'TR/Alureon.B' und 'HTML/Crypted.Gen' gefunden

Syras · 06.08.2010, 12:33

Hallo

Ich habe auf meinem Rechner den Trojaner 'TR/Alureon.B' sowie den Scriptvirus 'HTML/Crypted.Gen' per Antivir gefunden.

Als ich mich gestern zu meinem Onlinebanking Account bei der Sparkasse einloggen wollte, bekam ich eine Meldung, die mich aufforderte 20 TAN Nummern einzugeben. Nach einem Anruf bei einem Betreuer der Sparkasse war schnell klar, dass ich einen Trojaner im System habe.

Ein kompletter Systemscan mit Antvir (die kostenlose personal version) lieferte 2 Funde:
'TR/Alureon.B'
'HTML/Crypted.Gen'

Nachdem ich die infizierten Dateien per Antivir gelöscht habe, ließ ich Antivir noch einige male die c: partition scannen und bekam jedes mal zwei .tmp Dateien angezeigt, die aber offenbar zu den Anwendungsdaten von Antivir gehörten.
Beispiel:

Code:

ATTFilter

'C:\Dokumente und Einstellungen\All 
      Users\Anwendungsdaten\Avira\AntiVir 
      Desktop\TEMP\AVSCAN-20100805-192458-8618598A\ARK6D.tmp'

Ich werde die liste der Ereignisse am Ende dieses posts anhängen.

Während dieser Scans lief mein komplettes System sehr langsam und ich konnte unter anderem nicht die empfohlenen Programme von Trojaner-Board herunterladen. Also machte ich einen Neustart.
Nach dem Neustart führte ich erneut einen Scan der c: Partition mit Antivir durch und es gab keine Funde.
Dann habe ich Malwarebytes-Anti-Maleware ausgeführt (Report wird angehängt) und 2 gefundene Dateien gelöscht. Den Hinweis auf CCleaner habe ich leider erst gefunden, nachdem ich ich hier registriert habe um diesen Post zu erstellen. Daher habe ich CCleaner erst nach Malwarebytes-Anti-Maleware ausgeführt.
Weitere Suchläufe mit Antivir und Malwarebytes liefern nun keine Funde mehr.

Hängen die beiden gefundenen Schädlinge miteinander zusammen?
Kann ich nun davon ausgehn, dass mein System bereinigt ist?
Schonmal im vorras danke für eure Hilfe und den Service den ihr hier anbietet.

Sonstige Anmerkungen:
Ich nutze in der Regel Firefox zum browsen. Gelegentlich auch mal Internet Explorer. Ich hatte Avira AntiVir Personal - Free Antivirus nicht speziell für diesen Vorfall installiert sondern schon immer auf meinem System. Ich hatte keine Firewall aktiv.

Code:

ATTFilter

Exportierte Ereignisse:

05.08.2010 19:28 [Scanner] Malware gefunden
      Die Datei 'C:\Dokumente und Einstellungen\All 
      Users\Anwendungsdaten\Avira\AntiVir 
      Desktop\TEMP\AVSCAN-20100805-192458-8618598A\ARK6D.tmp'
      enthielt einen Virus oder unerwünschtes Programm 'HTML/Crypted.Gen' [virus].
      Durchgeführte Aktion(en):
      Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler 
      aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003.
      Die Datei konnte nicht gelöscht werden!
      Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '67696159.qua' 
      verschoben!

05.08.2010 19:28 [Scanner] Malware gefunden
      Die Datei 'C:\Dokumente und Einstellungen\All 
      Users\Anwendungsdaten\Avira\AntiVir 
      Desktop\TEMP\AVSCAN-20100805-192458-8618598A\ARK6E.tmp'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Alureon.B' [trojan].
      Durchgeführte Aktion(en):
      Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler 
      aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003.
      Die Datei konnte nicht gelöscht werden!
      Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '53017470.qua' 
      verschoben!

05.08.2010 19:26 [Scanner] Malware gefunden
      Die Datei 'C:\Dokumente und Einstellungen\All 
      Users\Anwendungsdaten\Avira\AntiVir 
      Desktop\TEMP\AVSCAN-20100805-192152-5E162ECB\ARK6B.tmp'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Alureon.B' [trojan].
      Durchgeführte Aktion(en):
      Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler 
      aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003.
      Die Datei konnte nicht gelöscht werden!
      Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '6763612b.qua' 
      verschoben!

05.08.2010 19:26 [Scanner] Malware gefunden
      Die Datei 'C:\Dokumente und Einstellungen\All 
      Users\Anwendungsdaten\Avira\AntiVir 
      Desktop\TEMP\AVSCAN-20100805-192152-5E162ECB\ARK6C.tmp'
      enthielt einen Virus oder unerwünschtes Programm 'HTML/Crypted.Gen' [virus].
      Durchgeführte Aktion(en):
      Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler 
      aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003.
      Die Datei konnte nicht gelöscht werden!
      Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '530b740d.qua' 
      verschoben!

05.08.2010 19:24 [Scanner] Malware gefunden
      Die Datei 'C:\Dokumente und Einstellungen\All 
      Users\Anwendungsdaten\Avira\AntiVir 
      Desktop\TEMP\AVSCAN-20100805-191607-1408B4AA\ARK69.tmp'
      enthielt einen Virus oder unerwünschtes Programm 'HTML/Crypted.Gen' [virus].
      Durchgeführte Aktion(en):
      Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler 
      aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003.
      Die Datei konnte nicht gelöscht werden!
      Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '67696193.qua' 
      verschoben!

05.08.2010 19:24 [Scanner] Malware gefunden
      Die Datei 'C:\Dokumente und Einstellungen\All 
      Users\Anwendungsdaten\Avira\AntiVir 
      Desktop\TEMP\AVSCAN-20100805-191607-1408B4AA\ARK6A.tmp'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Alureon.B' [trojan].
      Durchgeführte Aktion(en):
      Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler 
      aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003.
      Die Datei konnte nicht gelöscht werden!
      Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '530174a0.qua' 
      verschoben!

05.08.2010 19:21 [Scanner] Malware gefunden
      Die Datei 'C:\Dokumente und Einstellungen\All 
      Users\Anwendungsdaten\Avira\AntiVir 
      Desktop\TEMP\AVSCAN-20100805-185540-0D49EA86\ARK67.tmp'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Alureon.B' [trojan].
      Durchgeführte Aktion(en):
      Eine Sicherungskopie wurde unter dem Namen 53027833.qua erstellt ( QUARANTÄNE ).
      Die Datei konnte nicht gelöscht werden!
      Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
      Die Datei wurde gelöscht.

05.08.2010 19:21 [Scanner] Malware gefunden
      Die Datei 'C:\Dokumente und Einstellungen\All 
      Users\Anwendungsdaten\Avira\AntiVir 
      Desktop\TEMP\AVSCAN-20100805-185540-0D49EA86\ARK68.tmp'
      enthielt einen Virus oder unerwünschtes Programm 'HTML/Crypted.Gen' [virus].
      Durchgeführte Aktion(en):
      Eine Sicherungskopie wurde unter dem Namen 4b95579a.qua erstellt ( QUARANTÄNE ).
      Die Datei konnte nicht gelöscht werden!
      Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
      Die Datei wurde gelöscht.

05.08.2010 19:15 [Scanner] Malware gefunden
      Die Datei 'C:\Dokumente und Einstellungen\All 
      Users\Anwendungsdaten\Avira\AntiVir 
      Desktop\TEMP\AVSCAN-20100805-153356-F6F17780\ARK65.tmp'
      enthielt einen Virus oder unerwünschtes Programm 'HTML/Crypted.Gen' [virus].
      Durchgeführte Aktion(en):
      Eine Sicherungskopie wurde unter dem Namen 53017953.qua erstellt ( QUARANTÄNE ).
      Die Datei konnte nicht gelöscht werden!
      Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
      Die Datei wurde gelöscht.

05.08.2010 19:15 [Scanner] Malware gefunden
      Die Datei 'C:\Dokumente und Einstellungen\All 
      Users\Anwendungsdaten\Avira\AntiVir 
      Desktop\TEMP\AVSCAN-20100805-153356-F6F17780\ARK66.tmp'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Alureon.B' [trojan].
      Durchgeführte Aktion(en):
      Eine Sicherungskopie wurde unter dem Namen 4b9656f8.qua erstellt ( QUARANTÄNE ).
      Die Datei konnte nicht gelöscht werden!
      Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
      Die Datei wurde gelöscht.

05.08.2010 18:40 [Scanner] Malware gefunden
      Die Datei 'C:\Dokumente und Einstellungen\All 
      Users\Anwendungsdaten\Avira\AntiVir 
      Desktop\TEMP\AVSCAN-20100805-152258-6AA3184D\ARK64.tmp'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Alureon.B' [trojan].
      Durchgeführte Aktion(en):
      Eine Sicherungskopie wurde unter dem Namen 53a862f3.qua erstellt ( QUARANTÄNE ).
      Die Datei konnte nicht gelöscht werden!
      Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
      Die Datei wurde gelöscht.

05.08.2010 18:40 [Scanner] Malware gefunden
      Die Datei 'C:\Dokumente und Einstellungen\***\Lokale 
      Einstellungen\Verlauf\History.IE5\index.dat'
      enthielt einen Virus oder unerwünschtes Programm 'HTML/Crypted.Gen' [virus].
      Durchgeführte Aktion(en):
      Eine Sicherungskopie wurde unter dem Namen 4b244d20.qua erstellt ( QUARANTÄNE ).
      Die Datei konnte nicht gelöscht werden!
      Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
      Die Datei wurde gelöscht.

05.08.2010 15:33 [Scanner] Malware gefunden
      Die Datei 'C:\WINDOWS\system32\cmdexnt.dll'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Alureon.B' [trojan].
      Durchgeführte Aktion(en):
      Der Registrierungseintrag 
      <HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session 
      Manager\AppCertDlls\mnmskeys> wurde erfolgreich entfernt.
      Die Datei konnte nicht gelöscht werden!
      Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
      Die Datei wurde gelöscht.
      Der Registrierungseintrag 
      <HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session 
      Manager\AppCertDlls\mnmskeys> konnte nicht entfernt werden.

