Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Seltsame Anwendung im Task-Manager / Malwarebytes Anti-Malware findet PUM.Hijack.StartMenu

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 14.06.2012, 11:47   #1
Sastian
 
Seltsame Anwendung im Task-Manager / Malwarebytes Anti-Malware findet PUM.Hijack.StartMenu - Standard

Seltsame Anwendung im Task-Manager / Malwarebytes Anti-Malware findet PUM.Hijack.StartMenu



Hallo,

Malwarebytes Anti-Malware hat beim Quickscan auf meinen Netbook einen Befall festgestellt:

Code:
ATTFilter
Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|StartMenuLogoff (PUM.Hijack.StartMenu) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.
         
Gestartet habe ich den Quickscan, weil ich im Task-Manager bei Anwendungen unerklärlicherweise ein Programm mit seltsamen Zeichen im Namen und mit DOS-Box-Icon hatte. Leider habe ich dann panisch auf Task beenden geklickt und daher ist der Name im Nirwana verschwunden.

Mein Avast Free hat bei einem Full-Scan lediglich eine alte Version von OTL.EXE angemäkelt und in die Quarantäne geschoben. (Interessanterweise wurde die neue Version, die ich heute runtergeladen habe, nicht bemängelt.)

Ein Fullscan mit Malwarebytes Anti-Malware wurde immer langsamer (Speicher war nicht das Problem und die Festplatte ist mit 31GB nur mäßig gefüllt) und wurde dann von mir nach >2h abgebrochen. Der Quickscan wurde dann wie o.a. fündig.

Das Windows XP-System hat die aktuellen Windows-Updates, einen aktuellen Virenscanner (Avast Free), Sandboxie, Opera. (Firefox ist nur noch aus historischen Gründen installiert.) Von daher bin ich etwas ratlos, woher, wieso.

Allerdings habe ich im Urlaub von einem Verwandten Familienfotos per USB-Stick ausgetauscht und ein Freund hat mir einen USB-Stick zurückgegeben, den ich kurz vor dem Vorfall mit dem Netbook formatiert habe. (Kann es sein, dass trotz Virenscanner ein infizierter USB-Stick, auf dem man keine Anwendung ausführt, sondern lediglich Fotos kopiert, einen Befall auslöst?)

Im Urlaub haben wir ein klein wenig über UMTS gesurft (allerdings auch mit Sandboxie). Zu Hause angekommen, habe ich das Netbook durchgestartet, dann hat sich etwas unerklärlicherweise der Real Player mit einem Update gemeldet. Ganz sicher bin ich mir nicht, ob der vorher überhaupt installiert war.

Die geforderten Log-Dateien sind im Anhang.

Im OTL-Log ist mir aufgefallen, dass zeitlich nahe am RealPlayer-Update ein Verzeichnis C:\Programme\Gemeinsame Dateien\xing shared angelegt wurde. Das kann ich mir gar nicht erklären.

Reicht es mit Malwarebytes Anti-Malware den Befall zu korrigieren? Muss ich Vorsichtsmaßnahmen ergreifen (Web-Passwörter ändern?)? Kann ich die Familienfotos per USB-Stick auf einen anderen Computer ziehen oder verteile ich dann die Infektion?

Vielen Dank,
Sebastian
Angehängte Dateien
Dateityp: 7z logfiles.7z (15,3 KB, 110x aufgerufen)

Alt 18.06.2012, 10:21   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Seltsame Anwendung im Task-Manager / Malwarebytes Anti-Malware findet PUM.Hijack.StartMenu - Standard

Seltsame Anwendung im Task-Manager / Malwarebytes Anti-Malware findet PUM.Hijack.StartMenu



Starte mal den abgesicherten Modus mit Netzwerktreibern. In diesem Modus erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 19.06.2012, 03:43   #3
Sastian
 
Seltsame Anwendung im Task-Manager / Malwarebytes Anti-Malware findet PUM.Hijack.StartMenu - Standard

Seltsame Anwendung im Task-Manager / Malwarebytes Anti-Malware findet PUM.Hijack.StartMenu



Hallo,

vielen Dank für die Hilfe.

Hier das Ergebnis des Fullscans von Malware im abgesicherten Modus mit Netzwerktreibern:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.18.06

Windows XP Service Pack 3 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.6001.18702
Sebastian :: MINICAT [Administrator]

18.06.2012 20:28:40
mbam-log-2012-06-18 (21-47-39).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 346648
Laufzeit: 1 Stunde(n), 17 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|StartMenuLogoff (PUM.Hijack.StartMenu) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
In Malware habe ich bzgl. des Funds nichts mit Quarantäne gefunden. Ich habe aber im Unterschied zu vorherigen Läufen (siehe vorherige Post) den Lauf nach dem Fund nicht abgebrochen, sondern regulär verlassen (so hieß der Button) und dabei wurde dann wohl der Registry-Eintrag gelöscht.

Im QuickScan nach dem Lauf von ESET wurde nix mehr gefunden:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.18.06

Windows XP Service Pack 3 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.6001.18702
Sebastian :: MINICAT [Administrator]

19.06.2012 04:33:23
mbam-log-2012-06-19 (04-33-23).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 220993
Laufzeit: 3 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Und hier das Log von ESET:
Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=23919ec9a3941b45887a3ed7210b983b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-18 11:44:00
# local_time=2012-06-19 01:44:00 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 166 166 0 0
# scanned=131313
# found=0
# cleaned=0
# scan_time=13628
         
Schöne Grüße,
Sebastian
__________________

Alt 19.06.2012, 08:32   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Seltsame Anwendung im Task-Manager / Malwarebytes Anti-Malware findet PUM.Hijack.StartMenu - Standard

Seltsame Anwendung im Task-Manager / Malwarebytes Anti-Malware findet PUM.Hijack.StartMenu



Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.06.2012, 18:55   #5
Sastian
 
Seltsame Anwendung im Task-Manager / Malwarebytes Anti-Malware findet PUM.Hijack.StartMenu - Standard

Seltsame Anwendung im Task-Manager / Malwarebytes Anti-Malware findet PUM.Hijack.StartMenu



Zitat:
Zitat von cosinus Beitrag anzeigen
Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
Ich hatte nie wirklich den Eindruck, dass der eingeschränkt ist. Habe jetzt mal ein bißchen rumgeklickt und nichts Ungewöhnliches festgestellt.

Zitat:
Zitat von cosinus Beitrag anzeigen
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
Nein, ich vermisse nichts und es sind auch keine leere Ordner unter alle Programme. Hab dort alles durchgeklickt. Habe auch mal in die Datenverzeichnisse geschaut. Auch dort scheint alles da zu sein.

Einzig alleine Opera in der Sandboxie kam etwas seltsam aus'm Cache. Die Icons in der Tabbar vom Trojaner-Board stimmten nicht. Die Webseite vom Thread war erst nach dem Neuladen kein Zeichenhaufen mehr. Das könnte aber auch damit zusammenhängen, dass ich im abgesicherten Modus mit dem Opera direkt im Netz war.

Schöne Grüße,
Sebastian


Alt 19.06.2012, 23:18   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Seltsame Anwendung im Task-Manager / Malwarebytes Anti-Malware findet PUM.Hijack.StartMenu - Standard

Seltsame Anwendung im Task-Manager / Malwarebytes Anti-Malware findet PUM.Hijack.StartMenu



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> Seltsame Anwendung im Task-Manager / Malwarebytes Anti-Malware findet PUM.Hijack.StartMenu

Alt 20.06.2012, 22:05   #7
Sastian
 
Seltsame Anwendung im Task-Manager / Malwarebytes Anti-Malware findet PUM.Hijack.StartMenu - Standard

Seltsame Anwendung im Task-Manager / Malwarebytes Anti-Malware findet PUM.Hijack.StartMenu



Hallo,

OTL ist durchgelaufen. Das auf dem HP Netbook standardmäßig installierte Roxio Back on Track hat sich etwas beschwert wegen der Windows Sicherung, habe ich aber ignoriert.

Hier das OTL-Log:
Code:
ATTFilter
OTL logfile created on: 20.06.2012 18:59:53 - Run 3
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Dokumente und Einstellungen\Sebastian\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,49 Gb Available Physical Memory | 74,70% Memory free
3,33 Gb Paging File | 2,98 Gb Available in Paging File | 89,55% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,04 Gb Total Space | 117,82 Gb Free Space | 79,05% Space Free | Partition Type: NTFS
 
Computer Name: MINICAT | User Name: Sebastian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.14 07:48:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sebastian\Desktop\OTL.exe
PRC - [2012.04.10 12:16:58 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) -- C:\Programme\Sandboxie\SbieSvc.exe
PRC - [2012.03.07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.01.18 15:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2009.08.13 18:09:38 | 000,467,036 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2009.08.13 18:09:38 | 000,221,266 | ---- | M] (IDT, Inc.) -- c:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Temp\CDM\{C06380B4-FC58-4998-A02D-856FC6352CC6}\stacsv.exe
PRC - [2009.07.06 23:06:46 | 000,737,280 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2009.06.02 19:05:58 | 000,457,200 | ---- | M] () -- C:\Programme\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
PRC - [2009.03.30 16:02:08 | 000,319,488 | ---- | M] () -- C:\Programme\HP\HPBTWD.exe
PRC - [2008.04.15 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.20 16:16:36 | 001,775,104 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\12062001\algo.dll
MOD - [2012.06.19 08:39:51 | 001,775,104 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\12061900\algo.dll
MOD - [2012.06.14 08:09:17 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012.06.14 08:08:49 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012.05.11 17:05:20 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
MOD - [2012.05.11 16:50:31 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012.05.11 16:50:04 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll
MOD - [2011.07.18 23:04:08 | 000,296,448 | ---- | M] () -- C:\Programme\Notepad++\NppShell_04.dll
MOD - [2009.06.02 19:05:58 | 000,457,200 | ---- | M] () -- C:\Programme\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
MOD - [2009.03.30 16:02:08 | 000,319,488 | ---- | M] () -- C:\Programme\HP\HPBTWD.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.05.05 19:23:19 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.10 12:16:58 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2009.08.13 18:09:38 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Temp\CDM\{C06380B4-FC58-4998-A02D-856FC6352CC6}\stacsv.exe -- (STacSV)
SRV - [2009.06.02 19:05:58 | 000,457,200 | ---- | M] () [Auto | Running] -- C:\Programme\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)
SRV - [2009.05.22 20:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Programme\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- c:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts5161ccid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP4c\WNt500x86\Sandra.sys -- (SANDRA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (Rts516xIR)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.04.10 12:16:58 | 000,135,440 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2012.03.07 01:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.03.07 01:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.03.07 01:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012.03.07 01:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.03.07 01:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012.03.07 01:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.03.07 00:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009.12.29 19:47:50 | 001,746,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2009.08.13 18:09:38 | 001,644,211 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009.07.01 23:10:54 | 000,103,792 | ---- | M] (Sonic Solutions) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\syscow32x.sys -- (SysCow)
DRV - [2009.06.02 01:00:00 | 000,025,584 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SaibVd32.sys -- (SaibVd32)
DRV - [2009.06.02 01:00:00 | 000,021,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SahdIa32.sys -- (SahdIa32)
DRV - [2009.06.02 01:00:00 | 000,015,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SaibIa32.sys -- (SaibIa32)
DRV - [2009.04.21 15:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009.03.31 22:11:44 | 000,039,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009.03.25 17:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009.03.25 17:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2009.03.25 17:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2009.03.25 17:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009.03.25 17:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2009.03.25 17:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2009.03.25 17:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2009.03.13 17:32:18 | 001,759,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008.11.22 03:36:46 | 000,160,256 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)
DRV - [2008.09.02 15:03:54 | 000,168,704 | ---- | M] (10moons Technologies Co.,Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TridVid.sys -- (TridVid)
DRV - [2008.04.14 15:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)
DRV - [2008.04.14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2006.11.02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2004.03.24 04:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {33828B23-68CA-48DC-92B7-BA20B6F2FF6C}
IE - HKLM\..\SearchScopes\{0906DF6B-4B80-4840-95A5-75BD0308AC53}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\..\SearchScopes\{33828B23-68CA-48DC-92B7-BA20B6F2FF6C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKLM\..\SearchScopes\{862AB003-E965-4DF4-A886-728A571EFB52}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1078501022-2075896473-1597800574-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-1078501022-2075896473-1597800574-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-1078501022-2075896473-1597800574-1005\..\SearchScopes,DefaultScope = {33828B23-68CA-48DC-92B7-BA20B6F2FF6C}
IE - HKU\S-1-5-21-1078501022-2075896473-1597800574-1005\..\SearchScopes\{0906DF6B-4B80-4840-95A5-75BD0308AC53}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKU\S-1-5-21-1078501022-2075896473-1597800574-1005\..\SearchScopes\{33828B23-68CA-48DC-92B7-BA20B6F2FF6C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKU\S-1-5-21-1078501022-2075896473-1597800574-1005\..\SearchScopes\{862AB003-E965-4DF4-A886-728A571EFB52}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKU\S-1-5-21-1078501022-2075896473-1597800574-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.ftd.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.7
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.5
FF - prefs.js..extensions.enabledItems: {99B98C2C-7274-45a3-A640-D9DF1A1C8460}:1.4
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://wpad.nbg.schema.de/wpad.dat"
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\programme\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\programme\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\programme\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.08 23:02:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Programme\AVAST Software\Avast\WebRep\FF [2012.05.17 09:11:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.08 23:02:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.04.01 08:33:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.06.19 19:35:06 | 000,000,000 | ---D | M]
 
[2009.12.29 22:35:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Mozilla\Extensions
[2012.04.01 08:33:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Mozilla\Firefox\Profiles\vcf56fht.default\extensions
[2010.05.26 07:27:12 | 000,000,000 | ---D | M] (CookieCuller) -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Mozilla\Firefox\Profiles\vcf56fht.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}
[2010.05.26 07:27:12 | 000,000,000 | ---D | M] (Torbutton) -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Mozilla\Firefox\Profiles\vcf56fht.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2011.10.02 11:49:04 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Mozilla\Firefox\Profiles\vcf56fht.default\extensions\foxmarks@kei.com
[2009.12.29 22:35:54 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Mozilla\Firefox\Profiles\vcf56fht.default\extensions\temp
[2011.11.18 23:03:29 | 000,001,978 | ---- | M] () -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Mozilla\Firefox\Profiles\vcf56fht.default\searchplugins\serchilo-de.xml
[2012.04.01 08:33:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.04.01 08:33:51 | 000,399,491 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\SEBASTIAN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\VCF56FHT.DEFAULT\EXTENSIONS\{53A03D43-5363-4669-8190-99061B2DEBA5}.XPI
[2012.04.01 08:33:52 | 000,634,964 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\SEBASTIAN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\VCF56FHT.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.03.13 06:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.03.12 22:29:19 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.08 23:01:54 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Programme\mozilla firefox\plugins\nprpplugin.dll
[2012.03.13 06:38:32 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.03.13 06:38:32 | 000,002,040 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2008.04.15 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-1078501022-2075896473-1597800574-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP BTW Detect Program] C:\Programme\HP\HPBTWD.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\programme\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1078501022-2075896473-1597800574-1005..\Run: [SandboxieControl] C:\Programme\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - Startup: C:\Dokumente und Einstellungen\Monika\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\Sebastian\Startmenü\Programme\Autostart\ac'tivAid.lnk = C:\Programme\ac'tivAid\ac'tivAid.ahk ()
O4 - Startup: C:\Dokumente und Einstellungen\Sebastian\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078501022-2075896473-1597800574-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F70144B-B852-41D5-A58A-61668C552DE8}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Firestorm High.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Firestorm High.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{45819916-40b1-11e0-b401-002655b6384f}\Shell - "" = AutoRun
O33 - MountPoints2\{45819916-40b1-11e0-b401-002655b6384f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{45819916-40b1-11e0-b401-002655b6384f}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{45819935-40b1-11e0-b401-002655b6384f}\Shell - "" = AutoRun
O33 - MountPoints2\{45819935-40b1-11e0-b401-002655b6384f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{45819935-40b1-11e0-b401-002655b6384f}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{55620d45-c1d1-11df-b910-002655b6384f}\Shell - "" = AutoRun
O33 - MountPoints2\{55620d45-c1d1-11df-b910-002655b6384f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{55620d45-c1d1-11df-b910-002655b6384f}\Shell\AutoRun\command - "" = D:\Startme.exe
O33 - MountPoints2\{564fa4d3-a342-11e0-8dee-002655b6384f}\Shell - "" = AutoRun
O33 - MountPoints2\{564fa4d3-a342-11e0-8dee-002655b6384f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{564fa4d3-a342-11e0-8dee-002655b6384f}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{564fa4ee-a342-11e0-8dee-002655b6384f}\Shell - "" = AutoRun
O33 - MountPoints2\{564fa4ee-a342-11e0-8dee-002655b6384f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{564fa4ee-a342-11e0-8dee-002655b6384f}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^Sebastian^Startmenü^Programme^Autostart^OpenOffice.org 3.1.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: HP - hkey= - key= - C:\Programme\Hewlett-Packard\HP QuickSync\QuickSync.exe (Hewlett-Packard)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Sony Ericsson PC Companion - hkey= - key= -  File not found
MsConfig - StartUpReg: Sony PC Companion - hkey= - key= - C:\Programme\Sony\Sony PC Companion\PCCompanion.exe (Sony)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= -  File not found
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\programme\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: WinampAgent - hkey= - key= -  File not found
 
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT  
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.20 18:54:30 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sebastian\Desktop\OTL.exe
[2012.06.18 21:54:09 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.06.13 17:30:28 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Sebastian\Recent
[2012.06.13 12:59:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sebastian\Desktop\Others
[2012.06.08 23:02:51 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\xing shared
[2012.06.08 23:01:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\RealNetworks
[2012.06.07 20:41:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sebastian\Desktop\Urlaub Rheingau 2012
[2012.06.03 15:51:15 | 000,000,000 | ---D | C] -- C:\Programme\Dropbox
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.20 19:04:21 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\BackOnTrack Instant Restore Idle.job
[2012.06.19 19:56:30 | 000,094,963 | ---- | M] () -- C:\Dokumente und Einstellungen\Sebastian\Eigene Dateien\screenshot.odt
[2012.06.19 19:29:48 | 000,003,076 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2012.06.19 19:23:18 | 000,449,418 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.06.19 19:23:18 | 000,433,138 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.06.19 19:23:18 | 000,080,936 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.06.19 19:23:18 | 000,068,094 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.06.19 19:23:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.06.19 19:19:37 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1078501022-2075896473-1597800574-1005.job
[2012.06.19 19:19:31 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1078501022-2075896473-1597800574-1006.job
[2012.06.19 19:19:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.06.19 19:18:56 | 2138,361,856 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.18 20:21:01 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.06.14 08:17:09 | 000,220,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.06.14 07:56:55 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Sebastian\defogger_reenable
[2012.06.14 07:56:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.06.14 07:48:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sebastian\Desktop\OTL.exe
[2012.06.08 23:04:28 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1078501022-2075896473-1597800574-1005.job
[2012.06.08 23:01:43 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2012.06.07 21:27:02 | 000,011,264 | ---- | M] () -- C:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.07 20:43:58 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf
[2012.06.03 15:51:26 | 000,001,050 | ---- | M] () -- C:\Dokumente und Einstellungen\Sebastian\Startmenü\Programme\Autostart\Dropbox.lnk
[2012.05.30 19:52:00 | 003,166,912 | ---- | M] () -- C:\Dokumente und Einstellungen\Sebastian\Eigene Dateien\copains.mp3
[2012.05.30 19:48:49 | 000,005,390 | ---- | M] () -- C:\Dokumente und Einstellungen\Sebastian\Eigene Dateien\pauvre_martin.htm
[2012.05.25 07:38:42 | 000,003,001 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.19 19:56:29 | 000,094,963 | ---- | C] () -- C:\Dokumente und Einstellungen\Sebastian\Eigene Dateien\screenshot.odt
[2012.06.19 19:18:56 | 2138,361,856 | -HS- | C] () -- C:\hiberfil.sys
[2012.06.14 07:56:55 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Sebastian\defogger_reenable
[2012.06.14 07:50:25 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012.06.07 20:43:58 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf
[2012.05.30 19:50:40 | 003,166,912 | ---- | C] () -- C:\Dokumente und Einstellungen\Sebastian\Eigene Dateien\copains.mp3
[2012.05.30 19:48:49 | 000,005,390 | ---- | C] () -- C:\Dokumente und Einstellungen\Sebastian\Eigene Dateien\pauvre_martin.htm
[2012.02.19 14:40:15 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS61.DLL
[2012.02.16 20:13:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.10.30 13:01:34 | 000,003,076 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2011.06.12 21:04:03 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011.01.01 13:36:44 | 000,000,031 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2010.09.06 22:11:39 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010.09.06 22:09:33 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VendorCmdRW.dll
[2010.07.17 11:05:04 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
 
