Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Suisa - Symptome bereits entfernt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.07.2012, 08:59   #1
burger-inf
 
Suisa - Symptome bereits entfernt - Standard

Suisa - Symptome bereits entfernt



Hallo zusammen

Und noch ein Computer, der vom Suisa-Virus befallen wurde. Ich habe es bis jetzt geschafft, dass ich wieder normal auf den Computer zugreifen und mit ihm arbeiten kann, d.h. die Symptome habe ich bereits entfernt. Jetzt muss ich einfach noch den Virus selbst entfernen. Das kann ich selbst aber nicht, weil ich keine Ahnung vom Auswerten der Logfiles habe.

Ich habe den PC bis jetzt von drei verschiedenen Tools scannen lassen:
1. Malwarebyte's Anti-Malware
2. Microsoft Standalone System Sweeper (MS Security Essentials Offline)
3. OTL

Das OTL Logfile sieht folgendermassen aus:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 17.07.2012 08:46:52 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = F:\Burger-inf\Suisa-Virus_Tools
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.05% Memory free
4.24 Gb Paging File | 3.05 Gb Available in Paging File | 71.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102.16 Gb Total Space | 37.66 Gb Free Space | 36.86% Space Free | Partition Type: NTFS
Drive D: | 46.77 Gb Total Space | 0.46 Gb Free Space | 0.99% Space Free | Partition Type: NTFS
Drive F: | 7.45 Gb Total Space | 5.85 Gb Free Space | 78.52% Space Free | Partition Type: FAT32
 
Computer Name: DESKTOP | User Name: Bruno Bucher | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.13 08:43:16 | 000,596,480 | ---- | M] (OldTimer Tools) -- F:\Burger-inf\Suisa-Virus_Tools\OTL.exe
PRC - [2012.05.08 22:12:30 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 22:12:29 | 000,086,992 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\ipmgui.exe
PRC - [2012.05.08 22:12:21 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.05.08 22:12:20 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 22:12:20 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Programme\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
PRC - [2010.04.13 18:40:40 | 000,968,448 | ---- | M] () -- C:\Programme\Second Copy 8\SCVSSSvc.exe
PRC - [2009.07.30 16:05:58 | 000,497,000 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\Content Transfer\ContentTransferWMDetector.exe
PRC - [2009.04.11 08:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.02.26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2009.02.04 21:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008.01.21 04:25:56 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:56 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:23:59 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2008.08.20 14:55:48 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.08 22:12:30 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 22:12:20 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Programme\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.04.13 18:40:40 | 000,968,448 | ---- | M] () [Auto | Running] -- C:\Programme\Second Copy 8\SCVSSSvc.exe -- (SCVSSService)
SRV - [2008.01.21 04:25:56 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.05.08 22:12:32 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 22:12:32 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.08.20 14:55:46 | 003,591,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008.08.20 14:55:46 | 003,591,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.07.16 14:03:20 | 000,212,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2008.01.21 04:23:50 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2008.01.21 04:23:50 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{D50A12EE-0E06-4F53-9B77-DACC1D96785F}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&Form=DLRDF7&pc=MDDR&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1164181200-2664092181-1671702511-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USREL/17
IE - HKU\S-1-5-21-1164181200-2664092181-1671702511-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
IE - HKU\S-1-5-21-1164181200-2664092181-1671702511-1002\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1164181200-2664092181-1671702511-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNC_deCH360
IE - HKU\S-1-5-21-1164181200-2664092181-1671702511-1002\..\SearchScopes\{D50A12EE-0E06-4F53-9B77-DACC1D96785F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=DLRDF7&pc=MDDR&src=IE-SearchBox
IE - HKU\S-1-5-21-1164181200-2664092181-1671702511-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Programme\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1164181200-2664092181-1671702511-1002..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Bruno Bucher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.100.0.2 10.150.0.254 195.186.1.162
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{529173BE-998C-4C84-91E8-F62472B015DD}: DhcpNameServer = 10.100.0.2 10.150.0.254 195.186.1.162
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Bruno Bucher\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Bruno Bucher\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.17 02:54:31 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware
[2012.07.16 13:37:21 | 000,000,000 | -HSD | C] -- C:\found.000
[2012.07.04 21:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.17 08:49:17 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.17 08:49:17 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.17 08:49:17 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.17 08:49:17 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.17 08:45:28 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.17 08:43:14 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.17 08:42:07 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.17 08:42:06 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.17 08:41:48 | 000,270,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.17 08:41:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.10 09:22:39 | 000,006,836 | ---- | M] () -- C:\Users\Bruno Bucher\AppData\Local\d3d9caps.dat
[2012.07.05 13:03:40 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.07.04 21:48:16 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.07.04 21:07:55 | 000,135,018 | ---- | M] () -- C:\Users\Bruno Bucher\Documents\Documents\tierliste.pdf
[2012.06.25 22:27:45 | 000,472,474 | ---- | M] () -- C:\Users\Bruno Bucher\Documents\Documents\Scan0002.pdf
[2012.06.24 22:49:34 | 000,307,071 | ---- | M] () -- C:\Users\Bruno Bucher\Documents\Documents\Scan0001.pdf
 
========== Files Created - No Company Name ==========
 
[2012.07.04 21:49:24 | 000,001,973 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.07.04 21:48:16 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.07.04 21:48:16 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.07.04 21:07:55 | 000,135,018 | ---- | C] () -- C:\Users\Bruno Bucher\Documents\Documents\tierliste.pdf
[2012.06.25 22:27:45 | 000,472,474 | ---- | C] () -- C:\Users\Bruno Bucher\Documents\Documents\Scan0002.pdf
[2012.06.24 22:49:33 | 000,307,071 | ---- | C] () -- C:\Users\Bruno Bucher\Documents\Documents\Scan0001.pdf
[2012.06.09 20:01:19 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.04.18 21:47:18 | 000,006,144 | ---- | C] () -- C:\Users\Bruno Bucher\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.17 20:44:39 | 000,006,836 | ---- | C] () -- C:\Users\Bruno Bucher\AppData\Local\d3d9caps.dat
[2012.01.11 16:19:48 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012.01.11 16:19:48 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012.01.11 16:19:12 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.01.09 23:30:05 | 000,010,194 | -HS- | C] () -- C:\ProgramData\475e21p31gxqka8n7paa3h
 
========== LOP Check ==========
 
[2012.07.17 08:33:06 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


Hier auch noch die Extras.txt:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 17.07.2012 08:46:52 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = F:\Burger-inf\Suisa-Virus_Tools
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.05% Memory free
4.24 Gb Paging File | 3.05 Gb Available in Paging File | 71.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102.16 Gb Total Space | 37.66 Gb Free Space | 36.86% Space Free | Partition Type: NTFS
Drive D: | 46.77 Gb Total Space | 0.46 Gb Free Space | 0.99% Space Free | Partition Type: NTFS
Drive F: | 7.45 Gb Total Space | 5.85 Gb Free Space | 78.52% Space Free | Partition Type: FAT32
 
Computer Name: DESKTOP | User Name: Bruno Bucher | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{725F9484-4E0B-4B7C-A558-A8ED8920F277}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{CB80B6F6-C323-41C3-BF8E-1E5ECC24C0AA}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{21D42718-D375-4CDE-A12A-44663D2419B7}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{286CA54C-55A7-4E8E-8BB4-64009E3413FB}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe | 
"{31490839-AD7C-409A-8D56-D204879E12FC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{45C36154-36B9-450D-AB28-139FB96AE2E5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{4A106055-A0CC-4BD5-B46C-A623A90083A3}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe | 
"{501BE05B-CF9A-4E30-AAD1-C86EEECDCDD5}" = protocol=17 | dir=in | app=c:\program files\gnucash\bin\gnucash.exe | 
"{5BE425B4-4DD9-40CD-8997-761A18E2E32E}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\hpnetworkcommunicator.exe | 
"{7C05FE84-546A-47BB-88A7-8B26EFBFFF72}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\devicesetup.exe | 
"{A88D1598-E1E1-4627-B3DD-476BEC0C0E55}" = protocol=17 | dir=in | app=c:\program files\gnucash\bin\gconfd-2.exe | 
"{CAB7516C-B68A-4C02-8FE1-CEECA4BE9D1C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{CC544D91-36C8-484D-A65B-5F0969A66185}" = protocol=6 | dir=in | app=c:\program files\gnucash\bin\gnucash.exe | 
"{CE7805C5-4E66-473B-A306-AC65168A553B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{F676D01E-EF56-4A37-B7FF-9E07EDC9D72D}" = protocol=6 | dir=in | app=c:\program files\gnucash\bin\gconfd-2.exe | 
"TCP Query User{4624C5C0-7B88-47F3-A2E3-0CDEF927533D}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe | 
"UDP Query User{A3DDC2C2-5CB3-48B5-B04F-CF9143C357CE}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{056E7B58-F436-9614-6CD3-1DFDDD7DA470}" = CCC Help Turkish
"{0626167B-F30A-79EB-9B21-80B83468961A}" = CCC Help Chinese Traditional
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{08D6F386-D362-805B-05D2-79E4AB4F9CB9}" = CCC Help Korean
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2390D4C3-8CC7-2074-ACB9-A22ED2E1D4E9}" = CCC Help Portuguese
"{2555521A-9231-2F05-AEBE-FC1E2A7F825F}" = ccc-utility
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 30
"{27C42F0C-9090-97F7-9338-B6BD6DC25BB1}" = CCC Help Japanese
"{2BE84E12-E062-F989-BA16-25D53F343033}" = Skins
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{31CAC150-58B2-F696-D9EB-2FC16C3A8FAA}" = Catalyst Control Center Localization Portuguese
"{34475C54-DA68-DA37-E014-2ADD65AF627F}" = Catalyst Control Center Localization Hungarian
"{3541D8B6-BE96-0E6B-8987-D1CE1FBF848A}" = CCC Help German
"{3A732171-7856-43BD-B828-39B9E2B3E195}" = Catalyst Control Center Localization Spanish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4207500E-1543-47F3-1695-6728E6520903}" = Catalyst Control Center Graphics Full Existing
"{4453BCB7-5327-F8D1-C048-851310A389EF}" = Catalyst Control Center Localization Turkish
"{4A2D8C96-7B4F-A66A-6773-23F7796F9BA2}" = CCC Help Spanish
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{73E8E831-160A-6E74-1AAA-AB698E1986BC}" = CCC Help Hungarian
"{76E29237-CCAB-CD1A-F8A1-6C3CFF002F26}" = Catalyst Control Center Graphics Previews Vista
"{7A33E298-5BEA-7C94-C512-1DF1C977537E}" = Catalyst Control Center Localization Italian
"{7BB045C3-D5E4-4620-B536-DC11AACD5942}" = Broadcom Management Programs
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{853026E0-CD36-1790-7988-194CADDDFB25}" = ccc-core-static
"{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8D8E6D0B-5A57-9ABD-AEA2-C0052401C5F6}" = Catalyst Control Center Localization Chinese Traditional
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95E52415-B952-B013-A2AD-5163896D8B9C}" = Catalyst Control Center Graphics Full New
"{9813D8C7-92E3-4C20-83FA-CCB4ED4605AD}" = Studie zur Verbesserung von HP Officejet 6600 Produkten
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1E79477-B730-7E48-7EFF-0D1CB3202933}" = Catalyst Control Center Graphics Previews Common
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B25E016C-44C2-856A-98A8-789D1E2B1C56}" = Catalyst Control Center Graphics Light
"{B463BAAF-A379-AAF1-8979-6ED69C25ED37}" = Catalyst Control Center Localization Japanese
"{B6CF1DB0-09E8-0A2E-A510-1F2F8BDE5ECF}" = CCC Help Italian
"{BC60B681-C3A3-0363-DA09-FA9706ED9680}" = CCC Help Chinese Standard
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE09DD64-706D-4975-8034-E561C270D1E5}" = HP Officejet 6600 - Grundlegende Software für das Gerät
"{BECDD3A4-FEEC-9804-4782-F31A8A842361}" = CCC Help English
"{C022906C-A509-33D1-E42B-FF92F8E7BED4}" = Catalyst Control Center Core Implementation
"{C818BA3A-226F-4ED0-9CEF-96A0DF300211}" = HP Officejet 6600 Hilfe
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D035A6CA-E9DD-4B40-66F8-15842888E447}" = Catalyst Control Center Localization French
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E453921D-30B6-7692-179C-6F6112F18F81}" = Catalyst Control Center Localization Chinese Standard
"{EA853B19-A618-8D18-F4A4-6B96083DC3A3}" = Catalyst Control Center Localization Korean
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg
"{FE46238E-2FB4-C9E1-323D-AD0DA64BED91}" = Catalyst Control Center Localization German
"{FFC59020-35A5-4856-B0FB-23B95D6C2976}" = CCC Help French
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"Banana50_is1" = Banana Buchhaltung 5.0
"CutePDF Writer Installation" = CutePDF Writer 2.5
"GnuCash_is1" = GnuCash 2.4.0
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Second Copy 8_is1" = Second Copy 8
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.06.2012 16:48:20 | Computer Name = Desktop | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.06.2012 16:51:55 | Computer Name = Desktop | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 24.06.2012 16:56:37 | Computer Name = Desktop | Source = EventSystem | ID = 4621
Description = 
 
Error - 25.06.2012 16:16:13 | Computer Name = Desktop | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.06.2012 16:59:42 | Computer Name = Desktop | Source = EventSystem | ID = 4621
Description = 
 
Error - 26.06.2012 14:39:05 | Computer Name = Desktop | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.06.2012 14:43:41 | Computer Name = Desktop | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 26.06.2012 16:31:53 | Computer Name = Desktop | Source = EventSystem | ID = 4621
Description = 
 
Error - 27.06.2012 13:31:06 | Computer Name = Desktop | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.06.2012 13:57:42 | Computer Name = Desktop | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
[ OSession Events ]
Error - 16.09.2010 14:50:08 | Computer Name = Desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 1256
 seconds with 1020 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 21.09.2009 12:42:22 | Computer Name = Desktop | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.100.10 für die Netzwerkkarte mit der Netzwerkadresse
 0023AE7E5489 wurde durch den DHCP-Server 212.4.65.41 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 23.09.2009 06:32:42 | Computer Name = Desktop | Source = HTTP | ID = 15016
Description = 
 
Error - 24.09.2009 06:28:16 | Computer Name = Desktop | Source = HTTP | ID = 15016
Description = 
 
Error - 24.09.2009 06:28:17 | Computer Name = Desktop | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description = 
 
Error - 24.09.2009 06:28:46 | Computer Name = Desktop | Source = Dhcp | ID = 1000
Description = Die Lease dieses Computers zu der IP-Adresse 192.168.100.10 über die
 Netzwerkkarte mit der Netzwerkadresse 0023AE7E5489 ist verloren gegangen.
 