03.08.2010 00:16 [Guard] Malware gefunden
      In der Datei 'C:\Dokumente und Einstellungen\***\Lokale 
      Einstellungen\Temporary Internet Files\Content.IE5\STINKLM3\topbanner[1].htm'
      wurde ein Virus oder unerwünschtes Programm 'HTML/Infected.WebPage.Gen2' 
      [virus] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4395

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

05.08.2010 23:06:52
mbam-log-2010-08-05 (23-06-52).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 133608
Laufzeit: 8 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Code:

ATTFilter

Logfile of random's system information tool 1.08 (written by random/random)
Run by *** at 2010-08-06 09:04:58
Microsoft Windows XP Professional Service Pack 3
System drive C: has 11 GB (54%) free of 20 GB
Total RAM: 1023 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:05:05, on 06.08.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\LogMeIn Hamachi\hamachi-2.exe
E:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Avira\AntiVir Desktop\avshadow.exe
e:\Programme\CDBurnerXP\NMSAccessU.exe
C:\Programme\Intel\Wireless\Bin\OProtSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
e:\Programme\Tunngle\TnglCtrl.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Intel\Wireless\Bin\EOUWiz.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ATK0100\HControl.exe
E:\Programme\Java\jre6\bin\jusched.exe
E:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe
E:\Programme\VirtualCloneDrive\VCDDaemon.exe
E:\Programme\Klebezettel NG\klebez.exe
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe
E:\Programme\ObjectDock\ObjectDock.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Programme\iPod\bin\iPodService.exe
E:\Programme\TortoiseSVN\bin\TSVNCache.exe
C:\Dokumente und Einstellungen\***\Desktop\RSIT.exe
C:\Programme\trend micro\***.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Programme\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [VirtualCloneDrive] "e:\Programme\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKCU\..\Run: [Klebezettel NG] "E:\Programme\Klebezettel NG\klebez.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe
O4 - Startup: Stardock ObjectDock.lnk = E:\Programme\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubedownload.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - e:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - e:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B206E285-E3F6-4F83-92E6-EA6CD4557293}: NameServer = 192.168.111.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CVSNT Locking Service 2.5.03.2382 (cvslock) - Unknown owner - C:\Programme\CVSNT\cvslock.exe
O23 - Service: CVSNT Dispatch service 2.5.03.2382 (cvsnt) - March Hare Software Ltd - C:\Programme\CVSNT\cvsservice.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c98c77de87f53e) (gupdate1c98c77de87f53e) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Programme\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - e:\Programme\CDBurnerXP\NMSAccessU.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Programme\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TunngleService - Tunngle.net GmbH - e:\Programme\Tunngle\TnglCtrl.exe

--
End of file - 8386 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - E:\Programme\Java\jre6\bin\ssv.dll [2008-12-08 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - E:\Programme\Java\jre6\bin\jp2ssv.dll [2008-12-08 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - E:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-08 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"=C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe [2005-05-31 401408]
""= []
"IntelWireless"=C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe [2005-06-03 385024]
"EOUApp"=C:\Programme\Intel\Wireless\Bin\EOUWiz.exe [2005-05-31 356352]
"ATIPTA"=C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-30 344064]
"Verknüpfung mit der High Definition Audio-Eigenschaftenseite"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-03-14 16010752]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"HControl"=C:\WINDOWS\ATK0100\HControl.exe [2005-07-28 102400]
"SunJavaUpdateSched"=E:\Programme\Java\jre6\bin\jusched.exe [2008-12-08 136600]
"QuickTime Task"=C:\Programme\QuickTime\qttask.exe [2008-11-04 413696]
"iTunesHelper"=E:\Programme\iTunes\iTunesHelper.exe [2008-11-20 290088]
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"LogMeIn Hamachi Ui"=C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe [2010-03-30 1820040]
"VirtualCloneDrive"=e:\Programme\VirtualCloneDrive\VCDDaemon.exe [2009-06-17 85160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Klebezettel NG"=E:\Programme\Klebezettel NG\klebez.exe [2010-05-27 4907520]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart
Dropbox.lnk - C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe
Stardock ObjectDock.lnk - E:\Programme\ObjectDock\ObjectDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-30 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
C:\Programme\Intel\Wireless\Bin\LgNotify.dll [2005-05-31 110592]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
setuid

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Programme\mIRC\mirc.exe"="E:\Programme\mIRC\mirc.exe:*:Enabled:mIRC"
"E:\Programme\ICQ6.5\ICQ.exe"="E:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"E:\Programme\iTunes\iTunes.exe"="E:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Programme\DNA\btdna.exe"="C:\Programme\DNA\btdna.exe:*:Enabled:DNA"
"E:\Programme\BitTorrent\bittorrent.exe"="E:\Programme\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"E:\Programme\Klebezettel NG\klebez.exe"="E:\Programme\Klebezettel NG\klebez.exe:*:Enabled:Elektronische Haftnotizen für Windows"
"E:\Programme\QIP\qip.exe"="E:\Programme\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"E:\Programme\NetDraft\idraft.exe"="E:\Programme\NetDraft\idraft.exe:*:Enabled:idraft"
"E:\Programme\Hamachi\hamachi.exe"="E:\Programme\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"E:\Programme\Spiele\Worms\wa.exe"="E:\Programme\Spiele\Worms\wa.exe:*:Enabled:Worms Armageddon"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\Programme\Spiele\CoD4\iw3mp.exe"="E:\Programme\Spiele\CoD4\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe"="C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"
"E:\Programme\Skype\Plugin Manager\skypePM.exe"="E:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"E:\Programme\nd2.002\NetDraft 2.002.exe"="E:\Programme\nd2.002\NetDraft 2.002.exe:*:Enabled:NetDraft 2.002"
"E:\Programme\Spiele\BGII - SvA\BGMain.exe"="E:\Programme\Spiele\BGII - SvA\BGMain.exe:*:Enabled:Baldur's Gate II - Shadows of Amn"
"e:\Programme\Tunngle\tnglctrl.exe"="e:\Programme\Tunngle\tnglctrl.exe:*:Enabled:Tunngle Service"
"e:\Programme\Tunngle\tunngle.exe"="e:\Programme\Tunngle\tunngle.exe:*:Enabled:Tunngle Client"
"E:\Programme\Spiele\nd2.002\NetDraft 2.002.exe"="E:\Programme\Spiele\nd2.002\NetDraft 2.002.exe:*:Enabled:NetDraft 2.002"
"E:\Programme\Skype\Phone\Skype.exe"="E:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-08-06 09:04:58 ----D---- C:\rsit
2010-08-06 09:04:58 ----D---- C:\Programme\trend micro
2010-08-05 22:56:39 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
2010-08-05 22:55:16 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-08-05 22:55:13 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-08-05 22:55:12 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-08-02 19:18:04 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Blizzard Entertainment
2010-07-30 11:59:37 ----D---- C:\Programme\SystemRequirementsLab
2010-07-11 10:56:18 ----D---- C:\WINDOWS\system32\NtmsData
2010-07-11 10:55:32 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Avira
2010-07-11 10:52:24 ----D---- C:\WINDOWS\SxsCaPendDel
2010-07-09 19:40:48 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers
2010-07-09 19:40:35 ----D---- C:\Programme\Gemeinsame Dateien\DVDVideoSoft
2010-07-08 22:47:46 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Foxit Software

======List of files/folders modified in the last 1 months======

2010-08-06 09:05:01 ----D---- C:\WINDOWS\Prefetch
2010-08-06 09:04:58 ----RD---- C:\Programme
2010-08-06 08:54:55 ----D---- C:\WINDOWS\Minidump
2010-08-06 08:54:55 ----D---- C:\WINDOWS\Debug
2010-08-06 08:54:55 ----D---- C:\WINDOWS
2010-08-06 08:04:01 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-08-06 07:43:21 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox
2010-08-06 07:42:56 ----D---- C:\WINDOWS\Temp
2010-08-06 07:42:46 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-05 22:55:16 ----D---- C:\WINDOWS\system32\drivers
2010-08-05 22:32:50 ----D---- C:\WINDOWS\Registration
2010-08-05 15:33:47 ----D---- C:\WINDOWS\system32
2010-08-03 23:06:40 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\mIRC
2010-08-02 19:56:03 ----D---- C:\Programme\Gemeinsame Dateien\Blizzard Entertainment
2010-08-02 16:41:48 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Tunngle
2010-08-02 16:41:44 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Skype
2010-08-02 16:06:38 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\skypePM
2010-08-02 15:24:41 ----HD---- C:\WINDOWS\inf
2010-08-02 14:56:28 ----SH---- C:\boot.ini
2010-08-02 14:56:28 ----A---- C:\WINDOWS\win.ini
2010-08-02 14:56:28 ----A---- C:\WINDOWS\system.ini
2010-07-30 11:59:40 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-07-30 11:59:38 ----SHD---- C:\WINDOWS\Installer
2010-07-28 02:22:36 ----D---- C:\WINDOWS\security
2010-07-27 23:03:44 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Winamp
2010-07-27 20:52:08 ----D---- C:\Programme\Windows Media Player
2010-07-27 20:52:06 ----D---- C:\WINDOWS\RegisteredPackages
2010-07-27 20:52:00 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-23 12:26:33 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\KlebezettelNG
2010-07-18 17:33:37 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-07-11 10:56:18 ----D---- C:\WINDOWS\repair
2010-07-11 10:53:45 ----D---- C:\Programme\Zylom Games
2010-07-11 10:52:24 ----D---- C:\Programme\Gemeinsame Dateien
2010-07-11 10:52:24 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX
2010-07-11 10:51:27 ----D---- C:\Programme\DivX
2010-07-11 10:39:05 ----D---- C:\WINDOWS\WinSxS
2010-07-09 19:59:28 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\dvdcss
2010-07-09 19:58:54 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DivX

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;OHCI-konformer IEEE 1394-Hostcontroller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-08-02 445936]
R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-12-18 26024]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-11-23 17801]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 irda;IrDA-Protokoll; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R2 s24trans;WLAN-Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-05-03 11354]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-30 1333760]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-03-16 4249088]
R3 irsir;Microsoft serieller Infrarottreiber; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; C:\WINDOWS\system32\DRIVERS\iwca.sys [2004-08-12 234496]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2005-02-18 5632]
R3 Rasirda;WAN-Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\WINDOWS\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2009-08-09 29696]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Netzwerkverbindungstreiber für Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2005-04-30 3281408]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\yukonwxp.sys [2004-06-03 142464]
S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 HdAudAddService;Microsoft UAA-Funktionstreiber für den High Definition Audio-Dienst; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
S3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 sffdisk;SFF-Speicherklassentreiber; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-14 11904]
S3 sffp_sd;SFF-Speicherprotokolltreiber für SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-14 11008]
S3 SONYPVU1;Sony USB-Filtertreiber (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-09-28 7168]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-30 376832]
R2 EvtEng;EvtEng; C:\Programme\Intel\Wireless\Bin\EvtEng.exe [2005-06-03 86016]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Programme\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
R2 Irmon;Infrarotüberwachung; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; E:\Programme\Java\jre6\bin\jqs.exe [2008-12-08 152984]
R2 NMSAccessU;NMSAccessU; e:\Programme\CDBurnerXP\NMSAccessU.exe [2009-09-06 71096]
R2 OwnershipProtocol;OwnershipProtocol; C:\Programme\Intel\Wireless\Bin\OProtSvc.exe [2005-05-31 98304]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-06-16 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-06-16 189640]
R2 RegSrvc;RegSrvc; C:\Programme\Intel\Wireless\Bin\RegSrvc.exe [2005-06-03 139264]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Programme\Intel\Wireless\Bin\S24EvMon.exe [2005-06-03 372809]
R2 TunngleService;TunngleService; e:\Programme\Tunngle\TnglCtrl.exe [2010-07-06 716024]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 gupdate1c98c77de87f53e;Google Update Service (gupdate1c98c77de87f53e); C:\Programme\Google\Update\GoogleUpdate.exe [2009-02-11 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 cvslock;CVSNT Locking Service 2.5.03.2382; C:\Programme\CVSNT\cvslock.exe [2006-07-05 58368]
S3 cvsnt;CVSNT Dispatch service 2.5.03.2382; C:\Programme\CVSNT\cvsservice.exe [2006-07-05 37888]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

