par
.text C:\\Windows\\system32\\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExW 77A241F1 5 Bytes JMP 00630FAF \par
.text C:\\Windows\\system32\\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExA 77A27C42 5 Bytes JMP 00630025 \par
.text C:\\Windows\\system32\\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyW 77A2E2B5 5 Bytes JMP 00630000 \par
.text C:\\Windows\\system32\\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExW 77A37BA1 5 Bytes JMP 00630FCA \par
.text C:\\Windows\\system32\\svchost.exe[1308] WS2_32.dll!socket 769936D1 5 Bytes JMP 00610000 \par
.text C:\\Windows\\system32\\svchost.exe[1316] ntdll.dll!NtCreateFile 77D243D4 5 Bytes JMP 00E9000A \par
.text C:\\Windows\\system32\\svchost.exe[1316] ntdll.dll!NtCreateProcess 77D24494 5 Bytes JMP 00E90FDE \par
.text C:\\Windows\\system32\\svchost.exe[1316] ntdll.dll!NtProtectVirtualMemory 77D24D34 5 Bytes JMP 00E90FEF \par
.text C:\\Windows\\system32\\svchost.exe[1316] kernel32.dll!GetStartupInfoW 769C1929 5 Bytes JMP 009D0F2B \par
.text C:\\Windows\\system32\\svchost.exe[1316] kernel32.dll!GetStartupInfoA 769C19C9 5 Bytes JMP 009D0071 \par
.text C:\\Windows\\system32\\svchost.exe[1316] kernel32.dll!CreateProcessW 769C1BF3 5 Bytes JMP 009D0096 \par
.text C:\\Windows\\system32\\svchost.exe[1316] kernel32.dll!CreateProcessA 769C1C28 5 Bytes JMP 009D0EFF \par
.text C:\\Windows\\system32\\svchost.exe[1316] kernel32.dll!VirtualProtect 769C1DC3 5 Bytes JMP 009D0056 \par
.text C:\\Windows\\system32\\svchost.exe[1316] kernel32.dll!CreateNamedPipeA 769C2EF5 5 Bytes JMP 009D0014 \par
.text C:\\Windows\\system32\\svchost.exe[1316] kernel32.dll!CreateNamedPipeW 769C5C0C 5 Bytes JMP 009D0FC3 \par
.text C:\\Windows\\system32\\svchost.exe[1316] kernel32.dll!CreatePipe 769E8E6E 5 Bytes JMP 009D0F50 \par
.text C:\\Windows\\system32\\svchost.exe[1316] kernel32.dll!LoadLibraryExW 769E9109 5 Bytes JMP 009D0F7C \par
.text C:\\Windows\\system32\\svchost.exe[1316] kernel32.dll!LoadLibraryW 769E9362 5 Bytes JMP 009D0039 \par
.text C:\\Windows\\system32\\svchost.exe[1316] kernel32.dll!LoadLibraryExA 769E94B4 5 Bytes JMP 009D0F97 \par
.text C:\\Windows\\system32\\svchost.exe[1316] kernel32.dll!LoadLibraryA 769E94DC 5 Bytes JMP 009D0FB2 \par
.text C:\\Windows\\system32\\svchost.exe[1316] kernel32.dll!VirtualProtectEx 769EDBDA 5 Bytes JMP 009D0F61 \par
.text C:\\Windows\\system32\\svchost.exe[1316] kernel32.dll!GetProcAddress 76A0903B 5 Bytes JMP 009D0EE4 \par
.text C:\\Windows\\system32\\svchost.exe[1316] kernel32.dll!CreateFileW 76A0AECB 5 Bytes JMP 009D0FDE \par
.text C:\\Windows\\system32\\svchost.exe[1316] kernel32.dll!CreateFileA 76A0CE5F 5 Bytes JMP 009D0FEF \par
.text C:\\Windows\\system32\\svchost.exe[1316] kernel32.dll!WinExec 76A55CF7 5 Bytes JMP 009D0F1A \par
.text C:\\Windows\\system32\\svchost.exe[1316] msvcrt.dll!_wsystem 77C67F2F 5 Bytes JMP 009F0F7F \par
.text C:\\Windows\\system32\\svchost.exe[1316] msvcrt.dll!system 77C6804B 5 Bytes JMP 009F0014 \par
.text C:\\Windows\\system32\\svchost.exe[1316] msvcrt.dll!_creat 77C6BBE1 5 Bytes JMP 009F0FB5 \par
.text C:\\Windows\\system32\\svchost.exe[1316] msvcrt.dll!_open 77C6D106 5 Bytes JMP 009F0FEF \par
.text C:\\Windows\\system32\\svchost.exe[1316] msvcrt.dll!_wcreat 77C6D326 5 Bytes JMP 009F0F9A \par
.text C:\\Windows\\system32\\svchost.exe[1316] msvcrt.dll!_wopen 77C6D501 5 Bytes JMP 009F0FC6 \par
.text C:\\Windows\\system32\\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyExA 77A139AB 5 Bytes JMP 009E0073 \par
.text C:\\Windows\\system32\\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyA 77A13BA9 5 Bytes JMP 009E0051 \par
.text C:\\Windows\\system32\\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyA 77A189C7 5 Bytes JMP 009E0000 \par
.text C:\\Windows\\system32\\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyW 77A2391E 5 Bytes JMP 009E0062 \par
.text C:\\Windows\\system32\\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyExW 77A241F1 5 Bytes JMP 009E0FB6 \par
.text C:\\Windows\\system32\\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyExA 77A27C42 5 Bytes JMP 009E0FE5 \par
.text C:\\Windows\\system32\\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyW 77A2E2B5 5 Bytes JMP 009E0011 \par
.text C:\\Windows\\system32\\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyExW 77A37BA1 5 Bytes JMP 009E0036 \par
.text C:\\Windows\\system32\\svchost.exe[1316] WS2_32.dll!socket 769936D1 5 Bytes JMP 009C0000 \par
.text C:\\Windows\\System32\\svchost.exe[1344] ntdll.dll!NtCreateFile 77D243D4 5 Bytes JMP 00F50FE5 \par
.text C:\\Windows\\System32\\svchost.exe[1344] ntdll.dll!NtCreateProcess 77D24494 5 Bytes JMP 00F5000A \par
.text C:\\Windows\\System32\\svchost.exe[1344] ntdll.dll!NtProtectVirtualMemory 77D24D34 5 Bytes JMP 00F50FD4 \par
.text C:\\Windows\\System32\\svchost.exe[1344] kernel32.dll!GetStartupInfoW 769C1929 5 Bytes JMP 00F40097 \par
.text C:\\Windows\\System32\\svchost.exe[1344] kernel32.dll!GetStartupInfoA 769C19C9 5 Bytes JMP 00F40F47 \par
.text C:\\Windows\\System32\\svchost.exe[1344] kernel32.dll!CreateProcessW 769C1BF3 5 Bytes JMP 00F40F1B \par
.text C:\\Windows\\System32\\svchost.exe[1344] kernel32.dll!CreateProcessA 769C1C28 5 Bytes JMP 00F400B2 \par
.text C:\\Windows\\System32\\svchost.exe[1344] kernel32.dll!VirtualProtect 769C1DC3 5 Bytes JMP 00F40F7A \par
.text C:\\Windows\\System32\\svchost.exe[1344] kernel32.dll!CreateNamedPipeA 769C2EF5 5 Bytes JMP 00F40FEF \par
.text C:\\Windows\\System32\\svchost.exe[1344] kernel32.dll!CreateNamedPipeW 769C5C0C 5 Bytes JMP 00F40FD4 \par
.text C:\\Windows\\System32\\svchost.exe[1344] kernel32.dll!CreatePipe 769E8E6E 5 Bytes JMP 00F40F58 \par
.text C:\\Windows\\System32\\svchost.exe[1344] kernel32.dll!LoadLibraryExW 769E9109 5 Bytes JMP 00F40F8B \par
.text C:\\Windows\\System32\\svchost.exe[1344] kernel32.dll!LoadLibraryW 769E9362 5 Bytes JMP 00F40FB9 \par
.text C:\\Windows\\System32\\svchost.exe[1344] kernel32.dll!LoadLibraryExA 769E94B4 5 Bytes JMP 00F40FA8 \par
.text C:\\Windows\\System32\\svchost.exe[1344] kernel32.dll!LoadLibraryA 769E94DC 5 Bytes JMP 00F40036 \par
.text C:\\Windows\\System32\\svchost.exe[1344] kernel32.dll!VirtualProtectEx 769EDBDA 5 Bytes JMP 00F40F69 \par
.text C:\\Windows\\System32\\svchost.exe[1344] kernel32.dll!GetProcAddress 76A0903B 5 Bytes JMP 00F40F0A \par
.text C:\\Windows\\System32\\svchost.exe[1344] kernel32.dll!CreateFileW 76A0AECB 5 Bytes JMP 00F4001B \par
.text C:\\Windows\\System32\\svchost.exe[1344] kernel32.dll!CreateFileA 76A0CE5F 5 Bytes JMP 00F40000 \par
.text C:\\Windows\\System32\\svchost.exe[1344] kernel32.dll!WinExec 76A55CF7 5 Bytes JMP 00F40F36 \par
.text C:\\Windows\\System32\\svchost.exe[1344] msvcrt.dll!_wsystem 77C67F2F 5 Bytes JMP 00FD004B \par
.text C:\\Windows\\System32\\svchost.exe[1344] msvcrt.dll!system 77C6804B 5 Bytes JMP 00FD003A \par
.text C:\\Windows\\System32\\svchost.exe[1344] msvcrt.dll!_creat 77C6BBE1 5 Bytes JMP 00FD0029 \par
.text C:\\Windows\\System32\\svchost.exe[1344] msvcrt.dll!_open 77C6D106 5 Bytes JMP 00FD0000 \par
.text C:\\Windows\\System32\\svchost.exe[1344] msvcrt.dll!_wcreat 77C6D326 5 Bytes JMP 00FD0FCA \par
.text C:\\Windows\\System32\\svchost.exe[1344] msvcrt.dll!_wopen 77C6D501 5 Bytes JMP 00FD0FEF \par
.text C:\\Windows\\System32\\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyExA 77A139AB 5 Bytes JMP 00F80F7C \par
.text C:\\Windows\\System32\\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyA 77A13BA9 5 Bytes JMP 00F80FA8 \par
.text C:\\Windows\\System32\\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyA 77A189C7 5 Bytes JMP 00F80FE5 \par
.text C:\\Windows\\System32\\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyW 77A2391E 5 Bytes JMP 00F80F97 \par
.text C:\\Windows\\System32\\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyExW 77A241F1 5 Bytes JMP 00F80F61 \par
.text C:\\Windows\\System32\\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyExA 77A27C42 5 Bytes JMP 00F80FCA \par
.text C:\\Windows\\System32\\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyW 77A2E2B5 5 Bytes JMP 00F80000 \par
.text C:\\Windows\\System32\\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyExW 77A37BA1 5 Bytes JMP 00F80FB9 \par
.text C:\\Windows\\System32\\svchost.exe[1344] WS2_32.dll!socket 769936D1 5 Bytes JMP 00F60FEF \par
.text C:\\Windows\\system32\\svchost.exe[1360] ntdll.dll!NtCreateFile 77D243D4 5 Bytes JMP 00E00000 \par
.text C:\\Windows\\system32\\svchost.exe[1360] ntdll.dll!NtCreateProcess 77D24494 5 Bytes JMP 00E00FDE \par
.text C:\\Windows\\system32\\svchost.exe[1360] ntdll.dll!NtProtectVirtualMemory 77D24D34 5 Bytes JMP 00E00FEF \par
.text C:\\Windows\\system32\\svchost.exe[1360] kernel32.dll!GetStartupInfoW 769C1929 5 Bytes JMP 00DE00AE \par
.text C:\\Windows\\system32\\svchost.exe[1360] kernel32.dll!GetStartupInfoA 769C19C9 5 Bytes JMP 00DE0F68 \par
.text C:\\Windows\\system32\\svchost.exe[1360] kernel32.dll!CreateProcessW 769C1BF3 5 Bytes JMP 00DE00EB \par
.text C:\\Windows\\system32\\svchost.exe[1360] kernel32.dll!CreateProcessA 769C1C28 5 Bytes JMP 00DE00D0 \par
.text C:\\Windows\\system32\\svchost.exe[1360] kernel32.dll!VirtualProtect 769C1DC3 5 Bytes JMP 00DE0F94 \par
.text C:\\Windows\\system32\\svchost.exe[1360] kernel32.dll!CreateNamedPipeA 769C2EF5 5 Bytes JMP 00DE0FE5 \par
.text C:\\Windows\\system32\\svchost.exe[1360] kernel32.dll!CreateNamedPipeW 769C5C0C 5 Bytes JMP 00DE0040 \par
.text C:\\Windows\\system32\\svchost.exe[1360] kernel32.dll!CreatePipe 769E8E6E 5 Bytes JMP 00DE0093 \par
.text C:\\Windows\\system32\\svchost.exe[1360] kernel32.dll!LoadLibraryExW 769E9109 5 Bytes JMP 00DE0FA5 \par
.text C:\\Windows\\system32\\svchost.exe[1360] kernel32.dll!LoadLibraryW 769E9362 5 Bytes JMP 00DE0062 \par
.text C:\\Windows\\system32\\svchost.exe[1360] kernel32.dll!LoadLibraryExA 769E94B4 5 Bytes JMP 00DE0FB6 \par
.text C:\\Windows\\system32\\svchost.exe[1360] kernel32.dll!LoadLibraryA 769E94DC 5 Bytes JMP 00DE0051 \par
.text C:\\Windows\\system32\\svchost.exe[1360] kernel32.dll!VirtualProtectEx 769EDBDA 5 Bytes JMP 00DE0F83 \par
.text C:\\Windows\\system32\\svchost.exe[1360] kernel32.dll!GetProcAddress 76A0903B 5 Bytes JMP 00DE0106 \par
.text C:\\Windows\\system32\\svchost.exe[1360] kernel32.dll!CreateFileW 76A0AECB 5 Bytes JMP 00DE001B \par
.text C:\\Windows\\system32\\svchost.exe[1360] kernel32.dll!CreateFileA 76A0CE5F 5 Bytes JMP 00DE000A \par
.text C:\\Windows\\system32\\svchost.exe[1360] kernel32.dll!WinExec

intrus 31.08.2010 21:39
hier gehts weiter:

76A55CF7 5 Bytes JMP 00DE00BF \par
.text C:\\Windows\\system32\\svchost.exe[1360] msvcrt.dll!_wsystem 77C67F2F 5 Bytes JMP 01690069 \par
.text C:\\Windows\\system32\\svchost.exe[1360] msvcrt.dll!system 77C6804B 5 Bytes JMP 01690FD4 \par
.text C:\\Windows\\system32\\svchost.exe[1360] msvcrt.dll!_creat 77C6BBE1 5 Bytes JMP 01690FEF \par
.text C:\\Windows\\system32\\svchost.exe[1360] msvcrt.dll!_open 77C6D106 5 Bytes JMP 0169000C \par
.text C:\\Windows\\system32\\svchost.exe[1360] msvcrt.dll!_wcreat 77C6D326 5 Bytes JMP 01690044 \par
.text C:\\Windows\\system32\\svchost.exe[1360] msvcrt.dll!_wopen 77C6D501 5 Bytes JMP 01690029 \par
.text C:\\Windows\\system32\\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyExA 77A139AB 5 Bytes JMP 00DF0FC0 \par
.text C:\\Windows\\system32\\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyA 77A13BA9 5 Bytes JMP 00DF0FD1 \par
.text C:\\Windows\\system32\\svchost.exe[1360] ADVAPI32.dll!RegOpenKeyA 77A189C7 5 Bytes JMP 00DF0000 \par
.text C:\\Windows\\system32\\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyW 77A2391E 5 Bytes JMP 00DF0062 \par
.text C:\\Windows\\system32\\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyExW 77A241F1 5 Bytes JMP 00DF0F9B \par
.text C:\\Windows\\system32\\svchost.exe[1360] ADVAPI32.dll!RegOpenKeyExA 77A27C42 5 Bytes JMP 00DF0022 \par
.text C:\\Windows\\system32\\svchost.exe[1360] ADVAPI32.dll!RegOpenKeyW 77A2E2B5 5 Bytes JMP 00DF0011 \par
.text C:\\Windows\\system32\\svchost.exe[1360] ADVAPI32.dll!RegOpenKeyExW 77A37BA1 5 Bytes JMP 00DF003D \par
.text C:\\Windows\\system32\\svchost.exe[1360] WS2_32.dll!socket 769936D1 5 Bytes JMP 014E0FE5 \par
.text C:\\Windows\\system32\\svchost.exe[1488] ntdll.dll!NtCreateFile 77D243D4 5 Bytes JMP 00160FE5 \par
.text C:\\Windows\\system32\\svchost.exe[1488] ntdll.dll!NtCreateProcess 77D24494 5 Bytes JMP 00160FB9 \par
.text C:\\Windows\\system32\\svchost.exe[1488] ntdll.dll!NtProtectVirtualMemory 77D24D34 5 Bytes JMP 00160FD4 \par
.text C:\\Windows\\system32\\svchost.exe[1488] kernel32.dll!GetStartupInfoW 769C1929 5 Bytes JMP 001400B6 \par
.text C:\\Windows\\system32\\svchost.exe[1488] kernel32.dll!GetStartupInfoA 769C19C9 5 Bytes JMP 00140F70 \par
.text C:\\Windows\\system32\\svchost.exe[1488] kernel32.dll!CreateProcessW 769C1BF3 5 Bytes JMP 00140F33 \par
.text C:\\Windows\\system32\\svchost.exe[1488] kernel32.dll!CreateProcessA 769C1C28 5 Bytes JMP 00140F4E \par
.text C:\\Windows\\system32\\svchost.exe[1488] kernel32.dll!VirtualProtect 769C1DC3 5 Bytes JMP 00140076 \par
.text C:\\Windows\\system32\\svchost.exe[1488] kernel32.dll!CreateNamedPipeA 769C2EF5 5 Bytes JMP 00140FDE \par
.text C:\\Windows\\system32\\svchost.exe[1488] kernel32.dll!CreateNamedPipeW 769C5C0C 5 Bytes JMP 00140FCD \par
.text C:\\Windows\\system32\\svchost.exe[1488] kernel32.dll!CreatePipe 769E8E6E 5 Bytes JMP 0014009B \par
.text C:\\Windows\\system32\\svchost.exe[1488] kernel32.dll!LoadLibraryExW 769E9109 5 Bytes JMP 00140065 \par
.text C:\\Windows\\system32\\svchost.exe[1488] kernel32.dll!LoadLibraryW 769E9362 5 Bytes JMP 00140FB2 \par
.text C:\\Windows\\system32\\svchost.exe[1488] kernel32.dll!LoadLibraryExA 769E94B4 5 Bytes JMP 00140054 \par
.text C:\\Windows\\system32\\svchost.exe[1488] kernel32.dll!LoadLibraryA 769E94DC 5 Bytes JMP 00140039 \par
.text C:\\Windows\\system32\\svchost.exe[1488] kernel32.dll!VirtualProtectEx 769EDBDA 5 Bytes JMP 00140F81 \par
.text C:\\Windows\\system32\\svchost.exe[1488] kernel32.dll!GetProcAddress 76A0903B 5 Bytes JMP 001400E5 \par
.text C:\\Windows\\system32\\svchost.exe[1488] kernel32.dll!CreateFileW 76A0AECB 5 Bytes JMP 0014000A \par
.text C:\\Windows\\system32\\svchost.exe[1488] kernel32.dll!CreateFileA 76A0CE5F 5 Bytes JMP 00140FEF \par
.text C:\\Windows\\system32\\svchost.exe[1488] kernel32.dll!WinExec 76A55CF7 5 Bytes JMP 00140F5F \par
.text C:\\Windows\\system32\\svchost.exe[1488] msvcrt.dll!_wsystem 77C67F2F 5 Bytes JMP 00180FA6 \par
.text C:\\Windows\\system32\\svchost.exe[1488] msvcrt.dll!system 77C6804B 5 Bytes JMP 00180FB7 \par
.text C:\\Windows\\system32\\svchost.exe[1488] msvcrt.dll!_creat 77C6BBE1 5 Bytes JMP 00180016 \par
.text C:\\Windows\\system32\\svchost.exe[1488] msvcrt.dll!_open 77C6D106 5 Bytes JMP 00180FEF \par
.text C:\\Windows\\system32\\svchost.exe[1488] msvcrt.dll!_wcreat 77C6D326 5 Bytes JMP 00180027 \par
.text C:\\Windows\\system32\\svchost.exe[1488] msvcrt.dll!_wopen 77C6D501 5 Bytes JMP 00180FD2 \par
.text C:\\Windows\\system32\\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyExA 77A139AB 5 Bytes JMP 00150FD4 \par
.text C:\\Windows\\system32\\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyA 77A13BA9 5 Bytes JMP 0015005B \par
.text C:\\Windows\\system32\\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyA 77A189C7 5 Bytes JMP 00150000 \par
.text C:\\Windows\\system32\\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyW 77A2391E 5 Bytes JMP 00150080 \par
.text C:\\Windows\\system32\\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyExW 77A241F1 5 Bytes JMP 00150FC3 \par
.text C:\\Windows\\system32\\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyExA 77A27C42 5 Bytes JMP 00150FEF \par
.text C:\\Windows\\system32\\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyW 77A2E2B5 5 Bytes JMP 0015001B \par
.text C:\\Windows\\system32\\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyExW 77A37BA1 5 Bytes JMP 0015004A \par
.text C:\\Windows\\system32\\svchost.exe[1488] WS2_32.dll!socket 769936D1 5 Bytes JMP 00170000 \par
.text C:\\Windows\\system32\\svchost.exe[1540] ntdll.dll!NtCreateFile 77D243D4 5 Bytes JMP 008B0FEF \par
.text C:\\Windows\\system32\\svchost.exe[1540] ntdll.dll!NtCreateProcess 77D24494 5 Bytes JMP 008B0FC3 \par
.text C:\\Windows\\system32\\svchost.exe[1540] ntdll.dll!NtProtectVirtualMemory 77D24D34 5 Bytes JMP 008B0FDE \par
.text C:\\Windows\\system32\\svchost.exe[1540] kernel32.dll!GetStartupInfoW 769C1929 5 Bytes JMP 00890F46 \par
.text C:\\Windows\\system32\\svchost.exe[1540] kernel32.dll!GetStartupInfoA 769C19C9 5 Bytes JMP 0089008C \par
.text C:\\Windows\\system32\\svchost.exe[1540] kernel32.dll!CreateProcessW 769C1BF3 5 Bytes JMP 008900D3 \par
.text C:\\Windows\\system32\\svchost.exe[1540] kernel32.dll!CreateProcessA 769C1C28 5 Bytes JMP 008900AE \par
.text C:\\Windows\\system32\\svchost.exe[1540] kernel32.dll!VirtualProtect 769C1DC3 5 Bytes JMP 00890F75 \par
.text C:\\Windows\\system32\\svchost.exe[1540] kernel32.dll!CreateNamedPipeA 769C2EF5 5 Bytes JMP 00890FDE \par
.text C:\\Windows\\system32\\svchost.exe[1540] kernel32.dll!CreateNamedPipeW 769C5C0C 5 Bytes JMP 00890FC3 \par
.text C:\\Windows\\system32\\svchost.exe[1540] kernel32.dll!CreatePipe 769E8E6E 5 Bytes JMP 0089007B \par
.text C:\\Windows\\system32\\svchost.exe[1540] kernel32.dll!LoadLibraryExW 769E9109 5 Bytes JMP 00890F86 \par
.text C:\\Windows\\system32\\svchost.exe[1540] kernel32.dll!LoadLibraryW 769E9362 5 Bytes JMP 00890FA1 \par
.text C:\\Windows\\system32\\svchost.exe[1540] kernel32.dll!LoadLibraryExA 769E94B4 5 Bytes JMP 00890043 \par
.text C:\\Windows\\system32\\svchost.exe[1540] kernel32.dll!LoadLibraryA 769E94DC 5 Bytes JMP 00890FB2 \par
.text C:\\Windows\\system32\\svchost.exe[1540] kernel32.dll!VirtualProtectEx 769EDBDA 5 Bytes JMP 0089006A \par
.text C:\\Windows\\system32\\svchost.exe[1540] kernel32.dll!GetProcAddress 76A0903B 5 Bytes JMP 008900EE \par
.text C:\\Windows\\system32\\svchost.exe[1540] kernel32.dll!CreateFileW 76A0AECB 5 Bytes JMP 00890014 \par
.text C:\\Windows\\system32\\svchost.exe[1540] kernel32.dll!CreateFileA 76A0CE5F 5 Bytes JMP 00890FEF \par
.text C:\\Windows\\system32\\svchost.exe[1540] kernel32.dll!WinExec 76A55CF7 5 Bytes JMP 0089009D \par
.text C:\\Windows\\system32\\svchost.exe[1540] msvcrt.dll!_wsystem 77C67F2F 5 Bytes JMP 009A0F7C \par
.text C:\\Windows\\system32\\svchost.exe[1540] msvcrt.dll!system 77C6804B 5 Bytes JMP 009A0F97 \par
.text C:\\Windows\\system32\\svchost.exe[1540] msvcrt.dll!_creat 77C6BBE1 5 Bytes JMP 009A0000 \par
.text C:\\Windows\\system32\\svchost.exe[1540] msvcrt.dll!_open 77C6D106 5 Bytes JMP 009A0FEF \par
.text C:\\Windows\\system32\\svchost.exe[1540] msvcrt.dll!_wcreat 77C6D326 5 Bytes JMP 009A0011 \par
.text C:\\Windows\\system32\\svchost.exe[1540] msvcrt.dll!_wopen 77C6D501 5 Bytes JMP 009A0FC6 \par
.text C:\\Windows\\system32\\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyExA 77A139AB 1 Byte [E9]\par
.text C:\\Windows\\system32\\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyExA 77A139AB 5 Bytes JMP 008A0FAF \par
.text C:\\Windows\\system32\\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyA 77A13BA9 5 Bytes JMP 008A0FC0 \par
.text C:\\Windows\\system32\\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyA 77A189C7 5 Bytes JMP 008A0000 \par
.text C:\\Windows\\system32\\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyW 77A2391E 5 Bytes JMP 008A0051 \par
.text C:\\Windows\\system32\\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyExW 77A241F1 5 Bytes JMP 008A006C \par
.text C:\\Windows\\system32\\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyExA 77A27C42 5 Bytes JMP 008A001B \par
.text C:\\Windows\\system32\\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyW 77A2E2B5 5 Bytes JMP 008A0FE5 \par
.text C:\\Windows\\system32\\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyExW 77A37BA1 5 Bytes JMP 008A002C \par
.text C:\\Windows\\system32\\svchost.exe[1540] WS2_32.dll!socket 769936D1 5 Bytes JMP 008C0FEF \par
.text C:\\Windows\\system32\\svchost.exe[1732] ntdll.dll!NtCreateFile 77D243D4 5 Bytes JMP 00F50000 \par
.text C:\\Windows\\system32\\svchost.exe[1732] ntdll.dll!NtCreateProcess 77D24494 5 Bytes JMP 00F50FDB \par
.text C:\\Windows\\system32\\svchost.exe[1732] ntdll.dll!NtProtectVirtualMemory 77D24D34 5 Bytes JMP 00F50011 \par
.text C:\\Windows\\system32\\svchost.exe[1732] kernel32.dll!GetStartupInfoW 769C1929 5 Bytes JMP 00DD0F68 \par
.text C:\\Windows\\system32\\svchost.exe[1732] kernel32.dll!GetStartupInfoA 769C19C9 5 Bytes JMP 00DD00AE \par
.text C:\\Windows\\system32\\svchost.exe[1732] kernel32.dll!CreateProcessW 769C1BF3 5 Bytes JMP 00DD0F3C \par
.text C:\\Windows\\system32\\svchost.exe[1732] kernel32.dll!CreateProcessA 769C1C28 5 Bytes JMP 00DD00DD \par
.text C:\\Windows\\system32\\svchost.exe[1732] kernel32.dll!VirtualProtect 769C1DC3 5 Bytes JMP 00DD0082 \par
.text C:\\Windows\\system32\\svchost.exe[1732] kernel32.dll!CreateNamedPipeA 769C2EF5 5 Bytes JMP 00DD0022 \par
.text C:\\Windows\\system32\\svchost.exe[1732] kernel32.dll!CreateNamedPipeW 769C5C0C 5 Bytes JMP 00DD0FDB \par
.text C:\\Windows\\system32\\svchost.exe[1732] kernel32.dll!CreatePipe 769E8E6E 5 Bytes JMP 00DD009D \par
.text C:\\Windows\\system32\\svchost.exe[1732] kernel32.dll!LoadLibraryExW 769E9109 5 Bytes JMP 00DD0F9E \par
.text C:\\Windows\\system32\\svchost.exe[1732] kernel32.dll!LoadLibraryW 769E9362 5 Bytes JMP 00DD0FB9 \par