Error - 26.09.2009 01:09:53 | Computer Name = Desktop | Source = HTTP | ID = 15016
Description = 
 
Error - 26.09.2009 06:40:36 | Computer Name = Desktop | Source = HTTP | ID = 15016
Description = 
 
Error - 27.09.2009 08:19:07 | Computer Name = Desktop | Source = HTTP | ID = 15016
Description = 
 
Error - 27.09.2009 08:19:38 | Computer Name = Desktop | Source = Dhcp | ID = 1000
Description = Die Lease dieses Computers zu der IP-Adresse 192.168.100.10 über die
 Netzwerkkarte mit der Netzwerkadresse 0023AE7E5489 ist verloren gegangen.
 
Error - 27.09.2009 09:23:23 | Computer Name = Desktop | Source = HTTP | ID = 15016
Description = 
 
 
< End of report >
         
--- --- ---


Ich hoffe mir kann bald jemand helfen und schon im Voraus vielen Dank.

Freundliche Grüsse aus der Schweiz

Hi

Habe noch das Logfile von Malwarebyte's vergessen:
Code:
ATTFilter
Malwarebytes' Anti-Malware 
www.malwarebytes.org

Database version: 

Windows 5.1.2600
Internet Explorer 6.0.2800.5512

2012-07-16 16:44:48
mbam-log-2012-07-16 (16-44-48).txt

Scan type: Full scan (C:\|)
Objects scanned: 220243
Time elapsed: 39 minute(s), 27 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
x:\I386\System32\keybtray.exe (Malware.Packer.Gen) -> 1600 -> Unloaded process successfully.
b:\Temp\HBCD\Opera\opera.exe (Trojan.Downloader) -> 1176 -> Unloaded process successfully.

Memory Modules Infected:
x:\I386\System32\wzcsvc.dll (Trojan.FakeAV) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
x:\I386\System32\wzcsvc.dll (Trojan.FakeAV) -> Quarantined and deleted successfully.
x:\I386\System32\keybtray.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
b:\Temp\HBCD\Opera\opera.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5f4ba4dc-7d04-4c2e-b6d6-dace4482af30}\RP103\A0016133.exe (Spyware.Agent) -> Quarantined and deleted successfully.
x:\I386\System32\sfcfiles.dll (Trojan.Patched) -> Quarantined and deleted successfully.
         
Freundliche Grüsse aus der Schweiz

Geändert von burger-inf (17.07.2012 um 09:48 Uhr)

Alt 17.07.2012, 17:51   #2
markusg
/// Malware-holic
 
Suisa - Symptome bereits entfernt - Standard

Suisa - Symptome bereits entfernt



hi
wie hast du den Malwarebytes scan ausgeführt, irgendwie stimmen die infos da nicht wirklich überein mit deinem system
__________________

__________________

Alt 18.07.2012, 08:24   #3
burger-inf
 
Suisa - Symptome bereits entfernt - Standard

Suisa - Symptome bereits entfernt



Hi

Am Anfang hat nichts funktioniert, also habe ich von einer CD gebootet (Hirens Boot CD) und Malwarebyte's von dort aus die Harddisk des Computers scannen lassen.

Von diesem Zeitpunkt an komme ich auch wieder auf den Computer - keine Aufforderung zur Zahlung wegen illegal heruntergeladener Daten

Freundliche Grüsse aus der Schweiz
__________________

Geändert von burger-inf (18.07.2012 um 08:37 Uhr)

Alt 19.07.2012, 11:30   #4
burger-inf
 
Suisa - Symptome bereits entfernt - Standard

Suisa - Symptome bereits entfernt



Hi

Hab nochmal gescannt weil irgendetwas ja nicht stimmt bei den vorherigen Logs.

Malwarebyte's:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.04.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Bruno Bucher :: DESKTOP [Administrator]

Schutz: Aktiviert

19.07.2012 08:19:37
mbam-log-2012-07-19 (08-19-37).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 340744
Laufzeit: 56 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-18 15:29:46
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3160815AS rev.4.ADA
Running: q803md3v.exe; Driver: C:\Users\BRUNOB~1\AppData\Local\Temp\fxldapoc.sys