-----------------EOF-----------------

Code:

ATTFilter

info.txt logfile of random's system information tool 1.08 2010-08-06 09:05:07

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Aspell German Dictionary-0.50-2-->e:\Programme\Aspell\unins001.exe
ATI - Dienstprogramm zur Deinstallation der Software-->C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Systemsteuerung-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" 
ATK0100 ACPI UTILITY-->C:\WINDOWS\ATK0100\XPunin.exe
Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE
Baldur's Gate(TM) II - Schatten von Amn(TM)-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5E30BDEB-9307-11D4-9AE0-006067325E47}\setup.exe" 
Battle for Wesnoth 1.4.7-->"E:\Programme\Spiele\Wesnoth 1.4.7\Wesnoth 1.4.7\unins000.exe"
Battle.net-->C:\WINDOWS\bnetunin.exe
BrettspielWelt-->"E:\Programme\Spiele\BrettspielWelt\uninstall.exe"
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch-->C:\Programme\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch-->C:\Programme\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Programme\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0407
CCleaner-->"e:\Programme\CCleaner\uninst.exe"
CDBurnerXP-->"e:\Programme\CDBurnerXP\unins000.exe"
Civilization II Multiplayer-->C:\WINDOWS\IsUn0407.exe -fe:\programme\spiele\Civilization2\Uninst.isu
Counter-Strike: Source-->e:\Programme\Spiele\Counter-Strike Source\Uninst.exe
CVSNT 2.5.03.2382-->MsiExec.exe /I{7C480BB2-42A9-40C6-AA5F-7AA20FC7C7F3}
Dethkarz-->C:\WINDOWS\IsUninst.exe -fe:\programme\spiele\deathkarz\Uninst.isu
Diablo-->C:\WINDOWS\diabunin.exe
DVD Shrink 3.2 deutsch (DeCSS-frei)-->"e:\Programme\DVD Shrink DE\unins000.exe"
Dyson v1.20-->"E:\Programme\Spiele\Dyson\unins000.exe"
ElsterFormular-->E:\Dokumente\Wichtig\steuer_2009\uninstall.exe
Foxit Reader-->E:\Programme\Foxit Reader\Uninstall.exe
Free YouTube Download 2.8-->"E:\Programme\Free YouTube Download\unins000.exe"
FreeCommander 2008.06c-->"e:\Programme\FreeCommander\unins000.exe"
Geany 0.18-->e:\Programme\Geany\uninst.exe
GIMP 2.6.5-->"e:\Programme\GIMP_2.0\setup\unins000.exe"
GNU Aspell 0.50-3-->e:\Programme\Aspell\unins000.exe
GnuWin32: Wget-1.11.4-1-->"e:\Programme\GnuWin32\uninstall\unins000.exe"
Google App Engine-->MsiExec.exe /X{AE010208-007D-11DD-A3C1-001636EEECBD}
Google Earth-->MsiExec.exe /X{F7B0939E-58DF-11DF-B3A6-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Heroes of Might & Magic V: Hammers of Fate-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{66FF4C48-0083-4E60-8556-B883AB200091}\setup.exe" -l0x7 
Heroes of Might and Magic V-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{20071984-5EB1-4881-8EDB-082532ACEC6D}\setup.exe" -l0x7 
High Definition Audio - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Icewind Dale - Herz des Winters-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{433BF933-81D6-4646-A318-3DE5DB6108F2}\Setup.exe" -uninstall
Icewind Dale-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{433BF933-81D6-4646-A318-3DE5DB6108F2}\Setup.exe" -uninstall
ICQ6.5-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
IrfanView (remove only)-->e:\Programme\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java DB 10.4.1.3-->MsiExec.exe /X{998D6972-F58E-479D-9248-8F179E55AE38}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) SE Development Kit 6 Update 11-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160110}
jSpin - Version 4.5.1-->"e:\Programm\jspin\unins000.exe"
Klebezettel NG (Version 2.9.7)-->"e:\Programme\Klebezettel NG\unins000.exe"
LogMeIn Hamachi-->C:\WINDOWS\system32\\msiexec.exe /i {8A74DEFD-A224-49CC-AB80-4E88BC730125} REMOVE=ALL
LogMeIn Hamachi-->MsiExec.exe /I{8A74DEFD-A224-49CC-AB80-4E88BC730125}
Magic Online III-->C:\Programme\InstallShield Installation Information\{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}\setup.exe -runfromtemp -l0x0009 -removeonly
Magic Workstation 0.94f-->"e:\Programme\Magic Workstation\unins000.exe"
Malwarebytes' Anti-Malware-->"e:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDriver-->MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mEoU.msi-->MsiExec.exe /I{B502B428-3386-40A9-98DB-079AAB72E64F}
mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
MiKTeX 2.7-->"e:\Programme\MiKTeX 2.7\miktex\bin\copystart_admin.exe" "e:\Programme\MiKTeX 2.7\miktex\config\uninstall.dat"
mingw-->"e:\Programme\mingw\unins000.exe"
mIRC-->e:\Programme\mIRC\uninstall.exe _?=e:\Programme\mIRC
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA-->MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.6.8)-->E:\Programme\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.24)-->E:\Programme\Mozilla Thunderbird\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MTG GamePack for Magic Workstation-->"e:\Programme\Magic Workstation\unins001.exe"
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
MySQL Server 5.0-->MsiExec.exe /I{406AD3D7-F5BB-49C1-A280-6BCB5F6BC099}
MySQL Tools for 5.0-->MsiExec.exe /I{F70C2B4F-B6BF-4BB0-B67A-7ECD589181C5}
mZConfig-->MsiExec.exe /I{7CD7A451-7224-49C8-95EF-9A1859C66607}
NAVIGON Fresh 2.0.2-->e:\Programme\NAVIGON\NAVIGON Fresh\uninst.exe
NeOnToolkit 1.2.2-->e:\Programme\NeOnToolkit\Uninstall.exe
NetBeans IDE 6.5-->"E:\Programme\NetBeans 6.5\uninstall.exe"
Notepad++-->e:\Programme\Notepad++\uninstall.exe
ObjectDock-->E:\PROGRA~1\OBJECT~1\UNWISE.EXE E:\PROGRA~1\OBJECT~1\INSTALL.LOG
OpenOffice.org 3.0-->MsiExec.exe /I{04B45310-A5FE-4425-BFCA-1A6D8920DE74}
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
Python 2.5 pywin32-212-->"E:\Python25\Removepywin32.exe" -u "E:\Python25\pywin32-wininst.log"
Python 2.5 setuptools-0.6c9-->"E:\Python25\Removesetuptools.exe" -u "E:\Python25\setuptools-wininst.log"
Python 2.5.4-->MsiExec.exe /I{2E0DFC24-7C4B-4DCF-BCC7-81C513BED3BC}
Python 2.6.2-->MsiExec.exe /I{24AAB420-4E30-4496-9739-3E216F3DE6AE}
QIP 2005 8080-->"e:\Programme\QIP\unins000.exe"
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Race for the Galaxy 0.6.1-->"e:\Programme\Spiele\rftg\unins000.exe"
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7  -removeonly
Seven Kingdoms-->C:\WINDOWS\IsUn0407.exe -fe:\programme\spiele\7kingdoms\Uninst.isu
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
StarCraft II-->C:\Programme\Gemeinsame Dateien\Blizzard Entertainment\StarCraft II\Uninstall.exe
SWI-Prolog (remove only)-->"e:\Programme\pl\uninstall.exe"
System Requirements Lab-->MsiExec.exe /I{9E1BAB75-EB78-440D-94C0-A3857BE2E733}
TeamSpeak 2 RC2-->e:\Programme\Teamspeak2_RC2\unins000.exe
TeXnicCenter Version 1.0 Stable RC1-->"e:\Programme\TeXnicCenter\unins000.exe"
TheLastRipper 1.4-->e:\Programme\TheLastRipper\uninst.exe
TortoiseCVS 1.10.10-->"e:\Programme\TortoiseCVS\unins000.exe"
TortoiseSVN 1.5.5.14361 (32 bit)-->MsiExec.exe /X{49389932-51FA-4D26-8B4F-CE86B24302C2}
Tunngle beta-->"e:\Programme\Tunngle\unins000.exe"
Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"
VirtualCloneDrive-->"e:\Programme\VirtualCloneDrive\vcd-uninst.exe" /D="e:\Programme\VirtualCloneDrive"
VLC media player 0.9.9-->e:\Programme\VLC\uninstall.exe
Warcraft III-->C:\Programme\Gemeinsame Dateien\Blizzard Entertainment\Warcraft III\Uninstall.exe
Weka 3.6.0-->e:\Programme\Weka-3-6\uninstall.exe
Winamp-->"e:\Programme\Winamp\UninstWA.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR-->e:\Programme\WinRAR\uninstall.exe
WinSCP 4.1.7-->"e:\Programme\WinSCP\unins000.exe"
Worms Armageddon-->C:\WINDOWS\IsUn0407.exe -fe:\programme\spiele\Worms\Uninst.isu

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: STRAGIC
Event Code: 10005
Message: Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "BITS" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{4991D34B-80A1-4291-83B6-3328366B9097}

Record Number: 77853
Source Name: DCOM
Time Written: 20100716130902.000000+120
Event Type: Fehler
User: STRAGIC\***

Computer Name: STRAGIC
Event Code: 10005
Message: Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "BITS" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{4991D34B-80A1-4291-83B6-3328366B9097}