========== LOP Check ==========
 
[2012.05.17 09:10:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
[2011.11.24 22:15:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess
[2011.01.01 13:36:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH
[2012.04.02 08:08:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony
[2010.09.06 22:23:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp
[2009.08.24 10:35:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Uninstall
[2010.03.14 12:27:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VirtualizedApplications
[2009.12.31 17:16:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WildTangent
[2011.02.02 16:58:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Monika\Anwendungsdaten\LibreOffice
[2010.06.07 14:27:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Monika\Anwendungsdaten\NVD
[2010.06.06 21:43:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Monika\Anwendungsdaten\OpenOffice.org
[2011.06.12 21:07:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Monika\Anwendungsdaten\Opera
[2010.08.31 05:15:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Monika\Anwendungsdaten\SoftGrid Client
[2010.12.01 08:36:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\AudioTuner
[2012.04.22 23:02:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\BOM
[2011.01.01 13:39:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Buhl Data Service
[2012.03.25 22:30:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\calibre
[2010.08.04 07:21:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.06.19 19:20:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Dropbox
[2011.01.29 22:44:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\LibreOffice
[2011.12.23 15:39:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Notepad++
[2010.03.14 10:13:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\NVD
[2009.12.29 23:26:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\OpenOffice.org
[2011.04.15 23:27:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Opera
[2010.09.06 23:13:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\SoftGrid Client
[2010.03.14 10:13:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\TP
[2009.12.31 17:16:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\WildTangent
[2012.06.20 19:04:21 | 000,000,274 | ---- | M] () -- C:\WINDOWS\Tasks\BackOnTrack Instant Restore Idle.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*.  >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s  >
 
< %APPDATA%\*.  >
[2011.12.13 15:41:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Adobe
[2011.12.16 20:34:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Apple Computer
[2010.12.01 08:36:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\AudioTuner
[2012.04.22 23:02:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\BOM
[2011.01.01 13:39:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Buhl Data Service
[2012.03.25 22:30:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\calibre
[2010.08.04 07:21:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.09.06 22:29:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\CyberLink
[2010.09.06 22:57:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\DivX
[2012.06.19 19:20:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Dropbox
[2010.05.24 10:56:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Google
[2009.08.24 11:12:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\hpqLog
[2009.08.24 17:36:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Identities
[2009.08.24 10:20:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\InstallShield
[2011.01.29 22:44:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\LibreOffice
[2009.08.24 10:40:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Macromedia
[2010.08.18 21:37:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Malwarebytes
[2012.04.29 08:44:28 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Microsoft
[2009.12.29 22:35:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Mozilla
[2009.12.29 21:15:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Mozilla.ORG
[2011.12.23 15:39:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Notepad++
[2010.03.14 10:13:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\NVD
[2009.12.29 23:26:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\OpenOffice.org
[2011.04.15 23:27:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Opera
[2011.11.27 07:45:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Real
[2009.08.24 10:33:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Roxio Log Files
[2012.04.05 18:04:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Skype
[2012.04.01 08:37:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\skypePM
[2010.09.06 23:13:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\SoftGrid Client
[2009.08.24 11:00:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Sun
[2010.03.14 10:13:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\TP
[2012.06.19 19:38:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\vlc
[2009.12.31 17:16:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\WildTangent
 
< %APPDATA%\*.exe /s  >
[2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Dropbox\bin\Dropbox.exe
[2012.05.24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Dropbox\bin\DropboxUpdateHelper.exe
[2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Dropbox\bin\Uninstall.exe
[2010.08.04 07:22:40 | 000,038,784 | ---- | M] () -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.10.03 06:51:55 | 000,497,160 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Real\RealPlayer\setup\AU_setup17.exe
[2012.06.04 08:49:03 | 000,315,544 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\9.11\rnupgagent.exe
[2012.05.27 11:48:48 | 027,381,184 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\9.11\stub_data\RealPlayer.exe
[2012.05.27 11:46:36 | 000,692,480 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\9.11\stub_exe\RealPlayer.exe
 
< %SYSTEMDRIVE%\*.exe  >
 
< MD5 for: AGP440.SYS  >
[2008.04.15 06:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\I386\sp3.cab:AGP440.sys
[2008.04.15 14:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Archive\00000124\00000001\0\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file
[2008.04.15 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 16:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS
[2008.04.14 16:06:40 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\System Rollback Data\Restore\Archive\00000124\00000001\0\Attrib\WINDOWS\system32\drivers\AGP440.SYS
 
< MD5 for: AHCIX86.SYS  >
[2008.04.15 14:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Archive\00000124\00000001\0\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file
 
< MD5 for: AHCIX86S.SYS  >
[2008.04.15 14:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Archive\00000124\00000001\0\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file
 
< MD5 for: ATAPI.SYS  >
[2008.04.15 06:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys
[2008.04.15 14:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Archive\00000124\00000001\0\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file
[2008.04.15 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 16:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 16:10:32 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\System Rollback Data\Restore\Archive\00000124\00000001\0\Attrib\WINDOWS\system32\drivers\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2008.04.15 14:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Archive\00000124\00000001\0\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file
 
< MD5 for: ENETHOOK.DLL  >
[2008.04.15 14:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Archive\00000124\00000001\0\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.15 14:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Archive\00000124\00000001\0\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file
[2008.04.15 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2008.04.15 14:00:00 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\System Rollback Data\Restore\Archive\00000124\00000001\0\Attrib\WINDOWS\system32\eventlog.dll
 
< MD5 for: IASTOR.SYS  >
[2008.04.15 14:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Archive\00000124\00000001\0\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file
[2009.06.05 04:43:16 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\System Rollback Data\Restore\Archive\00000124\00000001\0\Attrib\WINDOWS\system32\drivers\iaStor.sys
[2009.06.05 04:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\SwSetup\HDD\IaStor.sys
[2009.06.05 04:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\WINDOWS\system32\drivers\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.04.15 14:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Archive\00000124\00000001\0\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file
 
< MD5 for: IDECHNDR.SYS  >
[2008.04.15 14:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Archive\00000124\00000001\0\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file
 
< MD5 for: KR10N.SYS  >
[2008.04.15 14:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Archive\00000124\00000001\0\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file
 
< MD5 for: LOGEVENT.DLL  >
[2008.04.15 14:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Archive\00000124\00000001\0\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file
 
< MD5 for: NETLOGON.DLL  >
[2008.04.15 14:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Archive\00000124\00000001\0\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file
[2008.04.15 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2008.04.15 14:00:00 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\System Rollback Data\Restore\Archive\00000124\00000001\0\Attrib\WINDOWS\system32\netlogon.dll
 
< MD5 for: NTELOGON.DLL  >
[2008.04.15 14:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Archive\00000124\00000001\0\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file
 
< MD5 for: NVATA.SYS  >
[2008.04.15 14:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Archive\00000124\00000001\0\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file
 
< MD5 for: NVATABUS.SYS  >
[2008.04.15 14:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Archive\00000124\00000001\0\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file
 
< MD5 for: NVGTS.SYS  >
[2008.04.15 14:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Archive\00000124\00000001\0\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file
 
< MD5 for: NVSTOR.SYS  >
[2008.04.15 14:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Archive\00000124\00000001\0\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file
 
< MD5 for: NVSTOR32.SYS  >
[2008.04.15 14:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Archive\00000124\00000001\0\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file
 
< MD5 for: SCECLI.DLL  >
[2008.04.15 14:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Archive\00000124\00000001\0\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file
[2008.04.15 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2008.04.15 14:00:00 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\System Rollback Data\Restore\Archive\00000124\00000001\0\Attrib\WINDOWS\system32\scecli.dll
 
< MD5 for: SCECLT.DLL  >
[2008.04.15 14:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Archive\00000124\00000001\0\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file
 
< MD5 for: USER32.DLL  >
[2008.04.15 14:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Archive\00000124\00000001\0\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file
[2008.04.15 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
[2008.04.15 14:00:00 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\System Rollback Data\Restore\Archive\00000124\00000001\0\Attrib\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.15 14:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Archive\00000124\00000001\0\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file
[2008.04.15 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2008.04.15 14:00:00 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\System Rollback Data\Restore\Archive\00000124\00000001\0\Attrib\WINDOWS\system32\userinit.exe
 
< MD5 for: VAXSCSI.SYS  >
[2008.04.15 14:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Archive\00000124\00000001\0\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file
 
< MD5 for: VIAMRAID.SYS  >
[2008.04.15 14:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Archive\00000124\00000001\0\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file
 
< MD5 for: VIASRAID.SYS  >
[2008.04.15 14:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Archive\00000124\00000001\0\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file
 
< MD5 for: VIPRT.SYS  >
[2008.04.15 14:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Archive\00000124\00000001\0\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file
 
< MD5 for: WININIT.EXE  >
[2008.04.15 14:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Archive\00000124\00000001\0\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file
 
< MD5 for: WINLOGON.EXE  >
[2008.04.15 14:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Archive\00000124\00000001\0\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.15 14:00:00 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\System Rollback Data\Restore\Archive\00000124\00000001\0\Attrib\WINDOWS\system32\winlogon.exe
[2008.04.15 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.04.15 14:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Archive\00000124\00000001\0\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file
[2008.04.15 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
[2008.04.15 14:00:00 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\System Rollback Data\Restore\Archive\00000124\00000001\0\Attrib\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles  >
 
< %systemroot%\System32\config\*.sav  >
[2009.04.11 02:41:56 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009.04.11 02:41:56 | 001,069,056 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009.04.11 02:41:56 | 000,434,176 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s  >
 
< %systemroot%\system32\*.dll /lockedfiles  >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >
         
Viele Grüße,
Sebastian

Alt 21.06.2012, 11:29   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Seltsame Anwendung im Task-Manager / Malwarebytes Anti-Malware findet PUM.Hijack.StartMenu - Standard

Seltsame Anwendung im Task-Manager / Malwarebytes Anti-Malware findet PUM.Hijack.StartMenu



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {33828B23-68CA-48DC-92B7-BA20B6F2FF6C}
IE - HKLM\..\SearchScopes\{0906DF6B-4B80-4840-95A5-75BD0308AC53}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\..\SearchScopes\{33828B23-68CA-48DC-92B7-BA20B6F2FF6C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKLM\..\SearchScopes\{862AB003-E965-4DF4-A886-728A571EFB52}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKU\S-1-5-21-1078501022-2075896473-1597800574-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-1078501022-2075896473-1597800574-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-1078501022-2075896473-1597800574-1005\..\SearchScopes,DefaultScope = {33828B23-68CA-48DC-92B7-BA20B6F2FF6C}
IE - HKU\S-1-5-21-1078501022-2075896473-1597800574-1005\..\SearchScopes\{0906DF6B-4B80-4840-95A5-75BD0308AC53}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKU\S-1-5-21-1078501022-2075896473-1597800574-1005\..\SearchScopes\{33828B23-68CA-48DC-92B7-BA20B6F2FF6C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKU\S-1-5-21-1078501022-2075896473-1597800574-1005\..\SearchScopes\{862AB003-E965-4DF4-A886-728A571EFB52}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
FF - prefs.js..network.proxy.autoconfig_url: "http://wpad.nbg.schema.de/wpad.dat"
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
O3 - HKU\S-1-5-21-1078501022-2075896473-1597800574-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078501022-2075896473-1597800574-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{45819916-40b1-11e0-b401-002655b6384f}\Shell - "" = AutoRun
O33 - MountPoints2\{45819916-40b1-11e0-b401-002655b6384f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{45819916-40b1-11e0-b401-002655b6384f}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{45819935-40b1-11e0-b401-002655b6384f}\Shell - "" = AutoRun
O33 - MountPoints2\{45819935-40b1-11e0-b401-002655b6384f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{45819935-40b1-11e0-b401-002655b6384f}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{55620d45-c1d1-11df-b910-002655b6384f}\Shell - "" = AutoRun
O33 - MountPoints2\{55620d45-c1d1-11df-b910-002655b6384f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{55620d45-c1d1-11df-b910-002655b6384f}\Shell\AutoRun\command - "" = D:\Startme.exe
O33 - MountPoints2\{564fa4d3-a342-11e0-8dee-002655b6384f}\Shell - "" = AutoRun
O33 - MountPoints2\{564fa4d3-a342-11e0-8dee-002655b6384f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{564fa4d3-a342-11e0-8dee-002655b6384f}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{564fa4ee-a342-11e0-8dee-002655b6384f}\Shell - "" = AutoRun
O33 - MountPoints2\{564fa4ee-a342-11e0-8dee-002655b6384f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{564fa4ee-a342-11e0-8dee-002655b6384f}\Shell\AutoRun\command - "" = D:\AutoRun.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.06.2012, 19:26   #9
Sastian
 
Seltsame Anwendung im Task-Manager / Malwarebytes Anti-Malware findet PUM.Hijack.StartMenu - Standard

Seltsame Anwendung im Task-Manager / Malwarebytes Anti-Malware findet PUM.Hijack.StartMenu



Hallo,

der OTL-Fix ist durchgelaufen.

Hier der Log:
Code:
ATTFilter
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0906DF6B-4B80-4840-95A5-75BD0308AC53}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0906DF6B-4B80-4840-95A5-75BD0308AC53}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33828B23-68CA-48DC-92B7-BA20B6F2FF6C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33828B23-68CA-48DC-92B7-BA20B6F2FF6C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{862AB003-E965-4DF4-A886-728A571EFB52}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{862AB003-E965-4DF4-A886-728A571EFB52}\ not found.
HKU\S-1-5-21-1078501022-2075896473-1597800574-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-1078501022-2075896473-1597800574-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-1078501022-2075896473-1597800574-1005\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1078501022-2075896473-1597800574-1005\Software\Microsoft\Internet Explorer\SearchScopes\{0906DF6B-4B80-4840-95A5-75BD0308AC53}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0906DF6B-4B80-4840-95A5-75BD0308AC53}\ not found.
Registry key HKEY_USERS\S-1-5-21-1078501022-2075896473-1597800574-1005\Software\Microsoft\Internet Explorer\SearchScopes\{33828B23-68CA-48DC-92B7-BA20B6F2FF6C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33828B23-68CA-48DC-92B7-BA20B6F2FF6C}\ not found.
Registry key HKEY_USERS\S-1-5-21-1078501022-2075896473-1597800574-1005\Software\Microsoft\Internet Explorer\SearchScopes\{862AB003-E965-4DF4-A886-728A571EFB52}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{862AB003-E965-4DF4-A886-728A571EFB52}\ not found.
Prefs.js: "hxxp://wpad.nbg.schema.de/wpad.dat" removed from network.proxy.autoconfig_url
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 8118 removed from network.proxy.http_port
Prefs.js: "127.0.0.1" removed from network.proxy.no_proxies_on
Prefs.js: "127.0.0.1" removed from network.proxy.socks
Prefs.js: 9050 removed from network.proxy.socks_port
Prefs.js: true removed from network.proxy.socks_remote_dns
Prefs.js: "127.0.0.1" removed from network.proxy.ssl
Prefs.js: 8118 removed from network.proxy.ssl_port
Prefs.js: 0 removed from network.proxy.type
Registry value HKEY_USERS\S-1-5-21-1078501022-2075896473-1597800574-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1078501022-2075896473-1597800574-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45819916-40b1-11e0-b401-002655b6384f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45819916-40b1-11e0-b401-002655b6384f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45819916-40b1-11e0-b401-002655b6384f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45819916-40b1-11e0-b401-002655b6384f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45819916-40b1-11e0-b401-002655b6384f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45819916-40b1-11e0-b401-002655b6384f}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45819935-40b1-11e0-b401-002655b6384f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45819935-40b1-11e0-b401-002655b6384f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45819935-40b1-11e0-b401-002655b6384f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45819935-40b1-11e0-b401-002655b6384f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45819935-40b1-11e0-b401-002655b6384f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45819935-40b1-11e0-b401-002655b6384f}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55620d45-c1d1-11df-b910-002655b6384f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55620d45-c1d1-11df-b910-002655b6384f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55620d45-c1d1-11df-b910-002655b6384f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55620d45-c1d1-11df-b910-002655b6384f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55620d45-c1d1-11df-b910-002655b6384f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55620d45-c1d1-11df-b910-002655b6384f}\ not found.
File D:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{564fa4d3-a342-11e0-8dee-002655b6384f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{564fa4d3-a342-11e0-8dee-002655b6384f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{564fa4d3-a342-11e0-8dee-002655b6384f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{564fa4d3-a342-11e0-8dee-002655b6384f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{564fa4d3-a342-11e0-8dee-002655b6384f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{564fa4d3-a342-11e0-8dee-002655b6384f}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{564fa4ee-a342-11e0-8dee-002655b6384f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{564fa4ee-a342-11e0-8dee-002655b6384f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{564fa4ee-a342-11e0-8dee-002655b6384f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{564fa4ee-a342-11e0-8dee-002655b6384f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{564fa4ee-a342-11e0-8dee-002655b6384f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{564fa4ee-a342-11e0-8dee-002655b6384f}\ not found.
File D:\AutoRun.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41941 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 4768527 bytes
 
User: Monika
->Temp folder emptied: 54086867 bytes
->Temporary Internet Files folder emptied: 7815436 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 36444846 bytes
->Opera cache emptied: 266425 bytes
->Flash cache emptied: 994 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Sebastian
->Temp folder emptied: 32543170 bytes
->Temporary Internet Files folder emptied: 6431716 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 56192834 bytes
->Opera cache emptied: 15109383 bytes
->Flash cache emptied: 42993 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 186546852 bytes
 
Total Files Cleaned = 382,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: LocalService
 
User: Monika
->Flash cache emptied: 0 bytes
 
User: NetworkService
 
User: Sebastian
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.48.0 log created on 06212012_201834

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         
Schönen Abend,
Sebastian

Alt 21.06.2012, 19:51   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Seltsame Anwendung im Task-Manager / Malwarebytes Anti-Malware findet PUM.Hijack.StartMenu - Standard

Seltsame Anwendung im Task-Manager / Malwarebytes Anti-Malware findet PUM.Hijack.StartMenu



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.06.2012, 21:12   #11
Sastian
 
Seltsame Anwendung im Task-Manager / Malwarebytes Anti-Malware findet PUM.Hijack.StartMenu - Standard

Seltsame Anwendung im Task-Manager / Malwarebytes Anti-Malware findet PUM.Hijack.StartMenu



Hallo,

hier das Log von TDSSKiller:

Code:
ATTFilter
22:06:51.0203 1412	TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
22:06:51.0421 1412	============================================================
22:06:51.0421 1412	Current date / time: 2012/06/21 22:06:51.0421
22:06:51.0421 1412	SystemInfo:
22:06:51.0421 1412	
22:06:51.0421 1412	OS Version: 5.1.2600 ServicePack: 3.0
22:06:51.0421 1412	Product type: Workstation
22:06:51.0421 1412	ComputerName: MINICAT
22:06:51.0421 1412	UserName: Sebastian
22:06:51.0421 1412	Windows directory: C:\WINDOWS
22:06:51.0421 1412	System windows directory: C:\WINDOWS
22:06:51.0421 1412	Processor architecture: Intel x86
22:06:51.0421 1412	Number of processors: 2
22:06:51.0421 1412	Page size: 0x1000
22:06:51.0421 1412	Boot type: Normal boot
22:06:51.0421 1412	============================================================
22:06:52.0109 1412	Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:06:52.0109 1412	============================================================
22:06:52.0109 1412	\Device\Harddisk0\DR0:
22:06:52.0109 1412	MBR partitions:
22:06:52.0109 1412	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A14400
22:06:52.0109 1412	============================================================
22:06:52.0140 1412	C: <-> \Device\Harddisk0\DR0\Partition0
22:06:52.0140 1412	============================================================
22:06:52.0140 1412	Initialize success
22:06:52.0140 1412	============================================================
22:07:42.0140 3876	============================================================
22:07:42.0140 3876	Scan started
22:07:42.0140 3876	Mode: Manual; SigCheck; TDLFS; 
22:07:42.0140 3876	============================================================
22:07:42.0718 3876	9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 (a15069eec83ebc54150564b2585cfdba) C:\Programme\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
22:07:43.0156 3876	9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 - ok
22:07:43.0281 3876	Aavmker4        (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
22:07:43.0312 3876	Aavmker4 - ok
22:07:43.0312 3876	Abiosdsk - ok
22:07:43.0343 3876	abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
22:07:44.0093 3876	abp480n5 - ok
22:07:44.0156 3876	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:07:44.0375 3876	ACPI - ok
22:07:44.0375 3876	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
22:07:44.0609 3876	ACPIEC - ok
22:07:44.0687 3876	AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:07:44.0750 3876	AdobeFlashPlayerUpdateSvc - ok
22:07:44.0796 3876	adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
22:07:45.0015 3876	adpu160m - ok
22:07:45.0062 3876	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:07:45.0281 3876	aec - ok
22:07:45.0359 3876	AESTAud         (822d53766d57c90c437536232ece9023) C:\WINDOWS\system32\drivers\AESTAud.sys
22:07:45.0437 3876	AESTAud - ok
22:07:45.0484 3876	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:07:45.0546 3876	AFD - ok
22:07:45.0593 3876	agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
22:07:45.0812 3876	agp440 - ok
22:07:45.0828 3876	agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
22:07:46.0031 3876	agpCPQ - ok
22:07:46.0078 3876	Aha154x         (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
22:07:46.0187 3876	Aha154x - ok
22:07:46.0203 3876	aic78u2         (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
22:07:46.0437 3876	aic78u2 - ok
22:07:46.0484 3876	aic78xx         (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
22:07:46.0718 3876	aic78xx - ok
22:07:46.0765 3876	Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
22:07:47.0000 3876	Alerter - ok
22:07:47.0031 3876	ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
22:07:47.0125 3876	ALG - ok
22:07:47.0140 3876	AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
22:07:47.0343 3876	AliIde - ok
22:07:47.0390 3876	alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
22:07:47.0609 3876	alim1541 - ok
22:07:47.0609 3876	amdagp          (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
22:07:47.0828 3876	amdagp - ok
22:07:47.0859 3876	amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
22:07:47.0968 3876	amsint - ok
22:07:47.0968 3876	AppMgmt - ok
22:07:48.0000 3876	asc             (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
22:07:48.0218 3876	asc - ok
22:07:48.0296 3876	asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
22:07:48.0406 3876	asc3350p - ok
22:07:48.0421 3876	asc3550         (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
22:07:48.0625 3876	asc3550 - ok
22:07:48.0718 3876	aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:07:48.0750 3876	aspnet_state - ok
22:07:48.0796 3876	aswFsBlk        (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
22:07:48.0812 3876	aswFsBlk - ok
22:07:48.0843 3876	aswMon2         (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
22:07:48.0875 3876	aswMon2 - ok
22:07:48.0875 3876	AswRdr          (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\AswRdr.sys
22:07:48.0906 3876	AswRdr - ok
22:07:48.0968 3876	aswSnx          (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
22:07:49.0015 3876	aswSnx - ok
22:07:49.0062 3876	aswSP           (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
22:07:49.0093 3876	aswSP - ok
22:07:49.0125 3876	aswTdi          (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
22:07:49.0156 3876	aswTdi - ok
22:07:49.0171 3876	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:07:49.0406 3876	AsyncMac - ok
22:07:49.0500 3876	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:07:49.0718 3876	atapi - ok
22:07:49.0734 3876	Atdisk - ok
22:07:49.0781 3876	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:07:50.0015 3876	Atmarpc - ok
22:07:50.0062 3876	AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
22:07:50.0296 3876	AudioSrv - ok
22:07:50.0375 3876	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:07:50.0578 3876	audstub - ok
22:07:50.0734 3876	avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Programme\AVAST Software\Avast\AvastSvc.exe
22:07:50.0765 3876	avast! Antivirus - ok
22:07:51.0015 3876	BCM43XX         (69dd2805f42f2de52a5fcbcfa9d8848f) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
22:07:51.0156 3876	BCM43XX - ok
22:07:51.0281 3876	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:07:51.0500 3876	Beep - ok
22:07:51.0609 3876	BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
22:07:51.0968 3876	BITS - ok
22:07:52.0218 3876	BOTService      (06902820703ecb60c192b4581ab13754) C:\Programme\Roxio\BackOnTrack\Instant Restore\BOTService.exe
22:07:52.0250 3876	BOTService - ok
22:07:52.0296 3876	Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
22:07:52.0515 3876	Browser - ok
22:07:52.0593 3876	cbidf           (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
22:07:52.0812 3876	cbidf - ok
22:07:52.0828 3876	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:07:53.0031 3876	cbidf2k - ok
22:07:53.0078 3876	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:07:53.0312 3876	CCDECODE - ok
22:07:53.0359 3876	cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
22:07:53.0453 3876	cd20xrnt - ok
22:07:53.0484 3876	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:07:53.0687 3876	Cdaudio - ok
22:07:53.0765 3876	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:07:54.0000 3876	Cdfs - ok
22:07:54.0046 3876	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:07:54.0265 3876	Cdrom - ok
22:07:54.0265 3876	Changer - ok
22:07:54.0343 3876	CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
22:07:54.0562 3876	CiSvc - ok
22:07:54.0578 3876	ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
22:07:54.0812 3876	ClipSrv - ok
22:07:54.0890 3876	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:07:54.0921 3876	clr_optimization_v2.0.50727_32 - ok
22:07:54.0968 3876	CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:07:55.0187 3876	CmBatt - ok
22:07:55.0250 3876	CmdIde          (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys
22:07:55.0468 3876	CmdIde - ok
22:07:55.0515 3876	Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:07:55.0718 3876	Compbatt - ok
22:07:55.0734 3876	COMSysApp - ok
22:07:55.0765 3876	Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
22:07:56.0000 3876	Cpqarray - ok
22:07:56.0125 3876	CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
22:07:56.0343 3876	CryptSvc - ok
22:07:56.0421 3876	dac2w2k         (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
22:07:56.0656 3876	dac2w2k - ok
22:07:56.0718 3876	dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
22:07:56.0953 3876	dac960nt - ok
22:07:57.0093 3876	DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
22:07:57.0203 3876	DcomLaunch - ok
22:07:57.0265 3876	Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
22:07:57.0484 3876	Dhcp - ok
22:07:57.0546 3876	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:07:57.0750 3876	Disk - ok
22:07:57.0765 3876	dmadmin - ok
22:07:57.0875 3876	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
22:07:58.0140 3876	dmboot - ok
22:07:58.0171 3876	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
22:07:58.0421 3876	dmio - ok
22:07:58.0500 3876	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:07:58.0703 3876	dmload - ok
22:07:58.0765 3876	dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
22:07:58.0984 3876	dmserver - ok
22:07:59.0062 3876	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:07:59.0281 3876	DMusic - ok
22:07:59.0359 3876	Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
22:07:59.0468 3876	Dnscache - ok
22:07:59.0515 3876	Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
22:07:59.0750 3876	Dot3svc - ok
22:07:59.0812 3876	dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
22:08:00.0015 3876	dpti2o - ok
22:08:00.0078 3876	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:08:00.0296 3876	drmkaud - ok
22:08:00.0375 3876	EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
22:08:00.0625 3876	EapHost - ok
22:08:00.0671 3876	ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
22:08:00.0906 3876	ERSvc - ok
22:08:00.0937 3876	Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
22:08:00.0984 3876	Eventlog - ok
22:08:01.0031 3876	EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
22:08:01.0093 3876	EventSystem - ok
22:08:01.0093 3876	ewusbnet - ok
22:08:01.0156 3876	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:08:01.0375 3876	Fastfat - ok
22:08:01.0437 3876	FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
22:08:01.0484 3876	FastUserSwitchingCompatibility - ok
22:08:01.0500 3876	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
22:08:01.0703 3876	Fdc - ok
22:08:01.0796 3876	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
22:08:02.0031 3876	Fips - ok
22:08:02.0078 3876	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:08:02.0281 3876	Flpydisk - ok
22:08:02.0359 3876	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:08:02.0578 3876	FltMgr - ok
22:08:02.0718 3876	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:08:02.0750 3876	FontCache3.0.0.0 - ok
22:08:02.0781 3876	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:08:03.0000 3876	Fs_Rec - ok
22:08:03.0078 3876	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:08:03.0312 3876	Ftdisk - ok
22:08:03.0484 3876	GameConsoleService (c44d560e441f091ea3b72f778ec60de2) C:\Programme\HP Games\HP Game Console\GameConsoleService.exe
22:08:03.0515 3876	GameConsoleService - ok
22:08:03.0562 3876	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:08:03.0828 3876	Gpc - ok
22:08:03.0890 3876	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:08:04.0093 3876	HDAudBus - ok
22:08:04.0203 3876	helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:08:04.0437 3876	helpsvc - ok
22:08:04.0468 3876	HidServ         (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
22:08:04.0703 3876	HidServ - ok
22:08:04.0765 3876	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:08:04.0984 3876	HidUsb - ok
22:08:05.0046 3876	hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
22:08:05.0265 3876	hkmsvc - ok
22:08:05.0296 3876	hpn             (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
22:08:05.0515 3876	hpn - ok
22:08:05.0656 3876	hpqwmiex        (fdf273a845f1ffcceadf363aaf47582f) C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
22:08:05.0687 3876	hpqwmiex - ok
22:08:05.0750 3876	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:08:05.0796 3876	HTTP - ok
22:08:05.0843 3876	HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
22:08:06.0078 3876	HTTPFilter - ok
22:08:06.0093 3876	hwdatacard - ok
22:08:06.0109 3876	hwusbdev - ok
22:08:06.0171 3876	i2omgmt         (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
22:08:06.0390 3876	i2omgmt - ok
22:08:06.0437 3876	i2omp           (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
22:08:06.0640 3876	i2omp - ok
22:08:06.0703 3876	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:08:06.0921 3876	i8042prt - ok
22:08:07.0390 3876	ialm            (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
22:08:07.0781 3876	ialm - ok
22:08:07.0968 3876	iaStor          (d483687eace0c065ee772481a96e05f5) C:\WINDOWS\system32\DRIVERS\iaStor.sys
22:08:08.0000 3876	iaStor - ok
22:08:08.0109 3876	IDriverT        (6f95324909b502e2651442c1548ab12f) c:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
22:08:08.0125 3876	IDriverT ( UnsignedFile.Multi.Generic ) - warning
22:08:08.0125 3876	IDriverT - detected UnsignedFile.Multi.Generic (1)
22:08:08.0281 3876	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:08:08.0359 3876	idsvc - ok
22:08:08.0406 3876	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:08:08.0609 3876	Imapi - ok
22:08:08.0656 3876	ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
22:08:08.0859 3876	ImapiService - ok
22:08:08.0875 3876	ini910u         (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
22:08:09.0109 3876	ini910u - ok
22:08:09.0140 3876	IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:08:09.0343 3876	IntelIde - ok
22:08:09.0390 3876	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:08:09.0609 3876	intelppm - ok
22:08:09.0640 3876	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:08:09.0843 3876	Ip6Fw - ok
22:08:09.0859 3876	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:08:10.0062 3876	IpFilterDriver - ok
22:08:10.0109 3876	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:08:10.0328 3876	IpInIp - ok
22:08:10.0375 3876	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:08:10.0578 3876	IpNat - ok
22:08:10.0656 3876	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:08:10.0859 3876	IPSec - ok
22:08:10.0875 3876	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:08:10.0968 3876	IRENUM - ok
22:08:11.0000 3876	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:08:11.0218 3876	isapnp - ok
22:08:11.0359 3876	JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Programme\Java\jre6\bin\jqs.exe
22:08:11.0390 3876	JavaQuickStarterService - ok
22:08:11.0406 3876	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:08:11.0625 3876	Kbdclass - ok
22:08:11.0671 3876	kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:08:11.0875 3876	kbdhid - ok
22:08:11.0921 3876	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:08:12.0171 3876	kmixer - ok
22:08:12.0234 3876	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:08:12.0296 3876	KSecDD - ok
22:08:12.0343 3876	L1c             (140f9b777fa84e2f5eeea5cadc112e53) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
22:08:12.0390 3876	L1c - ok
22:08:12.0437 3876	LanmanServer    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
22:08:12.0484 3876	LanmanServer - ok
22:08:12.0546 3876	lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
22:08:12.0609 3876	lanmanworkstation - ok
22:08:12.0609 3876	lbrtfdc - ok
22:08:12.0671 3876	LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
22:08:12.0875 3876	LmHosts - ok
22:08:12.0921 3876	Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
22:08:13.0156 3876	Messenger - ok
22:08:13.0218 3876	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:08:13.0406 3876	mnmdd - ok
22:08:13.0453 3876	mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
22:08:13.0656 3876	mnmsrvc - ok
22:08:13.0703 3876	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
22:08:13.0906 3876	Modem - ok
22:08:13.0937 3876	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:08:14.0171 3876	Mouclass - ok
22:08:14.0234 3876	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:08:14.0437 3876	mouhid - ok
22:08:14.0484 3876	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:08:14.0703 3876	MountMgr - ok
22:08:14.0750 3876	MPE             (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
22:08:14.0953 3876	MPE - ok
22:08:15.0015 3876	mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
22:08:15.0250 3876	mraid35x - ok
22:08:15.0296 3876	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:08:15.0500 3876	MRxDAV - ok
22:08:15.0562 3876	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:08:15.0640 3876	MRxSmb - ok
22:08:15.0687 3876	MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
22:08:15.0890 3876	MSDTC - ok
22:08:15.0921 3876	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:08:16.0140 3876	Msfs - ok
22:08:16.0140 3876	MSIServer - ok
22:08:16.0203 3876	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:08:16.0421 3876	MSKSSRV - ok
22:08:16.0437 3876	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:08:16.0625 3876	MSPCLOCK - ok
22:08:16.0640 3876	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:08:16.0875 3876	MSPQM - ok
22:08:16.0906 3876	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:08:17.0109 3876	mssmbios - ok
22:08:17.0187 3876	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:08:17.0406 3876	MSTEE - ok
22:08:17.0500 3876	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:08:17.0531 3876	Mup - ok
22:08:17.0593 3876	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:08:17.0812 3876	NABTSFEC - ok
22:08:17.0875 3876	napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
22:08:18.0109 3876	napagent - ok
22:08:18.0187 3876	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:08:18.0406 3876	NDIS - ok
22:08:18.0468 3876	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:08:18.0671 3876	NdisIP - ok
22:08:18.0734 3876	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:08:18.0765 3876	NdisTapi - ok
22:08:18.0828 3876	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:08:19.0062 3876	Ndisuio - ok
22:08:19.0109 3876	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:08:19.0328 3876	NdisWan - ok
22:08:19.0375 3876	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:08:19.0421 3876	NDProxy - ok
22:08:19.0484 3876	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:08:19.0703 3876	NetBIOS - ok
22:08:19.0750 3876	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:08:19.0953 3876	NetBT - ok
22:08:20.0046 3876	NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
22:08:20.0281 3876	NetDDE - ok
22:08:20.0281 3876	NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
22:08:20.0500 3876	NetDDEdsdm - ok
22:08:20.0562 3876	Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
22:08:20.0765 3876	Netlogon - ok
22:08:20.0843 3876	Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
22:08:21.0078 3876	Netman - ok
22:08:21.0187 3876	NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:08:21.0218 3876	NetTcpPortSharing - ok
22:08:21.0281 3876	Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
22:08:21.0328 3876	Nla - ok
22:08:21.0390 3876	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:08:21.0593 3876	Npfs - ok
22:08:21.0640 3876	NSNDIS5         (53f7546e8daefb3a0813f5e19c4613c9) C:\WINDOWS\system32\NSNDIS5.SYS
22:08:21.0671 3876	NSNDIS5 ( UnsignedFile.Multi.Generic ) - warning
22:08:21.0671 3876	NSNDIS5 - detected UnsignedFile.Multi.Generic (1)
22:08:21.0734 3876	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:08:21.0984 3876	Ntfs - ok
22:08:22.0000 3876	NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
22:08:22.0203 3876	NtLmSsp - ok
22:08:22.0296 3876	NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
22:08:22.0531 3876	NtmsSvc - ok
22:08:22.0578 3876	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:08:22.0781 3876	Null - ok
22:08:22.0843 3876	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:08:23.0046 3876	NwlnkFlt - ok
22:08:23.0093 3876	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:08:23.0296 3876	NwlnkFwd - ok
22:08:23.0343 3876	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
22:08:23.0562 3876	Parport - ok
22:08:23.0609 3876	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:08:23.0812 3876	PartMgr - ok
22:08:23.0859 3876	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
22:08:24.0062 3876	ParVdm - ok
22:08:24.0140 3876	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
22:08:24.0359 3876	PCI - ok
22:08:24.0359 3876	PCIDump - ok
22:08:24.0375 3876	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:08:24.0562 3876	PCIIde - ok
22:08:24.0609 3876	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:08:24.0828 3876	Pcmcia - ok
22:08:24.0828 3876	PDCOMP - ok
22:08:24.0843 3876	PDFRAME - ok
22:08:24.0859 3876	PDRELI - ok
22:08:24.0859 3876	PDRFRAME - ok
22:08:24.0875 3876	perc2           (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
22:08:25.0109 3876	perc2 - ok
22:08:25.0187 3876	perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
22:08:25.0375 3876	perc2hib - ok
22:08:25.0453 3876	PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
22:08:25.0484 3876	PlugPlay - ok
22:08:25.0500 3876	PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
22:08:25.0703 3876	PolicyAgent - ok
22:08:25.0750 3876	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:08:25.0984 3876	PptpMiniport - ok
22:08:25.0984 3876	ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
22:08:26.0187 3876	ProtectedStorage - ok
22:08:26.0234 3876	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:08:26.0437 3876	PSched - ok
22:08:26.0468 3876	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:08:26.0703 3876	Ptilink - ok
22:08:26.0765 3876	PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:08:26.0781 3876	PxHelp20 - ok
22:08:26.0812 3876	ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
22:08:27.0015 3876	ql1080 - ok
22:08:27.0046 3876	Ql10wnt         (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
22:08:27.0265 3876	Ql10wnt - ok
22:08:27.0265 3876	ql12160         (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
22:08:27.0515 3876	ql12160 - ok
22:08:27.0515 3876	ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
22:08:27.0765 3876	ql1240 - ok
22:08:27.0843 3876	ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
22:08:28.0031 3876	ql1280 - ok
22:08:28.0125 3876	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:08:28.0328 3876	RasAcd - ok
22:08:28.0421 3876	RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
22:08:28.0625 3876	RasAuto - ok
22:08:28.0687 3876	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:08:28.0890 3876	Rasl2tp - ok
22:08:28.0937 3876	RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
22:08:29.0156 3876	RasMan - ok
22:08:29.0234 3876	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:08:29.0437 3876	RasPppoe - ok
22:08:29.0453 3876	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:08:29.0656 3876	Raspti - ok
22:08:29.0687 3876	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:08:29.0937 3876	Rdbss - ok
22:08:29.0968 3876	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:08:30.0171 3876	RDPCDD - ok
22:08:30.0281 3876	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:08:30.0484 3876	rdpdr - ok
22:08:30.0578 3876	RDPWD           (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
22:08:30.0640 3876	RDPWD - ok
22:08:30.0687 3876	RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
22:08:30.0921 3876	RDSessMgr - ok
22:08:30.0953 3876	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:08:31.0171 3876	redbook - ok
22:08:31.0250 3876	RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
22:08:31.0453 3876	RemoteAccess - ok
22:08:31.0531 3876	ROOTMODEM       (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
22:08:31.0734 3876	ROOTMODEM - ok
22:08:31.0828 3876	RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
22:08:32.0062 3876	RpcLocator - ok
22:08:32.0187 3876	RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
22:08:32.0234 3876	RpcSs - ok
22:08:32.0296 3876	RSUSBSTOR       (030442f08aec1a5d7cf035cc514374b9) C:\WINDOWS\system32\Drivers\RTS5121.sys
22:08:32.0328 3876	RSUSBSTOR - ok
22:08:32.0390 3876	RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
22:08:32.0593 3876	RSVP - ok
22:08:32.0718 3876	rtl8139         (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
22:08:32.0921 3876	rtl8139 - ok
22:08:32.0937 3876	Rts516xIR - ok
22:08:32.0984 3876	s1018bus        (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\WINDOWS\system32\DRIVERS\s1018bus.sys
22:08:33.0015 3876	s1018bus - ok
22:08:33.0031 3876	s1018mdfl       (38f5ea219593f19b6b3a1b9c169e3b61) C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys
22:08:33.0062 3876	s1018mdfl - ok
22:08:33.0093 3876	s1018mdm        (666af6b64fc7df92d3ca4819ea91631d) C:\WINDOWS\system32\DRIVERS\s1018mdm.sys
22:08:33.0109 3876	s1018mdm - ok
22:08:33.0156 3876	s1018mgmt       (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys
22:08:33.0218 3876	s1018mgmt - ok
22:08:33.0265 3876	s1018nd5        (3622d9ff2253dcbe885b10736609a4ca) C:\WINDOWS\system32\DRIVERS\s1018nd5.sys
22:08:33.0281 3876	s1018nd5 - ok
22:08:33.0343 3876	s1018obex       (49431efda842b474531c29ffae9f5d09) C:\WINDOWS\system32\DRIVERS\s1018obex.sys
22:08:33.0375 3876	s1018obex - ok
22:08:33.0406 3876	s1018unic       (ac6b514cb4474f4c867d7cdc9cd54f05) C:\WINDOWS\system32\DRIVERS\s1018unic.sys
22:08:33.0437 3876	s1018unic - ok
22:08:33.0468 3876	SahdIa32        (0b2d5d2341437d7d7e1a6c7bbce3786a) C:\WINDOWS\system32\Drivers\SahdIa32.sys
22:08:33.0500 3876	SahdIa32 - ok
22:08:33.0500 3876	SaibIa32        (7a5f65b16249af2bc9d18d815f5d7172) C:\WINDOWS\system32\Drivers\SaibIa32.sys
22:08:33.0531 3876	SaibIa32 - ok
22:08:33.0578 3876	SaibVd32        (e333c9515822de586a3ff759a0c9b7bf) C:\WINDOWS\system32\Drivers\SaibVd32.sys
22:08:33.0593 3876	SaibVd32 - ok
22:08:33.0640 3876	SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
22:08:33.0843 3876	SamSs - ok
22:08:33.0890 3876	SANDRA - ok
22:08:33.0937 3876	SbieDrv         (408d5defd7d919c03f9f47386c830fe5) C:\Programme\Sandboxie\SbieDrv.sys
22:08:33.0968 3876	SbieDrv - ok
22:08:34.0015 3876	SbieSvc         (64911f6ed2e3edde7aff9be754e8d0de) C:\Programme\Sandboxie\SbieSvc.exe
22:08:34.0046 3876	SbieSvc - ok
22:08:34.0109 3876	SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
22:08:34.0343 3876	SCardSvr - ok
22:08:34.0437 3876	Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
22:08:34.0656 3876	Schedule - ok
22:08:34.0687 3876	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:08:34.0781 3876	Secdrv - ok
22:08:34.0828 3876	seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
22:08:35.0031 3876	seclogon - ok
22:08:35.0062 3876	SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
22:08:35.0281 3876	SENS - ok
22:08:35.0375 3876	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
22:08:35.0578 3876	Serial - ok
22:08:35.0640 3876	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:08:35.0843 3876	Sfloppy - ok
22:08:35.0906 3876	SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
22:08:36.0109 3876	SharedAccess - ok
22:08:36.0203 3876	ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
22:08:36.0234 3876	ShellHWDetection - ok
22:08:36.0234 3876	Simbad - ok
22:08:36.0265 3876	sisagp          (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
22:08:36.0484 3876	sisagp - ok
22:08:36.0625 3876	SkypeUpdate     (6128e98eaaed364ed1a32708d2fd22cb) C:\Programme\Skype\Updater\Updater.exe
22:08:36.0656 3876	SkypeUpdate - ok
22:08:36.0703 3876	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:08:36.0921 3876	SLIP - ok
22:08:37.0078 3876	SNP2UVC         (473f35e2a378b854731e67c377a3bea7) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
22:08:37.0250 3876	SNP2UVC - ok
22:08:37.0390 3876	Sony PC Companion (5177d14a78e60fd61dcfc6b388e7e971) C:\Programme\Sony\Sony PC Companion\PCCService.exe
22:08:37.0421 3876	Sony PC Companion - ok
22:08:37.0531 3876	Sparrow         (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
22:08:37.0625 3876	Sparrow - ok
22:08:37.0671 3876	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:08:37.0875 3876	splitter - ok
22:08:37.0906 3876	Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
22:08:37.0953 3876	Spooler - ok
22:08:37.0968 3876	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
22:08:38.0078 3876	sr - ok
22:08:38.0140 3876	srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
22:08:38.0234 3876	srservice - ok
22:08:38.0296 3876	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:08:38.0390 3876	Srv - ok
22:08:38.0453 3876	SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
22:08:38.0546 3876	SSDPSRV - ok
22:08:38.0671 3876	STacSV - ok
22:08:38.0843 3876	STHDA           (370e6e3ea67d8be7f25165132630aa17) C:\WINDOWS\system32\drivers\sthda.sys
22:08:38.0968 3876	STHDA - ok
22:08:39.0109 3876	stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
22:08:39.0359 3876	stisvc - ok
22:08:39.0500 3876	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:08:39.0703 3876	streamip - ok
22:08:39.0796 3876	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:08:40.0031 3876	swenum - ok
22:08:40.0109 3876	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:08:40.0312 3876	swmidi - ok
22:08:40.0328 3876	SwPrv - ok
22:08:40.0375 3876	symc810         (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
22:08:40.0578 3876	symc810 - ok
22:08:40.0625 3876	symc8xx         (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
22:08:40.0859 3876	symc8xx - ok
22:08:40.0890 3876	sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
22:08:41.0109 3876	sym_hi - ok
22:08:41.0171 3876	sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
22:08:41.0375 3876	sym_u3 - ok
22:08:41.0484 3876	SynTP           (8da49473f997d4c5d821f1e358f94f2d) C:\WINDOWS\system32\DRIVERS\SynTP.sys
22:08:41.0515 3876	SynTP - ok
22:08:41.0562 3876	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:08:41.0765 3876	sysaudio - ok
22:08:41.0875 3876	SysCow          (9c1c6212623484331cce11ebbbfa3139) C:\WINDOWS\system32\drivers\syscow32x.sys
22:08:41.0906 3876	SysCow - ok
22:08:41.0953 3876	SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
22:08:42.0187 3876	SysmonLog - ok
22:08:42.0281 3876	TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
22:08:42.0500 3876	TapiSrv - ok
22:08:42.0625 3876	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:08:42.0718 3876	Tcpip - ok
22:08:42.0750 3876	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:08:42.0953 3876	TDPIPE - ok
22:08:43.0046 3876	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:08:43.0250 3876	TDTCP - ok
22:08:43.0296 3876	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:08:43.0515 3876	TermDD - ok
22:08:43.0609 3876	TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
22:08:43.0828 3876	TermService - ok
22:08:43.0890 3876	Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
22:08:43.0921 3876	Themes - ok
22:08:43.0953 3876	TosIde          (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys
22:08:44.0156 3876	TosIde - ok
22:08:44.0250 3876	TridVid         (171f41174a88f71e7234d7a48303c6a0) C:\WINDOWS\system32\DRIVERS\TridVid.sys
22:08:44.0281 3876	TridVid ( UnsignedFile.Multi.Generic ) - warning
22:08:44.0281 3876	TridVid - detected UnsignedFile.Multi.Generic (1)
22:08:44.0343 3876	TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
22:08:44.0562 3876	TrkWks - ok
22:08:44.0593 3876	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:08:44.0828 3876	Udfs - ok
22:08:44.0828 3876	ultra           (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
22:08:44.0921 3876	ultra - ok
22:08:44.0968 3876	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:08:45.0203 3876	Update - ok
22:08:45.0312 3876	upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
22:08:45.0437 3876	upnphost - ok
22:08:45.0453 3876	UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
22:08:45.0671 3876	UPS - ok
22:08:45.0750 3876	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:08:45.0937 3876	usbccgp - ok
22:08:45.0953 3876	USBCCID - ok
22:08:46.0000 3876	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:08:46.0203 3876	usbehci - ok
22:08:46.0281 3876	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:08:46.0484 3876	usbhub - ok
22:08:46.0562 3876	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:08:46.0750 3876	usbprint - ok
22:08:46.0843 3876	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:08:47.0031 3876	usbscan - ok
22:08:47.0140 3876	usbstor         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:08:47.0359 3876	usbstor - ok
22:08:47.0453 3876	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:08:47.0640 3876	usbuhci - ok
22:08:47.0750 3876	usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
22:08:47.0953 3876	usbvideo - ok
22:08:48.0062 3876	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:08:48.0265 3876	VgaSave - ok
22:08:48.0359 3876	viaagp          (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
22:08:48.0562 3876	viaagp - ok
22:08:48.0625 3876	ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
22:08:48.0843 3876	ViaIde - ok
22:08:48.0843 3876	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
22:08:49.0046 3876	VolSnap - ok
22:08:49.0125 3876	VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
22:08:49.0234 3876	VSS - ok
22:08:49.0265 3876	W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
22:08:49.0468 3876	W32Time - ok
22:08:49.0546 3876	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:08:49.0828 3876	Wanarp - ok
22:08:49.0953 3876	Wdf01000        (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
22:08:50.0015 3876	Wdf01000 - ok
22:08:50.0015 3876	WDICA - ok
22:08:50.0062 3876	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:08:50.0265 3876	wdmaud - ok
22:08:50.0375 3876	WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
22:08:50.0578 3876	WebClient - ok
22:08:50.0671 3876	winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:08:50.0875 3876	winmgmt - ok
22:08:50.0937 3876	WinUSB          (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
22:08:50.0968 3876	WinUSB - ok
22:08:51.0000 3876	WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
22:08:51.0062 3876	WmdmPmSN - ok
22:08:51.0078 3876	WmiAcpi         (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
22:08:51.0281 3876	WmiAcpi - ok
22:08:51.0375 3876	WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:08:51.0593 3876	WmiApSrv - ok
22:08:51.0828 3876	WMPNetworkSvc   (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
22:08:51.0906 3876	WMPNetworkSvc - ok
22:08:51.0937 3876	WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
22:08:51.0968 3876	WpdUsb - ok
22:08:52.0015 3876	wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
22:08:52.0234 3876	wscsvc - ok
22:08:52.0328 3876	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:08:52.0531 3876	WSTCODEC - ok
22:08:52.0625 3876	wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
22:08:52.0859 3876	wuauserv - ok
22:08:52.0890 3876	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:08:52.0937 3876	WudfPf - ok
22:08:52.0953 3876	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:08:52.0984 3876	WudfRd - ok
22:08:53.0046 3876	WudfSvc         (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
22:08:53.0093 3876	WudfSvc - ok
22:08:53.0156 3876	WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
22:08:53.0406 3876	WZCSVC - ok
22:08:53.0515 3876	xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
22:08:53.0828 3876	xmlprov - ok
22:08:53.0875 3876	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:08:55.0468 3876	\Device\Harddisk0\DR0 - ok
22:08:55.0515 3876	Boot (0x1200)   (e8f218800ff19bd2af9104691412875b) \Device\Harddisk0\DR0\Partition0
22:08:55.0515 3876	\Device\Harddisk0\DR0\Partition0 - ok
22:08:55.0515 3876	============================================================
22:08:55.0515 3876	Scan finished
22:08:55.0515 3876	============================================================
22:08:55.0625 3872	Detected object count: 3
22:08:55.0625 3872	Actual detected object count: 3
22:09:50.0953 3872	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
22:09:50.0953 3872	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:09:50.0953 3872	NSNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
22:09:50.0953 3872	NSNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:09:50.0953 3872	TridVid ( UnsignedFile.Multi.Generic ) - skipped by user
22:09:50.0953 3872	TridVid ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
Schöne Grüße,
Sebastian