---- System - GMER 1.0.15 ----

SSDT            8BB92506                                                                                                         ZwCreateSection
SSDT            8BB92510                                                                                                         ZwRequestWaitReplyPort
SSDT            8BB9250B                                                                                                         ZwSetContextThread
SSDT            8BB92515                                                                                                         ZwSetSecurityObject
SSDT            8BB9251A                                                                                                         ZwSystemDebugControl
SSDT            8BB924A7                                                                                                         ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 215                                                                                    850C98D8 4 Bytes  [06, 25, B9, 8B]
.text           ntkrnlpa.exe!KeSetEvent + 539                                                                                    850C9BFC 4 Bytes  [10, 25, B9, 8B]
.text           ntkrnlpa.exe!KeSetEvent + 56D                                                                                    850C9C30 4 Bytes  [0B, 25, B9, 8B]
.text           ntkrnlpa.exe!KeSetEvent + 5D1                                                                                    850C9C94 4 Bytes  [15, 25, B9, 8B]
.text           ntkrnlpa.exe!KeSetEvent + 619                                                                                    850C9CDC 4 Bytes  [1A, 25, B9, 8B]
.text           ...                                                                                                              
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                         section is writeable [0x8EE0F000, 0x1F8A4C, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\Windows\Explorer.EXE[1616] ntdll.dll!NtCreateFile                                                             77684244 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\Explorer.EXE[1616] ntdll.dll!NtCreateFile + 4                                                         77684248 2 Bytes  [86, 71]
.text           C:\Windows\Explorer.EXE[1616] ntdll.dll!NtDeleteValueKey                                                         77684664 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\Explorer.EXE[1616] ntdll.dll!NtDeleteValueKey + 4                                                     77684668 2 Bytes  [8C, 71]
.text           C:\Windows\Explorer.EXE[1616] ntdll.dll!NtOpenFile                                                               77684A24 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\Explorer.EXE[1616] ntdll.dll!NtOpenFile + 4                                                           77684A28 2 Bytes  [83, 71]
.text           C:\Windows\Explorer.EXE[1616] ntdll.dll!NtOpenProcess                                                            77684AA4 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\Explorer.EXE[1616] ntdll.dll!NtOpenProcess + 4                                                        77684AA8 2 Bytes  [89, 71]
.text           C:\Windows\Explorer.EXE[1616] ntdll.dll!NtSetContextThread                                                       77685094 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\Explorer.EXE[1616] ntdll.dll!NtSetContextThread + 4                                                   77685098 2 Bytes  [80, 71]
.text           C:\Windows\Explorer.EXE[1616] ntdll.dll!NtSetValueKey                                                            776852C4 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\Explorer.EXE[1616] ntdll.dll!NtSetValueKey + 4                                                        776852C8 2 Bytes  [8F, 71]
.text           C:\Windows\Explorer.EXE[1616] kernel32.dll!LoadLibraryExW + 173                                                  763C93EF 4 Bytes  JMP 71AF000A 
.text           C:\Windows\Explorer.EXE[1616] ADVAPI32.dll!CreateServiceW                                                        765E9EB4 6 Bytes  JMP 7193000A 
.text           C:\Windows\Explorer.EXE[1616] ADVAPI32.dll!CreateServiceA                                                        766272A1 6 Bytes  JMP 7196000A 
.text           C:\Windows\Explorer.EXE[1616] USER32.dll!PostMessageA                                                            7614F8F8 6 Bytes  JMP 719C000A 
.text           C:\Windows\Explorer.EXE[1616] USER32.dll!SendMessageA                                                            7614F956 6 Bytes  JMP 71A2000A 
.text           C:\Windows\Explorer.EXE[1616] USER32.dll!PostMessageW                                                            7615A175 6 Bytes  JMP 7199000A 
.text           C:\Windows\Explorer.EXE[1616] USER32.dll!SendMessageW                                                            76160AED 6 Bytes  JMP 719F000A 
.text           C:\Windows\Explorer.EXE[1616] USER32.dll!mouse_event                                                             7617044E 6 Bytes  JMP 71AB000A 
.text           C:\Windows\Explorer.EXE[1616] USER32.dll!SendInput                                                               76172F75 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\Explorer.EXE[1616] USER32.dll!SendInput + 4                                                           76172F79 2 Bytes  [A4, 71]
.text           C:\Windows\Explorer.EXE[1616] USER32.dll!keybd_event                                                             7619D972 6 Bytes  JMP 71A8000A 
.text           C:\Windows\Explorer.EXE[1616] WS2_32.dll!GetAddrInfoW                                                            75EC3D12 6 Bytes  JMP 716C000A 
.text           C:\Windows\Explorer.EXE[1616] WS2_32.dll!connect                                                                 75EC40D9 6 Bytes  JMP 7175000A 
.text           C:\Windows\Explorer.EXE[1616] WS2_32.dll!listen                                                                  75EC8CD7 6 Bytes  JMP 7172000A 
.text           C:\Windows\Explorer.EXE[1616] WS2_32.dll!gethostbyname                                                           75ED62D4 6 Bytes  JMP 716F000A 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1684] ntdll.dll!NtCreateFile                       77684244 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1684] ntdll.dll!NtCreateFile + 4                   77684248 2 Bytes  [86, 71]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1684] ntdll.dll!NtDeleteValueKey                   77684664 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1684] ntdll.dll!NtDeleteValueKey + 4               77684668 2 Bytes  [8C, 71]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1684] ntdll.dll!NtOpenFile                         77684A24 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1684] ntdll.dll!NtOpenFile + 4                     77684A28 2 Bytes  [83, 71]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1684] ntdll.dll!NtOpenProcess                      77684AA4 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1684] ntdll.dll!NtOpenProcess + 4                  77684AA8 2 Bytes  [89, 71]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1684] ntdll.dll!NtSetContextThread                 77685094 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1684] ntdll.dll!NtSetContextThread + 4             77685098 2 Bytes  [80, 71]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1684] ntdll.dll!NtSetValueKey                      776852C4 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1684] ntdll.dll!NtSetValueKey + 4                  776852C8 2 Bytes  [8F, 71]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1684] KERNEL32.dll!LoadLibraryExW + 173            763C93EF 4 Bytes  JMP 71AF000A 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1684] USER32.dll!PostMessageA                      7614F8F8 6 Bytes  JMP 719C000A 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1684] USER32.dll!SendMessageA                      7614F956 6 Bytes  JMP 71A2000A 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1684] USER32.dll!PostMessageW                      7615A175 6 Bytes  JMP 7199000A 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1684] USER32.dll!SendMessageW                      76160AED 6 Bytes  JMP 719F000A 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1684] USER32.dll!mouse_event                       7617044E 6 Bytes  JMP 71AB000A 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1684] USER32.dll!SendInput                         76172F75 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1684] USER32.dll!SendInput + 4                     76172F79 2 Bytes  [A4, 71]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1684] USER32.dll!keybd_event                       7619D972 6 Bytes  JMP 71A8000A 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1684] ADVAPI32.dll!CreateServiceW                  765E9EB4 6 Bytes  JMP 7193000A 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1684] ADVAPI32.dll!CreateServiceA                  766272A1 6 Bytes  JMP 7196000A 
.text           C:\Windows\System32\mobsync.exe[2024] ntdll.dll!NtCreateFile                                                     77684244 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\System32\mobsync.exe[2024] ntdll.dll!NtCreateFile + 4                                                 77684248 2 Bytes  [86, 71]
.text           C:\Windows\System32\mobsync.exe[2024] ntdll.dll!NtDeleteValueKey                                                 77684664 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\System32\mobsync.exe[2024] ntdll.dll!NtDeleteValueKey + 4                                             77684668 2 Bytes  [8C, 71]
.text           C:\Windows\System32\mobsync.exe[2024] ntdll.dll!NtOpenFile                                                       77684A24 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\System32\mobsync.exe[2024] ntdll.dll!NtOpenFile + 4                                                   77684A28 2 Bytes  [83, 71]
.text           C:\Windows\System32\mobsync.exe[2024] ntdll.dll!NtOpenProcess                                                    77684AA4 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\System32\mobsync.exe[2024] ntdll.dll!NtOpenProcess + 4                                                77684AA8 2 Bytes  [89, 71]
.text           C:\Windows\System32\mobsync.exe[2024] ntdll.dll!NtSetContextThread                                               77685094 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\System32\mobsync.exe[2024] ntdll.dll!NtSetContextThread + 4                                           77685098 2 Bytes  [80, 71]
.text           C:\Windows\System32\mobsync.exe[2024] ntdll.dll!NtSetValueKey                                                    776852C4 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\System32\mobsync.exe[2024] ntdll.dll!NtSetValueKey + 4                                                776852C8 2 Bytes  [8F, 71]
.text           C:\Windows\System32\mobsync.exe[2024] kernel32.dll!LoadLibraryExW + 173                                          763C93EF 4 Bytes  JMP 71AF000A 
.text           C:\Windows\System32\mobsync.exe[2024] ADVAPI32.dll!CreateServiceW                                                765E9EB4 6 Bytes  JMP 7193000A 
.text           C:\Windows\System32\mobsync.exe[2024] ADVAPI32.dll!CreateServiceA                                                766272A1 6 Bytes  JMP 7196000A 
.text           C:\Windows\System32\mobsync.exe[2024] USER32.dll!PostMessageA                                                    7614F8F8 6 Bytes  JMP 719C000A 
.text           C:\Windows\System32\mobsync.exe[2024] USER32.dll!SendMessageA                                                    7614F956 6 Bytes  JMP 71A2000A 
.text           C:\Windows\System32\mobsync.exe[2024] USER32.dll!PostMessageW                                                    7615A175 6 Bytes  JMP 7199000A 
.text           C:\Windows\System32\mobsync.exe[2024] USER32.dll!SendMessageW                                                    76160AED 6 Bytes  JMP 719F000A 
.text           C:\Windows\System32\mobsync.exe[2024] USER32.dll!mouse_event                                                     7617044E 6 Bytes  JMP 71AB000A 
.text           C:\Windows\System32\mobsync.exe[2024] USER32.dll!SendInput                                                       76172F75 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\System32\mobsync.exe[2024] USER32.dll!SendInput + 4                                                   76172F79 2 Bytes  [A4, 71]
.text           C:\Windows\System32\mobsync.exe[2024] USER32.dll!keybd_event                                                     7619D972 6 Bytes  JMP 71A8000A 
.text           F:\Burger-inf\Suisa-Virus_Tools\q803md3v.exe[2068] ntdll.dll!NtCreateFile                                        77684244 3 Bytes  [FF, 25, 1E]
.text           F:\Burger-inf\Suisa-Virus_Tools\q803md3v.exe[2068] ntdll.dll!NtCreateFile + 4                                    77684248 2 Bytes  [86, 71]
.text           F:\Burger-inf\Suisa-Virus_Tools\q803md3v.exe[2068] ntdll.dll!NtDeleteValueKey                                    77684664 3 Bytes  [FF, 25, 1E]
.text           F:\Burger-inf\Suisa-Virus_Tools\q803md3v.exe[2068] ntdll.dll!NtDeleteValueKey + 4                                77684668 2 Bytes  [8C, 71]
.text           F:\Burger-inf\Suisa-Virus_Tools\q803md3v.exe[2068] ntdll.dll!NtOpenFile                                          77684A24 3 Bytes  [FF, 25, 1E]
.text           F:\Burger-inf\Suisa-Virus_Tools\q803md3v.exe[2068] ntdll.dll!NtOpenFile + 4                                      77684A28 2 Bytes  [83, 71]
.text           F:\Burger-inf\Suisa-Virus_Tools\q803md3v.exe[2068] ntdll.dll!NtOpenProcess                                       77684AA4 3 Bytes  [FF, 25, 1E]
.text           F:\Burger-inf\Suisa-Virus_Tools\q803md3v.exe[2068] ntdll.dll!NtOpenProcess + 4                                   77684AA8 2 Bytes  [89, 71]
.text           F:\Burger-inf\Suisa-Virus_Tools\q803md3v.exe[2068] ntdll.dll!NtSetContextThread                                  77685094 3 Bytes  [FF, 25, 1E]
.text           F:\Burger-inf\Suisa-Virus_Tools\q803md3v.exe[2068] ntdll.dll!NtSetContextThread + 4                              77685098 2 Bytes  [80, 71]
.text           F:\Burger-inf\Suisa-Virus_Tools\q803md3v.exe[2068] ntdll.dll!NtSetValueKey                                       776852C4 3 Bytes  [FF, 25, 1E]
.text           F:\Burger-inf\Suisa-Virus_Tools\q803md3v.exe[2068] ntdll.dll!NtSetValueKey + 4                                   776852C8 2 Bytes  [8F, 71]
.text           F:\Burger-inf\Suisa-Virus_Tools\q803md3v.exe[2068] kernel32.dll!LoadLibraryExW + 173                             763C93EF 4 Bytes  JMP 71AF000A 
.text           F:\Burger-inf\Suisa-Virus_Tools\q803md3v.exe[2068] USER32.dll!PostMessageA                                       7614F8F8 6 Bytes  JMP 719C000A 
.text           F:\Burger-inf\Suisa-Virus_Tools\q803md3v.exe[2068] USER32.dll!SendMessageA                                       7614F956 6 Bytes  JMP 71A2000A 
.text           F:\Burger-inf\Suisa-Virus_Tools\q803md3v.exe[2068] USER32.dll!PostMessageW                                       7615A175 6 Bytes  JMP 7199000A 
.text           F:\Burger-inf\Suisa-Virus_Tools\q803md3v.exe[2068] USER32.dll!SendMessageW                                       76160AED 6 Bytes  JMP 719F000A 
.text           F:\Burger-inf\Suisa-Virus_Tools\q803md3v.exe[2068] USER32.dll!mouse_event                                        7617044E 6 Bytes  JMP 71AB000A 