.text C:\\Windows\\system32\\svchost.exe[1732] kernel32.dll!LoadLibraryExA 769E94B4 5 Bytes JMP 00DD005B \par
.text C:\\Windows\\system32\\svchost.exe[1732] kernel32.dll!LoadLibraryA 769E94DC 5 Bytes JMP 00DD0FCA \par
.text C:\\Windows\\system32\\svchost.exe[1732] kernel32.dll!VirtualProtectEx 769EDBDA 5 Bytes JMP 00DD0F8D \par
.text C:\\Windows\\system32\\svchost.exe[1732] kernel32.dll!GetProcAddress 76A0903B 5 Bytes JMP 00DD0F2B \par
.text C:\\Windows\\system32\\svchost.exe[1732] kernel32.dll!CreateFileW 76A0AECB 5 Bytes JMP 00DD0011 \par
.text C:\\Windows\\system32\\svchost.exe[1732] kernel32.dll!CreateFileA 76A0CE5F 5 Bytes JMP 00DD0000 \par
.text C:\\Windows\\system32\\svchost.exe[1732] kernel32.dll!WinExec 76A55CF7 5 Bytes JMP 00DD0F57 \par
.text C:\\Windows\\system32\\svchost.exe[1732] msvcrt.dll!_wsystem 77C67F2F 5 Bytes JMP 00F7004E \par
.text C:\\Windows\\system32\\svchost.exe[1732] msvcrt.dll!system 77C6804B 5 Bytes JMP 00F70FC3 \par
.text C:\\Windows\\system32\\svchost.exe[1732] msvcrt.dll!_creat 77C6BBE1 5 Bytes JMP 00F70018 \par
.text C:\\Windows\\system32\\svchost.exe[1732] msvcrt.dll!_open 77C6D106 5 Bytes JMP 00F70FEF \par
.text C:\\Windows\\system32\\svchost.exe[1732] msvcrt.dll!_wcreat 77C6D326 5 Bytes JMP 00F70033 \par
.text C:\\Windows\\system32\\svchost.exe[1732] msvcrt.dll!_wopen 77C6D501 5 Bytes JMP 00F70FDE \par
.text C:\\Windows\\system32\\svchost.exe[1732] ADVAPI32.dll!RegCreateKeyExA 77A139AB 5 Bytes JMP 00F40FC0 \par
.text C:\\Windows\\system32\\svchost.exe[1732] ADVAPI32.dll!RegCreateKeyA 77A13BA9 5 Bytes JMP 00F40047 \par
.text C:\\Windows\\system32\\svchost.exe[1732] ADVAPI32.dll!RegOpenKeyA 77A189C7 5 Bytes JMP 00F40FEF \par
.text C:\\Windows\\system32\\svchost.exe[1732] ADVAPI32.dll!RegCreateKeyW 77A2391E 5 Bytes JMP 00F40062 \par
.text C:\\Windows\\system32\\svchost.exe[1732] ADVAPI32.dll!RegCreateKeyExW 77A241F1 5 Bytes JMP 00F40FAF \par
.text C:\\Windows\\system32\\svchost.exe[1732] ADVAPI32.dll!RegOpenKeyExA 77A27C42 5 Bytes JMP 00F40025 \par
.text C:\\Windows\\system32\\svchost.exe[1732] ADVAPI32.dll!RegOpenKeyW 77A2E2B5 5 Bytes JMP 00F4000A \par
.text C:\\Windows\\system32\\svchost.exe[1732] ADVAPI32.dll!RegOpenKeyExW 77A37BA1 5 Bytes JMP 00F40036 \par
.text C:\\Windows\\system32\\svchost.exe[1732] WS2_32.dll!socket 769936D1 5 Bytes JMP 00F60FEF \par
.text C:\\Windows\\system32\\svchost.exe[1732] WININET.dll!InternetOpenA 76ACD690 5 Bytes JMP 00F30000 \par
.text C:\\Windows\\system32\\svchost.exe[1732] WININET.dll!InternetOpenW 76ACDB09 5 Bytes JMP 00F30FE5 \par
.text C:\\Windows\\system32\\svchost.exe[1732] WININET.dll!InternetOpenUrlA 76ACF3A4 5 Bytes JMP 00F30FD4 \par
.text C:\\Windows\\system32\\svchost.exe[1732] WININET.dll!InternetOpenUrlW 76B16DDF 5 Bytes JMP 00F3001B \par
.text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] ntdll.dll!NtCreateFile 77D243D4 5 Bytes JMP 03A9000A \par
.text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] ntdll.dll!NtCreateProcess 77D24494 5 Bytes JMP 03A90FE5 \par
.text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] ntdll.dll!NtProtectVirtualMemory 77D24D34 5 Bytes JMP 03A9001B \par
.text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] kernel32.dll!GetStartupInfoW 769C1929 5 Bytes JMP 03A6007B \par
.text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] kernel32.dll!GetStartupInfoA 769C19C9 5 Bytes JMP 03A60060 \par
.text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] kernel32.dll!CreateProcessW 769C1BF3 5 Bytes JMP 03A600B1 \par
.text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] kernel32.dll!CreateProcessA 769C1C28 5 Bytes JMP 03A60F10 \par
.text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] kernel32.dll!VirtualProtect 769C1DC3 5 Bytes JMP 03A60F57 \par
.text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] kernel32.dll!CreateNamedPipeA 769C2EF5 5 Bytes JMP 03A60011 \par
.text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] kernel32.dll!CreateNamedPipeW 769C5C0C 5 Bytes JMP 03A60FC0 \par
.text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] kernel32.dll!CreatePipe 769E8E6E 5 Bytes JMP 03A60F35 \par
.text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] kernel32.dll!LoadLibraryExW 769E9109 5 Bytes JMP 03A60F68 \par
.text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] kernel32.dll!LoadLibraryW 769E9362 5 Bytes JMP 03A60F94 \par
.text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] kernel32.dll!LoadLibraryExA 769E94B4 5 Bytes JMP 03A60F79 \par
.text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] kernel32.dll!LoadLibraryA 769E94DC 5 Bytes JMP 03A60FA5 \par
.text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] kernel32.dll!VirtualProtectEx 769EDBDA 5 Bytes JMP 03A60F46 \par
.text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] kernel32.dll!GetProcAddress 76A0903B 5 Bytes JMP 03A60EFF \par
.text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] kernel32.dll!CreateFileW 76A0AECB 5 Bytes JMP 03A60FE5 \par
.text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] kernel32.dll!CreateFileA 76A0CE5F 5 Bytes JMP 03A60000 \par
.text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] kernel32.dll!WinExec 76A55CF7 5 Bytes JMP 03A6008C \par
.text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] msvcrt.dll!_wsystem 77C67F2F 5 Bytes JMP 03A8003D \par
.text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] msvcrt.dll!system 77C6804B 5 Bytes JMP 03A80022 \par
.text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] msvcrt.dll!_creat 77C6BBE1 5 Bytes JMP 03A80FBC \par
.text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] msvcrt.dll!_open 77C6D106 5 Bytes JMP 03A80000 \par
.text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] msvcrt.dll!_wcreat 77C6D326 5 Bytes JMP 03A80011 \par
.text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] msvcrt.dll!_wopen 77C6D501 5 Bytes JMP 03A80FE3 \par
.text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] ADVAPI32.dll!RegCreateKeyExA 77A139AB 5 Bytes JMP 03A70036 \par
.text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] ADVAPI32.dll!RegCreateKeyA 77A13BA9 5 Bytes JMP 03A7001B \par
.text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] ADVAPI32.dll!RegOpenKeyA 77A189C7 5 Bytes JMP 03A70FEF \par
.text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] ADVAPI32.dll!RegCreateKeyW 77A2391E 5 Bytes JMP 03A70F94 \par
.text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] ADVAPI32.dll!RegCreateKeyExW 77A241F1 5 Bytes JMP 03A70051 \par
.text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] ADVAPI32.dll!RegOpenKeyExA 77A27C42 5 Bytes JMP 03A7000A \par
.text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] ADVAPI32.dll!RegOpenKeyW 77A2E2B5 5 Bytes JMP 03A70FCA \par
.text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] ADVAPI32.dll!RegOpenKeyExW 77A37BA1 5 Bytes JMP 03A70FB9 \par
.text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] WS2_32.dll!socket 769936D1 5 Bytes JMP 03A50FE5 \par
.text C:\\Windows\\System32\\svchost.exe[2156] ntdll.dll!NtCreateFile 77D243D4 5 Bytes JMP 00190000 \par
.text C:\\Windows\\System32\\svchost.exe[2156] ntdll.dll!NtCreateProcess 77D24494 5 Bytes JMP 00190FD4 \par
.text C:\\Windows\\System32\\svchost.exe[2156] ntdll.dll!NtProtectVirtualMemory 77D24D34 5 Bytes JMP 00190FE5 \par
.text C:\\Windows\\System32\\svchost.exe[2156] kernel32.dll!GetStartupInfoW 769C1929 5 Bytes JMP 001600AB \par
.text C:\\Windows\\System32\\svchost.exe[2156] kernel32.dll!GetStartupInfoA 769C19C9 5 Bytes JMP 00160F65 \par
.text C:\\Windows\\System32\\svchost.exe[2156] kernel32.dll!CreateProcessW 769C1BF3 5 Bytes JMP 001600E1 \par
.text C:\\Windows\\System32\\svchost.exe[2156] kernel32.dll!CreateProcessA 769C1C28 5 Bytes JMP 00160F4A \par
.text C:\\Windows\\System32\\svchost.exe[2156] kernel32.dll!VirtualProtect 769C1DC3 5 Bytes JMP 00160F9B \par
.text C:\\Windows\\System32\\svchost.exe[2156] kernel32.dll!CreateNamedPipeA 769C2EF5 5 Bytes JMP 00160036 \par
.text C:\\Windows\\System32\\svchost.exe[2156] kernel32.dll!CreateNamedPipeW 769C5C0C 5 Bytes JMP 00160047 \par
.text C:\\Windows\\System32\\svchost.exe[2156] kernel32.dll!CreatePipe 769E8E6E 5 Bytes JMP 0016009A \par
.text C:\\Windows\\System32\\svchost.exe[2156] kernel32.dll!LoadLibraryExW 769E9109 5 Bytes JMP 00160075 \par
.text C:\\Windows\\System32\\svchost.exe[2156] kernel32.dll!LoadLibraryW 769E9362 5 Bytes JMP 00160058 \par
.text C:\\Windows\\System32\\svchost.exe[2156] kernel32.dll!LoadLibraryExA 769E94B4 5 Bytes JMP 00160FB6 \par
.text C:\\Windows\\System32\\svchost.exe[2156] kernel32.dll!LoadLibraryA 769E94DC 5 Bytes JMP 00160FDB \par
.text C:\\Windows\\System32\\svchost.exe[2156] kernel32.dll!VirtualProtectEx 769EDBDA 5 Bytes JMP 00160F80 \par
.text C:\\Windows\\System32\\svchost.exe[2156] kernel32.dll!GetProcAddress 76A0903B 5 Bytes JMP 00160F2F \par
.text C:\\Windows\\System32\\svchost.exe[2156] kernel32.dll!CreateFileW 76A0AECB 5 Bytes JMP 0016001B \par
.text C:\\Windows\\System32\\svchost.exe[2156] kernel32.dll!CreateFileA 76A0CE5F 5 Bytes JMP 0016000A \par
.text C:\\Windows\\System32\\svchost.exe[2156] kernel32.dll!WinExec 76A55CF7 5 Bytes JMP 001600C6 \par
.text C:\\Windows\\System32\\svchost.exe[2156] msvcrt.dll!_wsystem 77C67F2F 1 Byte [E9]\par
.text C:\\Windows\\System32\\svchost.exe[2156] msvcrt.dll!_wsystem 77C67F2F 5 Bytes JMP 00180033 \par
.text C:\\Windows\\System32\\svchost.exe[2156] msvcrt.dll!system 77C6804B 5 Bytes JMP 00180FA8 \par
.text C:\\Windows\\System32\\svchost.exe[2156] msvcrt.dll!_creat 77C6BBE1 5 Bytes JMP 00180FCD \par
.text C:\\Windows\\System32\\svchost.exe[2156] msvcrt.dll!_open 77C6D106 5 Bytes JMP 00180FEF \par
.text C:\\Windows\\System32\\svchost.exe[2156] msvcrt.dll!_wcreat 77C6D326 5 Bytes JMP 00180022 \par
.text C:\\Windows\\System32\\svchost.exe[2156] msvcrt.dll!_wopen 77C6D501 5 Bytes JMP 00180FDE \par
.text C:\\Windows\\System32\\svchost.exe[2156] ADVAPI32.dll!RegCreateKeyExA 77A139AB 5 Bytes JMP 00170F83 \par
.text C:\\Windows\\System32\\svchost.exe[2156] ADVAPI32.dll!RegCreateKeyA 77A13BA9 5 Bytes JMP 00170F9E \par
.text C:\\Windows\\System32\\svchost.exe[2156] ADVAPI32.dll!RegOpenKeyA 77A189C7 5 Bytes JMP 0017000A \par
.text C:\\Windows\\System32\\svchost.exe[2156] ADVAPI32.dll!RegCreateKeyW 77A2391E 5 Bytes JMP 00170025 \par
.text C:\\Windows\\System32\\svchost.exe[2156] ADVAPI32.dll!RegCreateKeyExW 77A241F1 5 Bytes JMP 00170F68 \par
.text C:\\Windows\\System32\\svchost.exe[2156] ADVAPI32.dll!RegOpenKeyExA 77A27C42 5 Bytes JMP 00170FDE \par
.text C:\\Windows\\System32\\svchost.exe[2156] ADVAPI32.dll!RegOpenKeyW 77A2E2B5 5 Bytes JMP 00170FEF \par
.text C:\\Windows\\System32\\svchost.exe[2156] ADVAPI32.dll!RegOpenKeyExW 77A37BA1 5 Bytes JMP 00170FB9 \par
.text C:\\Windows\\System32\\svchost.exe[2156] WS2_32.dll!socket 769936D1 5 Bytes JMP 00090000 \par