Record Number: 77852
Source Name: DCOM
Time Written: 20100716130902.000000+120
Event Type: Fehler
User: STRAGIC\***

Computer Name: STRAGIC
Event Code: 17
Message: avgntflt.sys version 10.0.2.2 successfully loaded

Record Number: 77851
Source Name: avgntflt
Time Written: 20100716130900.000000+120
Event Type: Informationen
User: 

Computer Name: STRAGIC
Event Code: 83
Message: Port A is down 

Record Number: 77850
Source Name: yukonwxp
Time Written: 20100716130900.000000+120
Event Type: Informationen
User: 

Computer Name: STRAGIC
Event Code: 17
Message: 
Record Number: 77849
Source Name: avipbb
Time Written: 20100716130900.000000+120
Event Type: Informationen
User: 

=====Application event log=====

Computer Name: STRAGIC
Event Code: 1
Message: 
Record Number: 10082
Source Name: Bonjour Service
Time Written: 20100318110722.000000+060
Event Type: Informationen
User: 

Computer Name: STRAGIC
Event Code: 0
Message: 
Record Number: 10081
Source Name: gupdate1c98c77de87f53e
Time Written: 20100318110722.000000+060
Event Type: Informationen
User: 

Computer Name: STRAGIC
Event Code: 2002
Message: 
Record Number: 10080
Source Name: EAPOL
Time Written: 20100318110720.000000+060
Event Type: Informationen
User: 

Computer Name: STRAGIC
Event Code: 2003
Message: 
Record Number: 10079
Source Name: EAPOL
Time Written: 20100318110720.000000+060
Event Type: Informationen
User: 

Computer Name: STRAGIC
Event Code: 0
Message: 
Record Number: 10078
Source Name: EvtEng
Time Written: 20100318110710.000000+060
Event Type: Informationen
User: 

======Environment variables======

"CATALINA_HOME"=E:\Programme\apache-tomcat-5.5.27
"CLASSPATH"=.;E:\Programme\Java\jre6\lib\ext\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"INPUTRC"=E:\Programme\ruby\bin\inputrc.euro
"JAVA_HOME"=E:\Programme\Java\JDK6
"JOSEKIROOT"=E:\Programme\Joseki-3.2
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=e:\Programme\MiKTeX 2.7\miktex\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\ATI Technologies\ATI Control Panel;E:\Programme\TortoiseSVN\bin;;C:\Programme\QuickTime\QTSystem\;C:\Programme\Gemeinsame Dateien\Acronis\SnapAPI\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0d08
"QTJAVA"=E:\Programme\Java\jre6\lib\ext\QTJava.zip
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%

-----------------EOF-----------------

cosinus · 06.08.2010, 13:37

Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. (Du hast nur einen Quickscan gemacht)
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Syras · 06.08.2010, 22:26

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4399

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

06.08.2010 18:44:21
mbam-log-2010-08-06 (18-44-21).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Durchsuchte Objekte: 380890
Laufzeit: 1 Stunde(n), 38 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

[code]
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 06.08.2010 23:20:40 - Run 2
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 430,00 Mb Available Physical Memory | 42,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 19,53 Gb Total Space | 10,45 Gb Free Space | 53,52% Space Free | Partition Type: NTFS
Drive D: | 4,09 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 129,51 Gb Total Space | 18,39 Gb Free Space | 14,20% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: STRAGIC
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools)
PRC - e:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
PRC - E:\Programme\Notepad++\notepad++.exe (Don HO don.h@free.fr)
PRC - E:\Programme\Klebezettel NG\klebez.exe (Hollie-Soft)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - e:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - E:\Programme\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - E:\Programme\TortoiseSVN\bin\TSVNCache.exe (hxxp://tortoisesvn.net)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - E:\Programme\ObjectDock\ObjectDock.exe (Stardock)
PRC - C:\WINDOWS\ATK0100\HControl.exe ()
PRC - C:\WINDOWS\ATK0100\ATKOSD.exe ()
PRC - C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Programme\Intel\Wireless\Bin\1XConfig.exe (Intel)
PRC - C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Programme\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation)
PRC - C:\Programme\Intel\Wireless\Bin\OProtSvc.exe (Intel Corporation)
PRC - C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\DropboxExt.13.dll (Dropbox, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll (Microsoft Corporation)
MOD - C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\msvcp71.dll (Microsoft Corporation)
MOD - e:\Programme\TortoiseCVS\TortoiseShell.dll (www.tortoisecvs.org)
MOD - E:\Programme\TortoiseSVN\bin\TortoiseSVN.dll (hxxp://tortoisesvn.net)
MOD - E:\Programme\TortoiseSVN\bin\TortoiseStub.dll (hxxp://tortoisesvn.net)
MOD - E:\Programme\TortoiseSVN\bin\libaprutil_tsvn.dll (Apache Software Foundation)
MOD - E:\Programme\TortoiseSVN\bin\libapr_tsvn.dll (Apache Software Foundation)
MOD - E:\Programme\TortoiseSVN\bin\intl3_tsvn.dll (Free Software Foundation)
MOD - C:\WINDOWS\system32\shfolder.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\dbghelp.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\GdiPlus.dll (Microsoft Corporation)
MOD - C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\msvcr71.dll (Microsoft Corporation)
MOD - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
MOD - E:\Programme\ObjectDock\DockShellHook.dll ()
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (cvsolw) -- C:\WINDOWS\System32\tdhgfdfi.dll File not found
SRV - (TunngleService) -- e:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Hamachi2Svc) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (NMSAccessU) -- e:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (cvslock) -- C:\Programme\CVSNT\cvslock.exe ()
SRV - (cvsnt) -- C:\Programme\CVSNT\cvsservice.exe (March Hare Software Ltd)
SRV - (S24EventMonitor) -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (EvtEng) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (OwnershipProtocol) -- C:\Programme\Intel\Wireless\Bin\OProtSvc.exe (Intel Corporation)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\WINDOWS\system32\drivers\tap0901t.sys (Tunngle.net)
DRV - (VClone) -- C:\WINDOWS\system32\drivers\VClone.sys (Elaborate Bytes AG)
DRV - (PnkBstrK) -- C:\WINDOWS\system32\drivers\PnkBstrK.sys ()
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys ()
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider)
DRV - (IWCA) -- C:\WINDOWS\system32\drivers\iwca.sys (Intel Corporation)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yukonwxp.sys (Marvell Semiconductor Inc.)
DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: E:\Programme\Mozilla Firefox\components [2010.07.27 20:52:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: E:\Programme\Mozilla Firefox\plugins [2010.07.24 12:08:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: E:\Programme\Mozilla Thunderbird\components [2010.07.11 10:53:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: E:\Programme\Mozilla Thunderbird\plugins [2010.05.05 12:24:06 | 000,000,000 | ---D | M]
 
[2008.11.26 22:26:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2010.08.06 08:47:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\3qa6mhcz.default\extensions
[2010.07.09 19:40:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\3qa6mhcz.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.05.30 11:03:13 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\3qa6mhcz.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009.06.16 13:04:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\3qa6mhcz.default\extensions\battlefieldheroespatcher@ea.com
[2010.05.07 10:41:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\3qa6mhcz.default\extensions\firebug@software.joehewitt.com
 
O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EOUApp] C:\Programme\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation)
O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [VirtualCloneDrive] e:\Programme\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [Klebezettel NG] E:\Programme\Klebezettel NG\klebez.exe (Hollie-Soft)
O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Stardock ObjectDock.lnk = E:\Programme\ObjectDock\ObjectDock.exe (Stardock)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - e:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - e:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O15 - HKCU\..Trusted Domains: uibk.ac.at ([semiramisas01] https in Trusted sites)
O15 - HKCU\..Trusted Domains: uibk.ac.at ([semiramisas99] https in Trusted sites)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Programme\Intel\Wireless\Bin\LgNotify.dll - C:\Programme\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (setuid) - C:\WINDOWS\System32\setuid.dll (March-Hare Software Ltd)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.11.22 21:15:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007.09.21 11:39:50 | 000,000,047 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2008.07.23 11:12:23 | 000,000,000 | R--D | M] - D:\Autorun -- [ UDF ]
O32 - AutoRun File - [2007.09.21 11:39:49 | 000,582,656 | R--- | M] (Nival Interactive) - D:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2007.09.21 11:39:49 | 000,302,430 | R--- | M] () - D:\AutoRun.ico -- [ UDF ]
O33 - MountPoints2\{75144622-b8c6-11dd-b89a-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{75144622-b8c6-11dd-b89a-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{75144622-b8c6-11dd-b89a-806d6172696f}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2007.09.21 11:39:49 | 000,582,656 | R--- | M] (Nival Interactive)
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2007.09.21 11:39:49 | 000,582,656 | R--- | M] (Nival Interactive)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.06 16:17:00 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2010.08.06 09:04:58 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2010.08.06 09:04:58 | 000,000,000 | ---D | C] -- C:\rsit
[2010.08.06 08:54:54 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent
[2010.08.05 22:56:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
[2010.08.05 22:55:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.08.05 22:55:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.08.05 22:55:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.08.02 19:18:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\StarCraft II
[2010.08.02 19:18:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Blizzard Entertainment
[2010.07.30 11:59:37 | 000,000,000 | ---D | C] -- C:\Programme\SystemRequirementsLab
[2010.07.11 10:56:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010.07.11 10:55:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Avira
[2010.07.11 10:52:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010.07.09 19:40:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers
[2010.07.09 19:40:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\DVDVideoSoft
[2010.07.09 19:40:35 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\DVDVideoSoft
[2010.07.08 22:47:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Foxit Software
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.06 23:04:25 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.06 20:04:00 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.06 16:17:03 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2010.08.06 09:04:15 | 000,339,991 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\RSIT.exe
[2010.08.06 08:53:24 | 005,505,024 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT
[2010.08.06 07:42:46 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.08.06 07:42:18 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.08.06 07:42:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.08.05 23:07:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Access.dat
[2010.08.05 23:07:42 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini
[2010.08.05 20:17:10 | 000,096,256 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.03 18:54:18 | 000,000,595 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Notepad++.lnk
[2010.08.02 15:14:55 | 000,445,936 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010.08.02 14:56:28 | 000,000,716 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.08.02 14:56:28 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.08.02 14:56:28 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010.08.02 10:54:05 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.07.29 18:21:19 | 000,000,906 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\DVDVideoSoft Free Studio.lnk
[2010.07.27 20:51:49 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010.07.18 23:45:49 | 001,045,584 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.07.16 19:37:30 | 000,000,868 | ---- | M] () -- C:\Dokumente und Einstellungen\***\.recently-used.xbel
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.06 09:04:15 | 000,339,991 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\RSIT.exe
[2010.08.03 18:54:18 | 000,000,595 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Notepad++.lnk
[2010.07.29 18:21:19 | 000,000,906 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\DVDVideoSoft Free Studio.lnk
[2010.07.16 19:37:30 | 000,000,868 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.recently-used.xbel
[2009.12.15 18:38:43 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009.08.27 20:50:24 | 000,000,280 | ---- | C] () -- C:\WINDOWS\game.ini
[2009.06.18 18:49:07 | 000,000,122 | ---- | C] () -- C:\WINDOWS\wa.INI
[2009.06.16 13:14:16 | 000,138,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.06.03 23:33:56 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
[2009.06.03 23:33:56 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
[2009.05.28 16:15:14 | 000,445,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.04.05 17:38:50 | 000,000,083 | ---- | C] () -- C:\WINDOWS\CIV.INI
[2008.11.23 23:11:29 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008.11.23 22:31:25 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2008.11.23 18:09:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
< End of report >