.text           F:\Burger-inf\Suisa-Virus_Tools\q803md3v.exe[2068] USER32.dll!SendInput                                          76172F75 3 Bytes  [FF, 25, 1E]
.text           F:\Burger-inf\Suisa-Virus_Tools\q803md3v.exe[2068] USER32.dll!SendInput + 4                                      76172F79 2 Bytes  [A4, 71]
.text           F:\Burger-inf\Suisa-Virus_Tools\q803md3v.exe[2068] USER32.dll!keybd_event                                        7619D972 6 Bytes  JMP 71A8000A 
.text           F:\Burger-inf\Suisa-Virus_Tools\q803md3v.exe[2068] ADVAPI32.dll!CreateServiceW                                   765E9EB4 6 Bytes  JMP 7193000A 
.text           F:\Burger-inf\Suisa-Virus_Tools\q803md3v.exe[2068] ADVAPI32.dll!CreateServiceA                                   766272A1 6 Bytes  JMP 7196000A 
.text           C:\Windows\system32\taskeng.exe[2356] ntdll.dll!NtCreateFile                                                     77684244 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\taskeng.exe[2356] ntdll.dll!NtCreateFile + 4                                                 77684248 2 Bytes  [86, 71]
.text           C:\Windows\system32\taskeng.exe[2356] ntdll.dll!NtDeleteValueKey                                                 77684664 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\taskeng.exe[2356] ntdll.dll!NtDeleteValueKey + 4                                             77684668 2 Bytes  [8C, 71]
.text           C:\Windows\system32\taskeng.exe[2356] ntdll.dll!NtOpenFile                                                       77684A24 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\taskeng.exe[2356] ntdll.dll!NtOpenFile + 4                                                   77684A28 2 Bytes  [83, 71]
.text           C:\Windows\system32\taskeng.exe[2356] ntdll.dll!NtOpenProcess                                                    77684AA4 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\taskeng.exe[2356] ntdll.dll!NtOpenProcess + 4                                                77684AA8 2 Bytes  [89, 71]
.text           C:\Windows\system32\taskeng.exe[2356] ntdll.dll!NtSetContextThread                                               77685094 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\taskeng.exe[2356] ntdll.dll!NtSetContextThread + 4                                           77685098 2 Bytes  [80, 71]
.text           C:\Windows\system32\taskeng.exe[2356] ntdll.dll!NtSetValueKey                                                    776852C4 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\taskeng.exe[2356] ntdll.dll!NtSetValueKey + 4                                                776852C8 2 Bytes  [8F, 71]
.text           C:\Windows\system32\taskeng.exe[2356] kernel32.dll!LoadLibraryExW + 173                                          763C93EF 4 Bytes  JMP 71AF000A 
.text           C:\Windows\system32\taskeng.exe[2356] ADVAPI32.dll!CreateServiceW                                                765E9EB4 6 Bytes  JMP 7193000A 
.text           C:\Windows\system32\taskeng.exe[2356] ADVAPI32.dll!CreateServiceA                                                766272A1 6 Bytes  JMP 7196000A 
.text           C:\Windows\system32\taskeng.exe[2356] USER32.dll!PostMessageA                                                    7614F8F8 6 Bytes  JMP 719C000A 
.text           C:\Windows\system32\taskeng.exe[2356] USER32.dll!SendMessageA                                                    7614F956 6 Bytes  JMP 71A2000A 
.text           C:\Windows\system32\taskeng.exe[2356] USER32.dll!PostMessageW                                                    7615A175 6 Bytes  JMP 7199000A 
.text           C:\Windows\system32\taskeng.exe[2356] USER32.dll!SendMessageW                                                    76160AED 6 Bytes  JMP 719F000A 
.text           C:\Windows\system32\taskeng.exe[2356] USER32.dll!mouse_event                                                     7617044E 6 Bytes  JMP 71AB000A 
.text           C:\Windows\system32\taskeng.exe[2356] USER32.dll!SendInput                                                       76172F75 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\taskeng.exe[2356] USER32.dll!SendInput + 4                                                   76172F79 2 Bytes  [A4, 71]
.text           C:\Windows\system32\taskeng.exe[2356] USER32.dll!keybd_event                                                     7619D972 6 Bytes  JMP 71A8000A 
.text           C:\Windows\system32\taskeng.exe[2356] WS2_32.dll!GetAddrInfoW                                                    75EC3D12 6 Bytes  JMP 7175000A 
.text           C:\Windows\system32\taskeng.exe[2356] WS2_32.dll!connect                                                         75EC40D9 6 Bytes  JMP 717E000A 
.text           C:\Windows\system32\taskeng.exe[2356] WS2_32.dll!listen                                                          75EC8CD7 6 Bytes  JMP 717B000A 
.text           C:\Windows\system32\taskeng.exe[2356] WS2_32.dll!gethostbyname                                                   75ED62D4 6 Bytes  JMP 7178000A 
.text           C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2644] ntdll.dll!NtCreateFile                             77684244 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2644] ntdll.dll!NtCreateFile + 4                         77684248 2 Bytes  [86, 71]
.text           C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2644] ntdll.dll!NtDeleteValueKey                         77684664 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2644] ntdll.dll!NtDeleteValueKey + 4                     77684668 2 Bytes  [8C, 71]
.text           C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2644] ntdll.dll!NtOpenFile                               77684A24 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2644] ntdll.dll!NtOpenFile + 4                           77684A28 2 Bytes  [83, 71]
.text           C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2644] ntdll.dll!NtOpenProcess                            77684AA4 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2644] ntdll.dll!NtOpenProcess + 4                        77684AA8 2 Bytes  [89, 71]
.text           C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2644] ntdll.dll!NtSetContextThread                       77685094 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2644] ntdll.dll!NtSetContextThread + 4                   77685098 2 Bytes  [80, 71]
.text           C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2644] ntdll.dll!NtSetValueKey                            776852C4 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2644] ntdll.dll!NtSetValueKey + 4                        776852C8 2 Bytes  [8F, 71]
.text           C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2644] kernel32.dll!LoadLibraryExW + 173                  763C93EF 4 Bytes  JMP 71AF000A 
.text           C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2644] USER32.dll!PostMessageA                            7614F8F8 6 Bytes  JMP 719C000A 
.text           C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2644] USER32.dll!SendMessageA                            7614F956 6 Bytes  JMP 71A2000A 
.text           C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2644] USER32.dll!PostMessageW                            7615A175 6 Bytes  JMP 7199000A 
.text           C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2644] USER32.dll!SendMessageW                            76160AED 6 Bytes  JMP 719F000A 
.text           C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2644] USER32.dll!mouse_event                             7617044E 6 Bytes  JMP 71AB000A 
.text           C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2644] USER32.dll!SendInput                               76172F75 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2644] USER32.dll!SendInput + 4                           76172F79 2 Bytes  [A4, 71]
.text           C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2644] USER32.dll!keybd_event                             7619D972 6 Bytes  JMP 71A8000A 
.text           C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2644] ADVAPI32.dll!CreateServiceW                        765E9EB4 6 Bytes  JMP 7193000A 
.text           C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2644] ADVAPI32.dll!CreateServiceA                        766272A1 6 Bytes  JMP 7196000A 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2676] ntdll.dll!NtCreateFile                                    77684244 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2676] ntdll.dll!NtCreateFile + 4                                77684248 2 Bytes  [86, 71]
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2676] ntdll.dll!NtDeleteValueKey                                77684664 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2676] ntdll.dll!NtDeleteValueKey + 4                            77684668 2 Bytes  [8C, 71]
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2676] ntdll.dll!NtOpenFile                                      77684A24 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2676] ntdll.dll!NtOpenFile + 4                                  77684A28 2 Bytes  [83, 71]
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2676] ntdll.dll!NtOpenProcess                                   77684AA4 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2676] ntdll.dll!NtOpenProcess + 4                               77684AA8 2 Bytes  [89, 71]
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2676] ntdll.dll!NtSetContextThread                              77685094 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2676] ntdll.dll!NtSetContextThread + 4                          77685098 2 Bytes  [80, 71]
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2676] ntdll.dll!NtSetValueKey                                   776852C4 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2676] ntdll.dll!NtSetValueKey + 4                               776852C8 2 Bytes  [8F, 71]
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2676] kernel32.dll!LoadLibraryExW + 173                         763C93EF 4 Bytes  JMP 71AF000A 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2676] USER32.dll!PostMessageA                                   7614F8F8 6 Bytes  JMP 719C000A 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2676] USER32.dll!SendMessageA                                   7614F956 6 Bytes  JMP 71A2000A 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2676] USER32.dll!PostMessageW                                   7615A175 6 Bytes  JMP 7199000A 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2676] USER32.dll!SendMessageW                                   76160AED 6 Bytes  JMP 719F000A 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2676] USER32.dll!mouse_event                                    7617044E 6 Bytes  JMP 71AB000A 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2676] USER32.dll!SendInput                                      76172F75 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2676] USER32.dll!SendInput + 4                                  76172F79 2 Bytes  [A4, 71]
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2676] USER32.dll!keybd_event                                    7619D972 6 Bytes  JMP 71A8000A 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2676] ADVAPI32.dll!CreateServiceW                               765E9EB4 6 Bytes  JMP 7193000A 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2676] ADVAPI32.dll!CreateServiceA                               766272A1 6 Bytes  JMP 7196000A 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2676] WS2_32.dll!GetAddrInfoW                                   75EC3D12 6 Bytes  JMP 7175000A 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2676] WS2_32.dll!connect                                        75EC40D9 6 Bytes  JMP 717E000A 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2676] WS2_32.dll!listen                                         75EC8CD7 6 Bytes  JMP 717B000A 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2676] WS2_32.dll!gethostbyname                                  75ED62D4 6 Bytes  JMP 7178000A 
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3048] ntdll.dll!NtCreateFile                                  77684244 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3048] ntdll.dll!NtCreateFile + 4                              77684248 2 Bytes  [86, 71]
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3048] ntdll.dll!NtDeleteValueKey                              77684664 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3048] ntdll.dll!NtDeleteValueKey + 4                          77684668 2 Bytes  [8C, 71]
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3048] ntdll.dll!NtOpenFile                                    77684A24 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3048] ntdll.dll!NtOpenFile + 4                                77684A28 2 Bytes  [83, 71]
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3048] ntdll.dll!NtOpenProcess                                 77684AA4 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3048] ntdll.dll!NtOpenProcess + 4                             77684AA8 2 Bytes  [89, 71]
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3048] ntdll.dll!NtSetContextThread                            77685094 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3048] ntdll.dll!NtSetContextThread + 4                        77685098 2 Bytes  [80, 71]
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3048] ntdll.dll!NtSetValueKey                                 776852C4 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3048] ntdll.dll!NtSetValueKey + 4                             776852C8 2 Bytes  [8F, 71]
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3048] kernel32.dll!LoadLibraryExW + 173                       763C93EF 4 Bytes  JMP 71AF000A 
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3048] ADVAPI32.dll!CreateServiceW                             765E9EB4 6 Bytes  JMP 7193000A 
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3048] ADVAPI32.dll!CreateServiceA                             766272A1 6 Bytes  JMP 7196000A 
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3048] USER32.dll!PostMessageA                                 7614F8F8 6 Bytes  JMP 719C000A 
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3048] USER32.dll!SendMessageA                                 7614F956 6 Bytes  JMP 71A2000A 
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3048] USER32.dll!PostMessageW                                 7615A175 6 Bytes  JMP 7199000A 
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3048] USER32.dll!SendMessageW                                 76160AED 6 Bytes  JMP 719F000A 
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3048] USER32.dll!mouse_event                                  7617044E 6 Bytes  JMP 71AB000A 
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3048] USER32.dll!SendInput                                    76172F75 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3048] USER32.dll!SendInput + 4                                76172F79 2 Bytes  [A4, 71]
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3048] USER32.dll!keybd_event                                  7619D972 6 Bytes  JMP 71A8000A 
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3048] WS2_32.dll!GetAddrInfoW                                 75EC3D12 6 Bytes  JMP 7175000A 
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3048] WS2_32.dll!connect                                      75EC40D9 6 Bytes  JMP 717E000A 
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3048] WS2_32.dll!listen                                       75EC8CD7 6 Bytes  JMP 717B000A 