Alt 21.06.2012, 21:14   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Seltsame Anwendung im Task-Manager / Malwarebytes Anti-Malware findet PUM.Hijack.StartMenu - Standard

Seltsame Anwendung im Task-Manager / Malwarebytes Anti-Malware findet PUM.Hijack.StartMenu



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.06.2012, 05:16   #13
Sastian
 
Seltsame Anwendung im Task-Manager / Malwarebytes Anti-Malware findet PUM.Hijack.StartMenu - Standard

Seltsame Anwendung im Task-Manager / Malwarebytes Anti-Malware findet PUM.Hijack.StartMenu



Hallo,

hier das Combofix-Log:
Code:
ATTFilter
ComboFix 12-06-21.03 - Sebastian 22.06.2012   5:58.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.2039.1614 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Sebastian\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\programme\HP\HPBTWD.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-22 bis 2012-06-22  ))))))))))))))))))))))))))))))
.
.
2012-06-21 18:23 . 2012-06-21 18:23	--------	d-----w-	c:\windows\LastGood
2012-06-21 18:18 . 2012-06-21 18:18	--------	d-----w-	C:\_OTL
2012-06-18 19:54 . 2012-06-18 19:54	--------	d-----w-	c:\programme\ESET
2012-06-14 05:41 . 2012-05-11 14:40	521728	------w-	c:\windows\system32\dllcache\jsdbgui.dll
2012-06-08 21:02 . 2012-06-08 21:02	--------	d-----w-	c:\programme\Gemeinsame Dateien\xing shared
2012-06-08 21:01 . 2012-06-08 21:01	129144	----a-w-	c:\programme\Mozilla Firefox\plugins\nprpplugin.dll
2012-06-07 19:42 . 2001-08-18 02:54	5632	----a-w-	c:\windows\system32\ptpusb.dll
2012-06-07 19:42 . 2008-04-14 05:52	159232	----a-w-	c:\windows\system32\ptpusd.dll
2012-06-07 19:42 . 2008-04-13 22:15	15104	----a-w-	c:\windows\system32\drivers\usbscan.sys
2012-06-03 13:51 . 2012-06-03 13:51	--------	d-----w-	c:\programme\Dropbox
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-08 21:01 . 2011-11-27 05:42	499712	----a-w-	c:\windows\system32\msvcp71.dll
2012-06-08 21:01 . 2009-12-31 15:16	348160	----a-w-	c:\windows\system32\msvcr71.dll
2012-06-02 13:19 . 2009-08-06 18:24	329240	----a-w-	c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2009-08-06 18:24	210968	----a-w-	c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2009-08-06 18:24	18456	----a-w-	c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2009-08-06 18:24	219160	----a-w-	c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2009-08-06 18:24	15896	----a-w-	c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2009-08-06 18:24	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2009-08-06 18:24	97304	----a-w-	c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2009-08-06 18:24	15896	----a-w-	c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2009-08-06 18:24	23576	----a-w-	c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2009-08-06 18:23	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2009-08-06 18:23	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2010-03-15 19:19	275696	----a-w-	c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2010-03-15 19:19	214256	----a-w-	c:\windows\system32\muweb.dll
2012-06-02 13:18 . 2010-03-15 19:19	18160	----a-w-	c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2011-09-28 07:06	604160	----a-w-	c:\windows\system32\crypt32.dll
2012-05-16 15:07 . 2012-04-12 18:59	916992	----a-w-	c:\windows\system32\wininet.dll
2012-05-15 13:56 . 2012-04-11 13:51	1863296	----a-w-	c:\windows\system32\win32k.sys
2012-05-11 14:40 . 2012-04-12 18:59	43520	----a-w-	c:\windows\system32\licmgr10.dll
2012-05-11 14:40 . 2012-04-12 18:59	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2012-04-12 18:59	385024	----a-w-	c:\windows\system32\html.iec
2012-05-05 17:23 . 2012-04-01 06:23	419488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-05-05 17:23 . 2011-05-21 11:00	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 03:14 . 2012-04-11 13:51	2029056	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-05-05 03:14 . 2012-04-11 13:51	2150912	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-02 13:46 . 2012-03-14 00:48	139656	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-04-04 13:56 . 2010-08-18 19:37	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-13 04:39 . 2011-10-02 10:39	97208	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15	123536	------w-	c:\programme\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\dokumente und einstellungen\Sebastian\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\dokumente und einstellungen\Sebastian\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\dokumente und einstellungen\Sebastian\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\dokumente und einstellungen\Sebastian\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\programme\Sandboxie\SbieCtrl.exe" [2012-04-10 452880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2009-01-16 1418536]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-07-06 737280]
"WirelessAssistant"="c:\programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SysTrayApp"="c:\programme\IDT\WDM\sttray.exe" [2009-08-13 467036]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avast"="c:\programme\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"TkBellExe"="c:\programme\real\realplayer\update\realsched.exe" [2012-06-08 296056]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
.
c:\dokumente und einstellungen\Monika\Startmenü\Programme\Autostart\
OpenOffice.org 3.2.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\dokumente und einstellungen\Sebastian\Startmenü\Programme\Autostart\
ac'tivAid.lnk - c:\programme\ac'tivAid\ac'tivAid.ahk [2008-6-5 495612]
Dropbox.lnk - c:\dokumente und einstellungen\Sebastian\Anwendungsdaten\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Sebastian^Startmenü^Programme^Autostart^OpenOffice.org 3.1.lnk]
path=c:\dokumente und einstellungen\Sebastian\Startmenü\Programme\Autostart\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37	843712	----a-w-	c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP]
2009-07-14 01:54	589104	----a-w-	c:\programme\Hewlett-Packard\HP QuickSync\QuickSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28	421888	----a-w-	c:\programme\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion]
2012-01-27 09:57	441016	----a-w-	c:\programme\Sony\Sony PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-06-08 21:01	296056	----a-w-	c:\programme\Real\RealPlayer\Update\realsched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Hewlett-Packard\\HP QuickSync\\jre\\bin\\javaw.exe"=
"c:\\Programme\\TightVNC\\WinVNC.exe"=
"c:\\Programme\\Opera\\opera.exe"=
"c:\\Dokumente und Einstellungen\\Sebastian\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [24.08.2009 10:34 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [24.08.2009 10:34 15856]
R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32x.sys [01.07.2009 23:10 103792]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [17.05.2012 09:11 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17.05.2012 09:11 337880]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [24.08.2009 10:34 25584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17.05.2012 09:11 20696]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [21.04.2009 15:13 113664]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [31.03.2009 22:11 39424]
S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\programme\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [02.06.2009 19:05 457200]
S2 BOTService;BOTService;c:\programme\Roxio\BackOnTrack\Instant Restore\BOTService.exe [09.07.2009 04:08 199152]
S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [29.02.2012 08:50 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [01.04.2012 08:23 257696]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys --> c:\windows\system32\DRIVERS\ewusbnet.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [24.08.2009 10:19 160256]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [19.09.2010 22:38 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [19.09.2010 22:38 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [19.09.2010 22:38 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [19.09.2010 22:38 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [19.09.2010 22:38 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [19.09.2010 22:38 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [19.09.2010 22:38 109864]
S3 Sony PC Companion;Sony PC Companion;c:\programme\Sony\Sony PC Companion\PCCService.exe [02.04.2012 08:10 155320]
S3 TridVid;Video Grabber;c:\windows\system32\drivers\TridVid.sys [06.09.2010 22:09 168704]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 66781776
*Deregistered* - 66781776
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 17:23]
.
2012-03-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-06-22 c:\windows\Tasks\BackOnTrack Instant Restore Idle.job
- c:\programme\Roxio\BackOnTrack\Instant Restore\RstIdle.exe [2009-07-09 02:09]
.
2012-06-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1078501022-2075896473-1597800574-1005.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]
.
2012-06-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1078501022-2075896473-1597800574-1006.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]
.
2012-06-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1078501022-2075896473-1597800574-1005.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]
.
2012-03-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1078501022-2075896473-1597800574-1006.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
mStart Page = 
IE: add to &BOM - c:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\dokumente und einstellungen\Sebastian\Anwendungsdaten\Mozilla\Firefox\Profiles\vcf56fht.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ftd.de/
FF - prefs.js: network.proxy.http - 
FF - prefs.js: network.proxy.http_port - 
FF - prefs.js: network.proxy.socks - 
FF - prefs.js: network.proxy.socks_port - 
FF - prefs.js: network.proxy.ssl - 
FF - prefs.js: network.proxy.ssl_port - 
FF - prefs.js: network.proxy.type - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-HP BTW Detect Program - c:\programme\HP\HPBTWD.exe
HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-Sony Ericsson PC Companion - c:\programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
MSConfigStartUp-SunJavaUpdateSched - c:\programme\Java\jre6\bin\jusched.exe
MSConfigStartUp-WinampAgent - c:\programme\Winamp\winampa.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-22 06:07
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\igfxdev.dll
.
Zeit der Fertigstellung: 2012-06-22  06:09:51
ComboFix-quarantined-files.txt  2012-06-22 04:09
.
Vor Suchlauf: 13 Verzeichnis(se), 126.877.773.824 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 126.966.349.824 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 57CE0B8CAB9DC0C38A9A77D10663077A
         
Schönen Tag,
Sebastian

Alt 22.06.2012, 10:21   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Seltsame Anwendung im Task-Manager / Malwarebytes Anti-Malware findet PUM.Hijack.StartMenu - Standard

Seltsame Anwendung im Task-Manager / Malwarebytes Anti-Malware findet PUM.Hijack.StartMenu



Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.06.2012, 11:53   #15
Sastian
 
Seltsame Anwendung im Task-Manager / Malwarebytes Anti-Malware findet PUM.Hijack.StartMenu - Standard

Seltsame Anwendung im Task-Manager / Malwarebytes Anti-Malware findet PUM.Hijack.StartMenu