.text C:\\Windows\\System32\\svchost.exe[2228] ntdll.dll!NtCreateFile 77D243D4 5 Bytes JMP 001F000A \par
.text C:\\Windows\\System32\\svchost.exe[2228] ntdll.dll!NtCreateProcess 77D24494 5 Bytes JMP 001F0FD4 \par
.text C:\\Windows\\System32\\svchost.exe[2228] ntdll.dll!NtProtectVirtualMemory 77D24D34 5 Bytes JMP 001F0FEF \par
.text C:\\Windows\\System32\\svchost.exe[2228] kernel32.dll!GetStartupInfoW 769C1929 5 Bytes JMP 000B0EFA \par
.text C:\\Windows\\System32\\svchost.exe[2228] kernel32.dll!GetStartupInfoA 769C19C9 5 Bytes JMP 000B0F15 \par
.text C:\\Windows\\System32\\svchost.exe[2228] kernel32.dll!CreateProcessW 769C1BF3 5 Bytes JMP 000B0091 \par
.text C:\\Windows\\System32\\svchost.exe[2228] kernel32.dll!CreateProcessA 769C1C28 5 Bytes JMP 000B0076 \par
.text C:\\Windows\\System32\\svchost.exe[2228] kernel32.dll!VirtualProtect 769C1DC3 5 Bytes JMP 000B0040 \par
.text C:\\Windows\\System32\\svchost.exe[2228] kernel32.dll!CreateNamedPipeA 769C2EF5 5 Bytes JMP 000B0FC3 \par
.text C:\\Windows\\System32\\svchost.exe[2228] kernel32.dll!CreateNamedPipeW 769C5C0C 5 Bytes JMP 000B0FA8 \par
.text C:\\Windows\\System32\\svchost.exe[2228] kernel32.dll!CreatePipe 769E8E6E 5 Bytes JMP 000B0F30 \par
.text C:\\Windows\\System32\\svchost.exe[2228] kernel32.dll!LoadLibraryExW 769E9109 5 Bytes JMP 000B0F72 \par
.text C:\\Windows\\System32\\svchost.exe[2228] kernel32.dll!LoadLibraryW 769E9362 5 Bytes JMP 000B001E \par
.text C:\\Windows\\System32\\svchost.exe[2228] kernel32.dll!LoadLibraryExA 769E94B4 5 Bytes JMP 000B002F \par
.text C:\\Windows\\System32\\svchost.exe[2228] kernel32.dll!LoadLibraryA 769E94DC 5 Bytes JMP 000B0F97 \par
.text C:\\Windows\\System32\\svchost.exe[2228] kernel32.dll!VirtualProtectEx 769EDBDA 5 Bytes JMP 000B0F4B \par
.text C:\\Windows\\System32\\svchost.exe[2228] kernel32.dll!GetProcAddress 76A0903B 5 Bytes JMP 000B00A2 \par
.text C:\\Windows\\System32\\svchost.exe[2228] kernel32.dll!CreateFileW 76A0AECB 5 Bytes JMP 000B0FDE \par
.text C:\\Windows\\System32\\svchost.exe[2228] kernel32.dll!CreateFileA 76A0CE5F 5 Bytes JMP 000B0FEF \par
.text C:\\Windows\\System32\\svchost.exe[2228] kernel32.dll!WinExec 76A55CF7 5 Bytes JMP 000B005B \par
.text C:\\Windows\\System32\\svchost.exe[2228] msvcrt.dll!_wsystem 77C67F2F 5 Bytes JMP 000D0FAD \par
.text C:\\Windows\\System32\\svchost.exe[2228] msvcrt.dll!system 77C6804B 5 Bytes JMP 000D0FC8 \par
.text C:\\Windows\\System32\\svchost.exe[2228] msvcrt.dll!_creat 77C6BBE1 5 Bytes JMP 000D001D \par
.text C:\\Windows\\System32\\svchost.exe[2228] msvcrt.dll!_open 77C6D106 5 Bytes JMP 000D000C \par
.text C:\\Windows\\System32\\svchost.exe[2228] msvcrt.dll!_wcreat 77C6D326 5 Bytes JMP 000D0038 \par
.text C:\\Windows\\System32\\svchost.exe[2228] msvcrt.dll!_wopen 77C6D501 5 Bytes JMP 000D0FEF \par
.text C:\\Windows\\System32\\svchost.exe[2228] ADVAPI32.dll!RegCreateKeyExA 77A139AB 5 Bytes JMP 000C006C \par
.text C:\\Windows\\System32\\svchost.exe[2228] ADVAPI32.dll!RegCreateKeyA 77A13BA9 5 Bytes JMP 000C0040 \par
.text C:\\Windows\\System32\\svchost.exe[2228] ADVAPI32.dll!RegOpenKeyA 77A189C7 5 Bytes JMP 000C0000 \par
.text C:\\Windows\\System32\\svchost.exe[2228] ADVAPI32.dll!RegCreateKeyW 77A2391E 5 Bytes JMP 000C005B \par
.text C:\\Windows\\System32\\svchost.exe[2228] ADVAPI32.dll!RegCreateKeyExW 77A241F1 5 Bytes JMP 000C0FA5 \par
.text C:\\Windows\\System32\\svchost.exe[2228] ADVAPI32.dll!RegOpenKeyExA 77A27C42 5 Bytes JMP 000C001B \par
.text C:\\Windows\\System32\\svchost.exe[2228] ADVAPI32.dll!RegOpenKeyW 77A2E2B5 5 Bytes JMP 000C0FE5 \par
.text C:\\Windows\\System32\\svchost.exe[2228] ADVAPI32.dll!RegOpenKeyExW 77A37BA1 5 Bytes JMP 000C0FD4 \par
.text C:\\Windows\\System32\\svchost.exe[2228] WS2_32.dll!socket 769936D1 5 Bytes JMP 000A0FEF \par
.text C:\\Windows\\system32\\svchost.exe[2368] ntdll.dll!NtCreateFile 77D243D4 5 Bytes JMP 00700000 \par
.text C:\\Windows\\system32\\svchost.exe[2368] ntdll.dll!NtCreateProcess 77D24494 5 Bytes JMP 00700FE5 \par
.text C:\\Windows\\system32\\svchost.exe[2368] ntdll.dll!NtProtectVirtualMemory 77D24D34 5 Bytes JMP 0070001B \par
.text C:\\Windows\\system32\\svchost.exe[2368] kernel32.dll!GetStartupInfoW 769C1929 5 Bytes JMP 006D0F26 \par
.text C:\\Windows\\system32\\svchost.exe[2368] kernel32.dll!GetStartupInfoA 769C19C9 5 Bytes JMP 006D0F37 \par
.text C:\\Windows\\system32\\svchost.exe[2368] kernel32.dll!CreateProcessW 769C1BF3 5 Bytes JMP 006D0087 \par
.text C:\\Windows\\system32\\svchost.exe[2368] kernel32.dll!CreateProcessA 769C1C28 5 Bytes JMP 006D0EF0 \par
.text C:\\Windows\\system32\\svchost.exe[2368] kernel32.dll!VirtualProtect 769C1DC3 5 Bytes JMP 006D0F52 \par
.text C:\\Windows\\system32\\svchost.exe[2368] kernel32.dll!CreateNamedPipeA 769C2EF5 5 Bytes JMP 006D0FCA \par
.text C:\\Windows\\system32\\svchost.exe[2368] kernel32.dll!CreateNamedPipeW 769C5C0C 5 Bytes JMP 006D0011 \par
.text C:\\Windows\\system32\\svchost.exe[2368] kernel32.dll!CreatePipe 769E8E6E 5 Bytes JMP 006D0058 \par
.text C:\\Windows\\system32\\svchost.exe[2368] kernel32.dll!LoadLibraryExW 769E9109 5 Bytes JMP 006D0F6F \par
.text C:\\Windows\\system32\\svchost.exe[2368] kernel32.dll!LoadLibraryW 769E9362 5 Bytes JMP 006D0F80 \par
.text C:\\Windows\\system32\\svchost.exe[2368] kernel32.dll!LoadLibraryExA 769E94B4 5 Bytes JMP 006D0022 \par
.text C:\\Windows\\system32\\svchost.exe[2368] kernel32.dll!LoadLibraryA 769E94DC 5 Bytes JMP 006D0FA5 \par
.text C:\\Windows\\system32\\svchost.exe[2368] kernel32.dll!VirtualProtectEx 769EDBDA 5 Bytes JMP 006D0047 \par
.text C:\\Windows\\system32\\svchost.exe[2368] kernel32.dll!GetProcAddress 76A0903B 5 Bytes JMP 006D0ED5 \par
.text C:\\Windows\\system32\\svchost.exe[2368] kernel32.dll!CreateFileW 76A0AECB 5 Bytes JMP 006D0FDB \par
.text C:\\Windows\\system32\\svchost.exe[2368] kernel32.dll!CreateFileA 76A0CE5F 5 Bytes JMP 006D0000 \par
.text C:\\Windows\\system32\\svchost.exe[2368] kernel32.dll!WinExec 76A55CF7 5 Bytes JMP 006D0F15 \par
.text C:\\Windows\\system32\\svchost.exe[2368] msvcrt.dll!_wsystem 77C67F2F 5 Bytes JMP 006F003D \par
.text C:\\Windows\\system32\\svchost.exe[2368] msvcrt.dll!system 77C6804B 5 Bytes JMP 006F0FB2 \par
.text C:\\Windows\\system32\\svchost.exe[2368] msvcrt.dll!_creat 77C6BBE1 5 Bytes JMP 006F0011 \par
.text C:\\Windows\\system32\\svchost.exe[2368] msvcrt.dll!_open 77C6D106 5 Bytes JMP 006F0FE3 \par
.text C:\\Windows\\system32\\svchost.exe[2368] msvcrt.dll!_wcreat 77C6D326 5 Bytes JMP 006F0022 \par
.text C:\\Windows\\system32\\svchost.exe[2368] msvcrt.dll!_wopen 77C6D501 5 Bytes JMP 006F0000 \par
.text C:\\Windows\\system32\\svchost.exe[2368] ADVAPI32.dll!RegCreateKeyExA 77A139AB 5 Bytes JMP 006E0073 \par
.text C:\\Windows\\system32\\svchost.exe[2368] ADVAPI32.dll!RegCreateKeyA 77A13BA9 5 Bytes JMP 006E0FD1 \par
.text C:\\Windows\\system32\\svchost.exe[2368] ADVAPI32.dll!RegOpenKeyA 77A189C7 5 Bytes JMP 006E000A \par
.text C:\\Windows\\system32\\svchost.exe[2368] ADVAPI32.dll!RegCreateKeyW 77A2391E 5 Bytes JMP 006E0062 \par
.text C:\\Windows\\system32\\svchost.exe[2368] ADVAPI32.dll!RegCreateKeyExW 77A241F1 5 Bytes JMP 006E0084 \par
.text C:\\Windows\\system32\\svchost.exe[2368] ADVAPI32.dll!RegOpenKeyExA 77A27C42 5 Bytes JMP 006E002C \par
.text C:\\Windows\\system32\\svchost.exe[2368] ADVAPI32.dll!RegOpenKeyW 77A2E2B5 5 Bytes JMP 006E001B \par
.text C:\\Windows\\system32\\svchost.exe[2368] ADVAPI32.dll!RegOpenKeyExW 77A37BA1 5 Bytes JMP 006E0047 \par
.text C:\\Windows\\system32\\svchost.exe[2368] WS2_32.dll!socket 769936D1 5 Bytes JMP 00240000 \par
.text C:\\Windows\\system32\\svchost.exe[2496] ntdll.dll!NtCreateFile 77D243D4 5 Bytes JMP 009F0FEF \par
.text C:\\Windows\\system32\\svchost.exe[2496] ntdll.dll!NtCreateProcess 77D24494 5 Bytes JMP 009F0FCD \par
.text C:\\Windows\\system32\\svchost.exe[2496] ntdll.dll!NtProtectVirtualMemory 77D24D34 5 Bytes JMP 009F0FDE \par
.text C:\\Windows\\system32\\svchost.exe[2496] kernel32.dll!GetStartupInfoW 769C1929 5 Bytes JMP 00980080 \par
.text C:\\Windows\\system32\\svchost.exe[2496] kernel32.dll!GetStartupInfoA 769C19C9 5 Bytes JMP 00980F3A \par
.text C:\\Windows\\system32\\svchost.exe[2496] kernel32.dll!CreateProcessW 769C1BF3 5 Bytes JMP 009800C0 \par
.text C:\\Windows\\system32\\svchost.exe[2496] kernel32.dll!CreateProcessA 769C1C28 5 Bytes JMP 009800A5 \par
.text C:\\Windows\\system32\\svchost.exe[2496] kernel32.dll!VirtualProtect 769C1DC3 5 Bytes JMP 0098005B \par
.text C:\\Windows\\system32\\svchost.exe[2496] kernel32.dll!CreateNamedPipeA 769C2EF5 5 Bytes JMP 00980FE5 \par
.text C:\\Windows\\system32\\svchost.exe[2496] kernel32.dll!CreateNamedPipeW 769C5C0C 5 Bytes JMP 00980FC0 \par
.text C:\\Windows\\system32\\svchost.exe[2496] kernel32.dll!CreatePipe 769E8E6E 5 Bytes JMP 00980F55 \par
.text C:\\Windows\\system32\\svchost.exe[2496] kernel32.dll!LoadLibraryExW 769E9109 5 Bytes JMP 0098004A \par
.text C:\\Windows\\system32\\svchost.exe[2496] kernel32.dll!LoadLibraryW 769E9362 5 Bytes JMP 00980F9E \par
.text C:\\Windows\\system32\\svchost.exe[2496] kernel32.dll!LoadLibraryExA 769E94B4 5 Bytes JMP 00980F8D \par
.text C:\\Windows\\system32\\svchost.exe[2496] kernel32.dll!LoadLibraryA 769E94DC 5 Bytes JMP 00980FAF \par
.text C:\\Windows\\system32\\svchost.exe[2496] kernel32.dll!VirtualProtectEx 769EDBDA 5 Bytes JMP 00980F66 \par
.text C:\\Windows\\system32\\svchost.exe[2496] kernel32.dll!GetProcAddress 76A0903B 5 Bytes JMP 00980F04 \par
.text C:\\Windows\\system32\\svchost.exe[2496] kernel32.dll!CreateFileW 76A0AECB 5 Bytes JMP 0098001B \par
.text C:\\Windows\\system32\\svchost.exe[2496] kernel32.dll!CreateFileA 76A0CE5F 5 Bytes JMP 00980000 \par
.text C:\\Windows\\system32\\svchost.exe[2496] kernel32.dll!WinExec 76A55CF7 5 Bytes JMP 00980F29 \par
.text C:\\Windows\\system32\\svchost.exe[2496] msvcrt.dll!_wsystem 77C67F2F 5 Bytes JMP 009E0049 \par
.text C:\\Windows\\system32\\svchost.exe[2496] msvcrt.dll!system 77C6804B 5 Bytes JMP 009E0038 \par
.text C:\\Windows\\system32\\svchost.exe[2496] msvcrt.dll!_creat 77C6BBE1 5 Bytes JMP 009E001D \par
.text C:\\Windows\\system32\\svchost.exe[2496] msvcrt.dll!_open 77C6D106 5 Bytes JMP 009E0000 \par
.text C:\\Windows\\system32\\svchost.exe[2496] msvcrt.dll!_wcreat 77C6D326 5 Bytes JMP 009E0FC8 \par
.text C:\\Windows\\system32\\svchost.exe[2496] msvcrt.dll!_wopen 77C6D501 5 Bytes JMP 009E0FEF \par
.text C:\\Windows\\system32\\svchost.exe[2496] ADVAPI32.dll!RegCreateKeyExA 77A139AB 5 Bytes JMP 009D0F7C \par
.text C:\\Windows\\system32\\svchost.exe[2496] ADVAPI32.dll!RegCreateKeyA 77A13BA9 5 Bytes JMP 009D0FA8 \par
.text C:\\Windows\\system32\\svchost.exe[2496] ADVAPI32.dll!RegOpenKeyA 77A189C7 5 Bytes JMP 009D0000 \par
.text C:\\Windows\\system32\\svchost.exe[2496] ADVAPI32.dll!RegCreateKeyW 77A2391E 5 Bytes JMP 009D0F8D \par
.text C:\\Windows\\system32\\svchost.exe[2496] ADVAPI32.dll!RegCreateKeyExW 77A241F1 5 Bytes JMP 009D0F61 \par