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3048] WS2_32.dll!gethostbyname                                75ED62D4 6 Bytes  JMP 7178000A 
.text           C:\Program Files\Analog Devices\Core\smax4pnp.exe[3276] ntdll.dll!NtCreateFile                                   77684244 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Analog Devices\Core\smax4pnp.exe[3276] ntdll.dll!NtCreateFile + 4                               77684248 2 Bytes  [80, 71]
.text           C:\Program Files\Analog Devices\Core\smax4pnp.exe[3276] ntdll.dll!NtDeleteValueKey                               77684664 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Analog Devices\Core\smax4pnp.exe[3276] ntdll.dll!NtDeleteValueKey + 4                           77684668 2 Bytes  [86, 71]
.text           C:\Program Files\Analog Devices\Core\smax4pnp.exe[3276] ntdll.dll!NtOpenFile                                     77684A24 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Analog Devices\Core\smax4pnp.exe[3276] ntdll.dll!NtOpenFile + 4                                 77684A28 2 Bytes  [7D, 71] {JGE 0x73}
.text           C:\Program Files\Analog Devices\Core\smax4pnp.exe[3276] ntdll.dll!NtOpenProcess                                  77684AA4 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Analog Devices\Core\smax4pnp.exe[3276] ntdll.dll!NtOpenProcess + 4                              77684AA8 2 Bytes  [83, 71]
.text           C:\Program Files\Analog Devices\Core\smax4pnp.exe[3276] ntdll.dll!NtSetContextThread                             77685094 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Analog Devices\Core\smax4pnp.exe[3276] ntdll.dll!NtSetContextThread + 4                         77685098 2 Bytes  [7A, 71] {JP 0x73}
.text           C:\Program Files\Analog Devices\Core\smax4pnp.exe[3276] ntdll.dll!NtSetValueKey                                  776852C4 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Analog Devices\Core\smax4pnp.exe[3276] ntdll.dll!NtSetValueKey + 4                              776852C8 2 Bytes  [89, 71]
.text           C:\Program Files\Analog Devices\Core\smax4pnp.exe[3276] kernel32.dll!LoadLibraryExW + 173                        763C93EF 4 Bytes  JMP 71AF000A 
.text           C:\Program Files\Analog Devices\Core\smax4pnp.exe[3276] ADVAPI32.dll!CreateServiceW                              765E9EB4 6 Bytes  JMP 718D000A 
.text           C:\Program Files\Analog Devices\Core\smax4pnp.exe[3276] ADVAPI32.dll!CreateServiceA                              766272A1 6 Bytes  JMP 7190000A 
.text           C:\Program Files\Analog Devices\Core\smax4pnp.exe[3276] USER32.dll!PostMessageA                                  7614F8F8 6 Bytes  JMP 7196000A 
.text           C:\Program Files\Analog Devices\Core\smax4pnp.exe[3276] USER32.dll!SendMessageA                                  7614F956 6 Bytes  JMP 719C000A 
.text           C:\Program Files\Analog Devices\Core\smax4pnp.exe[3276] USER32.dll!PostMessageW                                  7615A175 6 Bytes  JMP 7193000A 
.text           C:\Program Files\Analog Devices\Core\smax4pnp.exe[3276] USER32.dll!SendMessageW                                  76160AED 6 Bytes  JMP 7199000A 
.text           C:\Program Files\Analog Devices\Core\smax4pnp.exe[3276] USER32.dll!mouse_event                                   7617044E 6 Bytes  JMP 71A5000A 
.text           C:\Program Files\Analog Devices\Core\smax4pnp.exe[3276] USER32.dll!SendInput                                     76172F75 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Analog Devices\Core\smax4pnp.exe[3276] USER32.dll!SendInput + 4                                 76172F79 2 Bytes  [9E, 71]
.text           C:\Program Files\Analog Devices\Core\smax4pnp.exe[3276] USER32.dll!keybd_event                                   7619D972 6 Bytes  JMP 71A2000A 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3304] ntdll.dll!NtCreateFile                                        77684244 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3304] ntdll.dll!NtCreateFile + 4                                    77684248 2 Bytes  [7A, 71] {JP 0x73}
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3304] ntdll.dll!NtDeleteValueKey                                    77684664 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3304] ntdll.dll!NtDeleteValueKey + 4                                77684668 2 Bytes  [80, 71]
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3304] ntdll.dll!NtOpenFile                                          77684A24 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3304] ntdll.dll!NtOpenFile + 4                                      77684A28 2 Bytes  [77, 71] {JA 0x73}
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3304] ntdll.dll!NtOpenProcess                                       77684AA4 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3304] ntdll.dll!NtOpenProcess + 4                                   77684AA8 2 Bytes  [7D, 71] {JGE 0x73}
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3304] ntdll.dll!NtSetContextThread                                  77685094 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3304] ntdll.dll!NtSetContextThread + 4                              77685098 2 Bytes  [74, 71] {JZ 0x73}
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3304] ntdll.dll!NtSetValueKey                                       776852C4 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3304] ntdll.dll!NtSetValueKey + 4                                   776852C8 2 Bytes  [83, 71]
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3304] kernel32.dll!LoadLibraryExW + 173                             763C93EF 4 Bytes  JMP 71AF000A 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3304] ADVAPI32.dll!CreateServiceW                                   765E9EB4 6 Bytes  JMP 7187000A 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3304] ADVAPI32.dll!CreateServiceA                                   766272A1 6 Bytes  JMP 718A000A 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3304] USER32.dll!PostMessageA                                       7614F8F8 6 Bytes  JMP 7190000A 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3304] USER32.dll!SendMessageA                                       7614F956 6 Bytes  JMP 7196000A 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3304] USER32.dll!PostMessageW                                       7615A175 6 Bytes  JMP 718D000A 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3304] USER32.dll!SendMessageW                                       76160AED 6 Bytes  JMP 7193000A 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3304] USER32.dll!mouse_event                                        7617044E 6 Bytes  JMP 719F000A 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3304] USER32.dll!SendInput                                          76172F75 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3304] USER32.dll!SendInput + 4                                      76172F79 2 Bytes  [98, 71]
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3304] USER32.dll!keybd_event                                        7619D972 6 Bytes  JMP 719C000A 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3304] WS2_32.dll!GetAddrInfoW                                       75EC3D12 6 Bytes  JMP 71A2000A 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3304] WS2_32.dll!connect                                            75EC40D9 6 Bytes  JMP 71AB000A 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3304] WS2_32.dll!listen                                             75EC8CD7 6 Bytes  JMP 71A8000A 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3304] WS2_32.dll!gethostbyname                                      75ED62D4 6 Bytes  JMP 71A5000A 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3312] ntdll.dll!NtCreateFile                       77684244 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3312] ntdll.dll!NtCreateFile + 4                   77684248 2 Bytes  [86, 71]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3312] ntdll.dll!NtDeleteValueKey                   77684664 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3312] ntdll.dll!NtDeleteValueKey + 4               77684668 2 Bytes  [8C, 71]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3312] ntdll.dll!NtOpenFile                         77684A24 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3312] ntdll.dll!NtOpenFile + 4                     77684A28 2 Bytes  [83, 71]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3312] ntdll.dll!NtOpenProcess                      77684AA4 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3312] ntdll.dll!NtOpenProcess + 4                  77684AA8 2 Bytes  [89, 71]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3312] ntdll.dll!NtSetContextThread                 77685094 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3312] ntdll.dll!NtSetContextThread + 4             77685098 2 Bytes  [80, 71]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3312] ntdll.dll!NtSetValueKey                      776852C4 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3312] ntdll.dll!NtSetValueKey + 4                  776852C8 2 Bytes  [8F, 71]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3312] KERNEL32.dll!LoadLibraryExW + 173            763C93EF 4 Bytes  JMP 71AF000A 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3312] USER32.dll!PostMessageA                      7614F8F8 6 Bytes  JMP 719C000A 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3312] USER32.dll!SendMessageA                      7614F956 6 Bytes  JMP 71A2000A 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3312] USER32.dll!PostMessageW                      7615A175 6 Bytes  JMP 7199000A 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3312] USER32.dll!SendMessageW                      76160AED 6 Bytes  JMP 719F000A 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3312] USER32.dll!mouse_event                       7617044E 6 Bytes  JMP 71AB000A 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3312] USER32.dll!SendInput                         76172F75 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3312] USER32.dll!SendInput + 4                     76172F79 2 Bytes  [A4, 71]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3312] USER32.dll!keybd_event                       7619D972 6 Bytes  JMP 71A8000A 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3312] ADVAPI32.dll!CreateServiceW                  765E9EB4 6 Bytes  JMP 7193000A 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3312] ADVAPI32.dll!CreateServiceA                  766272A1 6 Bytes  JMP 7196000A 
.text           C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3376] ntdll.dll!NtCreateFile                                77684244 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3376] ntdll.dll!NtCreateFile + 4                            77684248 2 Bytes  [86, 71]
.text           C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3376] ntdll.dll!NtDeleteValueKey                            77684664 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3376] ntdll.dll!NtDeleteValueKey + 4                        77684668 2 Bytes  [8C, 71]
.text           C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3376] ntdll.dll!NtOpenFile                                  77684A24 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3376] ntdll.dll!NtOpenFile + 4                              77684A28 2 Bytes  [83, 71]
.text           C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3376] ntdll.dll!NtOpenProcess                               77684AA4 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3376] ntdll.dll!NtOpenProcess + 4                           77684AA8 2 Bytes  [89, 71]
.text           C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3376] ntdll.dll!NtSetContextThread                          77685094 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3376] ntdll.dll!NtSetContextThread + 4                      77685098 2 Bytes  [80, 71]
.text           C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3376] ntdll.dll!NtSetValueKey                               776852C4 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3376] ntdll.dll!NtSetValueKey + 4                           776852C8 2 Bytes  [8F, 71]
.text           C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3376] kernel32.dll!LoadLibraryExW + 173                     763C93EF 4 Bytes  JMP 71AF000A 
.text           C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3376] USER32.dll!PostMessageA                               7614F8F8 6 Bytes  JMP 719C000A 
.text           C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3376] USER32.dll!SendMessageA                               7614F956 6 Bytes  JMP 71A2000A 
.text           C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3376] USER32.dll!PostMessageW                               7615A175 6 Bytes  JMP 7199000A 
.text           C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3376] USER32.dll!SendMessageW                               76160AED 6 Bytes  JMP 719F000A 
.text           C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3376] USER32.dll!mouse_event                                7617044E 6 Bytes  JMP 71AB000A 
.text           C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3376] USER32.dll!SendInput                                  76172F75 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3376] USER32.dll!SendInput + 4                              76172F79 2 Bytes  [A4, 71]
.text           C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3376] USER32.dll!keybd_event                                7619D972 6 Bytes  JMP 71A8000A 
.text           C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3376] ADVAPI32.dll!CreateServiceW                           765E9EB4 6 Bytes  JMP 7193000A 
.text           C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3376] ADVAPI32.dll!CreateServiceA                           766272A1 6 Bytes  JMP 7196000A 
.text           C:\Windows\system32\Dwm.exe[3416] ntdll.dll!NtCreateFile                                                         77684244 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\Dwm.exe[3416] ntdll.dll!NtCreateFile + 4                                                     77684248 2 Bytes  [86, 71]
.text           C:\Windows\system32\Dwm.exe[3416] ntdll.dll!NtDeleteValueKey                                                     77684664 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\Dwm.exe[3416] ntdll.dll!NtDeleteValueKey + 4                                                 77684668 2 Bytes  [8C, 71]
.text           C:\Windows\system32\Dwm.exe[3416] ntdll.dll!NtOpenFile                                                           77684A24 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\Dwm.exe[3416] ntdll.dll!NtOpenFile + 4                                                       77684A28 2 Bytes  [83, 71]
.text           C:\Windows\system32\Dwm.exe[3416] ntdll.dll!NtOpenProcess                                                        77684AA4 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\Dwm.exe[3416] ntdll.dll!NtOpenProcess + 4                                                    77684AA8 2 Bytes  [89, 71]
.text           C:\Windows\system32\Dwm.exe[3416] ntdll.dll!NtSetContextThread                                                   77685094 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\Dwm.exe[3416] ntdll.dll!NtSetContextThread + 4                                               77685098 2 Bytes  [80, 71]
.text           C:\Windows\system32\Dwm.exe[3416] ntdll.dll!NtSetValueKey                                                        776852C4 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\Dwm.exe[3416] ntdll.dll!NtSetValueKey + 4                                                    776852C8 2 Bytes  [8F, 71]