Hallo,

hier das GMER-Log:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-23 10:53:50
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.FG01
Running: erj7492l.exe; Driver: C:\DOKUME~1\SEBAST~1\LOKALE~1\Temp\pwldypod.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                   ZwAddBootEntry [0x9D573DF8]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                   ZwAllocateVirtualMemory [0x9D600A5A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                   ZwAssignProcessToJobObject [0x9D57485E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                   ZwClose [0x9D5A0D5D]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                   ZwCreateEvent [0x9D5792E4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                   ZwCreateEventPair [0x9D579330]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                   ZwCreateIoCompletion [0x9D579422]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                   ZwCreateKey [0x9D5A0711]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                   ZwCreateMutant [0x9D579252]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                   ZwCreateSection [0x9D579374]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                   ZwCreateSemaphore [0x9D57929A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                   ZwCreateTimer [0x9D5793DC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                   ZwDeleteBootEntry [0x9D573E44]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                   ZwDeleteKey [0x9D5A1423]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                   ZwDeleteValueKey [0x9D5A16D9]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                   ZwDuplicateObject [0x9D5769A8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                   ZwEnumerateKey [0x9D5A128E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                   ZwEnumerateValueKey [0x9D5A10F9]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                   ZwFreeVirtualMemory [0x9D600B34]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                   ZwLoadDriver [0x9D573AD6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                   ZwModifyBootEntry [0x9D573E90]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                   ZwNotifyChangeKey [0x9D576D1C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                   ZwNotifyChangeMultipleKeys [0x9D574B02]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                   ZwOpenEvent [0x9D57930E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                   ZwOpenEventPair [0x9D579352]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                   ZwOpenIoCompletion [0x9D579446]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                   ZwOpenKey [0x9D5A0A6D]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                   ZwOpenMutant [0x9D579278]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                   ZwOpenProcess [0x9D576518]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                   ZwOpenSection [0x9D5793AE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                   ZwOpenSemaphore [0x9D5792C2]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                   ZwOpenThread [0x9D57674C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                   ZwOpenTimer [0x9D579400]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                   ZwProtectVirtualMemory [0x9D600CA0]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                   ZwQueryKey [0x9D5A0F74]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                   ZwQueryObject [0x9D5749CE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                   ZwQueryValueKey [0x9D5A0DC6]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                   ZwRenameKey [0x9D60AB68]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                   ZwRestoreKey [0x9D59FD84]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                   ZwSetBootEntryOrder [0x9D573EDC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                   ZwSetBootOptions [0x9D573F28]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                   ZwSetSystemInformation [0x9D573B46]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                   ZwSetSystemPowerState [0x9D573CEA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                   ZwSetValueKey [0x9D5A152A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                   ZwShutdownSystem [0x9D573C92]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                   ZwSystemDebugControl [0x9D573D5A]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                   ZwTerminateProcess [0x9D600D60]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                   ZwVdmControl [0x9D573F74]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                   ZwWriteVirtualMemory [0x9D600BE0]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                   ZwCreateProcessEx [0x9D616D92]
Code            BA7FEC9C                                                                                                                                ZwRequestPort
Code            BA7FED3C                                                                                                                                ZwRequestWaitReplyPort
Code            BA7FEBFC                                                                                                                                ZwTraceEvent
Code            BA7FEC9B                                                                                                                                NtRequestPort
Code            BA7FED3B                                                                                                                                NtRequestWaitReplyPort
Code            BA7FEBFB                                                                                                                                NtTraceEvent
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                   ObInsertObject
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                   ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwCallbackReturn + 2C74                                                                                                    8050452C 2 Bytes  [22, 94]
.text           ntkrnlpa.exe!ZwCallbackReturn + 2DB0                                                                                                    80504668 2 Bytes  [46, 94] {INC ESI; XCHG ESP, EAX}
.text           ntkrnlpa.exe!NtTraceEvent                                                                                                               8053516E 5 Bytes  JMP BA7FEC00 
PAGE            ntkrnlpa.exe!NtRequestPort                                                                                                              805A2A52 5 Bytes  JMP BA7FECA0 
PAGE            ntkrnlpa.exe!NtRequestWaitReplyPort                                                                                                     805A2D7E 5 Bytes  JMP BA7FED40 
PAGE            ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC                                                                                             805A64B0 4 Bytes  CALL 9D57519F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE            ntkrnlpa.exe!ObMakeTemporaryObject                                                                                                      805BC55E 5 Bytes  JMP 9D613C8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ObInsertObject                                                                                                             805C2FE2 5 Bytes  JMP 9D61574C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ZwCreateProcessEx                                                                                                          805D119A 7 Bytes  JMP 9D616D96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text           win32k.sys!EngAcquireSemaphore + 20F0                                                                                                   BF8082C9 5 Bytes  JMP BA7FE480 
.text           win32k.sys!EngFreeUserMem + 674                                                                                                         BF8098F2 5 Bytes  JMP 9D578180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngFreeUserMem + 35D0                                                                                                        BF80C84E 5 Bytes  JMP 9D57807C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngFreeUserMem + 5BD7                                                                                                        BF80EE55 5 Bytes  JMP BA7FE3E0 
.text           win32k.sys!EngDeleteSurface + 45                                                                                                        BF8138E6 5 Bytes  JMP 9D578036 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3                                                                                                BF81C550 5 Bytes  JMP 9D577724 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngSetLastError + 79A8                                                                                                       BF8240C0 5 Bytes  JMP BA7FE5C0 
.text           win32k.sys!EngCreateBitmap + F9C                                                                                                        BF828A2A 5 Bytes  JMP 9D5782EA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngUnmapFontFileFD + 2C50                                                                                                    BF831475 5 Bytes  JMP 9D5784F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngUnmapFontFileFD + B687                                                                                                    BF839EAC 5 Bytes  JMP 9D577F3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!FONTOBJ_pxoGetXform + C2CF                                                                                                   BF85174B 5 Bytes  JMP BA7FEA20 
.text           win32k.sys!XLATEOBJ_iXlate + F17                                                                                                        BF85BC8A 5 Bytes  JMP 9D5777E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!XLATEOBJ_iXlate + 2EDD                                                                                                       BF85DC50 5 Bytes  JMP BA7FE520 
.text           win32k.sys!XLATEOBJ_iXlate + 3581                                                                                                       BF85E2F4 5 Bytes  JMP 9D577384 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!XLATEOBJ_iXlate + 360C                                                                                                       BF85E37F 5 Bytes  JMP 9D577562 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreatePalette + 88                                                                                                        BF85F5F2 5 Bytes  JMP BA7FE8E0 
.text           win32k.sys!EngCreatePalette + 5457                                                                                                      BF8649C1 5 Bytes  JMP 9D5780BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngGetCurrentCodePage + 4138                                                                                                 BF873D04 5 Bytes  JMP 9D57751C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngGetLastError + 1606                                                                                                       BF890F6A 5 Bytes  JMP 9D5777FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngGradientFill + 26EE                                                                                                       BF894515 5 Bytes  JMP 9D578232 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngStretchBltROP + 583                                                                                                       BF894FED 5 Bytes  JMP 9D578450 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCopyBits + 1409                                                                                                           BF899F45 5 Bytes  JMP BA7FE700 
.text           win32k.sys!EngCopyBits + 3857                                                                                                           BF89C393 5 Bytes  JMP 9D57770C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCopyBits + 4DEC                                                                                                           BF89D928 5 Bytes  JMP BA7FE660 
.text           win32k.sys!EngEraseSurface + A9DC                                                                                                       BF8C1E70 5 Bytes  JMP BA7FE7A0 
.text           win32k.sys!EngFillPath + 1517                                                                                                           BF8CA2D2 5 Bytes  JMP 9D5771AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngFillPath + 1797                                                                                                           BF8CA552 5 Bytes  JMP 9D5772E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngDeleteSemaphore + 3B3E                                                                                                    BF8EBF17 5 Bytes  JMP BA7FE980 
.text           win32k.sys!EngDeleteSemaphore + CB53                                                                                                    BF8F4F2C 5 Bytes  JMP 9D57773C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreateClip + 1A5A                                                                                                         BF913814 5 Bytes  JMP BA7FEAC0 
.text           win32k.sys!EngCreateClip + 1FEA                                                                                                         BF913DA4 5 Bytes  JMP BA7FEB60 
.text           win32k.sys!EngCreateClip + 262E                                                                                                         BF9143E8 5 Bytes  JMP BA7FE840 
.text           win32k.sys!EngCreateClip + 4FA7                                                                                                         BF916D61 5 Bytes  JMP 9D57767C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngPlgBlt + 1937                                                                                                             BF946E38 5 Bytes  JMP 9D5783A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\system32\svchost.exe[176] ntdll.dll!LdrLoadDll                                                                               7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\svchost.exe[176] ntdll.dll!RtlDosSearchPath_U + 186                                                                 7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[176] ntdll.dll!LdrUnloadDll                                                                             7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!GetBinaryTypeW + 80                                                                   7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!SetServiceObjectSecurity                                                              77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!ChangeServiceConfigA                                                                  77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!ChangeServiceConfigW                                                                  77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!ChangeServiceConfig2A                                                                 77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!ChangeServiceConfig2W                                                                 77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!CreateServiceA                                                                        77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!CreateServiceW                                                                        77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!DeleteService                                                                         77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\svchost.exe[176] USER32.dll!SetWindowsHookExW                                                                       7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\svchost.exe[176] USER32.dll!UnhookWindowsHookEx                                                                     7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\svchost.exe[176] USER32.dll!SetWindowsHookExA                                                                       7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\svchost.exe[176] USER32.dll!SetWinEventHook                                                                         7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\svchost.exe[176] USER32.dll!UnhookWinEvent                                                                          7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\System32\smss.exe[536] ntdll.dll!RtlDosSearchPath_U + 186                                                                    7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\csrss.exe[584] ntdll.dll!RtlDosSearchPath_U + 186                                                                   7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\csrss.exe[584] KERNEL32.dll!GetBinaryTypeW + 80                                                                     7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\winlogon.exe[608] ntdll.dll!LdrLoadDll                                                                              7C92632D 5 Bytes  JMP 000701F8 
.text           C:\WINDOWS\system32\winlogon.exe[608] ntdll.dll!RtlDosSearchPath_U + 186                                                                7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\winlogon.exe[608] ntdll.dll!LdrUnloadDll                                                                            7C9271CD 5 Bytes  JMP 000703FC 
.text           C:\WINDOWS\system32\winlogon.exe[608] kernel32.dll!GetBinaryTypeW + 80                                                                  7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\winlogon.exe[608] ADVAPI32.dll!SetServiceObjectSecurity                                                             77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\winlogon.exe[608] ADVAPI32.dll!ChangeServiceConfigA                                                                 77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\winlogon.exe[608] ADVAPI32.dll!ChangeServiceConfigW                                                                 77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\winlogon.exe[608] ADVAPI32.dll!ChangeServiceConfig2A                                                                77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\winlogon.exe[608] ADVAPI32.dll!ChangeServiceConfig2W                                                                77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\winlogon.exe[608] ADVAPI32.dll!CreateServiceA                                                                       77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\winlogon.exe[608] ADVAPI32.dll!CreateServiceW                                                                       77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\winlogon.exe[608] ADVAPI32.dll!DeleteService                                                                        77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\winlogon.exe[608] USER32.dll!SetWindowsHookExW                                                                      7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\winlogon.exe[608] USER32.dll!UnhookWindowsHookEx                                                                    7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\winlogon.exe[608] USER32.dll!SetWindowsHookExA                                                                      7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\winlogon.exe[608] USER32.dll!SetWinEventHook                                                                        7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\winlogon.exe[608] USER32.dll!UnhookWinEvent                                                                         7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\system32\services.exe[920] ntdll.dll!LdrLoadDll                                                                              7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\services.exe[920] ntdll.dll!RtlDosSearchPath_U + 186                                                                7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\services.exe[920] ntdll.dll!LdrUnloadDll                                                                            7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\services.exe[920] kernel32.dll!GetBinaryTypeW + 80                                                                  7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\services.exe[920] ADVAPI32.dll!SetServiceObjectSecurity                                                             77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\services.exe[920] ADVAPI32.dll!ChangeServiceConfigA                                                                 77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\services.exe[920] ADVAPI32.dll!ChangeServiceConfigW                                                                 77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\services.exe[920] ADVAPI32.dll!ChangeServiceConfig2A                                                                77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\services.exe[920] ADVAPI32.dll!ChangeServiceConfig2W                                                                77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\services.exe[920] ADVAPI32.dll!CreateServiceA                                                                       77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\services.exe[920] ADVAPI32.dll!CreateServiceW                                                                       77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\services.exe[920] ADVAPI32.dll!DeleteService                                                                        77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\services.exe[920] USER32.dll!SetWindowsHookExW                                                                      7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\services.exe[920] USER32.dll!UnhookWindowsHookEx                                                                    7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\services.exe[920] USER32.dll!SetWindowsHookExA                                                                      7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\services.exe[920] USER32.dll!SetWinEventHook                                                                        7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\services.exe[920] USER32.dll!UnhookWinEvent                                                                         7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\system32\lsass.exe[932] ntdll.dll!LdrLoadDll                                                                                 7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\lsass.exe[932] ntdll.dll!RtlDosSearchPath_U + 186                                                                   7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\lsass.exe[932] ntdll.dll!LdrUnloadDll                                                                               7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\lsass.exe[932] kernel32.dll!GetBinaryTypeW + 80                                                                     7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\lsass.exe[932] ADVAPI32.dll!SetServiceObjectSecurity                                                                77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\lsass.exe[932] ADVAPI32.dll!ChangeServiceConfigA                                                                    77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\lsass.exe[932] ADVAPI32.dll!ChangeServiceConfigW                                                                    77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\lsass.exe[932] ADVAPI32.dll!ChangeServiceConfig2A                                                                   77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\lsass.exe[932] ADVAPI32.dll!ChangeServiceConfig2W                                                                   77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\lsass.exe[932] ADVAPI32.dll!CreateServiceA                                                                          77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\lsass.exe[932] ADVAPI32.dll!CreateServiceW                                                                          77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\lsass.exe[932] ADVAPI32.dll!DeleteService                                                                           77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\lsass.exe[932] USER32.dll!SetWindowsHookExW                                                                         7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\lsass.exe[932] USER32.dll!UnhookWindowsHookEx                                                                       7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\lsass.exe[932] USER32.dll!SetWindowsHookExA                                                                         7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\lsass.exe[932] USER32.dll!SetWinEventHook                                                                           7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\lsass.exe[932] USER32.dll!UnhookWinEvent                                                                            7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1076] ntdll.dll!LdrLoadDll                                                                        7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1076] ntdll.dll!RtlDosSearchPath_U + 186                                                          7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1076] ntdll.dll!LdrUnloadDll                                                                      7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1076] kernel32.dll!GetBinaryTypeW + 80                                                            7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1076] ADVAPI32.dll!SetServiceObjectSecurity                                                       77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1076] ADVAPI32.dll!ChangeServiceConfigA                                                           77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1076] ADVAPI32.dll!ChangeServiceConfigW                                                           77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1076] ADVAPI32.dll!ChangeServiceConfig2A                                                          77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1076] ADVAPI32.dll!ChangeServiceConfig2W                                                          77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1076] ADVAPI32.dll!CreateServiceA                                                                 77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1076] ADVAPI32.dll!CreateServiceW                                                                 77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1076] ADVAPI32.dll!DeleteService                                                                  77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1076] USER32.dll!SetWindowsHookExW                                                                7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1076] USER32.dll!UnhookWindowsHookEx                                                              7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1076] USER32.dll!SetWindowsHookExA                                                                7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1076] USER32.dll!SetWinEventHook                                                                  7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1076] USER32.dll!UnhookWinEvent                                                                   7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!LdrLoadDll                                                                              7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!RtlDosSearchPath_U + 186                                                                7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!LdrUnloadDll                                                                            7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!GetBinaryTypeW + 80                                                                  7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!SetServiceObjectSecurity                                                             77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!ChangeServiceConfigA                                                                 77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!ChangeServiceConfigW                                                                 77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!ChangeServiceConfig2A                                                                77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!ChangeServiceConfig2W                                                                77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!CreateServiceA                                                                       77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!CreateServiceW                                                                       77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!DeleteService                                                                        77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\svchost.exe[1096] USER32.dll!SetWindowsHookExW                                                                      7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\svchost.exe[1096] USER32.dll!UnhookWindowsHookEx                                                                    7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\svchost.exe[1096] USER32.dll!SetWindowsHookExA                                                                      7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\svchost.exe[1096] USER32.dll!SetWinEventHook                                                                        7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\svchost.exe[1096] USER32.dll!UnhookWinEvent                                                                         7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!LdrLoadDll                                                                              7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!RtlDosSearchPath_U + 186                                                                7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!LdrUnloadDll                                                                            7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!GetBinaryTypeW + 80                                                                  7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!SetServiceObjectSecurity                                                             77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!ChangeServiceConfigA                                                                 77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!ChangeServiceConfigW                                                                 77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!ChangeServiceConfig2A                                                                77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!ChangeServiceConfig2W                                                                77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!CreateServiceA                                                                       77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!CreateServiceW                                                                       77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!DeleteService                                                                        77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\svchost.exe[1168] USER32.dll!SetWindowsHookExW                                                                      7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\svchost.exe[1168] USER32.dll!UnhookWindowsHookEx                                                                    7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\svchost.exe[1168] USER32.dll!SetWindowsHookExA                                                                      7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\svchost.exe[1168] USER32.dll!SetWinEventHook                                                                        7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\svchost.exe[1168] USER32.dll!UnhookWinEvent                                                                         7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\Programme\Roxio\BackOnTrack\Instant Restore\BOTService.exe[1208] ntdll.dll!LdrLoadDll                                                7C92632D 5 Bytes  JMP 001501F8 
.text           C:\Programme\Roxio\BackOnTrack\Instant Restore\BOTService.exe[1208] ntdll.dll!RtlDosSearchPath_U + 186                                  7C926865 1 Byte  [62]
.text           C:\Programme\Roxio\BackOnTrack\Instant Restore\BOTService.exe[1208] ntdll.dll!LdrUnloadDll                                              7C9271CD 5 Bytes  JMP 001503FC 
.text           C:\Programme\Roxio\BackOnTrack\Instant Restore\BOTService.exe[1208] kernel32.dll!GetBinaryTypeW + 80                                    7C868D8C 1 Byte  [62]
.text           C:\Programme\Roxio\BackOnTrack\Instant Restore\BOTService.exe[1208] USER32.dll!SetWindowsHookExW                                        7E37820F 5 Bytes  JMP 00390804 
.text           C:\Programme\Roxio\BackOnTrack\Instant Restore\BOTService.exe[1208] USER32.dll!UnhookWindowsHookEx                                      7E37D5F3 5 Bytes  JMP 00390A08 
.text           C:\Programme\Roxio\BackOnTrack\Instant Restore\BOTService.exe[1208] USER32.dll!SetWindowsHookExA                                        7E381211 5 Bytes  JMP 00390600 
.text           C:\Programme\Roxio\BackOnTrack\Instant Restore\BOTService.exe[1208] USER32.dll!SetWinEventHook                                          7E3817F7 5 Bytes  JMP 003901F8 
.text           C:\Programme\Roxio\BackOnTrack\Instant Restore\BOTService.exe[1208] USER32.dll!UnhookWinEvent                                           7E3818AC 3 Bytes  JMP 003903FC 
.text           C:\Programme\Roxio\BackOnTrack\Instant Restore\BOTService.exe[1208] USER32.dll!UnhookWinEvent + 4                                       7E3818B0 1 Byte  [82]
.text           C:\Programme\Roxio\BackOnTrack\Instant Restore\BOTService.exe[1208] ADVAPI32.dll!SetServiceObjectSecurity                               77E06D81 5 Bytes  JMP 003A1014 
.text           C:\Programme\Roxio\BackOnTrack\Instant Restore\BOTService.exe[1208] ADVAPI32.dll!ChangeServiceConfigA                                   77E06E69 5 Bytes  JMP 003A0804 
.text           C:\Programme\Roxio\BackOnTrack\Instant Restore\BOTService.exe[1208] ADVAPI32.dll!ChangeServiceConfigW                                   77E07001 5 Bytes  JMP 003A0A08 