.text C:\\Windows\\system32\\svchost.exe[2496] ADVAPI32.dll!RegOpenKeyExA 77A27C42 5 Bytes JMP 009D0FCA \par
.text C:\\Windows\\system32\\svchost.exe[2496] ADVAPI32.dll!RegOpenKeyW 77A2E2B5 5 Bytes JMP 009D0FDB \par
.text C:\\Windows\\system32\\svchost.exe[2496] ADVAPI32.dll!RegOpenKeyExW 77A37BA1 5 Bytes JMP 009D0FB9 \par
.text C:\\Windows\\system32\\svchost.exe[2496] WS2_32.dll!socket 769936D1 5 Bytes JMP 00930FEF \par
.text C:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe[2612] kernel32.dll!LoadLibraryW 769E9362 5 Bytes JMP 71639AE2 C:\\Program Files\\Common Files\\McAfee\\McProxy\\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)\par
.text C:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe[2612] kernel32.dll!LoadLibraryA 769E94DC 5 Bytes JMP 71639A20 C:\\Program Files\\Common Files\\McAfee\\McProxy\\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)\par
.text C:\\Windows\\system32\\wuauclt.exe[3524] ntdll.dll!NtCreateFile 77D243D4 5 Bytes JMP 00040FE5 \par
.text C:\\Windows\\system32\\wuauclt.exe[3524] ntdll.dll!NtCreateProcess 77D24494 5 Bytes JMP 0004000A \par
.text C:\\Windows\\system32\\wuauclt.exe[3524] ntdll.dll!NtProtectVirtualMemory 77D24D34 5 Bytes JMP 00040FD4 \par
.text C:\\Windows\\system32\\wuauclt.exe[3524] kernel32.dll!GetStartupInfoW 769C1929 5 Bytes JMP 0001008E \par
.text C:\\Windows\\system32\\wuauclt.exe[3524] kernel32.dll!GetStartupInfoA 769C19C9 5 Bytes JMP 00010F48 \par
.text C:\\Windows\\system32\\wuauclt.exe[3524] kernel32.dll!CreateProcessW 769C1BF3 5 Bytes JMP 00010F08 \par
.text C:\\Windows\\system32\\wuauclt.exe[3524] kernel32.dll!CreateProcessA 769C1C28 5 Bytes JMP 0001009F \par
.text C:\\Windows\\system32\\wuauclt.exe[3524] kernel32.dll!VirtualProtect 769C1DC3 5 Bytes JMP 00010058 \par
.text C:\\Windows\\system32\\wuauclt.exe[3524] kernel32.dll!CreateNamedPipeA 769C2EF5 5 Bytes JMP 0001001B \par
.text C:\\Windows\\system32\\wuauclt.exe[3524] kernel32.dll!CreateNamedPipeW 769C5C0C 5 Bytes JMP 0001002C \par
.text C:\\Windows\\system32\\wuauclt.exe[3524] kernel32.dll!CreatePipe 769E8E6E 5 Bytes JMP 00010F63 \par
.text C:\\Windows\\system32\\wuauclt.exe[3524] kernel32.dll!LoadLibraryExW 769E9109 5 Bytes JMP 00010F74 \par
.text C:\\Windows\\system32\\wuauclt.exe[3524] kernel32.dll!LoadLibraryW 769E9362 5 Bytes JMP 00010F9B \par
.text C:\\Windows\\system32\\wuauclt.exe[3524] kernel32.dll!LoadLibraryExA 769E94B4 5 Bytes JMP 0001003D \par
.text C:\\Windows\\system32\\wuauclt.exe[3524] kernel32.dll!LoadLibraryA 769E94DC 5 Bytes JMP 00010FB6 \par
.text C:\\Windows\\system32\\wuauclt.exe[3524] kernel32.dll!VirtualProtectEx 769EDBDA 5 Bytes JMP 00010073 \par
.text C:\\Windows\\system32\\wuauclt.exe[3524] kernel32.dll!GetProcAddress 76A0903B 5 Bytes JMP 00010EF7 \par
.text C:\\Windows\\system32\\wuauclt.exe[3524] kernel32.dll!CreateFileW 76A0AECB 5 Bytes JMP 00010000 \par
.text C:\\Windows\\system32\\wuauclt.exe[3524] kernel32.dll!CreateFileA 76A0CE5F 5 Bytes JMP 00010FEF \par
.text C:\\Windows\\system32\\wuauclt.exe[3524] kernel32.dll!WinExec 76A55CF7 5 Bytes JMP 00010F2D \par
.text C:\\Windows\\system32\\wuauclt.exe[3524] msvcrt.dll!_wsystem 77C67F2F 5 Bytes JMP 00070049 \par
.text C:\\Windows\\system32\\wuauclt.exe[3524] msvcrt.dll!system 77C6804B 5 Bytes JMP 00070038 \par
.text C:\\Windows\\system32\\wuauclt.exe[3524] msvcrt.dll!_creat 77C6BBE1 5 Bytes JMP 0007000C \par
.text C:\\Windows\\system32\\wuauclt.exe[3524] msvcrt.dll!_open 77C6D106 5 Bytes JMP 00070FE3 \par
.text C:\\Windows\\system32\\wuauclt.exe[3524] msvcrt.dll!_wcreat 77C6D326 5 Bytes JMP 00070027 \par
.text C:\\Windows\\system32\\wuauclt.exe[3524] msvcrt.dll!_wopen 77C6D501 5 Bytes JMP 00070FD2 \par
.text C:\\Windows\\system32\\wuauclt.exe[3524] ADVAPI32.dll!RegCreateKeyExA 77A139AB 5 Bytes JMP 00080FDE \par
.text C:\\Windows\\system32\\wuauclt.exe[3524] ADVAPI32.dll!RegCreateKeyA 77A13BA9 5 Bytes JMP 00080065 \par
.text C:\\Windows\\system32\\wuauclt.exe[3524] ADVAPI32.dll!RegOpenKeyA 77A189C7 5 Bytes JMP 0008000A \par
.text C:\\Windows\\system32\\wuauclt.exe[3524] ADVAPI32.dll!RegCreateKeyW 77A2391E 5 Bytes JMP 00080076 \par
.text C:\\Windows\\system32\\wuauclt.exe[3524] ADVAPI32.dll!RegCreateKeyExW 77A241F1 5 Bytes JMP 00080FCD \par
.text C:\\Windows\\system32\\wuauclt.exe[3524] ADVAPI32.dll!RegOpenKeyExA 77A27C42 5 Bytes JMP 00080FEF \par
.text C:\\Windows\\system32\\wuauclt.exe[3524] ADVAPI32.dll!RegOpenKeyW 77A2E2B5 5 Bytes JMP 00080025 \par
.text C:\\Windows\\system32\\wuauclt.exe[3524] ADVAPI32.dll!RegOpenKeyExW 77A37BA1 5 Bytes JMP 00080040 \par
.text C:\\Windows\\system32\\wuauclt.exe[3524] WS2_32.dll!socket 769936D1 5 Bytes JMP 00140FE5 \par
\par
---- User IAT/EAT - GMER 1.0.15 ----\par
\par
IAT C:\\Windows\\Explorer.EXE[684] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [747B7817] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)\par
IAT C:\\Windows\\Explorer.EXE[684] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7480A86D] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)\par
IAT C:\\Windows\\Explorer.EXE[684] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [747BBB22] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)\par
IAT C:\\Windows\\Explorer.EXE[684] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [747AF695] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)\par
IAT C:\\Windows\\Explorer.EXE[684] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdiplusStartup] [747B75E9] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)\par
IAT C:\\Windows\\Explorer.EXE[684] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [747AE7CA] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)\par
IAT C:\\Windows\\Explorer.EXE[684] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [747E8395] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)\par
IAT C:\\Windows\\Explorer.EXE[684] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [747BDA60] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)\par
IAT C:\\Windows\\Explorer.EXE[684] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [747AFFFA] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)\par
IAT C:\\Windows\\Explorer.EXE[684] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [747AFF61] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)\par
IAT C:\\Windows\\Explorer.EXE[684] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [747A71CF] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)\par
IAT C:\\Windows\\Explorer.EXE[684] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7483CAE2] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)\par
IAT C:\\Windows\\Explorer.EXE[684] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [747DC8D8] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)\par
IAT C:\\Windows\\Explorer.EXE[684] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [747AD968] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)\par
IAT C:\\Windows\\Explorer.EXE[684] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdipFree] [747A6853] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)\par
IAT C:\\Windows\\Explorer.EXE[684] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdipAlloc] [747A687E] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)\par
IAT C:\\Windows\\Explorer.EXE[684] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [747B2AD1] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)\par
IAT C:\\Program Files\\Common Files\\McAfee\\SystemCore\\mfevtps.exe[1804] @ C:\\Windows\\system32\\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [00D276E0] C:\\Program Files\\Common Files\\McAfee\\SystemCore\\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)\par
IAT C:\\Program Files\\Common Files\\McAfee\\SystemCore\\mfevtps.exe[1804] @ C:\\Windows\\system32\\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00D27740] C:\\Program Files\\Common Files\\McAfee\\SystemCore\\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)\par
\par
---- Devices - GMER 1.0.15 ----\par
\par
AttachedDevice \\FileSystem\\Ntfs \\Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)\par
AttachedDevice \\Driver\\kbdclass \\Device\\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)\par
AttachedDevice \\Driver\\tdx \\Device\\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)\par
\par
Device \\Driver\\BTHUSB \\Device\\00000071 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)\par
Device \\Driver\\BTHUSB \\Device\\00000073 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)\par
\par
AttachedDevice \\Driver\\tdx \\Device\\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)\par
\par
---- Registry - GMER 1.0.15 ----\par
\par
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\BTHPORT\\Parameters\\Keys\\0002783d0ca0 \par
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\BTHPORT\\Parameters\\Keys\\0002783d0cab \par
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\BTHPORT\\Parameters\\Keys\\0002783d0ccf \par
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\BTHPORT\\Parameters\\Keys\\00027875610f \par
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\BTHPORT\\Parameters\\Keys\\00027875610f@00076109d093 0xBE 0x71 0x6F 0xA2 ...\par
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\BTHPORT\\Parameters\\Keys\\00027875610f@0007610a45c5 0x63 0x0B 0x36 0x42 ...\par
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\BTHPORT\\Parameters\\Keys\\00027875610f@0012471a5b4d 0x5A 0x05 0x5B 0xF1 ...\par
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\BTHPORT\\Parameters\\Keys\\00027875610f@0001e3be7d5f 0x72 0x1B 0x9B 0x26 ...\par
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\BTHPORT\\Parameters\\Keys\\00027875610f@00076108f7fb 0xA3 0xB6 0xBA 0xAD ...\par
Reg HKLM\\SYSTEM\\ControlSet003\\Services\\BTHPORT\\Parameters\\Keys\\0002783d0ca0 (not active ControlSet) \par
Reg HKLM\\SYSTEM\\ControlSet003\\Services\\BTHPORT\\Parameters\\Keys\\0002783d0cab (not active ControlSet) \par
Reg HKLM\\SYSTEM\\ControlSet003\\Services\\BTHPORT\\Parameters\\Keys\\0002783d0ccf (not active ControlSet) \par
Reg HKLM\\SYSTEM\\ControlSet003\\Services\\BTHPORT\\Parameters\\Keys\\00027875610f (not active ControlSet) \par
Reg HKLM\\SYSTEM\\ControlSet003\\Services\\BTHPORT\\Parameters\\Keys\\00027875610f@00076109d093 0xBE 0x71 0x6F 0xA2 ...\par
Reg HKLM\\SYSTEM\\ControlSet003\\Services\\BTHPORT\\Parameters\\Keys\\00027875610f@0007610a45c5 0x63 0x0B 0x36 0x42 ...\par
Reg HKLM\\SYSTEM\\ControlSet003\\Services\\BTHPORT\\Parameters\\Keys\\00027875610f@0012471a5b4d 0x5A 0x05 0x5B 0xF1 ...\par
Reg HKLM\\SYSTEM\\ControlSet003\\Services\\BTHPORT\\Parameters\\Keys\\00027875610f@0001e3be7d5f 0x72 0x1B 0x9B 0x26 ...\par
Reg HKLM\\SYSTEM\\ControlSet003\\Services\\BTHPORT\\Parameters\\Keys\\00027875610f@00076108f7fb 0xA3 0xB6 0xBA 0xAD ...\par
\par
---- EOF - GMER 1.0.15 ----\par
}
#