.text           C:\Windows\system32\Dwm.exe[3416] kernel32.dll!LoadLibraryExW + 173                                              763C93EF 4 Bytes  JMP 71AF000A 
.text           C:\Windows\system32\Dwm.exe[3416] ADVAPI32.dll!CreateServiceW                                                    765E9EB4 6 Bytes  JMP 7193000A 
.text           C:\Windows\system32\Dwm.exe[3416] ADVAPI32.dll!CreateServiceA                                                    766272A1 6 Bytes  JMP 7196000A 
.text           C:\Windows\system32\Dwm.exe[3416] USER32.dll!PostMessageA                                                        7614F8F8 6 Bytes  JMP 719C000A 
.text           C:\Windows\system32\Dwm.exe[3416] USER32.dll!SendMessageA                                                        7614F956 6 Bytes  JMP 71A2000A 
.text           C:\Windows\system32\Dwm.exe[3416] USER32.dll!PostMessageW                                                        7615A175 6 Bytes  JMP 7199000A 
.text           C:\Windows\system32\Dwm.exe[3416] USER32.dll!SendMessageW                                                        76160AED 6 Bytes  JMP 719F000A 
.text           C:\Windows\system32\Dwm.exe[3416] USER32.dll!mouse_event                                                         7617044E 6 Bytes  JMP 71AB000A 
.text           C:\Windows\system32\Dwm.exe[3416] USER32.dll!SendInput                                                           76172F75 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\Dwm.exe[3416] USER32.dll!SendInput + 4                                                       76172F79 2 Bytes  [A4, 71]
.text           C:\Windows\system32\Dwm.exe[3416] USER32.dll!keybd_event                                                         7619D972 6 Bytes  JMP 71A8000A 
.text           C:\Windows\system32\Dwm.exe[3416] WS2_32.dll!GetAddrInfoW                                                        75EC3D12 6 Bytes  JMP 7175000A 
.text           C:\Windows\system32\Dwm.exe[3416] WS2_32.dll!connect                                                             75EC40D9 6 Bytes  JMP 717E000A 
.text           C:\Windows\system32\Dwm.exe[3416] WS2_32.dll!listen                                                              75EC8CD7 6 Bytes  JMP 717B000A 
.text           C:\Windows\system32\Dwm.exe[3416] WS2_32.dll!gethostbyname                                                       75ED62D4 6 Bytes  JMP 7178000A 
.text           C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3584] ntdll.dll!NtCreateFile                77684244 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3584] ntdll.dll!NtCreateFile + 4            77684248 2 Bytes  [86, 71]
.text           C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3584] ntdll.dll!NtDeleteValueKey            77684664 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3584] ntdll.dll!NtDeleteValueKey + 4        77684668 2 Bytes  [8C, 71]
.text           C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3584] ntdll.dll!NtOpenFile                  77684A24 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3584] ntdll.dll!NtOpenFile + 4              77684A28 2 Bytes  [83, 71]
.text           C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3584] ntdll.dll!NtOpenProcess               77684AA4 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3584] ntdll.dll!NtOpenProcess + 4           77684AA8 2 Bytes  [89, 71]
.text           C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3584] ntdll.dll!NtSetContextThread          77685094 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3584] ntdll.dll!NtSetContextThread + 4      77685098 2 Bytes  [80, 71]
.text           C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3584] ntdll.dll!NtSetValueKey               776852C4 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3584] ntdll.dll!NtSetValueKey + 4           776852C8 2 Bytes  [8F, 71]
.text           C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3584] kernel32.dll!LoadLibraryExW + 173     763C93EF 4 Bytes  JMP 71AF000A 
.text           C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3584] USER32.dll!PostMessageA               7614F8F8 6 Bytes  JMP 719C000A 
.text           C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3584] USER32.dll!SendMessageA               7614F956 6 Bytes  JMP 71A2000A 
.text           C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3584] USER32.dll!PostMessageW               7615A175 6 Bytes  JMP 7199000A 
.text           C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3584] USER32.dll!SendMessageW               76160AED 6 Bytes  JMP 719F000A 
.text           C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3584] USER32.dll!mouse_event                7617044E 6 Bytes  JMP 71AB000A 
.text           C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3584] USER32.dll!SendInput                  76172F75 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3584] USER32.dll!SendInput + 4              76172F79 2 Bytes  [A4, 71]
.text           C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3584] USER32.dll!keybd_event                7619D972 6 Bytes  JMP 71A8000A 
.text           C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3584] ADVAPI32.dll!CreateServiceW           765E9EB4 6 Bytes  JMP 7193000A 
.text           C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3584] ADVAPI32.dll!CreateServiceA           766272A1 6 Bytes  JMP 7196000A 
.text           C:\Program Files\Windows Defender\MSASCui.exe[3612] ntdll.dll!NtCreateFile                                       77684244 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Windows Defender\MSASCui.exe[3612] ntdll.dll!NtCreateFile + 4                                   77684248 2 Bytes  [86, 71]
.text           C:\Program Files\Windows Defender\MSASCui.exe[3612] ntdll.dll!NtDeleteValueKey                                   77684664 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Windows Defender\MSASCui.exe[3612] ntdll.dll!NtDeleteValueKey + 4                               77684668 2 Bytes  [8C, 71]
.text           C:\Program Files\Windows Defender\MSASCui.exe[3612] ntdll.dll!NtOpenFile                                         77684A24 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Windows Defender\MSASCui.exe[3612] ntdll.dll!NtOpenFile + 4                                     77684A28 2 Bytes  [83, 71]
.text           C:\Program Files\Windows Defender\MSASCui.exe[3612] ntdll.dll!NtOpenProcess                                      77684AA4 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Windows Defender\MSASCui.exe[3612] ntdll.dll!NtOpenProcess + 4                                  77684AA8 2 Bytes  [89, 71]
.text           C:\Program Files\Windows Defender\MSASCui.exe[3612] ntdll.dll!NtSetContextThread                                 77685094 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Windows Defender\MSASCui.exe[3612] ntdll.dll!NtSetContextThread + 4                             77685098 2 Bytes  [80, 71]
.text           C:\Program Files\Windows Defender\MSASCui.exe[3612] ntdll.dll!NtSetValueKey                                      776852C4 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Windows Defender\MSASCui.exe[3612] ntdll.dll!NtSetValueKey + 4                                  776852C8 2 Bytes  [8F, 71]
.text           C:\Program Files\Windows Defender\MSASCui.exe[3612] kernel32.dll!LoadLibraryExW + 173                            763C93EF 4 Bytes  JMP 71AF000A 
.text           C:\Program Files\Windows Defender\MSASCui.exe[3612] ADVAPI32.dll!CreateServiceW                                  765E9EB4 6 Bytes  JMP 7193000A 
.text           C:\Program Files\Windows Defender\MSASCui.exe[3612] ADVAPI32.dll!CreateServiceA                                  766272A1 6 Bytes  JMP 7196000A 
.text           C:\Program Files\Windows Defender\MSASCui.exe[3612] USER32.dll!PostMessageA                                      7614F8F8 6 Bytes  JMP 719C000A 
.text           C:\Program Files\Windows Defender\MSASCui.exe[3612] USER32.dll!SendMessageA                                      7614F956 6 Bytes  JMP 71A2000A 
.text           C:\Program Files\Windows Defender\MSASCui.exe[3612] USER32.dll!PostMessageW                                      7615A175 6 Bytes  JMP 7199000A 
.text           C:\Program Files\Windows Defender\MSASCui.exe[3612] USER32.dll!SendMessageW                                      76160AED 6 Bytes  JMP 719F000A 
.text           C:\Program Files\Windows Defender\MSASCui.exe[3612] USER32.dll!mouse_event                                       7617044E 6 Bytes  JMP 71AB000A 
.text           C:\Program Files\Windows Defender\MSASCui.exe[3612] USER32.dll!SendInput                                         76172F75 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Windows Defender\MSASCui.exe[3612] USER32.dll!SendInput + 4                                     76172F79 2 Bytes  [A4, 71]
.text           C:\Program Files\Windows Defender\MSASCui.exe[3612] USER32.dll!keybd_event                                       7619D972 6 Bytes  JMP 71A8000A 
.text           C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3816] ntdll.dll!NtCreateFile                                77684244 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3816] ntdll.dll!NtCreateFile + 4                            77684248 2 Bytes  [86, 71]
.text           C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3816] ntdll.dll!NtDeleteValueKey                            77684664 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3816] ntdll.dll!NtDeleteValueKey + 4                        77684668 2 Bytes  [8C, 71]
.text           C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3816] ntdll.dll!NtOpenFile                                  77684A24 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3816] ntdll.dll!NtOpenFile + 4                              77684A28 2 Bytes  [83, 71]
.text           C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3816] ntdll.dll!NtOpenProcess                               77684AA4 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3816] ntdll.dll!NtOpenProcess + 4                           77684AA8 2 Bytes  [89, 71]
.text           C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3816] ntdll.dll!NtSetContextThread                          77685094 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3816] ntdll.dll!NtSetContextThread + 4                      77685098 2 Bytes  [80, 71]
.text           C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3816] ntdll.dll!NtSetValueKey                               776852C4 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3816] ntdll.dll!NtSetValueKey + 4                           776852C8 2 Bytes  [8F, 71]
.text           C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3816] kernel32.dll!LoadLibraryExW + 173                     763C93EF 4 Bytes  JMP 71AF000A 
.text           C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3816] USER32.dll!PostMessageA                               7614F8F8 6 Bytes  JMP 719C000A 
.text           C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3816] USER32.dll!SendMessageA                               7614F956 6 Bytes  JMP 71A2000A 
.text           C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3816] USER32.dll!PostMessageW                               7615A175 6 Bytes  JMP 7199000A 
.text           C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3816] USER32.dll!SendMessageW                               76160AED 6 Bytes  JMP 719F000A 
.text           C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3816] USER32.dll!mouse_event                                7617044E 6 Bytes  JMP 71AB000A 
.text           C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3816] USER32.dll!SendInput                                  76172F75 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3816] USER32.dll!SendInput + 4                              76172F79 2 Bytes  [A4, 71]
.text           C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3816] USER32.dll!keybd_event                                7619D972 6 Bytes  JMP 71A8000A 
.text           C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3816] ADVAPI32.dll!CreateServiceW                           765E9EB4 6 Bytes  JMP 7193000A 
.text           C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3816] ADVAPI32.dll!CreateServiceA                           766272A1 6 Bytes  JMP 7196000A 
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4016] ntdll.dll!NtCreateFile             77684244 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4016] ntdll.dll!NtCreateFile + 4         77684248 2 Bytes  [86, 71]
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4016] ntdll.dll!NtDeleteValueKey         77684664 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4016] ntdll.dll!NtDeleteValueKey + 4     77684668 2 Bytes  [8C, 71]
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4016] ntdll.dll!NtOpenFile               77684A24 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4016] ntdll.dll!NtOpenFile + 4           77684A28 2 Bytes  [83, 71]
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4016] ntdll.dll!NtOpenProcess            77684AA4 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4016] ntdll.dll!NtOpenProcess + 4        77684AA8 2 Bytes  [89, 71]
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4016] ntdll.dll!NtSetContextThread       77685094 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4016] ntdll.dll!NtSetContextThread + 4   77685098 2 Bytes  [80, 71]
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4016] ntdll.dll!NtSetValueKey            776852C4 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4016] ntdll.dll!NtSetValueKey + 4        776852C8 2 Bytes  [8F, 71]
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4016] kernel32.dll!LoadLibraryExW + 173  763C93EF 4 Bytes  JMP 71AF000A 
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4016] ADVAPI32.dll!CreateServiceW        765E9EB4 6 Bytes  JMP 7193000A 
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4016] ADVAPI32.dll!CreateServiceA        766272A1 6 Bytes  JMP 7196000A 
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4016] USER32.dll!PostMessageA            7614F8F8 6 Bytes  JMP 719C000A 
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4016] USER32.dll!SendMessageA            7614F956 6 Bytes  JMP 71A2000A 
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4016] USER32.dll!PostMessageW            7615A175 6 Bytes  JMP 7199000A 
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4016] USER32.dll!SendMessageW            76160AED 6 Bytes  JMP 719F000A 
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4016] USER32.dll!mouse_event             7617044E 6 Bytes  JMP 71AB000A 
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4016] USER32.dll!SendInput               76172F75 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4016] USER32.dll!SendInput + 4           76172F79 2 Bytes  [A4, 71]
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4016] USER32.dll!keybd_event             7619D972 6 Bytes  JMP 71A8000A 
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4016] WS2_32.dll!GetAddrInfoW            75EC3D12 6 Bytes  JMP 7175000A 
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4016] WS2_32.dll!connect                 75EC40D9 6 Bytes  JMP 717E000A 
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4016] WS2_32.dll!listen                  75EC8CD7 6 Bytes  JMP 717B000A 
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4016] WS2_32.dll!gethostbyname           75ED62D4 6 Bytes  JMP 7178000A 