.text           C:\Programme\Roxio\BackOnTrack\Instant Restore\BOTService.exe[1208] ADVAPI32.dll!ChangeServiceConfig2A                                  77E07101 5 Bytes  JMP 003A0C0C 
.text           C:\Programme\Roxio\BackOnTrack\Instant Restore\BOTService.exe[1208] ADVAPI32.dll!ChangeServiceConfig2W                                  77E07189 5 Bytes  JMP 003A0E10 
.text           C:\Programme\Roxio\BackOnTrack\Instant Restore\BOTService.exe[1208] ADVAPI32.dll!CreateServiceA                                         77E07211 5 Bytes  JMP 003A01F8 
.text           C:\Programme\Roxio\BackOnTrack\Instant Restore\BOTService.exe[1208] ADVAPI32.dll!CreateServiceW                                         77E073A9 5 Bytes  JMP 003A03FC 
.text           C:\Programme\Roxio\BackOnTrack\Instant Restore\BOTService.exe[1208] ADVAPI32.dll!DeleteService                                          77E074B1 5 Bytes  JMP 003A0600 
.text           C:\Programme\Sandboxie\SbieSvc.exe[1220] ntdll.dll!LdrLoadDll                                                                           7C92632D 5 Bytes  JMP 000801F8 
.text           C:\Programme\Sandboxie\SbieSvc.exe[1220] ntdll.dll!RtlDosSearchPath_U + 186                                                             7C926865 1 Byte  [62]
.text           C:\Programme\Sandboxie\SbieSvc.exe[1220] ntdll.dll!LdrUnloadDll                                                                         7C9271CD 5 Bytes  JMP 000803FC 
.text           C:\Programme\Sandboxie\SbieSvc.exe[1220] kernel32.dll!GetBinaryTypeW + 80                                                               7C868D8C 1 Byte  [62]
.text           C:\Programme\Sandboxie\SbieSvc.exe[1220] ADVAPI32.dll!SetServiceObjectSecurity                                                          77E06D81 5 Bytes  JMP 002C1014 
.text           C:\Programme\Sandboxie\SbieSvc.exe[1220] ADVAPI32.dll!ChangeServiceConfigA                                                              77E06E69 5 Bytes  JMP 002C0804 
.text           C:\Programme\Sandboxie\SbieSvc.exe[1220] ADVAPI32.dll!ChangeServiceConfigW                                                              77E07001 5 Bytes  JMP 002C0A08 
.text           C:\Programme\Sandboxie\SbieSvc.exe[1220] ADVAPI32.dll!ChangeServiceConfig2A                                                             77E07101 5 Bytes  JMP 002C0C0C 
.text           C:\Programme\Sandboxie\SbieSvc.exe[1220] ADVAPI32.dll!ChangeServiceConfig2W                                                             77E07189 5 Bytes  JMP 002C0E10 
.text           C:\Programme\Sandboxie\SbieSvc.exe[1220] ADVAPI32.dll!CreateServiceA                                                                    77E07211 5 Bytes  JMP 002C01F8 
.text           C:\Programme\Sandboxie\SbieSvc.exe[1220] ADVAPI32.dll!CreateServiceW                                                                    77E073A9 5 Bytes  JMP 002C03FC 
.text           C:\Programme\Sandboxie\SbieSvc.exe[1220] ADVAPI32.dll!DeleteService                                                                     77E074B1 5 Bytes  JMP 002C0600 
.text           C:\Programme\Sandboxie\SbieSvc.exe[1220] USER32.dll!SetWindowsHookExW                                                                   7E37820F 5 Bytes  JMP 002D0804 
.text           C:\Programme\Sandboxie\SbieSvc.exe[1220] USER32.dll!UnhookWindowsHookEx                                                                 7E37D5F3 5 Bytes  JMP 002D0A08 
.text           C:\Programme\Sandboxie\SbieSvc.exe[1220] USER32.dll!SetWindowsHookExA                                                                   7E381211 5 Bytes  JMP 002D0600 
.text           C:\Programme\Sandboxie\SbieSvc.exe[1220] USER32.dll!SetWinEventHook                                                                     7E3817F7 5 Bytes  JMP 002D01F8 
.text           C:\Programme\Sandboxie\SbieSvc.exe[1220] USER32.dll!UnhookWinEvent                                                                      7E3818AC 5 Bytes  JMP 002D03FC 
.text           C:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!LdrLoadDll                                                                              7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!RtlDosSearchPath_U + 186                                                                7C926865 1 Byte  [62]
.text           C:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!LdrUnloadDll                                                                            7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\System32\svchost.exe[1240] kernel32.dll!GetBinaryTypeW + 80                                                                  7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\System32\svchost.exe[1240] ADVAPI32.dll!SetServiceObjectSecurity                                                             77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\System32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfigA                                                                 77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\System32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfigW                                                                 77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\System32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfig2A                                                                77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\System32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfig2W                                                                77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\System32\svchost.exe[1240] ADVAPI32.dll!CreateServiceA                                                                       77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\System32\svchost.exe[1240] ADVAPI32.dll!CreateServiceW                                                                       77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\System32\svchost.exe[1240] ADVAPI32.dll!DeleteService                                                                        77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\System32\svchost.exe[1240] USER32.dll!SetWindowsHookExW                                                                      7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\System32\svchost.exe[1240] USER32.dll!UnhookWindowsHookEx                                                                    7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\System32\svchost.exe[1240] USER32.dll!SetWindowsHookExA                                                                      7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\System32\svchost.exe[1240] USER32.dll!SetWinEventHook                                                                        7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\System32\svchost.exe[1240] USER32.dll!UnhookWinEvent                                                                         7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[1304] ntdll.dll!LdrLoadDll                                                                        7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[1304] ntdll.dll!RtlDosSearchPath_U + 186                                                          7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[1304] ntdll.dll!LdrUnloadDll                                                                      7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[1304] kernel32.dll!GetBinaryTypeW + 80                                                            7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[1304] ADVAPI32.dll!SetServiceObjectSecurity                                                       77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[1304] ADVAPI32.dll!ChangeServiceConfigA                                                           77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[1304] ADVAPI32.dll!ChangeServiceConfigW                                                           77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[1304] ADVAPI32.dll!ChangeServiceConfig2A                                                          77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[1304] ADVAPI32.dll!ChangeServiceConfig2W                                                          77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[1304] ADVAPI32.dll!CreateServiceA                                                                 77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[1304] ADVAPI32.dll!CreateServiceW                                                                 77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[1304] ADVAPI32.dll!DeleteService                                                                  77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[1304] USER32.dll!SetWindowsHookExW                                                                7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[1304] USER32.dll!UnhookWindowsHookEx                                                              7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[1304] USER32.dll!SetWindowsHookExA                                                                7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[1304] USER32.dll!SetWinEventHook                                                                  7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[1304] USER32.dll!UnhookWinEvent                                                                   7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!LdrLoadDll                                                                              7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!RtlDosSearchPath_U + 186                                                                7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!LdrUnloadDll                                                                            7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!GetBinaryTypeW + 80                                                                  7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!SetServiceObjectSecurity                                                             77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!ChangeServiceConfigA                                                                 77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!ChangeServiceConfigW                                                                 77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!ChangeServiceConfig2A                                                                77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!ChangeServiceConfig2W                                                                77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!CreateServiceA                                                                       77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!CreateServiceW                                                                       77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!DeleteService                                                                        77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!SetWindowsHookExW                                                                      7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!UnhookWindowsHookEx                                                                    7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!SetWindowsHookExA                                                                      7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!SetWinEventHook                                                                        7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!UnhookWinEvent                                                                         7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\System32\alg.exe[1464] ntdll.dll!LdrLoadDll                                                                                  7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\System32\alg.exe[1464] ntdll.dll!RtlDosSearchPath_U + 186                                                                    7C926865 1 Byte  [62]
.text           C:\WINDOWS\System32\alg.exe[1464] ntdll.dll!LdrUnloadDll                                                                                7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\System32\alg.exe[1464] kernel32.dll!GetBinaryTypeW + 80                                                                      7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\System32\alg.exe[1464] USER32.dll!SetWindowsHookExW                                                                          7E37820F 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\System32\alg.exe[1464] USER32.dll!UnhookWindowsHookEx                                                                        7E37D5F3 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\System32\alg.exe[1464] USER32.dll!SetWindowsHookExA                                                                          7E381211 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\System32\alg.exe[1464] USER32.dll!SetWinEventHook                                                                            7E3817F7 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\System32\alg.exe[1464] USER32.dll!UnhookWinEvent                                                                             7E3818AC 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\System32\alg.exe[1464] ADVAPI32.dll!SetServiceObjectSecurity                                                                 77E06D81 5 Bytes  JMP 002C1014 
.text           C:\WINDOWS\System32\alg.exe[1464] ADVAPI32.dll!ChangeServiceConfigA                                                                     77E06E69 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\System32\alg.exe[1464] ADVAPI32.dll!ChangeServiceConfigW                                                                     77E07001 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\System32\alg.exe[1464] ADVAPI32.dll!ChangeServiceConfig2A                                                                    77E07101 5 Bytes  JMP 002C0C0C 
.text           C:\WINDOWS\System32\alg.exe[1464] ADVAPI32.dll!ChangeServiceConfig2W                                                                    77E07189 5 Bytes  JMP 002C0E10 
.text           C:\WINDOWS\System32\alg.exe[1464] ADVAPI32.dll!CreateServiceA                                                                           77E07211 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\System32\alg.exe[1464] ADVAPI32.dll!CreateServiceW                                                                           77E073A9 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\System32\alg.exe[1464] ADVAPI32.dll!DeleteService                                                                            77E074B1 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\svchost.exe[1480] ntdll.dll!LdrLoadDll                                                                              7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\svchost.exe[1480] ntdll.dll!RtlDosSearchPath_U + 186                                                                7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1480] ntdll.dll!LdrUnloadDll                                                                            7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!GetBinaryTypeW + 80                                                                  7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!SetServiceObjectSecurity                                                             77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!ChangeServiceConfigA                                                                 77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!ChangeServiceConfigW                                                                 77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!ChangeServiceConfig2A                                                                77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!ChangeServiceConfig2W                                                                77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!CreateServiceA                                                                       77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!CreateServiceW                                                                       77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!DeleteService                                                                        77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\svchost.exe[1480] USER32.dll!SetWindowsHookExW                                                                      7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\svchost.exe[1480] USER32.dll!UnhookWindowsHookEx                                                                    7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\svchost.exe[1480] USER32.dll!SetWindowsHookExA                                                                      7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\svchost.exe[1480] USER32.dll!SetWinEventHook                                                                        7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\svchost.exe[1480] USER32.dll!UnhookWinEvent                                                                         7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!LdrLoadDll                                                                              7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!RtlDosSearchPath_U + 186                                                                7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!LdrUnloadDll                                                                            7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!GetBinaryTypeW + 80                                                                  7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!SetServiceObjectSecurity                                                             77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!ChangeServiceConfigA                                                                 77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!ChangeServiceConfigW                                                                 77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!ChangeServiceConfig2A                                                                77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!ChangeServiceConfig2W                                                                77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!CreateServiceA                                                                       77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!CreateServiceW                                                                       77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!DeleteService                                                                        77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\svchost.exe[1536] USER32.dll!SetWindowsHookExW                                                                      7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\svchost.exe[1536] USER32.dll!UnhookWindowsHookEx                                                                    7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\svchost.exe[1536] USER32.dll!SetWindowsHookExA                                                                      7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\svchost.exe[1536] USER32.dll!SetWinEventHook                                                                        7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\svchost.exe[1536] USER32.dll!UnhookWinEvent                                                                         7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\Programme\AVAST Software\Avast\AvastSvc.exe[1772] ntdll.dll!RtlDosSearchPath_U + 186                                                 7C926865 1 Byte  [62]
.text           C:\Programme\AVAST Software\Avast\AvastSvc.exe[1772] kernel32.dll!SetUnhandledExceptionFilter                                           7C84495D 4 Bytes  [C2, 04, 00, 90] {RET 0x4; NOP }
.text           C:\Programme\AVAST Software\Avast\AvastSvc.exe[1772] kernel32.dll!GetBinaryTypeW + 80                                                   7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\spoolsv.exe[1820] ntdll.dll!LdrLoadDll                                                                              7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\spoolsv.exe[1820] ntdll.dll!RtlDosSearchPath_U + 186                                                                7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\spoolsv.exe[1820] ntdll.dll!LdrUnloadDll                                                                            7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\spoolsv.exe[1820] kernel32.dll!GetBinaryTypeW + 80                                                                  7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\spoolsv.exe[1820] ADVAPI32.dll!SetServiceObjectSecurity                                                             77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\spoolsv.exe[1820] ADVAPI32.dll!ChangeServiceConfigA                                                                 77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\spoolsv.exe[1820] ADVAPI32.dll!ChangeServiceConfigW                                                                 77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\spoolsv.exe[1820] ADVAPI32.dll!ChangeServiceConfig2A                                                                77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\spoolsv.exe[1820] ADVAPI32.dll!ChangeServiceConfig2W                                                                77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\spoolsv.exe[1820] ADVAPI32.dll!CreateServiceA                                                                       77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\spoolsv.exe[1820] ADVAPI32.dll!CreateServiceW                                                                       77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\spoolsv.exe[1820] ADVAPI32.dll!DeleteService                                                                        77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\spoolsv.exe[1820] USER32.dll!SetWindowsHookExW                                                                      7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\spoolsv.exe[1820] USER32.dll!UnhookWindowsHookEx                                                                    7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\spoolsv.exe[1820] USER32.dll!SetWindowsHookExA                                                                      7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\spoolsv.exe[1820] USER32.dll!SetWinEventHook                                                                        7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\spoolsv.exe[1820] USER32.dll!UnhookWinEvent                                                                         7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!LdrLoadDll                                                                              7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!RtlDosSearchPath_U + 186                                                                7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!LdrUnloadDll                                                                            7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!GetBinaryTypeW + 80                                                                  7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1908] ADVAPI32.dll!SetServiceObjectSecurity                                                             77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\svchost.exe[1908] ADVAPI32.dll!ChangeServiceConfigA                                                                 77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\svchost.exe[1908] ADVAPI32.dll!ChangeServiceConfigW                                                                 77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\svchost.exe[1908] ADVAPI32.dll!ChangeServiceConfig2A                                                                77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\svchost.exe[1908] ADVAPI32.dll!ChangeServiceConfig2W                                                                77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\svchost.exe[1908] ADVAPI32.dll!CreateServiceA                                                                       77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\svchost.exe[1908] ADVAPI32.dll!CreateServiceW                                                                       77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\svchost.exe[1908] ADVAPI32.dll!DeleteService                                                                        77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\svchost.exe[1908] USER32.dll!SetWindowsHookExW                                                                      7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\svchost.exe[1908] USER32.dll!UnhookWindowsHookEx                                                                    7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\svchost.exe[1908] USER32.dll!SetWindowsHookExA                                                                      7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\svchost.exe[1908] USER32.dll!SetWinEventHook                                                                        7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\svchost.exe[1908] USER32.dll!UnhookWinEvent                                                                         7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\Programme\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe[1940] ntdll.dll!LdrLoadDll                                                 7C92632D 5 Bytes  JMP 001501F8 
.text           C:\Programme\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe[1940] ntdll.dll!RtlDosSearchPath_U + 186                                   7C926865 1 Byte  [62]
.text           C:\Programme\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe[1940] ntdll.dll!LdrUnloadDll                                               7C9271CD 5 Bytes  JMP 001503FC 
.text           C:\Programme\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe[1940] kernel32.dll!GetBinaryTypeW + 80                                     7C868D8C 1 Byte  [62]
.text           C:\Programme\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe[1940] ADVAPI32.dll!SetServiceObjectSecurity                                77E06D81 3 Bytes  JMP 00391014 
.text           C:\Programme\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe[1940] ADVAPI32.dll!SetServiceObjectSecurity + 4                            77E06D85 1 Byte  [88]
.text           C:\Programme\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe[1940] ADVAPI32.dll!ChangeServiceConfigA                                    77E06E69 5 Bytes  JMP 00390804 
.text           C:\Programme\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe[1940] ADVAPI32.dll!ChangeServiceConfigW                                    77E07001 5 Bytes  JMP 00390A08 
.text           C:\Programme\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe[1940] ADVAPI32.dll!ChangeServiceConfig2A                                   77E07101 5 Bytes  JMP 00390C0C 
.text           C:\Programme\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe[1940] ADVAPI32.dll!ChangeServiceConfig2W                                   77E07189 5 Bytes  JMP 00390E10 
.text           C:\Programme\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe[1940] ADVAPI32.dll!CreateServiceA                                          77E07211 5 Bytes  JMP 003901F8 
.text           C:\Programme\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe[1940] ADVAPI32.dll!CreateServiceW                                          77E073A9 5 Bytes  JMP 003903FC 
.text           C:\Programme\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe[1940] ADVAPI32.dll!DeleteService                                           77E074B1 5 Bytes  JMP 00390600 
.text           C:\Programme\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe[1940] USER32.dll!SetWindowsHookExW                                         7E37820F 5 Bytes  JMP 003A0804 
.text           C:\Programme\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe[1940] USER32.dll!UnhookWindowsHookEx                                       7E37D5F3 5 Bytes  JMP 003A0A08 
.text           C:\Programme\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe[1940] USER32.dll!SetWindowsHookExA                                         7E381211 5 Bytes  JMP 003A0600 
.text           C:\Programme\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe[1940] USER32.dll!SetWinEventHook                                           7E3817F7 5 Bytes  JMP 003A01F8 
.text           C:\Programme\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe[1940] USER32.dll!UnhookWinEvent                                            7E3818AC 5 Bytes  JMP 003A03FC 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1972] ntdll.dll!LdrLoadDll                                                                           7C92632D 5 Bytes  JMP 001501F8 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1972] ntdll.dll!RtlDosSearchPath_U + 186                                                             7C926865 1 Byte  [62]
.text           C:\Programme\Java\jre6\bin\jqs.exe[1972] ntdll.dll!LdrUnloadDll                                                                         7C9271CD 5 Bytes  JMP 001503FC 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1972] kernel32.dll!GetBinaryTypeW + 80                                                               7C868D8C 1 Byte  [62]
.text           C:\Programme\Java\jre6\bin\jqs.exe[1972] ADVAPI32.dll!SetServiceObjectSecurity                                                          77E06D81 3 Bytes  JMP 00391014 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1972] ADVAPI32.dll!SetServiceObjectSecurity + 4                                                      77E06D85 1 Byte  [88]
.text           C:\Programme\Java\jre6\bin\jqs.exe[1972] ADVAPI32.dll!ChangeServiceConfigA                                                              77E06E69 5 Bytes  JMP 00390804 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1972] ADVAPI32.dll!ChangeServiceConfigW                                                              77E07001 5 Bytes  JMP 00390A08 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1972] ADVAPI32.dll!ChangeServiceConfig2A                                                             77E07101 5 Bytes  JMP 00390C0C 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1972] ADVAPI32.dll!ChangeServiceConfig2W                                                             77E07189 5 Bytes  JMP 00390E10 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1972] ADVAPI32.dll!CreateServiceA                                                                    77E07211 5 Bytes  JMP 003901F8 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1972] ADVAPI32.dll!CreateServiceW                                                                    77E073A9 5 Bytes  JMP 003903FC 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1972] ADVAPI32.dll!DeleteService                                                                     77E074B1 5 Bytes  JMP 00390600 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1972] USER32.dll!SetWindowsHookExW                                                                   7E37820F 5 Bytes  JMP 003A0804 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1972] USER32.dll!UnhookWindowsHookEx                                                                 7E37D5F3 5 Bytes  JMP 003A0A08 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1972] USER32.dll!SetWindowsHookExA                                                                   7E381211 5 Bytes  JMP 003A0600 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1972] USER32.dll!SetWinEventHook                                                                     7E3817F7 5 Bytes  JMP 003A01F8 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1972] USER32.dll!UnhookWinEvent                                                                      7E3818AC 5 Bytes  JMP 003A03FC 
.text           C:\Programme\Hewlett-Packard\Shared\hpqToaster.exe[2284] ntdll.dll!RtlDosSearchPath_U + 186                                             7C926865 1 Byte  [62]
.text           C:\Programme\Hewlett-Packard\Shared\hpqToaster.exe[2284] kernel32.dll!GetBinaryTypeW + 80                                               7C868D8C 1 Byte  [62]
.text           C:\Dokumente und Einstellungen\Sebastian\Desktop\erj7492l.exe[2460] ntdll.dll!RtlDosSearchPath_U + 186                                  7C926865 1 Byte  [62]
.text           C:\Dokumente und Einstellungen\Sebastian\Desktop\erj7492l.exe[2460] kernel32.dll!GetBinaryTypeW + 80                                    7C868D8C 1 Byte  [62]
.text           C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe[2484] ntdll.dll!LdrLoadDll                                                             7C92632D 5 Bytes  JMP 001501F8 
.text           C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe[2484] ntdll.dll!RtlDosSearchPath_U + 186                                               7C926865 1 Byte  [62]
.text           C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe[2484] ntdll.dll!LdrUnloadDll                                                           7C9271CD 5 Bytes  JMP 001503FC 
.text           C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe[2484] kernel32.dll!GetBinaryTypeW + 80                                                 7C868D8C 1 Byte  [62]
.text           C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe[2484] USER32.dll!SetWindowsHookExW                                                     7E37820F 5 Bytes  JMP 00390804 
.text           C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe[2484] USER32.dll!UnhookWindowsHookEx                                                   7E37D5F3 5 Bytes  JMP 00390A08 
.text           C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe[2484] USER32.dll!SetWindowsHookExA                                                     7E381211 5 Bytes  JMP 00390600 
.text           C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe[2484] USER32.dll!SetWinEventHook                                                       7E3817F7 5 Bytes  JMP 003901F8 
.text           C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe[2484] USER32.dll!UnhookWinEvent                                                        7E3818AC 3 Bytes  JMP 003903FC 
.text           C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe[2484] USER32.dll!UnhookWinEvent + 4                                                    7E3818B0 1 Byte  [82]
.text           C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe[2484] ADVAPI32.dll!SetServiceObjectSecurity                                            77E06D81 5 Bytes  JMP 003A1014 
.text           C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe[2484] ADVAPI32.dll!ChangeServiceConfigA                                                77E06E69 5 Bytes  JMP 003A0804 
.text           C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe[2484] ADVAPI32.dll!ChangeServiceConfigW                                                77E07001 5 Bytes  JMP 003A0A08 
.text           C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe[2484] ADVAPI32.dll!ChangeServiceConfig2A                                               77E07101 5 Bytes  JMP 003A0C0C 
.text           C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe[2484] ADVAPI32.dll!ChangeServiceConfig2W                                               77E07189 5 Bytes  JMP 003A0E10 