Hier das Ergebnis des bootkit_remover:

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.1.0.0
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`80100000
Boot sector MD5 is: 4b154a99a615e82aee4f69fabfe5ed3d

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...

intrus 31.08.2010 23:20
Hallo cosinus,

Die osam.exe wird von irgendeinem McAfee Shield, den ich nicht abschalten kann, während des Scans gelöscht. Selbst wen ich McAfee aus der autostart lösche, wird der Scan unterbrochen und die osam.exe ist gelöscht. Vielleicht hast Du ja dazu eine Idee.

Danke und Grüße
intrus

cosinus 01.09.2010 11:52
McAfee bitte deaktivieren!!

intrus 02.09.2010 22:33
Hallo Cosinus,

ich habe bei McAfee alles deaktiviert. Kurz vor Ende des Scans wird die osam.exe (anderen Namen habe ich auch schon probiert) gelöscht.

Was kann ich noch tun?

Grüße und danke

intrus

cosinus 03.09.2010 10:18
Noch andere Virenscanner bzw. Virenscannerähnliche Tools drauf? Notfalls Alles was McAfee deinstallieren.

intrus 09.09.2010 10:18
hallo cosinus,

hat ein bisschen gedauert, bis ich heute Zeit gefunden habe McAfee zu deinstallieren. Jetzt hat es mit OSAM geklappt. Danke schon mal für Deine Geduld und Deine weitere Hilfe. Grüße intrus.

Hier der Log-File:

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 11:11:35 on 09.09.2010
OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.9

Scanner Settings
Rootkits detection (hidden registry)
Rootkits detection (hidden files)
Retrieve files information
Check Microsoft signatures

Filters
Trusted entries
Empty entries
Hidden registry entries (rootkit activity)
Exclusively opened files
Not found files
Files without detailed information
Existing files
Non-startable services
Non-startable drivers
Active entries
Disabled entries

Risk Name Publisher Full Path Status
Common
%SystemRoot%\Tasks
|||| "GoogleUpdateTaskMachineCore.job" "Google Inc." C:\Program Files\Google\Update\GoogleUpdate.exe File exists
|||| "GoogleUpdateTaskMachineUA.job" "Google Inc." C:\Program Files\Google\Update\GoogleUpdate.exe File exists
|||| "Google Software Updater.job" "Google" C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File exists
|||| "SupBackGroundTask.job" C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe File found, but it contains no detailed information
|||| "1-Klick-Wartung.job" "TuneUp Software GmbH" C:\Program Files\TuneUp Utilities 2009\OneClickStarter.exe File exists
Control Panel Objects
%SystemRoot%\system32
|||||| "ddbaccpl.cpl" "DataDesign AG" C:\Windows\system32\ddbaccpl.cpl File exists
|||||| "ddbacctm.cpl" "DataDesign AG" C:\Windows\system32\ddbacctm.cpl File exists
|||||| "ISUSPM.cpl" "Macrovision Corporation" C:\Windows\system32\ISUSPM.cpl File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls
|||||| "NokiaConnectionManager" "Nokia" C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL File exists
|||||| "QuickTime" "Apple Inc." C:\Program Files\QuickTime\QTSystem\QuickTime.cpl File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
"BlackBerry-Smartphone" (RimUsb) C:\Windows\System32\Drivers\RimUsb.sys File not found
"catchme" (catchme) C:\Users\***\AppData\Local\Temp\catchme.sys File not found
"IP in IP Tunnel Driver" (IpInIp) C:\Windows\System32\DRIVERS\ipinip.sys File not found
"IPX Traffic Filter Driver" (NwlnkFlt) C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
"IPX Traffic Forwarder Driver" (NwlnkFwd) C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
|||||| "PxHelp20" (PxHelp20) "Sonic Solutions" C:\Windows\System32\Drivers\PxHelp20.sys File exists
"SANDRA" (SANDRA) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\Sandra.sys File not found
|||||| "StarOpen" (StarOpen) C:\Windows\system32\drivers\StarOpen.sys File found, but it contains no detailed information
Explorer
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
|||||| {2C7339CF-2B09-4501-B3F3-F3508C9228ED} "Themes Setup" "Microsoft Corporation" %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll File exists
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
|||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll File exists
|||||| {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists
HKLM\Software\Classes\Protocols\Handler
|||||| {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL File exists
|||||| {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" "Skype Technologies" C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL File exists
|||||| {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" "Microsoft Corporation" C:\Program Files\Windows Live\Mail\mailcomm.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" File not found | COM-object registry key not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" File not found | COM-object registry key not found
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" File not found | COM-object registry key not found
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" File not found | COM-object registry key not found
|||||| {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" "Microsoft Corporation" C:\Program Files\Windows Live\Mail\mailcomm.dll File exists
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" File not found | COM-object registry key not found
|||||| {41E300E0-78B6-11ce-849B-444553540000} "Display Effects CPL Extension" "Microsoft Corporation" C:\Windows\system32\themeui.dll File exists
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" File not found | COM-object registry key not found
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" File not found | COM-object registry key not found
|||||| {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" "Apple Inc." C:\Program Files\iTunes\iTunesMiniPlayer.dll File exists
|||||| {DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" "Logitech, Inc." C:\Program Files\Logitech\SetPoint\kbcplext.dll File exists
|||||| {B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" "Logitech, Inc." C:\Program Files\Logitech\SetPoint\mcplext.dll File exists
|||||| {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" "Broadcom Corporation." C:\Windows\system32\btncopy.dll File exists
|||||| {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" "Nokia" C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll File exists
|||||| {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists
|||||| {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists
|||||| {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists
|||||| {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists
|||||| {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" "RealNetworks, Inc." C:\Program Files\Real\RealPlayer\rpshell.dll File exists
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" File not found | COM-object registry key not found
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" File not found | COM-object registry key not found
{7020EDF4-B454-4814-9AA4-1D604D3F1417} "TraXExCM" File not found | COM-object registry key not found
|||||| {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" "TuneUp Software" C:\Program Files\TuneUp Utilities 2009\DseShExt-x86.dll File exists
|||||| {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe File exists
|||||| {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe File exists
|||||| {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll File exists
|||||| {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll File exists
|||||| {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll File exists
|||||| {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe File exists
|||||| {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll File exists
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" File not found | COM-object registry key not found
|||||| {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe File exists
Internet Explorer
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
|||| "&Windows Live Toolbar" "Microsoft Corporation" C:\Program Files\Windows Live\Toolbar\wltcore.dll File exists
ITBar7Height "ITBar7Height" File not found | COM-object registry key not found
"ITBar7Layout" File not found | COM-object registry key not found
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
|||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\npjpi160_20.dll File exists
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}"
hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
|||||| "@btrez.dll,-4015" C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File exists
|||| {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" "Microsoft Corporation" C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
|||| "&Windows Live Toolbar" "Microsoft Corporation" C:\Program Files\Windows Live\Toolbar\wltcore.dll File exists
|| {AD6E6555-FB2C-47D4-8339-3E2965509877} "TerraTec Home Cinema" "TerraTec Electronic GmbH" C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
|||||| {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" "Adobe Systems Incorporated" C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File exists
|||| {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" "Google Inc." C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll File exists
|||| {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2ssv.dll File exists
|| {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" "Microsoft Corporation" C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll File exists
|||||| {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File exists
|||| {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" "Microsoft Corporation" C:\Program Files\Windows Live\Toolbar\wltcore.dll File exists
Logon
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
|||||| "desktop.ini" C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists
%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup
|||||| "desktop.ini" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists
|||| "Logitech SetPoint.lnk" "Logitech, Inc." C:\Program Files\Logitech\SetPoint\SetPoint.exe Shortcut exists | File exists
|||| "BTTray.lnk" "Broadcom Corporation." C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe Shortcut exists | File exists
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|| "AVMUSBFernanschluss" "AVM Berlin" C:\Users\***\AppData\Local\Apps\2.0\A6LEZJWD.ORC\NPZEZQ0N.7ZL\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\AVMAutoStart.exe File exists
|||| "ISUSPM" "Macrovision Corporation" "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler File exists
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd
"StartupPrograms" rdpclip File not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
|| "FreePDF Assistant" "shbox.de" C:\Program Files\FreePDF_XP\fpassist.exe File exists
"iTunesHelper" "Apple Inc." "C:\Program Files\iTunes\iTunesHelper.exe" File exists
|||| "QuickTime Task" "Apple Inc." "C:\Program Files\QuickTime\QTTask.exe" -atboottime File exists
Print Monitors
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
|||||| "PrintServer Network Port" "Edimax Technology Co., LTD" C:\Windows\system32\PSNT.DLL File exists
|||||| "Redirected Port" C:\Windows\system32\redmonnt.dll File found, but it contains no detailed information
Services
HKLM\SYSTEM\CurrentControlSet\Services
|||||| "@%SystemRoot%\System32\shsvcs.dll,-12288" (ShellHWDetection) "Microsoft Corporation" C:\Windows\System32\shsvcs.dll File exists
|||||| "@%SystemRoot%\System32\shsvcs.dll,-8192" (Themes) "Microsoft Corporation" C:\Windows\system32\shsvcs.dll File exists
|||||| "@%SystemRoot%\System32\TuneUpDefragService.exe,-1" (TuneUp.Defrag) "TuneUp Software" C:\Windows\System32\TuneUpDefragService.exe File exists
|||||| "@%SystemRoot%\System32\TUProgSt.exe,-1" (TuneUp.ProgramStatisticsSvc) "TuneUp Software" C:\Windows\System32\TUProgSt.exe File exists
|||||| "aC:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) "Microsoft Corporation" C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe File exists
|||||| "Apple Mobile Device" (Apple Mobile Device) "Apple Inc." C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe File exists
|||||| "Dienst "Bonjour"" (Bonjour Service) "Apple Inc." C:\Program Files\Bonjour\mDNSResponder.exe File exists
|||| "Google Software Updater" (gusvc) "Google" C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File exists
|||| "Google Update Service (gupdate)" (gupdate) "Google Inc." C:\Program Files\Google\Update\GoogleUpdate.exe File exists
|||||| "HP CUE DeviceDiscovery Service" (hpqddsvc) "Hewlett-Packard Co." C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll File exists
|||||| "hpqcxs08" (hpqcxs08) "Hewlett-Packard Co." C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll File exists
|||| "InstallDriver Table Manager" (IDriverT) "Macrovision Corporation" C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe File exists
|||||| "iPod-Dienst" (iPod Service) "Apple Inc." C:\Program Files\iPod\bin\iPodService.exe File exists
"LiveShare P2P Server 9" (RoxLiveShare9) "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" File not found
|||||| "Logitech Bluetooth Service" (LBTServ) "Logitech, Inc." C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe File exists
|||||| "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) "Microsoft Corporation" C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe File exists
|||||| "Net Driver HPZ12" (Net Driver HPZ12) "Hewlett-Packard" C:\Windows\system32\HPZinw12.dll File exists
|||||| "Office Source Engine" (ose) "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE File exists
|||||| "Pml Driver HPZ12" (Pml Driver HPZ12) "Hewlett-Packard" C:\Windows\system32\HPZipm12.dll File exists
|||||| "SeaPort" (SeaPort) "Microsoft Corporation" C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe File exists
|||||| "ServiceLayer" (ServiceLayer) "Nokia" C:\Program Files\PC Connectivity Solution\ServiceLayer.exe File exists
|||||| "SQL Server (SQLEXPRESS)" (MSSQL$SQLEXPRESS) "Microsoft Corporation" C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe File exists
|||||| "SQL Server Browser" (SQLBrowser) "Microsoft Corporation" C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe File exists
|||||| "SQL Server VSS Writer" (SQLWriter) "Microsoft Corporation" C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe File exists
|||||| "Web Deployment Agent Service" (MsDepSvc) "Microsoft Corporation" C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe File exists
Winsock Providers
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries
|||||| "mdnsNSP" "Apple Inc." C:\Program Files\Bonjour\mdnsNSP.dll File exists