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\fastfat \Fat                                                                                         fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
         
AutoRuns (im Anhang ist die *.arn datei, die ist übersichtlicher und auch die Anwendung (autoruns.exe) ist dabei)
AutoRuns zeigt alle Anwendungen auf, die beim Systemstart ausgeführt werden oder es probieren:
Code:
ATTFilter
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"	""	""	""
+ "Adobe ARM"	"Adobe Reader and Acrobat Manager"	"Adobe Systems Incorporated"	"c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "avgnt"	"Avira System Tray Tool"	"Avira Operations GmbH & Co. KG"	"c:\program files\avira\antivir desktop\avgnt.exe"
+ "ContentTransferWMDetector.exe"	"Content Transfer Walkman Detector"	"Sony Corporation"	"c:\program files\sony\content transfer\contenttransferwmdetector.exe"
+ "emsisoft anti-malware"	"Background Guard"	"Emsisoft GmbH"	"c:\program files\emsisoft anti-malware\a2guard.exe"
+ "HP Software Update"	"hpwuSchd Application"	"Hewlett-Packard"	"c:\program files\hp\hp software update\hpwuschd2.exe"
+ "Malwarebytes' Anti-Malware"	" Malwarebytes Anti-Malware "	"Malwarebytes Corporation"	"c:\program files\malwarebytes' anti-malware\mbamgui.exe"
+ "PDVDDXSrv"	"CyberLink PowerDVD Resident Program"	"CyberLink Corp."	"c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe"
+ "SoundMAXPnP"	"SMax4PNP"	"Analog Devices, Inc."	"c:\program files\analog devices\core\smax4pnp.exe"
+ "StartCCC"	"Catalyst® Control Center Launcher"	"Advanced Micro Devices, Inc."	"c:\program files\ati technologies\ati.ace\core-static\clistart.exe"
+ "Windows Defender"	"Windows Defender User Interface"	"Microsoft Corporation"	"c:\program files\windows defender\msascui.exe"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce"	""	""	""
+ " Malwarebytes Anti-Malware "	" Malwarebytes Anti-Malware "	"Malwarebytes Corporation"	"c:\program files\malwarebytes' anti-malware\mbamgui.exe"
"C:\Users\Bruno Bucher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"	""	""	""
+ "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk"	"Microsoft Office OneNote Quick Launcher"	"Microsoft Corporation"	"c:\program files\microsoft office\office12\onenotem.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components"	""	""	""
+ "Microsoft Windows Mail 7"	"Windows Mail"	"Microsoft Corporation"	"c:\program files\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run"	""	""	""
+ "Sidebar"	"Windows-Sidebar"	"Microsoft Corporation"	"c:\program files\windows sidebar\sidebar.exe"
+ "swg"	"GoogleToolbarNotifier"	"Google Inc."	"c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe"
+ "WMPNSCFG"	"Windows Media Player Network Sharing Service Configuration Application"	"Microsoft Corporation"	"c:\program files\windows media player\wmpnscfg.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter"	""	""	""
+ "text/xml"	"Microsoft Office XML MIME Filter"	"Microsoft Corporation"	"c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler"	""	""	""
+ "livecall"	"Windows Live Messenger Protocol Handler Module"	"Microsoft Corporation"	"c:\program files\windows live\messenger\msgrapp.14.0.8050.1202.dll"
+ "ms-help"	"Microsoft® Help Data Services Module"	"Microsoft Corporation"	"c:\program files\common files\microsoft shared\help\hxds.dll"
+ "msnim"	"Windows Live Messenger Protocol Handler Module"	"Microsoft Corporation"	"c:\program files\windows live\messenger\msgrapp.14.0.8050.1202.dll"
+ "wlmailhtml"	"Windows Live Mail"	"Microsoft Corporation"	"c:\program files\windows live\mail\mailcomm.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers"	""	""	""
+ "Shell Extension for Malware scanning"	"Avira Shell Extension Library"	"Avira Operations GmbH & Co. KG"	"c:\program files\avira\antivir desktop\shlext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers"	""	""	""
+ "a-squared Anti-Malware Shell Extension"	"Emsisoft Anti-Malware shell extension"	"Emsiûoft GmbH"	"c:\program files\emsisoft anti-malware\a2contmenu.dll"
+ "MBAMShlExt"	" Malwarebytes Anti-Malware "	"Malwarebytes Corporation"	"c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers"	""	""	""
+ "ACE"	"ACE Context Menu"	""	"c:\program files\ati technologies\ati.ace\core-static\atiacmxx.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers"	""	""	""
+ "PDF Shell Extension"	"PDF Shell Extension"	"Adobe Systems, Inc."	"c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers"	""	""	""
+ "a-squared Anti-Malware Shell Extension"	"Emsisoft Anti-Malware shell extension"	"Emsiûoft GmbH"	"c:\program files\emsisoft anti-malware\a2contmenu.dll"
+ "MBAMShlExt"	" Malwarebytes Anti-Malware "	"Malwarebytes Corporation"	"c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "Shell Extension for Malware scanning"	"Avira Shell Extension Library"	"Avira Operations GmbH & Co. KG"	"c:\program files\avira\antivir desktop\shlext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"	""	""	""
+ "Adobe PDF Link Helper"	"Adobe PDF Helper for Internet Explorer"	"Adobe Systems Incorporated"	"c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Bing Bar Helper"	"Bing Client Extensions"	"Microsoft Corporation."	"c:\program files\microsoft\bingbar\7.1.361.0\bingext.dll"
+ "Google Toolbar Helper"	"Google Toolbar"	"Google Inc."	"c:\program files\google\google toolbar\googletoolbar_32.dll"
+ "Java(tm) Plug-In 2 SSV Helper"	"Java(TM) Platform SE binary"	"Sun Microsystems, Inc."	"c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Java(tm) Plug-In SSV Helper"	"Java(TM) Platform SE binary"	"Sun Microsystems, Inc."	"c:\program files\java\jre6\bin\ssv.dll"
+ "Windows Live Anmelde-Hilfsprogramm"	"WindowsLiveLogin.dll"	"Microsoft Corporation"	"c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar"	""	""	""
+ "Bing"	"Bing Client Extensions"	"Microsoft Corporation."	"c:\program files\microsoft\bingbar\7.1.361.0\bingext.dll"
+ "Google Toolbar"	"Google Toolbar"	"Google Inc."	"c:\program files\google\google toolbar\googletoolbar_32.dll"
"Task Scheduler"	""	""	""
+ "\HPCustParticipation HP Officejet 6600"	"HP Customer Participation."	"Hewlett-Packard Co."	"c:\program files\hp\hp officejet 6600\bin\hpcustpartic.exe"
+ "\hpUrlLauncher.exe_{FB3D7A94-3954-4B4F-A92D-95043B0E0AAB}"	"hpUrlLauncher"	"Hewlett-Packard Co."	"c:\program files\hp\hp officejet 6600\bin\utils\hpurllauncher.exe"
+ "\Microsoft\Windows Defender\MP Scheduled Scan"	"Windows Defender Command Line Utility"	"Microsoft Corporation"	"c:\program files\windows defender\mpcmdrun.exe"
+ "\Microsoft\Windows\Wired\GatherWiredInfo"	""	""	"c:\windows\system32\gatherwiredinfo.vbs"
+ "\Microsoft\Windows\Wireless\GatherWirelessInfo"	""	""	"c:\windows\system32\gatherwirelessinfo.vbs"
"HKLM\System\CurrentControlSet\Services"	""	""	""
+ "a2AntiMalware"	"Scans the PC for unwanted software and provides protection from malicious code"	"Emsisoft GmbH"	"c:\program files\emsisoft anti-malware\a2service.exe"
+ "AdobeARMservice"	"Adobe Acrobat Updater hält Ihre Adobe-Software aktuell."	"Adobe Systems Incorporated"	"c:\program files\common files\adobe\arm\1.0\armsvc.exe"
+ "AntiVirSchedulerService"	"Dienst zur Steuerung von Avira Free Antivirus Prüfaufträgen und Updates."	"Avira Operations GmbH & Co. KG"	"c:\program files\avira\antivir desktop\sched.exe"
+ "AntiVirService"	"Bietet permanenten Schutz vor Viren und Malware mit der Avira Suchengine."	"Avira Operations GmbH & Co. KG"	"c:\program files\avira\antivir desktop\avguard.exe"
+ "Ati External Event Utility"	"ATI External Event Utility EXE Module"	"ATI Technologies Inc."	"c:\windows\system32\ati2evxx.exe"
+ "BBSvc"	"Keeps Bing Bar up-to-date. Disabling this service might prevent updates and expose your computer to security vulnerabilities or functional flaws in Bing Bar."	"Microsoft Corporation."	"c:\program files\microsoft\bingbar\7.1.361.0\bbsvc.exe"
+ "BBUpdate"	"Enables the detection, download and installation of up-to-date configuration files for Bing Bar. Also provides server communication for the customer experience improvement program. Stopping or disabling this service may prevent you from getting the latest updates for Bing Bar, which may expose your computer to security vulnerabilities or functional flaws in the Bing Bar."	"Microsoft Corporation."	"c:\program files\microsoft\bingbar\7.1.361.0\seaport.exe"
+ "gupdate"	"Hält Ihre Google-Software auf dem neuesten Stand. Falls dieser Service deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Dieser Service deinstalliert sich selbst, wenn er nicht von einer Google-Software verwendet wird."	"Google Inc."	"c:\program files\google\update\googleupdate.exe"
+ "gupdatem"	"Hält Ihre Google-Software auf dem neuesten Stand. Falls dieser Service deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Dieser Service deinstalliert sich selbst, wenn er nicht von einer Google-Software verwendet wird."	"Google Inc."	"c:\program files\google\update\googleupdate.exe"
+ "gusvc"	"Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work."	"Google"	"c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "MBAMService"	"Malwarebytes Anti-Malware service"	"Malwarebytes Corporation"	"c:\program files\malwarebytes' anti-malware\mbamservice.exe"
+ "odserv"	"Komponenten der Microsoft Office-Diagnose ausführen."	"Microsoft Corporation"	"c:\program files\common files\microsoft shared\office12\odserv.exe"
+ "ose"	"Speichert Installationsdateien, die für Updates und Reparieren verwendet werden, und ist zum Herunterladen von Setup-Updates und Watson-Fehlerberichten erforderlich."	"Microsoft Corporation"	"c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "SCVSSService"	"Provides Volume Shadow Copy service backup support for Second Copy."	""	"c:\program files\second copy 8\scvsssvc.exe"
+ "stllssvr"	"SureThing Labelflash Disc Printer Service Module"	"MicroVision Development, Inc."	"c:\program files\common files\surething shared\stllssvr.exe"
+ "WinDefend"	"Überprüft den Computer auf unerwünschte Software, plant Überprüfungen und lädt die neuesten Softwaredefinitionen herunter."	"Microsoft Corporation"	"c:\program files\windows defender\mpsvc.dll"
+ "WMPNetworkSvc"	"Gibt Windows Media Player-Bibliotheken mithilfe des universellen Plug & Play für andere Players und Mediengeräte auf dem Netzwerk frei"	"Microsoft Corporation"	"c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services"	""	""	""
+ "a2acc"	"Emsisoft on-access minifilter"	""	"File not found: C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys"
+ "A2DDA"	"Emsisoft Direct Disk Access Support Driver"	"Emsi Software GmbH"	"c:\program files\emsisoft anti-malware\a2ddax86.sys"
+ "a2util"	"Provides several additional functionality used by the a-squared Malware-IDS."	"Emsi Software GmbH"	"c:\program files\emsisoft anti-malware\a2util32.sys"
+ "ADIHdAudAddService"	"High Definition Audio Function Driver"	"Analog Devices, Inc."	"c:\windows\system32\drivers\adihdaud.sys"
+ "atikmdag"	"ATI Radeon Kernel Mode Driver"	"ATI Technologies Inc."	"c:\windows\system32\drivers\atikmdag.sys"
+ "avgntflt"	"Avira mini-filter driver"	"Avira GmbH"	"c:\windows\system32\drivers\avgntflt.sys"
+ "avipbb"	"Avira Security Enhancement Driver"	"Avira GmbH"	"c:\windows\system32\drivers\avipbb.sys"
+ "avkmgr"	"Avira Manager Driver"	"Avira GmbH"	"c:\windows\system32\drivers\avkmgr.sys"
+ "BrFiltLo"	"Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver"	"Brother Industries, Ltd."	"c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp"	"Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver"	"Brother Industries, Ltd."	"c:\windows\system32\drivers\brfiltup.sys"
+ "BrUsbSer"	"Brother USB Serial Driver"	"Brother Industries Ltd."	"c:\windows\system32\drivers\brusbser.sys"
+ "e1express"	"Intel(R) PRO/1000 Adapter NDIS 6-nicht serialisierter Treiber"	"Intel Corporation"	"c:\windows\system32\drivers\e1e6032.sys"
+ "E1G60"	"Intel(R) PRO/1000 Adapter NDIS 6-nicht serialisierter Treiber"	"Intel Corporation"	"c:\windows\system32\drivers\e1g60i32.sys"
+ "IpInIp"	"IP in IP Tunnel Driver"	""	"File not found: system32\DRIVERS\ipinip.sys"
+ "k57nd60x"	"Broadcom NetLink (TM) Gigabit Ethernet NDIS6.x Unified Driver."	"Broadcom Corporation"	"c:\windows\system32\drivers\k57nd60x.sys"
+ "MBAMProtector"	" Malwarebytes Anti-Malware "	"Malwarebytes Corporation"	"c:\windows\system32\drivers\mbam.sys"
+ "NwlnkFlt"	"IPX Traffic Filter Driver"	""	"File not found: system32\DRIVERS\nwlnkflt.sys"
+ "NwlnkFwd"	"IPX Traffic Forwarder Driver"	""	"File not found: system32\DRIVERS\nwlnkfwd.sys"
+ "PxHelp20"	"Px Engine Device Driver for Windows 2000/XP"	"Sonic Solutions"	"c:\windows\system32\drivers\pxhelp20.sys"
+ "R300"	"ATI Radeon Kernel Mode Driver"	"ATI Technologies Inc."	"c:\windows\system32\drivers\atikmdag.sys"
+ "secdrv"	"Macrovision SECURITY Driver"	"Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K."	"c:\windows\system32\drivers\secdrv.sys"
+ "ssmdrv"	"Avira Snapshot Driver"	"Avira GmbH"	"c:\windows\system32\drivers\ssmdrv.sys"
+ "VST_DPV"	"HSF_DP driver"	"Conexant Systems, Inc."	"c:\windows\system32\drivers\vstdpv3.sys"
+ "VSTHWBS2"	"HSF_HWB2 WDM driver"	"Conexant Systems, Inc."	"c:\windows\system32\drivers\vstbs23.sys"
+ "winachsf"	"HSF_CNXT driver"	"Conexant Systems, Inc."	"c:\windows\system32\drivers\vstcnxt3.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32"	""	""	""
+ "msacm.l3acm"	"MPEG Layer-3 Audio Codec for MSACM"	"Fraunhofer Institut Integrierte Schaltungen IIS"	"c:\windows\system32\l3codeca.acm"
+ "vidc.cvid"	"Cinepak(C) Codec"	"Radius Inc."	"c:\windows\system32\iccvid.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance"	""	""	""
+ "9x8Resize"	"Windows Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "Allocator Fix"	"Windows Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "ATI Ticker"	""	""	"c:\program files\ati technologies\ati.ace\graphics-previews-common\ticker.ax"
+ "Bitmap"	"Windows Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "Capture ASF Writer"	"Windows Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "Capture File Writer"	"Windows Live Video Acquisition Filters"	"Microsoft Corporation"	"c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "CyberLink Audio Decoder"	"CyberLink Audio Decoder Filter"	"CyberLink Corp."	"c:\program files\cyberlink\powerdvd dx\kernel\movie\claud.ax"
+ "CyberLink Audio Effect"	"CyberLink Audio Effect Filter"	"CyberLink Corporation"	"c:\program files\cyberlink\powerdvd dx\kernel\movie\claudfx.ax"
+ "CyberLink Audio Spectrum Analyzer"	"CLAudSpa.ax"	"CyberLink Corp."	"c:\program files\cyberlink\powerdvd dx\kernel\movie\claudspa.ax"
+ "CyberLink Audio Wizard"	"CyberLink Audio Wizard Filter"	"CyberLink Corp."	"c:\program files\cyberlink\powerdvd dx\kernel\movie\claudwizard.ax"
+ "CyberLink AudioCD Filter"	"CyberLink AudioCD Filter"	"CyberLink Corp."	"c:\program files\cyberlink\powerdvd dx\kernel\movie\claudiocd.ax"
+ "CyberLink Demultiplexer"	"MPEG-2 Dempltiplexer"	"CyberLink Corp."	"c:\program files\cyberlink\powerdvd dx\kernel\movie\cldemuxer.ax"
+ "CyberLink DVD Navigator"	"CyberLink DVD Navigation Filter"	"CyberLink Corp."	"c:\program files\cyberlink\powerdvd dx\kernel\movie\clnavx.ax"
+ "CyberLink Line21 Decoder Filter"	"CyberLink Line21 Decoder Filter"	"CyberLink Corp."	"c:\program files\cyberlink\powerdvd dx\kernel\movie\clline21.ax"
+ "Cyberlink SubTitle Importor"	"CLSubTitle.ax"	"CyberLink Corp."	"c:\program files\cyberlink\powerdvd dx\kernel\movie\clsubtitle.ax"
+ "CyberLink TimeStretch Filter"	"CLAuTS.ax"	"CyberLink Corp."	"c:\program files\cyberlink\powerdvd dx\kernel\movie\clauts.ax"
+ "CyberLink Video Effect"	"CLVidFx"	"CyberLink"	"c:\program files\cyberlink\powerdvd dx\kernel\movie\clvidfx.ax"
+ "CyberLink Video/SP Decoder"	"CyberLink Video/SP Filter"	"CyberLink Corp."	"c:\program files\cyberlink\powerdvd dx\kernel\movie\clvsd.ax"
+ "Frame Eater"	"Windows Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "MMACE Deinterlace"	""	""	"c:\program files\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE ProcAmp"	""	""	"c:\program files\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE SoftEmu"	""	""	"c:\program files\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "Multiple File Output"	"Windows Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Sink"	"Windows Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Source"	"Windows Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "Record Queue"	"Windows Live Video Acquisition Filters"	"Microsoft Corporation"	"c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "Record Queue"	"Windows Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect"	"Windows Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "Sonic Cinemaster® Audio Decoder 4.2"	"SonicHDAudio"	"Sonic Solutions"	"c:\program files\common files\sonic shared\cinemasteraudio.dll"
+ "Sonic Cinemaster® VideoDecoder 4.1"	"CinemasterVideo"	"Sonic Solutions"	"c:\program files\common files\sonic shared\cinemastervideo.dll"
+ "Sonic HD Demuxer"	"Sonic HD Demuxer"	""	"c:\program files\common files\sonic shared\sonichddemuxer.dll"
+ "Sonic HD Nav"	"SonicHDNav"	""	"c:\program files\common files\sonic shared\sonichdnav.dll"
+ "Sony ATRAC3/3plus Decode Filter"	"Sony ATRAC3/3plus Decode Filter"	"Sony Corporation"	"c:\windows\system32\atxdec.ax"
+ "Sony ATRAC3/3plus Parse Filter"	"Sony ATRAC3/3plus Parse Filter"	"Sony Corporation"	"c:\windows\system32\atxparser.ax"
+ "SonyMp4AacDecoder"	"SonyMp4AacDecoder"	"sony"	"c:\program files\sony\content transfer\sonymp4aacdecoder.ax"
+ "Stetch"	"Windows Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "WM VIH2 Fix"	"Windows Live Video Acquisition Filters"	"Microsoft Corporation"	"c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WM VIH2 Fix"	"Windows Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer"	"Windows Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator"	"Windows Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter"	"Windows Live Video Acquisition Filters"	"Microsoft Corporation"	"c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter"	"Windows Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion"	"Windows Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter"	"Windows Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer"	"Windows Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter"	"Windows Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter"	"Windows Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter"	"Windows Live Video Acquisition Filters"	"Microsoft Corporation"	"c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter"	"Windows Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter"	"Windows Live Video Acquisition Filters"	"Microsoft Corporation"	"c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter"	"Windows Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer"	"Windows Live Video Acquisition Filters"	"Microsoft Corporation"	"c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer"	"Windows Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source"	"Windows Live Video Acquisition Filters"	"Microsoft Corporation"	"c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source"	"Windows Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume"	"Windows Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors"	""	""	""
+ "CNY SELPHY CP LM13"	"SELPHY CP Family Driver Language Monitor"	"Canon INC."	"c:\windows\system32\cnymlm13.dll"
+ "CutePDF Writer Monitor"	""	""	"c:\windows\system32\cpwmon2k.dll"
+ "HP 5D12 Status Monitor"	"Print Status Language Monitor"	"Hewlett-Packard Co."	"c:\windows\system32\hpinksts5d12lm.dll"
+ "HP Discovery Port Monitor (HP Officejet 6600)"	"HP Discovery Port Monitor"	"Hewlett-Packard Co."	"c:\windows\system32\hpdiscopm5d12.dll"
"C:\Users\Bruno Bucher\AppData\Local\Microsoft\Windows Sidebar\Settings.ini"	""	""	""
         