--- --- ---

[code]
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 06.08.2010 23:20:40 - Run 2
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 430,00 Mb Available Physical Memory | 42,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 19,53 Gb Total Space | 10,45 Gb Free Space | 53,52% Space Free | Partition Type: NTFS
Drive D: | 4,09 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 129,51 Gb Total Space | 18,39 Gb Free Space | 14,20% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: STRAGIC
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- 
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "E:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "E:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "e:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "e:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8164:TCP" = 8164:TCP:*:Enabled:evcfsqhe
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Programme\mIRC\mirc.exe" = E:\Programme\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"E:\Programme\ICQ6.5\ICQ.exe" = E:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"E:\Programme\iTunes\iTunes.exe" = E:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\DNA\btdna.exe" = C:\Programme\DNA\btdna.exe:*:Enabled:DNA -- File not found
"E:\Programme\BitTorrent\bittorrent.exe" = E:\Programme\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"E:\Programme\Klebezettel NG\klebez.exe" = E:\Programme\Klebezettel NG\klebez.exe:*:Enabled:Elektronische Haftnotizen für Windows -- (Hollie-Soft)
"E:\Programme\QIP\qip.exe" = E:\Programme\QIP\qip.exe:*:Enabled:Quiet Internet Pager -- (The Author of QIP)
"E:\Programme\NetDraft\idraft.exe" = E:\Programme\NetDraft\idraft.exe:*:Enabled:idraft -- ()
"E:\Programme\Hamachi\hamachi.exe" = E:\Programme\Hamachi\hamachi.exe:*:Enabled:Hamachi Client -- File not found
"E:\Programme\Spiele\Worms\wa.exe" = E:\Programme\Spiele\Worms\wa.exe:*:Enabled:Worms Armageddon -- (Team17 Software Ltd)
"E:\Programme\Spiele\CoD4\iw3mp.exe" = E:\Programme\Spiele\CoD4\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)  -- ()
"C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()
"E:\Programme\nd2.002\NetDraft 2.002.exe" = E:\Programme\nd2.002\NetDraft 2.002.exe:*:Enabled:NetDraft 2.002 -- File not found
"E:\Programme\Spiele\BGII - SvA\BGMain.exe" = E:\Programme\Spiele\BGII - SvA\BGMain.exe:*:Enabled:Baldur's Gate II - Shadows of Amn -- (BioWare Corp.)
"e:\Programme\Tunngle\tnglctrl.exe" = e:\Programme\Tunngle\tnglctrl.exe:*:Enabled:Tunngle Service -- (Tunngle.net GmbH)
"e:\Programme\Tunngle\tunngle.exe" = e:\Programme\Tunngle\tunngle.exe:*:Enabled:Tunngle Client -- (Tunngle.net GmbH)
"E:\Programme\Spiele\nd2.002\NetDraft 2.002.exe" = E:\Programme\Spiele\nd2.002\NetDraft 2.002.exe:*:Enabled:NetDraft 2.002 -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Systemsteuerung
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24aab420-4e30-4496-9739-3e216f3de6ae}" = Python 2.6.2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
"{2E0DFC24-7C4B-4DCF-BCC7-81C513BED3BC}" = Python 2.5.4
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{32A3A4F4-B792-11D6-A78A-00B0D0160110}" = Java(TM) SE Development Kit 6 Update 11
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{406AD3D7-F5BB-49C1-A280-6BCB5F6BC099}" = MySQL Server 5.0
"{433BF933-81D6-4646-A318-3DE5DB6108F2}" = Icewind Dale - Herz des Winters
"{49389932-51FA-4D26-8B4F-CE86B24302C2}" = TortoiseSVN 1.5.5.14361 (32 bit)
"{4F81901F-3655-4340-8227-F687F69A3C79}}_is1" = Klebezettel NG (Version 2.9.7)
"{5E30BDEB-9307-11D4-9AE0-006067325E47}" = Baldur's Gate(TM) II - Schatten von Amn(TM)
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{66FF4C48-0083-4E60-8556-B883AB200091}" = Heroes of Might & Magic V: Hammers of Fate
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7C480BB2-42A9-40C6-AA5F-7AA20FC7C7F3}" = CVSNT 2.5.03.2382
"{7CD7A451-7224-49C8-95EF-9A1859C66607}" = mZConfig
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AE010208-007D-11DD-A3C1-001636EEECBD}" = Google App Engine
"{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online III
"{B502B428-3386-40A9-98DB-079AAB72E64F}" = mEoU.msi
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F70C2B4F-B6BF-4BB0-B67A-7ECD589181C5}" = MySQL Tools for 5.0
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"Aspell German Dictionary_is1" = Aspell German Dictionary-0.50-2
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Battle for Wesnoth_is1" = Battle for Wesnoth 1.4.7
"Battle.net" = Battle.net
"BSW" = BrettspielWelt
"CCleaner" = CCleaner
"Civilization II Multiplayer" = Civilization II Multiplayer
"Counter-Strike: Source" = Counter-Strike: Source
"Dethkarz" = Dethkarz
"Diablo" = Diablo
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"Dyson_is1" = Dyson v1.20
"ElsterFormular 11.4.1.4323" = ElsterFormular
"Foxit Reader" = Foxit Reader
"Free YouTube Download_is1" = Free YouTube Download 2.8
"FreeCommander_is1" = FreeCommander 2008.06c
"Geany" = Geany 0.18
"GNU Aspell_is1" = GNU Aspell 0.50-3
"HControl" = ATK0100 ACPI UTILITY
"Icewind Dale" = Icewind Dale
"ie8" = Windows Internet Explorer 8
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"IrfanView" = IrfanView (remove only)
"jSpin - Spin Development Environment_is1" = jSpin - Version 4.5.1
"LogMeIn Hamachi" = LogMeIn Hamachi
"Magic Workstation_is1" = Magic Workstation 0.94f
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"MiKTeX 2.7" = MiKTeX 2.7
"MINGW_is1" = mingw
"mIRC" = mIRC
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MTG GamePack for Magic Workstation_is1" = MTG GamePack for Magic Workstation
"NAVIGON Fresh" = NAVIGON Fresh 2.0.2
"nbi-nb-base-6.5.0.0.200811100001" = NetBeans IDE 6.5
"NeOnToolkit 1.2.2" = NeOnToolkit 1.2.2
"Notepad++" = Notepad++
"ObjectDock" = ObjectDock
"ProInst" = Intel(R) PROSet/Wireless Software
"PunkBusterSvc" = PunkBuster Services
"pywin32-py2.5" = Python 2.5 pywin32-212
"QIP 2005_is1" = QIP 2005 8080
"Race for the Galaxy_is1" = Race for the Galaxy 0.6.1
"setuptools-py2.5" = Python 2.5 setuptools-0.6c9
"Seven Kingdoms" = Seven Kingdoms
"StarCraft II" = StarCraft II
"SWI-Prolog" = SWI-Prolog (remove only)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"TheLastRipper" = TheLastRipper 1.4
"TortoiseCVS_is1" = TortoiseCVS 1.10.10
"Tunngle beta_is1" = Tunngle beta
"Uninstall_is1" = Uninstall 1.0.0.1
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 0.9.9
"Warcraft III" = Warcraft III
"Weka 3.6.0" = Weka 3.6.0
"Wget-1.11.4-1_is1" = GnuWin32: Wget-1.11.4-1
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.5
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.1.7
"Worms Armageddon" = Worms Armageddon
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AddressBook" = AddressBook
"BitTorrent DNA" = DNA
"Dropbox" = Dropbox
"KeY 1.4" = KeY 1.4
"Laeqed" = Laeqed
"OnlineCodex WHFB" = OnlineCodex WHFB
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 02.08.2010 08:54:29 | Computer Name = STRAGIC | Source = Google Update | ID = 20
Description = 
 
Error - 04.08.2010 07:31:52 | Computer Name = STRAGIC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung SC2.exe, Version 1.0.1.16195, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 04.08.2010 07:32:13 | Computer Name = STRAGIC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung SC2.exe, Version 1.0.1.16195, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 06.08.2010 02:57:43 | Computer Name = STRAGIC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung CCleaner.exe, Version 2.34.0.1200, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 06.08.2010 12:04:29 | Computer Name = STRAGIC | Source = Google Update | ID = 20
Description = 
 
Error - 06.08.2010 13:04:26 | Computer Name = STRAGIC | Source = Google Update | ID = 20
Description = 
 
Error - 06.08.2010 14:04:27 | Computer Name = STRAGIC | Source = Google Update | ID = 20
Description = 
 
Error - 06.08.2010 15:04:26 | Computer Name = STRAGIC | Source = Google Update | ID = 20
Description = 
 
Error - 06.08.2010 16:04:26 | Computer Name = STRAGIC | Source = Google Update | ID = 20
Description = 
 
Error - 06.08.2010 17:04:25 | Computer Name = STRAGIC | Source = Google Update | ID = 20
Description = 
 
[ System Events ]
Error - 06.08.2010 11:30:59 | Computer Name = STRAGIC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 06.08.2010 11:31:02 | Computer Name = STRAGIC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 06.08.2010 11:31:03 | Computer Name = STRAGIC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 06.08.2010 11:31:04 | Computer Name = STRAGIC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 06.08.2010 11:31:06 | Computer Name = STRAGIC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 06.08.2010 11:31:08 | Computer Name = STRAGIC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 06.08.2010 11:31:10 | Computer Name = STRAGIC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 06.08.2010 14:04:00 | Computer Name = STRAGIC | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "BITS"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {4991D34B-80A1-4291-83B6-3328366B9097}
 
Error - 06.08.2010 14:04:00 | Computer Name = STRAGIC | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "BITS"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {4991D34B-80A1-4291-83B6-3328366B9097}
 
Error - 06.08.2010 14:04:15 | Computer Name = STRAGIC | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "BITS"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {4991D34B-80A1-4291-83B6-3328366B9097}
 
 
< End of report >

--- --- ---

cosinus · 07.08.2010, 12:39

Sieht zwar rel. unauffällig aus aber ich würde noch einen Durchgang mit CF empfehlen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Syras · 07.08.2010, 21:07

Beim Versuch Combofix auszuführen bekam ich folgende Fehlermeldung:

Some files could not be created. Please close alle running Applications and restart Windows.