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus 09.09.2010 13:12
Ok. Einen Gegencheck des MBR brauch ich noch:

Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

intrus 09.09.2010 13:31
so, hier der Log-File von MBR:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
System Product Name: SR70S/SR71S
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 165):
0x82815000 \SystemRoot\system32\ntoskrnl.exe
0x82BC0000 \SystemRoot\system32\hal.dll
0x8800B000 \SystemRoot\system32\kdcom.dll
0x88012000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x88082000 \SystemRoot\system32\PSHED.dll
0x88093000 \SystemRoot\system32\BOOTVID.dll
0x8809B000 \SystemRoot\system32\CLFS.SYS
0x880DC000 \SystemRoot\system32\CI.dll
0x881BC000 \SystemRoot\system32\drivers\Wdf01000.sys
0x88238000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x88245000 \SystemRoot\system32\drivers\acpi.sys
0x8828B000 \SystemRoot\system32\drivers\WMILIB.SYS
0x88294000 \SystemRoot\system32\drivers\msisadrv.sys
0x8829C000 \SystemRoot\system32\drivers\pci.sys
0x882C3000 \SystemRoot\System32\drivers\partmgr.sys
0x882D2000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x882D5000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x882DF000 \SystemRoot\system32\drivers\volmgr.sys
0x882EE000 \SystemRoot\System32\drivers\volmgrx.sys
0x88338000 \SystemRoot\system32\drivers\intelide.sys
0x8833F000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8834D000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x8837A000 \SystemRoot\System32\drivers\mountmgr.sys
0x8838A000 \SystemRoot\system32\drivers\atapi.sys
0x88392000 \SystemRoot\system32\drivers\ataport.SYS
0x883B0000 \SystemRoot\system32\drivers\fltmgr.sys
0x883E2000 \SystemRoot\system32\drivers\fileinfo.sys
0x883F2000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x88409000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8847A000 \SystemRoot\system32\drivers\ndis.sys
0x88585000 \SystemRoot\system32\drivers\msrpc.sys
0x885B0000 \SystemRoot\system32\drivers\NETIO.SYS
0x885EB000 \SystemRoot\System32\Drivers\Ntfs.sys
0x886FB000 \SystemRoot\system32\drivers\volsnap.sys
0x88734000 \SystemRoot\System32\Drivers\spldr.sys
0x8873C000 \SystemRoot\System32\Drivers\mup.sys
0x8874B000 \SystemRoot\System32\drivers\ecache.sys
0x88772000 \SystemRoot\system32\drivers\disk.sys
0x88783000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x887A4000 \SystemRoot\system32\drivers\crcdisk.sys
0x887CD000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x887D8000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x887E1000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8C804000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8CECE000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8CF6F000 \SystemRoot\System32\drivers\watchdog.sys
0x8CF7B000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8CF86000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8CFC4000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8D002000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8D08F000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x8D2BE000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x8D30A000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8D324000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8D333000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8D347000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8D398000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8D3AB000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8D3B6000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8D3E1000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8D3E3000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8CFD3000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8D3EE000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8D3F4000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8D408000 \SystemRoot\system32\DRIVERS\avmaudio.sys
0x8D421000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8D42C000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8D45B000 \SystemRoot\system32\DRIVERS\storport.sys
0x8D49C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8D4B3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8D4BE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8D4E1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8D4F0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8D504000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8D519000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8D529000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8D52B000 \SystemRoot\system32\DRIVERS\ks.sys
0x8D555000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8D55F000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8D56C000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8D575000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8D5AA000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8D5BB000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8D765000 \SystemRoot\system32\drivers\portcls.sys
0x8D792000 \SystemRoot\system32\drivers\drmk.sys
0x8E807000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8E923000 \SystemRoot\system32\drivers\modem.sys
0x8E930000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8E939000 \SystemRoot\System32\Drivers\Null.SYS
0x8E940000 \SystemRoot\System32\Drivers\Beep.SYS
0x8E950000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8E957000 \SystemRoot\System32\drivers\vga.sys
0x8E963000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8E984000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8E98C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8E994000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8E99F000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8E9AD000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8E9B6000 \SystemRoot\System32\drivers\tcpip.sys
0x8EAA0000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8EABB000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8EAD1000 \SystemRoot\system32\DRIVERS\smb.sys
0x8EAE5000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8EB17000 \SystemRoot\system32\drivers\afd.sys
0x8EB5F000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8EB75000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8EB8C000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8EB9A000 \SystemRoot\System32\Drivers\StarOpen.SYS
0x8EBA0000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8EBB3000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8D7B7000 \SystemRoot\System32\Drivers\VMC302.sys
0x8EBEF000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F409000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F420000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x8F42D000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x8F43A000 \SystemRoot\System32\Drivers\bthport.sys
0x8F4BA000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x8F4E3000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x8F4ED000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x8F507000 \SystemRoot\system32\DRIVERS\bthmodem.sys
0x8F516000 \SystemRoot\system32\drivers\btwavdt.sys
0x8F57D000 \SystemRoot\system32\DRIVERS\hidbth.sys
0x8F589000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8F599000 \SystemRoot\system32\drivers\btwaudio.sys
0x8F614000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x8F617000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x8F61E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8F626000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x8F637000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8F644000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8F64F000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x984D0000 \SystemRoot\System32\win32k.sys
0x8F657000 \SystemRoot\System32\drivers\Dxapi.sys
0x8F661000 \SystemRoot\system32\DRIVERS\monitor.sys
0x986F0000 \SystemRoot\System32\TSDDD.dll
0x98710000 \SystemRoot\System32\cdd.dll
0x8F670000 \SystemRoot\system32\drivers\luafv.sys
0x8F68B000 \SystemRoot\system32\DRIVERS\kmdfmemio.sys
0x8F69B000 \SystemRoot\system32\drivers\spsys.sys
0x8F74B000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8F75B000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8F785000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8F78F000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA0C06000 \SystemRoot\system32\drivers\HTTP.sys
0xA0C73000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA0C90000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA0CA9000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA0CBE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA0CDD000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA0D16000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA0D2E000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA0D55000 \SystemRoot\System32\DRIVERS\srv.sys
0xA0DBB000 \SystemRoot\system32\drivers\peauth.sys
0xA0E99000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA0EA3000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA0EAF000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA0EC5000 \SystemRoot\system32\drivers\mfehidk.sys
0xA0F38000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0xA0F46000 \Device\mfefirek01.sys
0xA0F91000 \SystemRoot\system32\drivers\mfewfpk.sys
0xA0FB7000 \SystemRoot\system32\drivers\mfeavfk.sys
0xA0DA3000 \Device\mfeapfk01.sys
0xA0FDB000 \SystemRoot\system32\drivers\cfwids.sys
0xA0FE7000 \SystemRoot\system32\drivers\mfebopk.sys
0x779B0000 \Windows\System32\ntdll.dll

Processes (total 78):
0 System Idle Process
4 System
536 C:\Windows\System32\smss.exe
624 csrss.exe
684 C:\Windows\System32\wininit.exe
696 csrss.exe
728 C:\Windows\System32\services.exe
740 C:\Windows\System32\lsass.exe
748 C:\Windows\System32\lsm.exe
924 C:\Windows\System32\winlogon.exe
1024 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\svchost.exe
1176 C:\Windows\System32\svchost.exe
1216 C:\Windows\System32\svchost.exe
1244 C:\Windows\System32\svchost.exe
1316 C:\Windows\System32\audiodg.exe
1360 C:\Windows\System32\svchost.exe
1376 C:\Windows\System32\SLsvc.exe
1408 C:\Windows\System32\svchost.exe
1500 C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
1768 C:\Windows\System32\spoolsv.exe
1792 C:\Windows\System32\svchost.exe
576 C:\Windows\System32\taskeng.exe
580 C:\Windows\System32\dwm.exe
808 C:\Windows\System32\agrsmsvc.exe
840 C:\Windows\System32\svchost.exe
792 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
872 C:\Program Files\Bonjour\mDNSResponder.exe
876 C:\Windows\explorer.exe
700 C:\Windows\System32\svchost.exe
1512 C:\Windows\System32\svchost.exe
1932 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
1980 C:\Windows\System32\taskeng.exe
2092 C:\Windows\System32\svchost.exe
2136 C:\Windows\System32\svchost.exe
2168 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2412 C:\Windows\RtHDVCpl.exe
2420 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2428 C:\Program Files\FreePDF_XP\fpassist.exe
2460 C:\Windows\System32\rundll32.exe
2476 C:\Program Files\iTunes\iTunesHelper.exe
2484 C:\Windows\ehome\ehtray.exe
2504 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
2532 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
2544 C:\Program Files\Logitech\SetPoint\SetPoint.exe
2560 C:\Windows\System32\rundll32.exe
2672 C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
2696 C:\Program Files\Samsung\Samsung Recovery Solution II\WCScheduler.exe
2712 C:\Windows\System32\taskeng.exe
2720 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2760 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2804 C:\Windows\System32\svchost.exe
2836 C:\Windows\System32\TUProgSt.exe
2872 C:\Windows\System32\svchost.exe
3472 C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
3492 C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
3512 C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
3776 C:\Windows\ehome\ehmsas.exe
3804 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
4080 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
4088 WmiPrvSE.exe
844 C:\Windows\System32\wbem\unsecapp.exe
4076 C:\Program Files\Windows Mail\WinMail.exe
1292 C:\Program Files\iPod\bin\iPodService.exe
2592 C:\Windows\System32\wuauclt.exe
4040 C:\Windows\System32\conime.exe
5300 C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
5336 C:\Windows\System32\rundll32.exe
5656 C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
5672 C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe
5908 C:\Program Files\McAfee.com\Agent\mcagent.exe
3140 C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
3816 C:\Windows\System32\svchost.exe
5364 C:\Program Files\Windows Live\Mail\wlmail.exe
3556 C:\Program Files\Windows Live\Contacts\wlcomm.exe
4072 C:\Program Files\Mozilla Firefox\firefox.exe
3544 C:\Windows\System32\msiexec.exe
4584 C:\Users\***\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000018`93e00000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK2035GSS, Rev: DK022A

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: A2D287FA4F944275462643BCFFB6129A056114F3


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

cosinus 09.09.2010 14:03
Zitat:
Windows Version: Windows Vista Home Premium Edition
186 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: A2D287FA4F944275462643BCFFB6129A056114F3
Hast Du nur Vista installiert oder auch andere Betriebssysteme (Linux)?