.text           C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe[2484] ADVAPI32.dll!CreateServiceA                                                      77E07211 5 Bytes  JMP 003A01F8 
.text           C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe[2484] ADVAPI32.dll!CreateServiceW                                                      77E073A9 5 Bytes  JMP 003A03FC 
.text           C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe[2484] ADVAPI32.dll!DeleteService                                                       77E074B1 5 Bytes  JMP 003A0600 
.text           C:\WINDOWS\Explorer.EXE[2728] ntdll.dll!LdrLoadDll                                                                                      7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\Explorer.EXE[2728] ntdll.dll!RtlDosSearchPath_U + 186                                                                        7C926865 1 Byte  [62]
.text           C:\WINDOWS\Explorer.EXE[2728] ntdll.dll!LdrUnloadDll                                                                                    7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\Explorer.EXE[2728] kernel32.dll!GetBinaryTypeW + 80                                                                          7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\Explorer.EXE[2728] ADVAPI32.dll!SetServiceObjectSecurity                                                                     77E06D81 5 Bytes  JMP 002C1014 
.text           C:\WINDOWS\Explorer.EXE[2728] ADVAPI32.dll!ChangeServiceConfigA                                                                         77E06E69 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\Explorer.EXE[2728] ADVAPI32.dll!ChangeServiceConfigW                                                                         77E07001 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\Explorer.EXE[2728] ADVAPI32.dll!ChangeServiceConfig2A                                                                        77E07101 5 Bytes  JMP 002C0C0C 
.text           C:\WINDOWS\Explorer.EXE[2728] ADVAPI32.dll!ChangeServiceConfig2W                                                                        77E07189 5 Bytes  JMP 002C0E10 
.text           C:\WINDOWS\Explorer.EXE[2728] ADVAPI32.dll!CreateServiceA                                                                               77E07211 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\Explorer.EXE[2728] ADVAPI32.dll!CreateServiceW                                                                               77E073A9 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\Explorer.EXE[2728] ADVAPI32.dll!DeleteService                                                                                77E074B1 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\Explorer.EXE[2728] USER32.dll!SetWindowsHookExW                                                                              7E37820F 5 Bytes  JMP 002D0804 
.text           C:\WINDOWS\Explorer.EXE[2728] USER32.dll!UnhookWindowsHookEx                                                                            7E37D5F3 5 Bytes  JMP 002D0A08 
.text           C:\WINDOWS\Explorer.EXE[2728] USER32.dll!SetWindowsHookExA                                                                              7E381211 5 Bytes  JMP 002D0600 
.text           C:\WINDOWS\Explorer.EXE[2728] USER32.dll!SetWinEventHook                                                                                7E3817F7 5 Bytes  JMP 002D01F8 
.text           C:\WINDOWS\Explorer.EXE[2728] USER32.dll!UnhookWinEvent                                                                                 7E3818AC 5 Bytes  JMP 002D03FC 
.text           C:\WINDOWS\system32\wscntfy.exe[2904] ntdll.dll!RtlDosSearchPath_U + 186                                                                7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\wscntfy.exe[2904] kernel32.dll!GetBinaryTypeW + 80                                                                  7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\igfxtray.exe[3084] ntdll.dll!LdrLoadDll                                                                             7C92632D 5 Bytes  JMP 001501F8 
.text           C:\WINDOWS\system32\igfxtray.exe[3084] ntdll.dll!RtlDosSearchPath_U + 186                                                               7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\igfxtray.exe[3084] ntdll.dll!LdrUnloadDll                                                                           7C9271CD 5 Bytes  JMP 001503FC 
.text           C:\WINDOWS\system32\igfxtray.exe[3084] kernel32.dll!GetBinaryTypeW + 80                                                                 7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\igfxtray.exe[3084] USER32.dll!SetWindowsHookExW                                                                     7E37820F 5 Bytes  JMP 003A0804 
.text           C:\WINDOWS\system32\igfxtray.exe[3084] USER32.dll!UnhookWindowsHookEx                                                                   7E37D5F3 5 Bytes  JMP 003A0A08 
.text           C:\WINDOWS\system32\igfxtray.exe[3084] USER32.dll!SetWindowsHookExA                                                                     7E381211 5 Bytes  JMP 003A0600 
.text           C:\WINDOWS\system32\igfxtray.exe[3084] USER32.dll!SetWinEventHook                                                                       7E3817F7 5 Bytes  JMP 003A01F8 
.text           C:\WINDOWS\system32\igfxtray.exe[3084] USER32.dll!UnhookWinEvent                                                                        7E3818AC 5 Bytes  JMP 003A03FC 
.text           C:\WINDOWS\system32\igfxtray.exe[3084] ADVAPI32.dll!SetServiceObjectSecurity                                                            77E06D81 5 Bytes  JMP 003B1014 
.text           C:\WINDOWS\system32\igfxtray.exe[3084] ADVAPI32.dll!ChangeServiceConfigA                                                                77E06E69 5 Bytes  JMP 003B0804 
.text           C:\WINDOWS\system32\igfxtray.exe[3084] ADVAPI32.dll!ChangeServiceConfigW                                                                77E07001 5 Bytes  JMP 003B0A08 
.text           C:\WINDOWS\system32\igfxtray.exe[3084] ADVAPI32.dll!ChangeServiceConfig2A                                                               77E07101 5 Bytes  JMP 003B0C0C 
.text           C:\WINDOWS\system32\igfxtray.exe[3084] ADVAPI32.dll!ChangeServiceConfig2W                                                               77E07189 5 Bytes  JMP 003B0E10 
.text           C:\WINDOWS\system32\igfxtray.exe[3084] ADVAPI32.dll!CreateServiceA                                                                      77E07211 5 Bytes  JMP 003B01F8 
.text           C:\WINDOWS\system32\igfxtray.exe[3084] ADVAPI32.dll!CreateServiceW                                                                      77E073A9 5 Bytes  JMP 003B03FC 
.text           C:\WINDOWS\system32\igfxtray.exe[3084] ADVAPI32.dll!DeleteService                                                                       77E074B1 5 Bytes  JMP 003B0600 
.text           C:\WINDOWS\system32\hkcmd.exe[3252] ntdll.dll!LdrLoadDll                                                                                7C92632D 5 Bytes  JMP 001501F8 
.text           C:\WINDOWS\system32\hkcmd.exe[3252] ntdll.dll!RtlDosSearchPath_U + 186                                                                  7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\hkcmd.exe[3252] ntdll.dll!LdrUnloadDll                                                                              7C9271CD 5 Bytes  JMP 001503FC 
.text           C:\WINDOWS\system32\hkcmd.exe[3252] kernel32.dll!GetBinaryTypeW + 80                                                                    7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\hkcmd.exe[3252] USER32.dll!SetWindowsHookExW                                                                        7E37820F 5 Bytes  JMP 003A0804 
.text           C:\WINDOWS\system32\hkcmd.exe[3252] USER32.dll!UnhookWindowsHookEx                                                                      7E37D5F3 5 Bytes  JMP 003A0A08 
.text           C:\WINDOWS\system32\hkcmd.exe[3252] USER32.dll!SetWindowsHookExA                                                                        7E381211 5 Bytes  JMP 003A0600 
.text           C:\WINDOWS\system32\hkcmd.exe[3252] USER32.dll!SetWinEventHook                                                                          7E3817F7 5 Bytes  JMP 003A01F8 
.text           C:\WINDOWS\system32\hkcmd.exe[3252] USER32.dll!UnhookWinEvent                                                                           7E3818AC 5 Bytes  JMP 003A03FC 
.text           C:\WINDOWS\system32\hkcmd.exe[3252] ADVAPI32.dll!SetServiceObjectSecurity                                                               77E06D81 5 Bytes  JMP 003B1014 
.text           C:\WINDOWS\system32\hkcmd.exe[3252] ADVAPI32.dll!ChangeServiceConfigA                                                                   77E06E69 5 Bytes  JMP 003B0804 
.text           C:\WINDOWS\system32\hkcmd.exe[3252] ADVAPI32.dll!ChangeServiceConfigW                                                                   77E07001 5 Bytes  JMP 003B0A08 
.text           C:\WINDOWS\system32\hkcmd.exe[3252] ADVAPI32.dll!ChangeServiceConfig2A                                                                  77E07101 5 Bytes  JMP 003B0C0C 
.text           C:\WINDOWS\system32\hkcmd.exe[3252] ADVAPI32.dll!ChangeServiceConfig2W                                                                  77E07189 5 Bytes  JMP 003B0E10 
.text           C:\WINDOWS\system32\hkcmd.exe[3252] ADVAPI32.dll!CreateServiceA                                                                         77E07211 5 Bytes  JMP 003B01F8 
.text           C:\WINDOWS\system32\hkcmd.exe[3252] ADVAPI32.dll!CreateServiceW                                                                         77E073A9 5 Bytes  JMP 003B03FC 
.text           C:\WINDOWS\system32\hkcmd.exe[3252] ADVAPI32.dll!DeleteService                                                                          77E074B1 5 Bytes  JMP 003B0600 
.text           C:\WINDOWS\system32\igfxpers.exe[3272] ntdll.dll!LdrLoadDll                                                                             7C92632D 5 Bytes  JMP 001501F8 
.text           C:\WINDOWS\system32\igfxpers.exe[3272] ntdll.dll!RtlDosSearchPath_U + 186                                                               7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\igfxpers.exe[3272] ntdll.dll!LdrUnloadDll                                                                           7C9271CD 5 Bytes  JMP 001503FC 
.text           C:\WINDOWS\system32\igfxpers.exe[3272] kernel32.dll!GetBinaryTypeW + 80                                                                 7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\igfxpers.exe[3272] USER32.dll!SetWindowsHookExW                                                                     7E37820F 5 Bytes  JMP 00390804 
.text           C:\WINDOWS\system32\igfxpers.exe[3272] USER32.dll!UnhookWindowsHookEx                                                                   7E37D5F3 5 Bytes  JMP 00390A08 
.text           C:\WINDOWS\system32\igfxpers.exe[3272] USER32.dll!SetWindowsHookExA                                                                     7E381211 5 Bytes  JMP 00390600 
.text           C:\WINDOWS\system32\igfxpers.exe[3272] USER32.dll!SetWinEventHook                                                                       7E3817F7 5 Bytes  JMP 003901F8 
.text           C:\WINDOWS\system32\igfxpers.exe[3272] USER32.dll!UnhookWinEvent                                                                        7E3818AC 3 Bytes  JMP 003903FC 
.text           C:\WINDOWS\system32\igfxpers.exe[3272] USER32.dll!UnhookWinEvent + 4                                                                    7E3818B0 1 Byte  [82]
.text           C:\WINDOWS\system32\igfxpers.exe[3272] ADVAPI32.dll!SetServiceObjectSecurity                                                            77E06D81 5 Bytes  JMP 003A1014 
.text           C:\WINDOWS\system32\igfxpers.exe[3272] ADVAPI32.dll!ChangeServiceConfigA                                                                77E06E69 5 Bytes  JMP 003A0804 
.text           C:\WINDOWS\system32\igfxpers.exe[3272] ADVAPI32.dll!ChangeServiceConfigW                                                                77E07001 5 Bytes  JMP 003A0A08 
.text           C:\WINDOWS\system32\igfxpers.exe[3272] ADVAPI32.dll!ChangeServiceConfig2A                                                               77E07101 5 Bytes  JMP 003A0C0C 
.text           C:\WINDOWS\system32\igfxpers.exe[3272] ADVAPI32.dll!ChangeServiceConfig2W                                                               77E07189 5 Bytes  JMP 003A0E10 
.text           C:\WINDOWS\system32\igfxpers.exe[3272] ADVAPI32.dll!CreateServiceA                                                                      77E07211 5 Bytes  JMP 003A01F8 
.text           C:\WINDOWS\system32\igfxpers.exe[3272] ADVAPI32.dll!CreateServiceW                                                                      77E073A9 5 Bytes  JMP 003A03FC 
.text           C:\WINDOWS\system32\igfxpers.exe[3272] ADVAPI32.dll!DeleteService                                                                       77E074B1 5 Bytes  JMP 003A0600 
.text           C:\WINDOWS\system32\igfxsrvc.exe[3364] ntdll.dll!LdrLoadDll                                                                             7C92632D 5 Bytes  JMP 001501F8 
.text           C:\WINDOWS\system32\igfxsrvc.exe[3364] ntdll.dll!RtlDosSearchPath_U + 186                                                               7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\igfxsrvc.exe[3364] ntdll.dll!LdrUnloadDll                                                                           7C9271CD 5 Bytes  JMP 001503FC 
.text           C:\WINDOWS\system32\igfxsrvc.exe[3364] kernel32.dll!GetBinaryTypeW + 80                                                                 7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\igfxsrvc.exe[3364] USER32.dll!SetWindowsHookExW                                                                     7E37820F 5 Bytes  JMP 00390804 
.text           C:\WINDOWS\system32\igfxsrvc.exe[3364] USER32.dll!UnhookWindowsHookEx                                                                   7E37D5F3 5 Bytes  JMP 00390A08 
.text           C:\WINDOWS\system32\igfxsrvc.exe[3364] USER32.dll!SetWindowsHookExA                                                                     7E381211 5 Bytes  JMP 00390600 
.text           C:\WINDOWS\system32\igfxsrvc.exe[3364] USER32.dll!SetWinEventHook                                                                       7E3817F7 5 Bytes  JMP 003901F8 
.text           C:\WINDOWS\system32\igfxsrvc.exe[3364] USER32.dll!UnhookWinEvent                                                                        7E3818AC 3 Bytes  JMP 003903FC 
.text           C:\WINDOWS\system32\igfxsrvc.exe[3364] USER32.dll!UnhookWinEvent + 4                                                                    7E3818B0 1 Byte  [82]
.text           C:\WINDOWS\system32\igfxsrvc.exe[3364] ADVAPI32.dll!SetServiceObjectSecurity                                                            77E06D81 5 Bytes  JMP 003A1014 
.text           C:\WINDOWS\system32\igfxsrvc.exe[3364] ADVAPI32.dll!ChangeServiceConfigA                                                                77E06E69 5 Bytes  JMP 003A0804 
.text           C:\WINDOWS\system32\igfxsrvc.exe[3364] ADVAPI32.dll!ChangeServiceConfigW                                                                77E07001 5 Bytes  JMP 003A0A08 
.text           C:\WINDOWS\system32\igfxsrvc.exe[3364] ADVAPI32.dll!ChangeServiceConfig2A                                                               77E07101 5 Bytes  JMP 003A0C0C 
.text           C:\WINDOWS\system32\igfxsrvc.exe[3364] ADVAPI32.dll!ChangeServiceConfig2W                                                               77E07189 5 Bytes  JMP 003A0E10 
.text           C:\WINDOWS\system32\igfxsrvc.exe[3364] ADVAPI32.dll!CreateServiceA                                                                      77E07211 5 Bytes  JMP 003A01F8 
.text           C:\WINDOWS\system32\igfxsrvc.exe[3364] ADVAPI32.dll!CreateServiceW                                                                      77E073A9 5 Bytes  JMP 003A03FC 
.text           C:\WINDOWS\system32\igfxsrvc.exe[3364] ADVAPI32.dll!DeleteService                                                                       77E074B1 5 Bytes  JMP 003A0600 
.text           C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3396] ntdll.dll!LdrLoadDll                                                                    7C92632D 5 Bytes  JMP 001501F8 
.text           C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3396] ntdll.dll!RtlDosSearchPath_U + 186                                                      7C926865 1 Byte  [62]
.text           C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3396] ntdll.dll!LdrUnloadDll                                                                  7C9271CD 5 Bytes  JMP 001503FC 
.text           C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3396] kernel32.dll!GetBinaryTypeW + 80                                                        7C868D8C 1 Byte  [62]
.text           C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3396] ADVAPI32.dll!SetServiceObjectSecurity                                                   77E06D81 3 Bytes  JMP 00391014 
.text           C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3396] ADVAPI32.dll!SetServiceObjectSecurity + 4                                               77E06D85 1 Byte  [88]
.text           C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3396] ADVAPI32.dll!ChangeServiceConfigA                                                       77E06E69 5 Bytes  JMP 00390804 
.text           C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3396] ADVAPI32.dll!ChangeServiceConfigW                                                       77E07001 5 Bytes  JMP 00390A08 
.text           C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3396] ADVAPI32.dll!ChangeServiceConfig2A                                                      77E07101 5 Bytes  JMP 00390C0C 
.text           C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3396] ADVAPI32.dll!ChangeServiceConfig2W                                                      77E07189 5 Bytes  JMP 00390E10 
.text           C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3396] ADVAPI32.dll!CreateServiceA                                                             77E07211 5 Bytes  JMP 003901F8 
.text           C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3396] ADVAPI32.dll!CreateServiceW                                                             77E073A9 5 Bytes  JMP 003903FC 
.text           C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3396] ADVAPI32.dll!DeleteService                                                              77E074B1 5 Bytes  JMP 00390600 
.text           C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3396] USER32.dll!SetWindowsHookExW                                                            7E37820F 5 Bytes  JMP 003A0804 
.text           C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3396] USER32.dll!UnhookWindowsHookEx                                                          7E37D5F3 5 Bytes  JMP 003A0A08 
.text           C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3396] USER32.dll!SetWindowsHookExA                                                            7E381211 5 Bytes  JMP 003A0600 
.text           C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3396] USER32.dll!SetWinEventHook                                                              7E3817F7 5 Bytes  JMP 003A01F8 
.text           C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3396] USER32.dll!UnhookWinEvent                                                               7E3818AC 5 Bytes  JMP 003A03FC 
.text           C:\WINDOWS\system32\AESTFltr.exe[3472] ntdll.dll!LdrLoadDll                                                                             7C92632D 5 Bytes  JMP 001501F8 
.text           C:\WINDOWS\system32\AESTFltr.exe[3472] ntdll.dll!RtlDosSearchPath_U + 186                                                               7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\AESTFltr.exe[3472] ntdll.dll!LdrUnloadDll                                                                           7C9271CD 5 Bytes  JMP 001503FC 
.text           C:\WINDOWS\system32\AESTFltr.exe[3472] kernel32.dll!GetBinaryTypeW + 80                                                                 7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\AESTFltr.exe[3472] ADVAPI32.dll!SetServiceObjectSecurity                                                            77E06D81 3 Bytes  JMP 00391014 
.text           C:\WINDOWS\system32\AESTFltr.exe[3472] ADVAPI32.dll!SetServiceObjectSecurity + 4                                                        77E06D85 1 Byte  [88]
.text           C:\WINDOWS\system32\AESTFltr.exe[3472] ADVAPI32.dll!ChangeServiceConfigA                                                                77E06E69 5 Bytes  JMP 00390804 
.text           C:\WINDOWS\system32\AESTFltr.exe[3472] ADVAPI32.dll!ChangeServiceConfigW                                                                77E07001 5 Bytes  JMP 00390A08 
.text           C:\WINDOWS\system32\AESTFltr.exe[3472] ADVAPI32.dll!ChangeServiceConfig2A                                                               77E07101 5 Bytes  JMP 00390C0C 
.text           C:\WINDOWS\system32\AESTFltr.exe[3472] ADVAPI32.dll!ChangeServiceConfig2W                                                               77E07189 5 Bytes  JMP 00390E10 
.text           C:\WINDOWS\system32\AESTFltr.exe[3472] ADVAPI32.dll!CreateServiceA                                                                      77E07211 5 Bytes  JMP 003901F8 
.text           C:\WINDOWS\system32\AESTFltr.exe[3472] ADVAPI32.dll!CreateServiceW                                                                      77E073A9 5 Bytes  JMP 003903FC 
.text           C:\WINDOWS\system32\AESTFltr.exe[3472] ADVAPI32.dll!DeleteService                                                                       77E074B1 5 Bytes  JMP 00390600 
.text           C:\WINDOWS\system32\AESTFltr.exe[3472] USER32.dll!SetWindowsHookExW                                                                     7E37820F 5 Bytes  JMP 003A0804 
.text           C:\WINDOWS\system32\AESTFltr.exe[3472] USER32.dll!UnhookWindowsHookEx                                                                   7E37D5F3 5 Bytes  JMP 003A0A08 
.text           C:\WINDOWS\system32\AESTFltr.exe[3472] USER32.dll!SetWindowsHookExA                                                                     7E381211 5 Bytes  JMP 003A0600 
.text           C:\WINDOWS\system32\AESTFltr.exe[3472] USER32.dll!SetWinEventHook                                                                       7E3817F7 5 Bytes  JMP 003A01F8 
.text           C:\WINDOWS\system32\AESTFltr.exe[3472] USER32.dll!UnhookWinEvent                                                                        7E3818AC 5 Bytes  JMP 003A03FC 
.text           C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3484] ntdll.dll!RtlDosSearchPath_U + 186                                7C926865 1 Byte  [62]
.text           C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3484] KERNEL32.dll!GetBinaryTypeW + 80                                  7C868D8C 1 Byte  [62]
.text           C:\Programme\IDT\WDM\sttray.exe[3600] ntdll.dll!LdrLoadDll                                                                              7C92632D 5 Bytes  JMP 001501F8 
.text           C:\Programme\IDT\WDM\sttray.exe[3600] ntdll.dll!RtlDosSearchPath_U + 186                                                                7C926865 1 Byte  [62]
.text           C:\Programme\IDT\WDM\sttray.exe[3600] ntdll.dll!LdrUnloadDll                                                                            7C9271CD 5 Bytes  JMP 001503FC 
.text           C:\Programme\IDT\WDM\sttray.exe[3600] kernel32.dll!GetBinaryTypeW + 80                                                                  7C868D8C 1 Byte  [62]
.text           C:\Programme\IDT\WDM\sttray.exe[3600] USER32.dll!SetWindowsHookExW                                                                      7E37820F 5 Bytes  JMP 00390804 
.text           C:\Programme\IDT\WDM\sttray.exe[3600] USER32.dll!UnhookWindowsHookEx                                                                    7E37D5F3 5 Bytes  JMP 00390A08 
.text           C:\Programme\IDT\WDM\sttray.exe[3600] USER32.dll!SetWindowsHookExA                                                                      7E381211 5 Bytes  JMP 00390600 
.text           C:\Programme\IDT\WDM\sttray.exe[3600] USER32.dll!SetWinEventHook                                                                        7E3817F7 5 Bytes  JMP 003901F8 
.text           C:\Programme\IDT\WDM\sttray.exe[3600] USER32.dll!UnhookWinEvent                                                                         7E3818AC 3 Bytes  JMP 003903FC 
.text           C:\Programme\IDT\WDM\sttray.exe[3600] USER32.dll!UnhookWinEvent + 4                                                                     7E3818B0 1 Byte  [82]
.text           C:\Programme\IDT\WDM\sttray.exe[3600] ADVAPI32.dll!SetServiceObjectSecurity                                                             77E06D81 5 Bytes  JMP 003A1014 
.text           C:\Programme\IDT\WDM\sttray.exe[3600] ADVAPI32.dll!ChangeServiceConfigA                                                                 77E06E69 5 Bytes  JMP 003A0804 
.text           C:\Programme\IDT\WDM\sttray.exe[3600] ADVAPI32.dll!ChangeServiceConfigW                                                                 77E07001 5 Bytes  JMP 003A0A08 
.text           C:\Programme\IDT\WDM\sttray.exe[3600] ADVAPI32.dll!ChangeServiceConfig2A                                                                77E07101 5 Bytes  JMP 003A0C0C 
.text           C:\Programme\IDT\WDM\sttray.exe[3600] ADVAPI32.dll!ChangeServiceConfig2W                                                                77E07189 5 Bytes  JMP 003A0E10 
.text           C:\Programme\IDT\WDM\sttray.exe[3600] ADVAPI32.dll!CreateServiceA                                                                       77E07211 5 Bytes  JMP 003A01F8 
.text           C:\Programme\IDT\WDM\sttray.exe[3600] ADVAPI32.dll!CreateServiceW                                                                       77E073A9 5 Bytes  JMP 003A03FC 
.text           C:\Programme\IDT\WDM\sttray.exe[3600] ADVAPI32.dll!DeleteService                                                                        77E074B1 5 Bytes  JMP 003A0600 
.text           C:\WINDOWS\System32\svchost.exe[3636] ntdll.dll!LdrLoadDll                                                                              7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\System32\svchost.exe[3636] ntdll.dll!RtlDosSearchPath_U + 186                                                                7C926865 1 Byte  [62]
.text           C:\WINDOWS\System32\svchost.exe[3636] ntdll.dll!LdrUnloadDll                                                                            7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\System32\svchost.exe[3636] kernel32.dll!GetBinaryTypeW + 80                                                                  7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\System32\svchost.exe[3636] ADVAPI32.dll!SetServiceObjectSecurity                                                             77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\System32\svchost.exe[3636] ADVAPI32.dll!ChangeServiceConfigA                                                                 77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\System32\svchost.exe[3636] ADVAPI32.dll!ChangeServiceConfigW                                                                 77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\System32\svchost.exe[3636] ADVAPI32.dll!ChangeServiceConfig2A                                                                77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\System32\svchost.exe[3636] ADVAPI32.dll!ChangeServiceConfig2W                                                                77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\System32\svchost.exe[3636] ADVAPI32.dll!CreateServiceA                                                                       77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\System32\svchost.exe[3636] ADVAPI32.dll!CreateServiceW                                                                       77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\System32\svchost.exe[3636] ADVAPI32.dll!DeleteService                                                                        77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\System32\svchost.exe[3636] USER32.dll!SetWindowsHookExW                                                                      7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\System32\svchost.exe[3636] USER32.dll!UnhookWindowsHookEx                                                                    7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\System32\svchost.exe[3636] USER32.dll!SetWindowsHookExA                                                                      7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\System32\svchost.exe[3636] USER32.dll!SetWinEventHook                                                                        7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\System32\svchost.exe[3636] USER32.dll!UnhookWinEvent                                                                         7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3660] ntdll.dll!LdrLoadDll                                                 7C92632D 5 Bytes  JMP 001501F8 
.text           C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3660] ntdll.dll!RtlDosSearchPath_U + 186                                   7C926865 1 Byte  [62]
.text           C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3660] ntdll.dll!LdrUnloadDll                                               7C9271CD 5 Bytes  JMP 001503FC 
.text           C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3660] kernel32.dll!GetBinaryTypeW + 80                                     7C868D8C 1 Byte  [62]
.text           C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3660] ADVAPI32.dll!SetServiceObjectSecurity                                77E06D81 5 Bytes  JMP 003A1014 
.text           C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3660] ADVAPI32.dll!ChangeServiceConfigA                                    77E06E69 5 Bytes  JMP 003A0804 
.text           C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3660] ADVAPI32.dll!ChangeServiceConfigW                                    77E07001 5 Bytes  JMP 003A0A08 
.text           C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3660] ADVAPI32.dll!ChangeServiceConfig2A                                   77E07101 5 Bytes  JMP 003A0C0C 
.text           C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3660] ADVAPI32.dll!ChangeServiceConfig2W                                   77E07189 5 Bytes  JMP 003A0E10 
.text           C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3660] ADVAPI32.dll!CreateServiceA                                          77E07211 5 Bytes  JMP 003A01F8 
.text           C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3660] ADVAPI32.dll!CreateServiceW                                          77E073A9 5 Bytes  JMP 003A03FC 
.text           C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3660] ADVAPI32.dll!DeleteService                                           77E074B1 5 Bytes  JMP 003A0600 
.text           C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3660] USER32.dll!SetWindowsHookExW                                         7E37820F 5 Bytes  JMP 003B0804 
.text           C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3660] USER32.dll!UnhookWindowsHookEx                                       7E37D5F3 5 Bytes  JMP 003B0A08 
.text           C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3660] USER32.dll!SetWindowsHookExA                                         7E381211 5 Bytes  JMP 003B0600 
.text           C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3660] USER32.dll!SetWinEventHook                                           7E3817F7 5 Bytes  JMP 003B01F8 
.text           C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3660] USER32.dll!UnhookWinEvent                                            7E3818AC 5 Bytes  JMP 003B03FC 
.text           C:\Programme\AVAST Software\Avast\avastUI.exe[3712] ntdll.dll!RtlDosSearchPath_U + 186                                                  7C926865 1 Byte  [62]
.text           C:\Programme\AVAST Software\Avast\avastUI.exe[3712] kernel32.dll!GetBinaryTypeW + 80                                                    7C868D8C 1 Byte  [62]
.text           C:\programme\real\realplayer\update\realsched.exe[3796] ntdll.dll!LdrLoadDll                                                            7C92632D 5 Bytes  JMP 001401F8 
.text           C:\programme\real\realplayer\update\realsched.exe[3796] ntdll.dll!RtlDosSearchPath_U + 186                                              7C926865 1 Byte  [62]
.text           C:\programme\real\realplayer\update\realsched.exe[3796] ntdll.dll!LdrUnloadDll                                                          7C9271CD 5 Bytes  JMP 001403FC 
.text           C:\programme\real\realplayer\update\realsched.exe[3796] kernel32.dll!SetUnhandledExceptionFilter                                        7C84495D 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text           C:\programme\real\realplayer\update\realsched.exe[3796] kernel32.dll!GetBinaryTypeW + 80                                                7C868D8C 1 Byte  [62]
.text           C:\programme\real\realplayer\update\realsched.exe[3796] ADVAPI32.dll!SetServiceObjectSecurity                                           77E06D81 3 Bytes  JMP 00391014 
.text           C:\programme\real\realplayer\update\realsched.exe[3796] ADVAPI32.dll!SetServiceObjectSecurity + 4                                       77E06D85 1 Byte  [88]
.text           C:\programme\real\realplayer\update\realsched.exe[3796] ADVAPI32.dll!ChangeServiceConfigA                                               77E06E69 5 Bytes  JMP 00390804 
.text           C:\programme\real\realplayer\update\realsched.exe[3796] ADVAPI32.dll!ChangeServiceConfigW                                               77E07001 5 Bytes  JMP 00390A08 
.text           C:\programme\real\realplayer\update\realsched.exe[3796] ADVAPI32.dll!ChangeServiceConfig2A                                              77E07101 5 Bytes  JMP 00390C0C 
.text           C:\programme\real\realplayer\update\realsched.exe[3796] ADVAPI32.dll!ChangeServiceConfig2W                                              77E07189 5 Bytes  JMP 00390E10 
.text           C:\programme\real\realplayer\update\realsched.exe[3796] ADVAPI32.dll!CreateServiceA                                                     77E07211 5 Bytes  JMP 003901F8 
.text           C:\programme\real\realplayer\update\realsched.exe[3796] ADVAPI32.dll!CreateServiceW                                                     77E073A9 5 Bytes  JMP 003903FC 
.text           C:\programme\real\realplayer\update\realsched.exe[3796] ADVAPI32.dll!DeleteService                                                      77E074B1 5 Bytes  JMP 00390600 
.text           C:\programme\real\realplayer\update\realsched.exe[3796] USER32.dll!SetWindowsHookExW                                                    7E37820F 5 Bytes  JMP 003A0804 
.text           C:\programme\real\realplayer\update\realsched.exe[3796] USER32.dll!UnhookWindowsHookEx                                                  7E37D5F3 5 Bytes  JMP 003A0A08 
.text           C:\programme\real\realplayer\update\realsched.exe[3796] USER32.dll!SetWindowsHookExA                                                    7E381211 5 Bytes  JMP 003A0600 
.text           C:\programme\real\realplayer\update\realsched.exe[3796] USER32.dll!SetWinEventHook                                                      7E3817F7 5 Bytes  JMP 003A01F8 
.text           C:\programme\real\realplayer\update\realsched.exe[3796] USER32.dll!UnhookWinEvent                                                       7E3818AC 5 Bytes  JMP 003A03FC 