Geändert von burger-inf (19.07.2012 um 11:39 Uhr)

Alt 19.07.2012, 13:00   #5
markusg
/// Malware-holic
 
Suisa - Symptome bereits entfernt - Standard

Suisa - Symptome bereits entfernt



bitte erstelle keine logs die nicht angefordert waren.
ne antwort kann bis zu 3 tagen dauern, wir haben viel zu tun momentan.
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 19.07.2012, 13:36   #6
burger-inf
 
Suisa - Symptome bereits entfernt - Standard

Suisa - Symptome bereits entfernt



Dass ihr im Moment viel zu tun habt ist mir klar und tut mir leid falls ich hier unnötig stresse aber ich sollte den Computer möglichst schnell bereinigt haben. Das Logfile von ComboFix hab ich dir auch schon:
Code:
ATTFilter
ComboFix 12-07-18.04 - Bruno Bucher 19.07.2012  13:18:03.1.2 - x86
Microsoft® Windows Vista™ Business   6.0.6002.2.1252.41.1031.18.2045.984 [GMT 2:00]
ausgeführt von:: f:\burger-inf\Suisa-Virus_Tools\Hr. Bucher\programme\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Emsisoft Anti-Malware *Disabled/Outdated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Emsisoft Anti-Malware *Disabled/Outdated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\475e21p31gxqka8n7paa3h
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-19 bis 2012-07-19  ))))))))))))))))))))))))))))))
.
.
2012-07-19 11:22 . 2012-07-19 11:23	--------	d-----w-	c:\users\Bruno Bucher\AppData\Local\temp
2012-07-19 11:22 . 2012-07-19 11:22	--------	d-----w-	c:\users\Stephanie\AppData\Local\temp
2012-07-19 11:22 . 2012-07-19 11:22	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-19 11:18 . 2012-07-19 11:18	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{38861B07-7EEA-4264-A42A-1A5CC23E93DA}\offreg.dll
2012-07-18 13:52 . 2012-07-18 13:52	--------	d-----w-	c:\users\Bruno Bucher\AppData\Roaming\Malwarebytes
2012-07-18 13:51 . 2012-07-18 13:51	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-17 12:19 . 2012-07-19 11:12	--------	d-----w-	c:\program files\Emsisoft Anti-Malware
2012-07-17 00:54 . 2012-07-17 00:54	--------	d-----w-	c:\windows\Microsoft Antimalware
2012-07-16 11:37 . 2012-07-16 11:37	--------	d-----w-	C:\found.000
2012-07-12 06:27 . 2012-06-13 13:40	2047488	----a-w-	c:\windows\system32\win32k.sys
2012-07-11 19:11 . 2012-06-05 16:47	708608	----a-w-	c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 19:11 . 2012-06-05 16:47	1401856	----a-w-	c:\windows\system32\msxml6.dll
2012-07-11 19:11 . 2012-06-05 16:47	1248768	----a-w-	c:\windows\system32\msxml3.dll
2012-07-11 19:11 . 2012-06-04 15:26	440704	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-07-11 19:11 . 2012-06-02 00:04	278528	----a-w-	c:\windows\system32\schannel.dll
2012-07-11 19:11 . 2012-06-02 00:03	204288	----a-w-	c:\windows\system32\ncrypt.dll
2012-07-10 06:55 . 2012-05-31 03:41	6762896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{38861B07-7EEA-4264-A42A-1A5CC23E93DA}\mpengine.dll
2012-07-02 06:53 . 2012-07-02 06:53	--------	d-----w-	c:\users\Stephanie\AppData\Roaming\HpUpdate
2012-06-24 20:53 . 2012-06-02 22:19	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-24 20:53 . 2012-06-02 22:19	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-24 20:53 . 2012-06-02 22:19	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-24 20:53 . 2012-06-02 22:12	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-06-24 20:52 . 2012-06-02 22:19	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-24 20:52 . 2012-06-02 22:19	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-24 20:52 . 2012-06-02 22:12	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-06-24 20:52 . 2012-06-02 13:19	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-24 20:52 . 2012-06-02 13:12	33792	----a-w-	c:\windows\system32\wuapp.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 20:12 . 2012-01-11 13:00	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-08 20:12 . 2012-01-11 13:00	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-01 14:03 . 2012-06-14 19:10	180736	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-04-23 16:00 . 2012-06-14 19:16	984064	----a-w-	c:\windows\system32\crypt32.dll
2012-04-23 16:00 . 2012-06-14 19:16	98304	----a-w-	c:\windows\system32\cryptnet.dll
2012-04-23 16:00 . 2012-06-14 19:16	133120	----a-w-	c:\windows\system32\cryptsvc.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-02 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-04 128232]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-07-30 497000]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-07-16 1310720]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"emsisoft anti-malware"="c:\program files\emsisoft anti-malware\a2guard.exe" [2012-06-17 3367328]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
c:\users\Bruno Bucher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Second Copy]
2011-09-19 09:36	2996008	----a-w-	c:\program files\Second Copy 8\SecCopy.exe
.
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [x]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [x]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 19:45]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 19:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.ch/
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.100.0.2 10.150.0.254 195.186.1.162
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-23930635.sys
MSConfigStartUp-Lexmark X1100 Series - c:\program files\Lexmark X1100 Series\lxbkbmgr.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-07-19 13:23
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-19  13:24:40
ComboFix-quarantined-files.txt  2012-07-19 11:24
.
Vor Suchlauf: 8 Verzeichnis(se), 40'066'330'624 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 40'528'580'608 Bytes frei
.
- - End Of File - - 571AE4E4EC8F52BC69B2A8624267EBB4
         

Geändert von burger-inf (19.07.2012 um 14:19 Uhr)

Alt 19.07.2012, 15:23   #7
markusg
/// Malware-holic
 
Suisa - Symptome bereits entfernt - Standard

Suisa - Symptome bereits entfernt



lade den CCleaner standard:
CCleaner Download - CCleaner 3.20.1750
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 19.07.2012, 15:43   #8
burger-inf
 
Suisa - Symptome bereits entfernt - Standard

Suisa - Symptome bereits entfernt



Hi

Vielen Dank für die schnelle Antwort. Was für mich erstaunlich ist, ist dass kein Programm zu sehen ist, das ich nicht kenne.
Hier die Programmliste:
Code:
ATTFilter
Adobe Acrobat 4.0		22.04.2012												notwendig
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	07.11.2010		10.1.102.64					notwendig
Adobe Reader X (10.1.3) - Deutsch	Adobe Systems Incorporated	04.07.2012	121MB	10.1.3					notwendig
ATI Catalyst Control Center		24.04.2009	24.0KB	2.008.0409.2230								notwendig
Avira Free Antivirus	Avira	08.05.2012	151MB	12.0.0.1125									notwendig
Banana Buchhaltung 5.0	Banana.ch SA - Lugano (Switzerland)	24.05.2012	21.8MB	5.0.1.0						notwendig
Bing Bar	Microsoft Corporation	12.06.2012	527KB	7.1.361.0								unnötig
Broadcom Management Programs	Broadcom Corporation	24.04.2009		11.66.01						notwendig
CCleaner	Piriform	22.06.2012	4.76MB	3.20										unnötig
Content Transfer	Sony Corporation	14.07.2010	10.9MB	1.2.0.07300							notwendig
CutePDF Writer 2.5		08.07.2009												notwendig
Dell Handbuch zum Einstieg	Dell Inc.	24.04.2009		1.00.0000							unnötig
Emsisoft Anti-Malware	Emsisoft GmbH	17.07.2012	179MB	6.6									unnötig
GnuCash 2.4.0	GnuCash Development Team	29.01.2011	323MB									notwendig
Google Chrome	Google Inc.	04.07.2012	269MB	20.0.1132.47									notwendig
Google Toolbar for Internet Explorer	Google Inc.	26.03.2012	10.0MB	7.3.2710.138						unnötig
HP Officejet 6600 - Grundlegende Software für das Gerät	Hewlett-Packard Co.	09.06.2012	157MB	25.0.619.0			notwendig
HP Officejet 6600 Hilfe	Hewlett Packard	09.06.2012	17.6MB	140.0.2.2								notwendig
HP Update	Hewlett-Packard	09.06.2012	3.98MB	5.003.000.004									notwendig
I.R.I.S. OCR	HP	09.06.2012	68.9MB	12.3.4.0										notwendig
Java(TM) 6 Update 30	Sun Microsystems, Inc.	24.04.2009	96.8MB	6.0.300								notwendig
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	11.08.2009	36.9MB					notwendig
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	29.04.2009	36.9MB							notwendig
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	28.06.2010	120MB	4.0.30319				notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	28.06.2010	24.5MB	4.0.30319		notwendig
Microsoft Office File Validation Add-In	Microsoft Corporation	10.01.2012	11.2MB	14.0.5130.5003					notwendig
Microsoft Office Home and Student 2007	Microsoft Corporation	22.02.2012	326MB	12.0.6612.1000					notwendig
Microsoft Office Live Add-in 1.5	Microsoft Corporation	23.04.2012	506KB	2.0.4024.1					notwendig
Microsoft Silverlight	Microsoft Corporation	24.05.2012	225MB	5.1.10411.0							notwendig
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	24.04.2009	1.74MB	3.1.0000				notwendig
Microsoft Sync Framework Runtime Native v1.0 (x86)	Microsoft Corporation	24.04.2009	624KB	1.0.1215.0			notwendig
Microsoft Sync Framework Services Native v1.0 (x86)	Microsoft Corporation	24.04.2009	1.44MB	1.0.1215.0			notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	16.05.2010	590KB	9.0.30729.4148		notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	18.06.2011	594KB	9.0.30729.6161		notwendig
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	11.01.2012	11.1MB	10.0.40219		notwendig
PowerDVD DX	Dell Corp.	24.04.2009	38.3MB	8.2.5024									notwendig
Roxio Activation Module	Roxio	24.04.2009		1.0										notwendig
Roxio Creator Audio	Roxio	24.04.2009		3.5.0										notwendig
Roxio Creator BDAV Plugin	Roxio	24.04.2009		3.5.0									notwendig
Roxio Creator Copy	Roxio	24.04.2009		3.5.0										notwendig
Roxio Creator Data	Roxio	24.04.2009		3.5.0										notwendig
Roxio Creator DE	Roxio	24.04.2009		3.5.0										notwendig
Roxio Creator Tools	Roxio	24.04.2009		3.5.0										notwendig
Roxio Express Labeler 3	Roxio	24.04.2009		3.2.1										notwendig
Roxio Update Manager	Roxio	24.04.2009		6.0.0										notwendig
Second Copy 8	Centered Systems	12.03.2012	12.7MB	8.0.5.3									notwendig
Sonic CinePlayer Decoder Pack	Sonic Solutions	24.04.2009		4.2.0								notwendig
Spelling Dictionaries Support For Adobe Reader 9	Adobe Systems Incorporated	15.03.2010	29.6MB	9.0.0			notwendig
Studie zur Verbesserung von HP Officejet 6600 Produkten	Hewlett-Packard Co.	09.06.2012	5.97MB	25.0.619.0			unnötig
Windows Live Anmelde-Assistent	Microsoft Corporation	04.05.2009	1.93MB	5.000.818.6						notwendig
Windows Live Essentials	Microsoft Corporation	24.04.2009	136MB	14.0.8050.1202							notwendig
Windows Live Sync	Microsoft Corporation	24.04.2009	2.79MB	14.0.8050.1202							notwendig
Windows Live-Uploadtool	Microsoft Corporation	24.04.2009	225KB	14.0.8014.1029							notwendig
         
Falls du dich fragst, warum zwei AntiViren Programme installiert sind: Emsisoft Anti Malware ist nur zum test installiert, eigentlich brauche ich Avira.

Alt 20.07.2012, 00:46   #9
markusg
/// Malware-holic
 
Suisa - Symptome bereits entfernt - Standard

Suisa - Symptome bereits entfernt



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Bing
Emsisoft
Google Toolbar

öffne CCleaner analysieren CCleaner starten
öffne otl, cleanup pc startet neu, testen wie er läuft
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 20.07.2012, 09:15   #10
burger-inf
 
Suisa - Symptome bereits entfernt - Standard

Suisa - Symptome bereits entfernt



Also ich hab jetzt mal alles wichtige getestet und festgestellt, dass er reibungslos läuft.

Alt 25.07.2012, 22:04   #11
markusg
/// Malware-holic
 
Suisa - Symptome bereits entfernt - Standard

Suisa - Symptome bereits entfernt



dann pc absichern:
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
http://www.trojaner-board.de/103809-...i-malware.html
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut wäre avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie Download - Sandboxie 3.72

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Suisa - Symptome bereits entfernt
2.0.7, antivir, auswerten, autorun, avira, bho, bingbar, browser, computer, desktop, error, firefox, flash player, format, helper, homepage, install.exe, installation, ip-adresse, kaspersky, microsoft office word, ms security essentials, office 2007, officejet, pum.hijack.help, registry, rundll, scan, searchscopes, security, senden, software, spyware.agent, svchost.exe, system, trojan.patched, vista



Ähnliche Themen: Suisa - Symptome bereits entfernt


  1. Festplatte entschlüsseln, wenn der Trojaner bereits entfernt wurde. Gibt es bekannte Schlüssel?
    Plagegeister aller Art und deren Bekämpfung - 23.08.2014 (3)
  2. Keine Symptome; Allgemeiner Check
    Log-Analyse und Auswertung - 12.01.2014 (5)
  3. Yontoo - Bereits entfernt, Vergewisserung
    Plagegeister aller Art und deren Bekämpfung - 23.04.2013 (8)
  4. Google, FB startet nicht, Delta Search vor einer Woche bereits deinstalliert, ungewollte Werbeeinblendungen ebenfalls bereits deinstalliert
    Plagegeister aller Art und deren Bekämpfung - 27.02.2013 (7)
  5. Nach GVU Trojaner (bereits entfernt durch euch), möglicherweise noch Rootkit auf meinem Rechner?
    Log-Analyse und Auswertung - 10.01.2013 (11)
  6. Suisa 2.03 Virus durch Windowszurücksetzung entfernt?
    Plagegeister aller Art und deren Bekämpfung - 01.11.2012 (6)
  7. GVU Trojaner auf 64bit Win7 Laptop bereits entfernt?
    Plagegeister aller Art und deren Bekämpfung - 28.08.2012 (22)
  8. Infektion Security Sphere 2012 / Bereits entfernt ?
    Log-Analyse und Auswertung - 14.11.2011 (3)
  9. Gleiche Symptome trotz Virenbereinigung
    Plagegeister aller Art und deren Bekämpfung - 08.10.2011 (9)
  10. mehrere infektionen, kaum symptome
    Log-Analyse und Auswertung - 25.01.2011 (31)
  11. ICQ-Virus ohne übliche Symptome
    Log-Analyse und Auswertung - 20.04.2010 (5)
  12. Trojaner bereits entfernt? Bitte um Prüfung!
    Log-Analyse und Auswertung - 13.08.2009 (1)
  13. Viele seltsame Symptome
    Plagegeister aller Art und deren Bekämpfung - 02.05.2008 (5)
  14. Symptome und möglicherweise W32/Alcra-B?
    Log-Analyse und Auswertung - 21.05.2007 (3)
  15. Symptome trotz Entfernung der Spyware?
    Plagegeister aller Art und deren Bekämpfung - 17.01.2007 (8)
  16. Symptome
    Plagegeister aller Art und deren Bekämpfung - 03.01.2007 (2)
  17. Kennt jemand diese Symptome ?
    Plagegeister aller Art und deren Bekämpfung - 03.02.2005 (8)

Zum Thema Suisa - Symptome bereits entfernt - Hallo zusammen Und noch ein Computer, der vom Suisa-Virus befallen wurde. Ich habe es bis jetzt geschafft, dass ich wieder normal auf den Computer zugreifen und mit ihm arbeiten kann, - Suisa - Symptome bereits entfernt...
Archiv
Du betrachtest: Suisa - Symptome bereits entfernt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.