Ein Neustart von Windows und ein erneuter Versuch brachten wieder die selbe Fehlermeldung.

Ich habe allerdings alle Anwendungen inklusive Antivir und meiner neu installierten Firewall (Comodo) deaktiviert.

Was heißt das nun für mich?

cosinus · 08.08.2010, 11:15

Deinstalliere erstmal Comodo und AntiVir. Später, wenn wir durch sind kannst Du AntiVir oder was vergleichbares installieren. Sowas wie Comodo-Firewall, ZoneAlarm oder Sygate solltest Du tunlichst weglassen, die Dinger haben zu viele Nachteile. Nutze die Windows-Firewall.

Probier nach der Deinstallation CF erneut aus.

Syras · 08.08.2010, 12:08

Ich habe Comodo deinstalliert. Da es scheinbar nur an Comodo lag, reichte eine Deaktivierung von Antivir aus.

Mich würde noch sehr interessieren, warum ich keine Firewall nutzen sollte?
Ich hatte nie eine Firewall installiert, da ich davon ausgehe, dass mich eine Firewall nicht vor der Infizierung mit Viren/Trojanern durch Sicherheitslücken im Browser bzw. durch das Besuchen infizierter Seiten schützen kann. Nachdem ich mich aufgrund meines aktuellen Problems etwas genauer informiert habe, kam ich allerdings zu dem Schluss, dass eine Firewall die Maleware daran hindern sollte, Daten von meinem Rechner ins Netz zu schicken.
Unter anderem habe ich mir dazu aktuelle Testergebnisse auf chip.de durchgelesen, in denen ganz klar gesagt wird, dass die Windows Firewall keinen ausreichenden Schutz bietet.

Es würde mich also sehr freuen, wenn du mir eine Erklärung bzw. einen Link zu einer Quelle geben könntest, damit ich nachvollziehen kann, warum ich nun doch wieder keine Firewall nutzen sollte?

[code]
Combofix Logfile:

Code:

ATTFilter

ComboFix 10-08-07.02 - Timo 08.08.2010  12:48:12.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1023.564 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Timo\Desktop\cofi.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((((((((((   Dateien erstellt von 2010-07-08 bis 2010-08-08  ))))))))))))))))))))))))))))))
.

2010-08-08 08:20 . 2010-08-08 08:31	--------	d-----w-	c:\windows\ie8updates
2010-08-08 08:19 . 2010-08-08 08:19	--------	d-----w-	c:\programme\MSXML 4.0
2010-08-08 07:59 . 2009-12-31 16:50	353792	-c----w-	c:\windows\system32\dllcache\srv.sys
2010-08-08 07:59 . 2009-10-15 16:28	81920	-c----w-	c:\windows\system32\dllcache\fontsub.dll
2010-08-08 07:59 . 2009-10-15 16:28	119808	-c----w-	c:\windows\system32\dllcache\t2embed.dll
2010-08-08 07:59 . 2009-06-21 21:45	153088	-c----w-	c:\windows\system32\dllcache\triedit.dll
2010-08-08 07:59 . 2009-10-23 15:28	3558912	-c----w-	c:\windows\system32\dllcache\moviemk.exe
2010-08-08 07:58 . 2008-05-08 14:02	203136	-c----w-	c:\windows\system32\dllcache\rmcast.sys
2010-08-08 07:58 . 2010-05-06 10:31	599040	-c----w-	c:\windows\system32\dllcache\msfeeds.dll
2010-08-08 07:58 . 2010-05-06 10:31	55296	-c----w-	c:\windows\system32\dllcache\msfeedsbs.dll
2010-08-08 07:58 . 2010-05-06 10:31	12800	-c----w-	c:\windows\system32\dllcache\xpshims.dll
2010-08-08 07:58 . 2010-05-06 10:31	247808	-c----w-	c:\windows\system32\dllcache\ieproxy.dll
2010-08-08 07:58 . 2010-05-06 10:31	743424	-c----w-	c:\windows\system32\dllcache\iedvtool.dll
2010-08-08 07:58 . 2010-05-06 10:31	1985536	-c----w-	c:\windows\system32\dllcache\iertutil.dll
2010-08-08 07:58 . 2010-05-06 10:31	11076096	-c----w-	c:\windows\system32\dllcache\ieframe.dll
2010-08-08 07:57 . 2010-02-12 10:03	293376	------w-	c:\windows\system32\browserchoice.exe
2010-08-08 07:56 . 2008-06-14 17:32	273024	-c----w-	c:\windows\system32\dllcache\bthport.sys
2010-08-08 07:55 . 2010-06-14 14:31	744448	-c----w-	c:\windows\system32\dllcache\helpsvc.exe
2010-08-08 07:51 . 2010-02-24 13:11	455680	-c----w-	c:\windows\system32\dllcache\mrxsmb.sys
2010-08-08 07:50 . 2009-11-21 15:54	471552	-c----w-	c:\windows\system32\dllcache\aclayers.dll
2010-08-08 07:46 . 2009-02-06 10:10	227840	-c----w-	c:\windows\system32\dllcache\wmiprvse.exe
2010-08-08 07:46 . 2010-02-17 12:04	2192256	-c----w-	c:\windows\system32\dllcache\ntoskrnl.exe
2010-08-08 07:46 . 2009-03-06 14:19	286720	-c----w-	c:\windows\system32\dllcache\pdh.dll
2010-08-08 07:46 . 2009-02-09 11:21	111104	-c----w-	c:\windows\system32\dllcache\services.exe
2010-08-08 07:46 . 2009-02-09 10:51	401408	-c----w-	c:\windows\system32\dllcache\rpcss.dll
2010-08-08 07:46 . 2009-02-09 10:51	473600	-c----w-	c:\windows\system32\dllcache\fastprox.dll
2010-08-08 07:46 . 2009-02-09 10:51	678400	-c----w-	c:\windows\system32\dllcache\advapi32.dll
2010-08-08 07:46 . 2009-02-09 10:51	740352	-c----w-	c:\windows\system32\dllcache\ntdll.dll
2010-08-08 07:46 . 2009-02-09 10:51	453120	-c----w-	c:\windows\system32\dllcache\wmiprvsd.dll
2010-08-08 07:46 . 2010-02-16 19:04	2148864	-c----w-	c:\windows\system32\dllcache\ntkrnlmp.exe
2010-08-08 07:46 . 2010-02-16 19:04	2027008	-c----w-	c:\windows\system32\dllcache\ntkrpamp.exe
2010-08-08 07:42 . 2009-12-17 07:40	346624	-c----w-	c:\windows\system32\dllcache\mspaint.exe
2010-08-08 07:42 . 2009-08-05 08:59	206336	-c----w-	c:\windows\system32\dllcache\mswebdvd.dll
2010-08-08 07:41 . 2008-10-15 16:35	337408	-c----w-	c:\windows\system32\dllcache\netapi32.dll
2010-08-08 07:41 . 2009-07-31 04:32	1172480	-c----w-	c:\windows\system32\dllcache\msxml3.dll
2010-08-08 07:30 . 2008-04-21 21:13	217600	-c----w-	c:\windows\system32\dllcache\wordpad.exe
2010-08-07 23:10 . 2010-08-08 08:32	--------	d--h--w-	c:\windows\$hf_mig$
2010-08-07 19:53 . 2008-07-07 20:26	253952	-c----w-	c:\windows\system32\dllcache\es.dll
2010-08-07 19:52 . 2008-05-01 14:34	331776	-c----w-	c:\windows\system32\dllcache\msadce.dll
2010-08-07 19:50 . 2010-01-13 14:00	86528	-c----w-	c:\windows\system32\dllcache\cabview.dll
2010-08-07 15:07 . 2010-08-07 15:07	--------	d-----r-	C:\Sandbox
2010-08-07 14:38 . 2009-05-07 15:32	348160	-c----w-	c:\windows\system32\dllcache\localspl.dll
2010-08-07 14:37 . 2010-08-07 14:37	--------	d-----w-	C:\VritualRoot
2010-08-07 09:06 . 2010-08-07 09:06	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Comodo Downloader
2010-08-06 07:04 . 2010-08-06 07:05	--------	d-----w-	C:\rsit
2010-08-06 07:04 . 2010-08-06 07:05	--------	d-----w-	c:\programme\trend micro
2010-08-05 20:56 . 2010-08-05 20:56	--------	d-----w-	c:\dokumente und einstellungen\Timo\Anwendungsdaten\Malwarebytes
2010-08-05 20:55 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-05 20:55 . 2010-08-05 20:55	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-08-05 20:55 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-08-05 13:32 . 2010-08-05 13:32	--------	d-----r-	c:\dokumente und einstellungen\LocalService\Favoriten
2010-08-05 13:32 . 2010-08-05 13:32	--------	d-sh--w-	c:\dokumente und einstellungen\LocalService\IETldCache
2010-08-02 18:09 . 2010-08-02 18:09	47364	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-08-02 17:18 . 2010-08-02 18:09	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Blizzard Entertainment
2010-07-30 09:59 . 2010-07-30 09:59	--------	d-----w-	c:\programme\SystemRequirementsLab
2010-07-27 06:29 . 2010-07-27 06:29	8503296	-c----w-	c:\windows\system32\dllcache\shell32.dll
2010-07-11 08:56 . 2010-08-06 12:41	--------	d-----w-	c:\windows\system32\NtmsData
2010-07-11 08:55 . 2010-07-11 08:55	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\Avira
2010-07-11 08:52 . 2010-07-12 07:14	--------	d-----w-	c:\windows\SxsCaPendDel
2010-07-09 17:40 . 2010-07-09 17:40	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers
2010-07-09 17:40 . 2010-07-29 16:21	--------	d-----w-	c:\programme\Gemeinsame Dateien\DVDVideoSoft