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\WINDOWS\system32\services.exe[920] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW]                            005E0002
IAT             C:\WINDOWS\system32\services.exe[920] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW]                                  005E0000
IAT             C:\Programme\AVAST Software\Avast\AvastSvc.exe[1772] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                     [64C8F6A0] C:\Programme\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT             C:\Programme\AVAST Software\Avast\avastUI.exe[3712] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                      [64C8F6A0] C:\Programme\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                                  aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                                  aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                                aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                                                 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                                                                 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                               aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume1                                                                                                  SaibIa32.sys (Disk Filter Driver/Sonic Solutions)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                               aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                             aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\578F71502BBB21846AE337B333EC2F51\Usage@SoleFeature  1087846741

---- EOF - GMER 1.0.15 ----
         
Hier das OSAM-Log:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 12:24:28 on 23.06.2012

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Opera Software Opera Internet Browser 11.64

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe
"BackOnTrack Instant Restore Idle.job" - "Sonic Solutions" - C:\Programme\Roxio\BackOnTrack\Instant Restore\RstIdle.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"RealUpgradeLogonTaskS-1-5-21-1078501022-2075896473-1597800574-1005.job" - "RealNetworks, Inc." - C:\Programme\Real\RealUpgrade\realupgrade.exe
"RealUpgradeLogonTaskS-1-5-21-1078501022-2075896473-1597800574-1006.job" - "RealNetworks, Inc." - C:\Programme\Real\RealUpgrade\realupgrade.exe
"RealUpgradeScheduledTaskS-1-5-21-1078501022-2075896473-1597800574-1005.job" - "RealNetworks, Inc." - C:\Programme\Real\RealUpgrade\realupgrade.exe
"RealUpgradeScheduledTaskS-1-5-21-1078501022-2075896473-1597800574-1006.job" - "RealNetworks, Inc." - C:\Programme\Real\RealUpgrade\realupgrade.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"hpBat.cpl" - ? - C:\WINDOWS\system32\hpBat.cpl  (File found, but it contains no detailed information)
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - ? - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl  (File not found)
"hpBat.CPL" - ? - C:\Programme\Hewlett-Packard\HP BatteryCheck\hpBat.CPL  (File not found)
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswFsBlk.sys
"aswRdr" (AswRdr) - "AVAST Software" - C:\WINDOWS\system32\drivers\AswRdr.sys
"aswSnx" (aswSnx) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswSnx.sys
"aswSP" (aswSP) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswSP.sys
"avast! Asynchronous Virus Monitor" (Aavmker4) - "AVAST Software" - C:\WINDOWS\system32\drivers\Aavmker4.sys
"avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswTdi.sys
"avast! Standard Shield Support" (aswMon2) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswMon2.sys
"catchme" (catchme) - ? - C:\DOKUME~1\SEBAST~1\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"Huawei DataCard USB Modem and USB Serial" (hwdatacard) - ? - C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys  (File not found)
"Huawei DataCard USB PNP Device" (hwusbdev) - ? - C:\WINDOWS\System32\DRIVERS\ewusbdev.sys  (File not found)
"HUAWEI USB-NDIS miniport" (ewusbnet) - ? - C:\WINDOWS\System32\DRIVERS\ewusbnet.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"NSNDIS5 NDIS Protocol Driver" (NSNDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\system32\NSNDIS5.SYS
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"pwldypod" (pwldypod) - ? - C:\DOKUME~1\SEBAST~1\LOKALE~1\Temp\pwldypod.sys  (Hidden registry entry, rootkit activity | File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"Realtek IR Driver" (Rts516xIR) - ? - C:\WINDOWS\System32\DRIVERS\Rts516xIR.sys  (File not found)
"Realtek Smartcard Reader Driver" (USBCCID) - ? - C:\WINDOWS\System32\DRIVERS\Rts5161ccid.sys  (File not found)
"SANDRA" (SANDRA) - ? - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP4c\WNt500x86\Sandra.sys  (File not found)
"SbieDrv" (SbieDrv) - "SANDBOXIE L.T.D" - C:\Programme\Sandboxie\SbieDrv.sys
"SysCow" (SysCow) - "Sonic Solutions" - C:\WINDOWS\System32\drivers\syscow32x.sys
"Video Grabber" (TridVid) - "10moons Technologies Co.,Ltd" - C:\WINDOWS\System32\DRIVERS\TridVid.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} "PXCInfoShlExt Class" - "Tracker Software Products (Canada) Ltd." - C:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Programme\AVAST Software\Avast\ashShell.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{CF822AB4-6DB5-4FDA-BC28-E61DF36D2583} "PDF-XChange PDF Preview Provider" - "Tracker Software Products (Canada) Ltd." - C:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll
{67EB453C-1BE1-48EC-AAF3-23B10277FCC1} "PDF-XChange PDF Property Handler" - "Tracker Software Products (Canada) Ltd." - C:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll
{EBD0B8F4-A9A0-41B7-9695-030CD264D9C8} "PDF-XChange PDF Thumbnail Provider" - "Tracker Software Products (Canada) Ltd." - C:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll
{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} "PXCInfoShlExt Class" - "Tracker Software Products (Canada) Ltd." - C:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll
{5B043439-4F53-436E-8CFE-28F80934DBE6} "PXCPreviewHandlerXP Class" - "Tracker Software Products (Canada) Ltd." - C:\Programme\Tracker Software\Shell Extensions\PXCPrevHost.exe
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\programme\real\realplayer\rpshell.dll
{0016CE0E-728C-4FC9-98E5-D0B35B384597} "SDExplorer" - ? - C:\Programme\SDExplorer\SDShellNSE.dll
{547D79D6-0524-4017-9A03-A96402FA2D95} "SDExplorer Drop Handler" - ? - C:\Programme\SDExplorer\sdesndto.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash32_11_2_202_235.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{644E432F-49D3-41A1-8DD5-E099162EEEC5} "Symantec RuFSI Utility Class" - "Symantec Corporation" - C:\WINDOWS\Downloaded Program Files\rufsi.dll / hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "avast! WebRep" - "AVAST Software" - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! WebRep" - "AVAST Software" - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"ac'tivAid.lnk" - ? - C:\Programme\ac'tivAid\ac'tivAid.ahk  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Sebastian\Startmenü\Programme\Autostart\desktop.ini
"Dropbox.lnk" - "Dropbox, Inc." - C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"SandboxieControl" - "SANDBOXIE L.T.D" - "C:\Programme\Sandboxie\SbieCtrl.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon" - "Apple Inc." - "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe"
"avast" - "AVAST Software" - "C:\Programme\AVAST Software\Avast\avastUI.exe" /nogui
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"TkBellExe" - "RealNetworks, Inc." - "C:\programme\real\realplayer\update\realsched.exe"  -osboot
"WirelessAssistant" - "Hewlett-Packard" - C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Audio Service" (STacSV) - ? - c:\dokume~1\sebast~1\lokale~1\temp\cdm\{c06380b4-fc58-4998-a02d-856fc6352cc6}\STacSV.exe  (File not found)
"avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Programme\AVAST Software\Avast\AvastSvc.exe
"BOTService" (BOTService) - "Sonic Solutions" - C:\Programme\Roxio\BackOnTrack\Instant Restore\BOTService.exe
"GameConsoleService" (GameConsoleService) - "WildTangent, Inc." - C:\Programme\HP Games\HP Game Console\GameConsoleService.exe
"hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - c:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Roxio SAIB Service" (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - ? - C:\Programme\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
"Sandboxie Service" (SbieSvc) - "SANDBOXIE L.T.D" - C:\Programme\Sandboxie\SbieSvc.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Programme\Skype\Updater\Updater.exe
"Sony PC Companion" (Sony PC Companion) - "Avanquest Software" - C:\Programme\Sony\Sony PC Companion\PCCService.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         
Auffällig war, dass sowohl bei GMER als bei OSAM das Betriebssystem gemeldet hat, dass der Flash Player Updater beendet werden musste. Das war umso bemerkenswerter, weil ich zwischen GMER und OSAM gar nicht neugestartet habe und er daher eigentlich nicht mehr laufen konnte.

Hier das ASWMBR-Log:
Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-23 12:30:43
-----------------------------
12:30:43.562    OS Version: Windows 5.1.2600 Service Pack 3
12:30:43.562    Number of processors: 2 586 0x1C02
12:30:43.562    ComputerName: MINICAT  UserName: 
12:30:44.953    Initialize success
12:30:45.218    AVAST engine defs: 12062300
12:31:15.312    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
12:31:15.312    Disk 0 Vendor: TOSHIBA_ FG01 Size: 152627MB BusType: 3
12:31:15.328    Disk 0 MBR read successfully
12:31:15.343    Disk 0 MBR scan
12:31:15.343    Disk 0 Windows VISTA default MBR code
12:31:15.343    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       152616 MB offset 2048
12:31:15.359    Disk 0 scanning sectors +312560640
12:31:15.453    Disk 0 scanning C:\WINDOWS\system32\drivers
12:31:26.546    Service scanning
12:31:54.609    Modules scanning
12:32:04.890    Disk 0 trace - called modules:
12:32:04.921    ntkrnlpa.exe CLASSPNP.SYS disk.sys SahdIa32.sys iaStor.sys hal.dll 
12:32:04.921    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89da6458]
12:32:04.937    3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x89da69c0]
12:32:04.937    5 SahdIa32.sys[ba109939] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x89deb028]
12:32:06.078    AVAST engine scan C:\WINDOWS
12:32:14.000    AVAST engine scan C:\WINDOWS\system32
12:35:01.875    AVAST engine scan C:\WINDOWS\system32\drivers
12:35:28.921    AVAST engine scan C:\Dokumente und Einstellungen\Sebastian
12:44:23.093    AVAST engine scan C:\Dokumente und Einstellungen\All Users
12:49:01.859    Scan finished successfully
12:49:11.843    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Sebastian\Desktop\MBR.dat"
12:49:11.843    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Sebastian\Desktop\aswMBR.txt"
         
Schönen Tag,
Sebastian

Antwort

Themen zu Seltsame Anwendung im Task-Manager / Malwarebytes Anti-Malware findet PUM.Hijack.StartMenu
anti-malware, anwendungen, avast, beenden, befall, code, computer, explorer, festgestellt, festplatte, firefox, free, infektion, infizierte, malwarebytes, microsoft, namen, neue, neue version, problem, programm, programme, ratlos, real player, software, task-manager, windows, ändern



Ähnliche Themen: Seltsame Anwendung im Task-Manager / Malwarebytes Anti-Malware findet PUM.Hijack.StartMenu


  1. Malwarebytes Anti-Malware findet auf NAS, nicht aber auf interner HDD
    Log-Analyse und Auswertung - 10.06.2015 (14)
  2. Malwarebytes Anti-Malware geht erst nicht, findet dann Security.Hijack - Ist da noch mehr?
    Log-Analyse und Auswertung - 21.08.2014 (17)
  3. Malwarebytes Anti-Malware findet TowerTilt Adware
    Plagegeister aller Art und deren Bekämpfung - 18.06.2014 (21)
  4. Win7, firefox startet nicht, Malware laut Malwarebytes Anti-Malware, Security.Hijack
    Log-Analyse und Auswertung - 30.03.2014 (9)
  5. Malwarebytes Anti-Malware findet infizierte Dateien, was tun?
    Plagegeister aller Art und deren Bekämpfung - 04.02.2014 (9)
  6. Malwarebytes Anti-Malware Scan findet zwei Viren
    Log-Analyse und Auswertung - 07.12.2013 (25)
  7. Malwarebytes Anti-Malware findet infizierte Objekte
    Log-Analyse und Auswertung - 12.11.2013 (13)
  8. Full Scan Malwarebytes Anti-Malware findet 2 infizierte Datein
    Log-Analyse und Auswertung - 04.10.2013 (1)
  9. Malwarebytes Anti-Malware findet Malware.NSPack
    Plagegeister aller Art und deren Bekämpfung - 29.05.2013 (13)
  10. Malwarebytes Anti-Malware findet (PUP.InstallBrain)
    Plagegeister aller Art und deren Bekämpfung - 20.04.2013 (13)
  11. Malwarebytes Anti-Malware findet Trojan.Ransom.ANC
    Plagegeister aller Art und deren Bekämpfung - 17.03.2013 (37)
  12. Hohe Cpu Auslastung + Seltsame Prozesse im Windows Task Manager was tun ?
    Plagegeister aller Art und deren Bekämpfung - 14.03.2013 (3)
  13. Malwarebytes Anti-Malware findet infizierte Verzeichnisse: PUP.LoadTubes
    Log-Analyse und Auswertung - 24.12.2012 (1)
  14. (3x) Malwarebytes Anti-Malware findet den Trojaner bei mir leider nicht!
    Mülltonne - 27.04.2012 (2)
  15. Win XP spielt verrückt, Malwarebytes' Anti-Malware findet nichts
    Log-Analyse und Auswertung - 28.12.2011 (5)
  16. Malwarebytes' Anti-Malware findet PUM.Hijack.StartMenu in Registry
    Log-Analyse und Auswertung - 27.09.2011 (10)
  17. seltsame Datein im Task Manager
    Alles rund um Windows - 30.08.2005 (5)

Zum Thema Seltsame Anwendung im Task-Manager / Malwarebytes Anti-Malware findet PUM.Hijack.StartMenu - Hallo, Malwarebytes Anti-Malware hat beim Quickscan auf meinen Netbook einen Befall festgestellt: Code: Alles auswählen Aufklappen ATTFilter Infizierte Dateiobjekte der Registrierung: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|StartMenuLogoff (PUM.Hijack.StartMenu) -> Bösartig: (1) Gut: (0) -> - Seltsame Anwendung im Task-Manager / Malwarebytes Anti-Malware findet PUM.Hijack.StartMenu...
Archiv
Du betrachtest: Seltsame Anwendung im Task-Manager / Malwarebytes Anti-Malware findet PUM.Hijack.StartMenu auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.