Wenn nur Vista: Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows

Lad das iso runter, brenn es per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten). Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen.

intrus 09.09.2010 16:40
hallo cosinus,

habe nur Vista installiert. Alles erledigt. Habe MBR noch mal laufen lassen. Hier der Log-File:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
System Product Name: SR70S/SR71S
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 166):
0x82845000 \SystemRoot\system32\ntoskrnl.exe
0x82812000 \SystemRoot\system32\hal.dll
0x88002000 \SystemRoot\system32\kdcom.dll
0x88009000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x88079000 \SystemRoot\system32\PSHED.dll
0x8808A000 \SystemRoot\system32\BOOTVID.dll
0x88092000 \SystemRoot\system32\CLFS.SYS
0x880D3000 \SystemRoot\system32\CI.dll
0x881B3000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8822F000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8823C000 \SystemRoot\system32\drivers\acpi.sys
0x88282000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8828B000 \SystemRoot\system32\drivers\msisadrv.sys
0x88293000 \SystemRoot\system32\drivers\pci.sys
0x882BA000 \SystemRoot\System32\drivers\partmgr.sys
0x882C9000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x882CC000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x882D6000 \SystemRoot\system32\drivers\volmgr.sys
0x882E5000 \SystemRoot\System32\drivers\volmgrx.sys
0x8832F000 \SystemRoot\system32\drivers\intelide.sys
0x88336000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x88344000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x88371000 \SystemRoot\System32\drivers\mountmgr.sys
0x88381000 \SystemRoot\system32\drivers\atapi.sys
0x88389000 \SystemRoot\system32\drivers\ataport.SYS
0x883A7000 \SystemRoot\system32\drivers\fltmgr.sys
0x883D9000 \SystemRoot\system32\drivers\fileinfo.sys
0x88403000 \SystemRoot\system32\drivers\mfehidk.sys
0x88460000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x88469000 \SystemRoot\System32\Drivers\ksecdd.sys
0x884DA000 \SystemRoot\system32\drivers\ndis.sys
0x885E5000 \SystemRoot\system32\drivers\msrpc.sys
0x88610000 \SystemRoot\system32\drivers\NETIO.SYS
0x8864B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8875B000 \SystemRoot\system32\drivers\volsnap.sys
0x88794000 \SystemRoot\System32\Drivers\spldr.sys
0x8879C000 \SystemRoot\System32\Drivers\mup.sys
0x887AB000 \SystemRoot\System32\drivers\ecache.sys
0x887D2000 \SystemRoot\system32\drivers\disk.sys
0x88808000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x88829000 \SystemRoot\system32\drivers\crcdisk.sys
0x88852000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8885D000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x88866000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8C00A000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8C6D4000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C775000 \SystemRoot\System32\drivers\watchdog.sys
0x8C781000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8C78C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8C7CA000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x88875000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x88902000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x88B31000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x8C7D9000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x88B7D000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x88B8C000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x88BA0000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x887E3000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8C7F3000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8C802000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8C82D000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8C82F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8C83A000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C852000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8C858000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8C85C000 \SystemRoot\system32\DRIVERS\avmaudio.sys
0x8C875000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8C880000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8C8AF000 \SystemRoot\system32\DRIVERS\storport.sys
0x8C8F0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8C907000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8C912000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8C935000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8C944000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8C958000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8C96D000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8C97D000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8C97F000 \SystemRoot\system32\DRIVERS\ks.sys
0x8C9A9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C9B3000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8C9C0000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8C9C9000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8C9FE000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8CA0F000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8CBB9000 \SystemRoot\system32\drivers\portcls.sys
0x8E007000 \SystemRoot\system32\drivers\drmk.sys
0x8E02C000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8E148000 \SystemRoot\system32\drivers\modem.sys
0x8E155000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8E15E000 \SystemRoot\System32\Drivers\Null.SYS
0x8E165000 \SystemRoot\System32\Drivers\Beep.SYS
0x8E175000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8E17C000 \SystemRoot\System32\drivers\vga.sys
0x8E188000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8E1A9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8E1B1000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8E1B9000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8E1C4000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8E1D2000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8E1DB000 \SystemRoot\System32\drivers\tcpip.sys
0x8E2C5000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8E2E0000 \SystemRoot\system32\drivers\mfewfpk.sys
0x8E306000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8E31C000 \SystemRoot\system32\DRIVERS\smb.sys
0x8E330000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8E362000 \SystemRoot\system32\drivers\afd.sys
0x8E3AA000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8E3C0000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x8E3CE000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8E3DC000 \SystemRoot\System32\Drivers\StarOpen.SYS
0x8E3E2000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8EC09000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8EC45000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8EC4F000 \SystemRoot\System32\Drivers\dfsc.sys
0x8EC66000 \SystemRoot\system32\drivers\mfeavfk.sys
0x8EC8A000 \SystemRoot\system32\drivers\mfefirek.sys
0x8ECD5000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8ECEC000 \SystemRoot\System32\Drivers\VMC302.sys
0x8ED28000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x8ED35000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x8ED42000 \SystemRoot\System32\Drivers\bthport.sys
0x8EDC2000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x8EDEB000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x8EDF5000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x8EE0F000 \SystemRoot\system32\DRIVERS\bthmodem.sys
0x8EE1E000 \SystemRoot\system32\drivers\btwavdt.sys
0x8EE85000 \SystemRoot\system32\DRIVERS\hidbth.sys
0x8EE91000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8EEA1000 \SystemRoot\system32\drivers\btwaudio.sys
0x8EF1C000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x8EF1F000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x8EF26000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8EF2E000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x8EF36000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8EF3F000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8EF4C000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8EF57000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x818F0000 \SystemRoot\System32\win32k.sys
0x8EF5F000 \SystemRoot\System32\drivers\Dxapi.sys
0x8EF69000 \SystemRoot\system32\DRIVERS\monitor.sys
0x81B10000 \SystemRoot\System32\TSDDD.dll
0x81B30000 \SystemRoot\System32\cdd.dll
0x8EF78000 \SystemRoot\system32\drivers\luafv.sys
0x8EF93000 \SystemRoot\system32\DRIVERS\kmdfmemio.sys
0xA000C000 \SystemRoot\system32\drivers\spsys.sys
0xA00BC000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA00CC000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA00F6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA0100000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA0113000 \SystemRoot\system32\drivers\HTTP.sys
0xA0180000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA019D000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA01B6000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA01CB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA01EA000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA0223000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA023B000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA0262000 \SystemRoot\System32\DRIVERS\srv.sys
0xA02C8000 \SystemRoot\system32\drivers\peauth.sys
0xA03A6000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA03B0000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA03E0000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA0000000 \SystemRoot\system32\drivers\cfwids.sys
0xA02B0000 \SystemRoot\system32\drivers\mfeapfk.sys
0xA03BC000 \SystemRoot\system32\drivers\mfebopk.sys
0x77BD0000 \Windows\System32\ntdll.dll

Processes (total 79):
0 System Idle Process
4 System
552 C:\Windows\System32\smss.exe
648 csrss.exe
700 C:\Windows\System32\wininit.exe
712 csrss.exe
744 C:\Windows\System32\services.exe
760 C:\Windows\System32\lsass.exe
768 C:\Windows\System32\lsm.exe
936 C:\Windows\System32\svchost.exe
952 C:\Windows\System32\winlogon.exe
1016 C:\Windows\System32\svchost.exe
1112 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\svchost.exe
1152 C:\Windows\System32\svchost.exe
1276 C:\Windows\System32\audiodg.exe
1332 C:\Windows\System32\svchost.exe
1352 C:\Windows\System32\SLsvc.exe
1404 C:\Windows\System32\svchost.exe
1488 C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
1536 C:\Windows\System32\svchost.exe
1824 C:\Windows\System32\spoolsv.exe
1848 C:\Windows\System32\svchost.exe
1948 C:\Windows\System32\agrsmsvc.exe
1976 C:\Windows\System32\svchost.exe
1988 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2004 C:\Program Files\Bonjour\mDNSResponder.exe
2044 C:\Windows\System32\svchost.exe
424 C:\Windows\System32\svchost.exe
612 C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
1076 C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe
1168 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
568 C:\Windows\System32\taskeng.exe
304 C:\Windows\System32\rundll32.exe
2112 C:\Windows\System32\dwm.exe
2184 C:\Windows\System32\taskeng.exe
2192 C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
2232 C:\Windows\explorer.exe
2352 C:\Windows\System32\taskeng.exe
2416 C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
2428 C:\Program Files\Samsung\Samsung Recovery Solution II\WCScheduler.exe
2512 C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
2544 C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
2564 C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
2792 C:\Windows\RtHDVCpl.exe
2800 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2812 C:\Program Files\FreePDF_XP\fpassist.exe
2880 C:\Windows\System32\rundll32.exe
2888 C:\Windows\System32\rundll32.exe
2964 C:\Program Files\Logitech\SetPoint\LBTWiz.exe
3156 C:\Windows\System32\svchost.exe
3236 C:\Program Files\iTunes\iTunesHelper.exe
3392 C:\Program Files\McAfee.com\Agent\mcagent.exe
3404 C:\Windows\System32\svchost.exe
3424 C:\Windows\ehome\ehtray.exe
3444 C:\Windows\ehome\ehmsas.exe
3456 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
3488 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
3500 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
3520 C:\Program Files\Logitech\SetPoint\SetPoint.exe
3536 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
3560 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
3604 C:\Windows\System32\svchost.exe
3696 C:\Windows\System32\TUProgSt.exe
3752 C:\Windows\System32\svchost.exe
3784 C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
3908 C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
2908 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
3220 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
2616 WmiPrvSE.exe
3400 C:\Program Files\Windows Mail\WinMail.exe
1636 C:\Program Files\iPod\bin\iPodService.exe
2396 C:\Windows\System32\wbem\unsecapp.exe
4764 C:\Program Files\Mozilla Firefox\firefox.exe
5808 WmiPrvSE.exe
2684 C:\Windows\System32\inetsrv\w3wp.exe
5268 C:\Users\***\Downloads\MBRCheck.exe
1340 C:\Windows\System32\conime.exe
5588 C:\Windows\System32\wuauclt.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000018`93e00000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK2035GSS, Rev: DK022A

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

cosinus 09.09.2010 17:49
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

intrus 10.09.2010 06:47
guten Morgen,

Scans sind gelaufen, hier die Log-Files:

UPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 09/10/2010 at 00:07 AM

Application Version : 4.42.1000

Core Rules Database Version : 5479
Trace Rules Database Version: 3291

Scan type : Complete Scan
Total Scan Time : 02:00:40

Memory items scanned : 843
Memory threats detected : 1
Registry items scanned : 10128
Registry threats detected : 0
File items scanned : 154551
File threats detected : 1

Adware.Vundo/Variant
C:\WINDOWS\SYSTEM32\MSDRI32.DLL
C:\WINDOWS\SYSTEM32\MSDRI32.DLL


und Malwarebytes':

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4583

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

09.09.2010 20:50:19
mbam-log-2010-09-09 (20-50-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 281516
Laufzeit: 1 Stunde(n), 52 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 10.09.2010 10:50
Da wurden nur Überreste gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?

intrus 13.09.2010 18:47
Hallo Arne,

habe jetzt ein paar Tage probiert.

Aktuell keine neuen Funde. Das System und das Laden von Internetseiten geht jetzt wieder flott. Es hat auf jeden Fall Spaß gemacht, Deine Tipps umzusetzen. Richtig verstanden was jetzt das Problem war, habe ich allerdings nicht. Da es jetzt wieder geht, ist das auch egal.

Vielen Dank für Deine geduldige Hilfe (liest Du die endlosen Logs wirklich alle?)

Grüße
intrus

cosinus 13.09.2010 20:54
Dann wären wir durch! :abklatsch:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:16 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131