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-08 10:39 . 2010-03-18 10:06	0	----a-w-	c:\windows\system32\Access.dat
2010-08-07 19:30 . 2009-12-18 07:09	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\Dropbox
2010-08-07 09:02 . 2008-11-24 00:27	18184	----a-w-	c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-08-06 13:29 . 2008-11-23 22:13	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\Skype
2010-08-06 09:59 . 2008-11-23 18:44	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\skypePM
2010-08-03 21:06 . 2008-11-24 00:00	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\mIRC
2010-08-02 17:56 . 2008-12-03 15:49	--------	d-----w-	c:\programme\Gemeinsame Dateien\Blizzard Entertainment
2010-08-02 14:41 . 2010-03-18 10:04	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\Tunngle
2010-08-02 13:14 . 2009-05-28 14:15	445936	----a-w-	c:\windows\system32\drivers\sptd.sys
2010-07-27 21:03 . 2009-04-27 08:58	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\Winamp
2010-07-25 11:42 . 2008-12-03 19:41	1	----a-w-	c:\dokumente und einstellungen\***\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-23 10:26 . 2008-12-10 11:43	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\KlebezettelNG
2010-07-11 08:53 . 2008-12-22 00:00	--------	d-----w-	c:\programme\Zylom Games
2010-07-11 08:52 . 2010-05-21 21:47	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX
2010-07-11 08:51 . 2010-05-21 21:48	--------	d-----w-	c:\programme\DivX
2010-07-09 17:59 . 2009-02-24 19:09	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\dvdcss
2010-07-09 17:58 . 2010-05-21 21:52	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\DivX
2010-07-08 20:47 . 2010-07-08 20:47	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\Foxit Software
2010-07-02 07:04 . 2008-11-23 20:06	--------	d--h--w-	c:\programme\InstallShield Installation Information
2010-06-14 16:13 . 2010-06-14 16:13	--------	d-----w-	c:\programme\Gemeinsame Dateien\Skype
2010-06-14 14:31 . 2008-11-22 19:00	744448	----a-w-	c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-08 06:31 . 2010-05-21 21:55	57344	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-28 06:25 . 2008-12-10 11:43	3523791	----a-w-	c:\dokumente und einstellungen\***\Anwendungsdaten\KlebezettelNG\LiveUpdate\klebe.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52	80384	----a-w-	c:\programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52	80384	----a-w-	c:\programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52	80384	----a-w-	c:\programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52	80384	----a-w-	c:\programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52	80384	----a-w-	c:\programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52	80384	----a-w-	c:\programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52	80384	----a-w-	c:\programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52	80384	----a-w-	c:\programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52	80384	----a-w-	c:\programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Klebezettel NG"="e:\programme\Klebezettel NG\klebez.exe" [2010-05-27 4907520]
"SandboxieControl"="e:\programme\Sandboxie\SbieCtrl.exe" [2010-07-04 398568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\programme\Intel\Wireless\bin\ZCfgSvc.exe" [2005-05-31 401408]
"IntelWireless"="c:\programme\Intel\Wireless\Bin\ifrmewrk.exe" [2005-06-03 385024]
"EOUApp"="c:\programme\Intel\Wireless\Bin\EOUWiz.exe" [2005-05-31 356352]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-30 344064]
"Verknüpfung mit der High Definition Audio-Eigenschaftenseite"="HDAShCut.exe" [2005-01-07 61952]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-14 16010752]
"HControl"="c:\windows\ATK0100\HControl.exe" [2005-07-28 102400]
"SunJavaUpdateSched"="e:\programme\Java\jre6\bin\jusched.exe" [2008-12-08 136600]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="e:\programme\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"LogMeIn Hamachi Ui"="c:\programme\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"VirtualCloneDrive"="e:\programme\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\***\Startmen\Programme\Autostart\
Stardock ObjectDock.lnk - e:\programme\ObjectDock\ObjectDock.exe [2008-11-23 3444008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2005-05-31 21:46	110592	----a-w-	c:\programme\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages	REG_MULTI_SZ   	msv1_0 setuid

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Programme\\mIRC\\mirc.exe"=
"e:\\Programme\\ICQ6.5\\ICQ.exe"=
"e:\\Programme\\iTunes\\iTunes.exe"=
"e:\\Programme\\Klebezettel NG\\klebez.exe"=
"e:\\Programme\\QIP\\qip.exe"=
"e:\\Programme\\NetDraft\\idraft.exe"=
"e:\\Programme\\Spiele\\Worms\\wa.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Programme\\Spiele\\CoD4\\iw3mp.exe"=
"e:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"e:\\Programme\\Spiele\\BGII - SvA\\BGMain.exe"=
"e:\\Programme\\Tunngle\\tnglctrl.exe"=
"e:\\Programme\\Tunngle\\tunngle.exe"=
"e:\\Programme\\Spiele\\nd2.002\\NetDraft 2.002.exe"=
"e:\\Programme\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8164:TCP"= 8164:TCP:evcfsqhe

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [11.11.2009 13:47 135336]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\programme\LogMeIn Hamachi\hamachi-2.exe [30.03.2010 11:16 1107336]
R2 TunngleService;TunngleService;e:\programme\Tunngle\TnglCtrl.exe [18.03.2010 12:04 716024]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [18.03.2010 12:04 27136]
S2 cvsolw;Installer Task;c:\windows\system32\svchost.exe -k netsvcs [04.08.2004 14:00 14336]
S2 gupdate1c98c77de87f53e;Google Update Service (gupdate1c98c77de87f53e);c:\programme\Google\Update\GoogleUpdate.exe [11.02.2009 20:38 133104]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.05.2009 16:15 445936]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
cvsolw
.
Inhalt des "geplante Tasks" Ordners

2010-08-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-02-11 18:37]

2010-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-02-11 18:37]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Free YouTube Download - c:\dokumente und einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubedownload.htm
Trusted Zone: uibk.ac.at\semiramisas01
Trusted Zone: uibk.ac.at\semiramisas99
TCP: {B206E285-E3F6-4F83-92E6-EA6CD4557293} = 192.168.111.222
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\3qa6mhcz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig
FF - plugin: c:\programme\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programme\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: e:\programme\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: e:\programme\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: e:\programme\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: e:\programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: e:\programme\Mozilla Firefox\plugins\npwachk.dll

---- FIREFOX Richtlinien ----
e:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
e:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
e:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
e:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
e:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
e:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
e:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
e:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
e:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\programme\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
e:\programme\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
e:\programme\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
e:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
e:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\programme\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
e:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
e:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
e:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
e:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
e:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
e:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
e:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
e:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
e:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

AddRemove-BitTorrent DNA - c:\programme\DNA\btdna.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-08 12:52
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(1416)
c:\windows\system32\Ati2evxx.dll
c:\programme\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'lsass.exe'(1472)
c:\windows\system32\setuid.dll

- - - - - - - > 'explorer.exe'(1248)
e:\programme\ObjectDock\DockShellHook.dll
c:\programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll
e:\programme\TortoiseSVN\bin\TortoiseStub.dll
e:\programme\TortoiseSVN\bin\TortoiseSVN.dll
e:\programme\TortoiseSVN\bin\intl3_tsvn.dll
e:\programme\TortoiseCVS\TortoiseShell.dll
c:\windows\system32\webcheck.dll
.
Zeit der Fertigstellung: 2010-08-08  12:55:01
ComboFix-quarantined-files.txt  2010-08-08 10:54

Vor Suchlauf: 10 Verzeichnis(se), 11.514.781.696 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 11.769.356.288 Bytes frei

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - E7AEBE77DD4341A9AAD2256920BA4920

--- --- ---

cosinus · 08.08.2010, 12:38

Zitat:

da ich davon ausgehe, dass mich eine Firewall nicht vor der Infizierung mit Viren/Trojanern durch Sicherheitslücken im Browser bzw. durch das Besuchen infizierter Seiten schützen kann. Nachdem ich mich aufgrund meines aktuellen Problems etwas genauer informiert habe, kam ich allerdings zu dem Schluss, dass eine Firewall die Maleware daran hindern sollte, Daten von meinem Rechner ins Netz zu schicken.

Das wird immer häufig behauptet, es ist aber so, dass aktive Schädlinge aus der "Firewall" kurzerhand Kleinholz machen können. Entweder senden diese an ihr vorbei oder schießen sie ab. Das Traysymbol bei der Uhrzeit würde noch bestehen bleiben, es verschwindet erst dann wenn Du mit der Maus drüberfährst.

Zitat:

Mich würde noch sehr interessieren, warum ich keine Firewall nutzen sollte?

Das beste Beispiel hast Du ja live mit erlebt. Comodo behinderte CF.

Lies einfach mal hier, ich denke dann sollte es etwas klarer werden:

Oberthal online: Personal Firewalls: Sinnvoll oder sinnfrei?
personal firewalls ? Wiki ? ubuntuusers.de
NT-Dienste sicher konfigurieren und abschalten (Windows 2000/XP) - www.ntsvcfg.de
microsoft.public.de.security.heimanwender FAQ

Dann wirst Du feststellen, dass es einfach nur unnötig ist, sich das System mit einer weiteren "Schutzkomponente" zu verhunzen...

Malwarebefall vermeiden kannst Du sowieso nur, wenn Du selbst Dein verhalten in den Griff bekommst => Kompromittierung unvermeidbar?

Zitat:

Unter anderem habe ich mir dazu aktuelle Testergebnisse auf chip.de durchgelesen, in denen ganz klar gesagt wird, dass die Windows Firewall keinen ausreichenden Schutz bietet.

Das ist definitiv Unsinn. Die Windows-Firewall kann zuverlässig eingehende Verbindungen blockieren, filtern (nenn es wie Du willst

). Ausgehende Verbindungen kann nur die Windows-Firewall mit erweiteren Sicherheitseinstellungen ab Windows Vista filtern, aber wenn der ausgehende Verkehr schon nicht mehr vertrauenswürdig ist und Du diesen eindämmen willst/musst, dann ist dem System schon garnicht mehr zu vertrauen, es ist kompromittiert und muss bereinigt bzw. geplättet und neu installiert werden.

Zudem wird vielen Zeitschriften vorgworfen, mangelhafte Fachkenntnisse und fehlende Objektivität zu haben. Viele Artikel sind nur von Journalisten aber nicht Computer-/Netzwerkexperten verfasst. Zudem kann man meist wenige Seiten nach dem Test fette Werbeanzeigen der getesteten Softwareprodukte sehen!

cosinus · 08.08.2010, 12:50

Ich mach mal den Fix mit CF in einem neuen Posting:

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

ATTFilter

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8164:TCP"=-

Netsvc::
cvsolw

Driver::
cvsolw

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Syras · 08.08.2010, 13:54

Erstmal VIELEN DANK für die Informationen.

Obwohl ich noch nicht alles gelesen habe, habe ich jetzt schon sehr viel gelernt!

[code]
Combofix Logfile:

Code:

ATTFilter

ComboFix 10-08-07.02 - Timo 08.08.2010  14:41:22.2.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1023.582 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Timo\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Timo\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CVSOLW
-------\Service_cvsolw


(((((((((((((((((((((((   Dateien erstellt von 2010-07-08 bis 2010-08-08  ))))))))))))))))))))))))))))))
.

2010-08-08 08:20 . 2010-08-08 08:31	--------	d-----w-	c:\windows\ie8updates
2010-08-08 08:19 . 2010-08-08 08:19	--------	d-----w-	c:\programme\MSXML 4.0
2010-08-08 07:59 . 2009-12-31 16:50	353792	-c----w-	c:\windows\system32\dllcache\srv.sys
2010-08-08 07:59 . 2009-10-15 16:28	81920	-c----w-	c:\windows\system32\dllcache\fontsub.dll
2010-08-08 07:59 . 2009-10-15 16:28	119808	-c----w-	c:\windows\system32\dllcache\t2embed.dll
2010-08-08 07:59 . 2009-06-21 21:45	153088	-c----w-	c:\windows\system32\dllcache\triedit.dll
2010-08-08 07:59 . 2009-10-23 15:28	3558912	-c----w-	c:\windows\system32\dllcache\moviemk.exe
2010-08-08 07:58 . 2008-05-08 14:02	203136	-c----w-	c:\windows\system32\dllcache\rmcast.sys
2010-08-08 07:58 . 2010-05-06 10:31	599040	-c----w-	c:\windows\system32\dllcache\msfeeds.dll
2010-08-08 07:58 . 2010-05-06 10:31	55296	-c----w-	c:\windows\system32\dllcache\msfeedsbs.dll
2010-08-08 07:58 . 2010-05-06 10:31	12800	-c----w-	c:\windows\system32\dllcache\xpshims.dll
2010-08-08 07:58 . 2010-05-06 10:31	247808	-c----w-	c:\windows\system32\dllcache\ieproxy.dll
2010-08-08 07:58 . 2010-05-06 10:31	743424	-c----w-	c:\windows\system32\dllcache\iedvtool.dll
2010-08-08 07:58 . 2010-05-06 10:31	1985536	-c----w-	c:\windows\system32\dllcache\iertutil.dll
2010-08-08 07:58 . 2010-05-06 10:31	11076096	-c----w-	c:\windows\system32\dllcache\ieframe.dll
2010-08-08 07:57 . 2010-02-12 10:03	293376	------w-	c:\windows\system32\browserchoice.exe
2010-08-08 07:56 . 2008-06-14 17:32	273024	-c----w-	c:\windows\system32\dllcache\bthport.sys
2010-08-08 07:55 . 2010-06-14 14:31	744448	-c----w-	c:\windows\system32\dllcache\helpsvc.exe
2010-08-08 07:51 . 2010-02-24 13:11	455680	-c----w-	c:\windows\system32\dllcache\mrxsmb.sys
2010-08-08 07:50 . 2009-11-21 15:54	471552	-c----w-	c:\windows\system32\dllcache\aclayers.dll
2010-08-08 07:46 . 2009-02-06 10:10	227840	-c----w-	c:\windows\system32\dllcache\wmiprvse.exe
2010-08-08 07:46 . 2010-02-17 12:04	2192256	-c----w-	c:\windows\system32\dllcache\ntoskrnl.exe
2010-08-08 07:46 . 2009-03-06 14:19	286720	-c----w-	c:\windows\system32\dllcache\pdh.dll
2010-08-08 07:46 . 2009-02-09 11:21	111104	-c----w-	c:\windows\system32\dllcache\services.exe
2010-08-08 07:46 . 2009-02-09 10:51	401408	-c----w-	c:\windows\system32\dllcache\rpcss.dll
2010-08-08 07:46 . 2009-02-09 10:51	473600	-c----w-	c:\windows\system32\dllcache\fastprox.dll
2010-08-08 07:46 . 2009-02-09 10:51	678400	-c----w-	c:\windows\system32\dllcache\advapi32.dll
2010-08-08 07:46 . 2009-02-09 10:51	740352	-c----w-	c:\windows\system32\dllcache\ntdll.dll
2010-08-08 07:46 . 2009-02-09 10:51	453120	-c----w-	c:\windows\system32\dllcache\wmiprvsd.dll
2010-08-08 07:46 . 2010-02-16 19:04	2148864	-c----w-	c:\windows\system32\dllcache\ntkrnlmp.exe
2010-08-08 07:46 . 2010-02-16 19:04	2027008	-c----w-	c:\windows\system32\dllcache\ntkrpamp.exe
2010-08-08 07:42 . 2009-12-17 07:40	346624	-c----w-	c:\windows\system32\dllcache\mspaint.exe
2010-08-08 07:42 . 2009-08-05 08:59	206336	-c----w-	c:\windows\system32\dllcache\mswebdvd.dll
2010-08-08 07:41 . 2008-10-15 16:35	337408	-c----w-	c:\windows\system32\dllcache\netapi32.dll
2010-08-08 07:41 . 2009-07-31 04:32	1172480	-c----w-	c:\windows\system32\dllcache\msxml3.dll
2010-08-08 07:30 . 2008-04-21 21:13	217600	-c----w-	c:\windows\system32\dllcache\wordpad.exe
2010-08-07 23:10 . 2010-08-08 08:32	--------	d--h--w-	c:\windows\$hf_mig$
2010-08-07 19:53 . 2008-07-07 20:26	253952	-c----w-	c:\windows\system32\dllcache\es.dll
2010-08-07 19:52 . 2008-05-01 14:34	331776	-c----w-	c:\windows\system32\dllcache\msadce.dll
2010-08-07 19:50 . 2010-01-13 14:00	86528	-c----w-	c:\windows\system32\dllcache\cabview.dll
2010-08-07 15:07 . 2010-08-07 15:07	--------	d-----r-	C:\Sandbox
2010-08-07 14:38 . 2009-05-07 15:32	348160	-c----w-	c:\windows\system32\dllcache\localspl.dll
2010-08-07 14:37 . 2010-08-07 14:37	--------	d-----w-	C:\VritualRoot
2010-08-07 09:06 . 2010-08-07 09:06	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Comodo Downloader
2010-08-06 07:04 . 2010-08-06 07:05	--------	d-----w-	C:\rsit
2010-08-06 07:04 . 2010-08-06 07:05	--------	d-----w-	c:\programme\trend micro
2010-08-05 20:56 . 2010-08-05 20:56	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\Malwarebytes
2010-08-05 20:55 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-05 20:55 . 2010-08-05 20:55	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-08-05 20:55 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-08-05 13:32 . 2010-08-05 13:32	--------	d-----r-	c:\dokumente und einstellungen\LocalService\Favoriten
2010-08-05 13:32 . 2010-08-05 13:32	--------	d-sh--w-	c:\dokumente und einstellungen\LocalService\IETldCache
2010-08-02 18:09 . 2010-08-02 18:09	47364	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-08-02 17:18 . 2010-08-02 18:09	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Blizzard Entertainment
2010-07-30 09:59 . 2010-07-30 09:59	--------	d-----w-	c:\programme\SystemRequirementsLab
2010-07-27 06:29 . 2010-07-27 06:29	8503296	-c----w-	c:\windows\system32\dllcache\shell32.dll
2010-07-11 08:56 . 2010-08-06 12:41	--------	d-----w-	c:\windows\system32\NtmsData
2010-07-11 08:55 . 2010-07-11 08:55	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\Avira
2010-07-11 08:52 . 2010-07-12 07:14	--------	d-----w-	c:\windows\SxsCaPendDel
2010-07-09 17:40 . 2010-07-09 17:40	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers
2010-07-09 17:40 . 2010-07-29 16:21	--------	d-----w-	c:\programme\Gemeinsame Dateien\DVDVideoSoft

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-08 12:44 . 2010-03-18 10:06	0	----a-w-	c:\windows\system32\Access.dat
2010-08-07 19:30 . 2009-12-18 07:09	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\Dropbox
2010-08-07 09:02 . 2008-11-24 00:27	18184	----a-w-	c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-08-06 13:29 . 2008-11-23 22:13	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\Skype
2010-08-06 09:59 . 2008-11-23 18:44	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\skypePM
2010-08-03 21:06 . 2008-11-24 00:00	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\mIRC
2010-08-02 17:56 . 2008-12-03 15:49	--------	d-----w-	c:\programme\Gemeinsame Dateien\Blizzard Entertainment
2010-08-02 14:41 . 2010-03-18 10:04	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\Tunngle
2010-08-02 13:14 . 2009-05-28 14:15	445936	----a-w-	c:\windows\system32\drivers\sptd.sys
2010-07-27 21:03 . 2009-04-27 08:58	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\Winamp
2010-07-25 11:42 . 2008-12-03 19:41	1	----a-w-	c:\dokumente und einstellungen\***\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-23 10:26 . 2008-12-10 11:43	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\KlebezettelNG
2010-07-11 08:53 . 2008-12-22 00:00	--------	d-----w-	c:\programme\Zylom Games
2010-07-11 08:52 . 2010-05-21 21:47	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX
2010-07-11 08:51 . 2010-05-21 21:48	--------	d-----w-	c:\programme\DivX
2010-07-09 17:59 . 2009-02-24 19:09	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\dvdcss
2010-07-09 17:58 . 2010-05-21 21:52	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\DivX
2010-07-08 20:47 . 2010-07-08 20:47	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\Foxit Software
2010-07-02 07:04 . 2008-11-23 20:06	--------	d--h--w-	c:\programme\InstallShield Installation Information
2010-06-14 16:13 . 2010-06-14 16:13	--------	d-----w-	c:\programme\Gemeinsame Dateien\Skype
2010-06-14 14:31 . 2008-11-22 19:00	744448	----a-w-	c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-08 06:31 . 2010-05-21 21:55	57344	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-28 06:25 . 2008-12-10 11:43	3523791	----a-w-	c:\dokumente und einstellungen\***\Anwendungsdaten\KlebezettelNG\LiveUpdate\klebe.exe
.

(((((((((((((((((((((((((((((   SnapShot@2010-08-08_10.52.25   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-08 12:46 . 2010-08-08 12:46	16384              c:\windows\Temp\Perflib_Perfdata_398.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52	80384	----a-w-	c:\programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52	80384	----a-w-	c:\programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52	80384	----a-w-	c:\programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52	80384	----a-w-	c:\programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52	80384	----a-w-	c:\programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52	80384	----a-w-	c:\programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52	80384	----a-w-	c:\programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52	80384	----a-w-	c:\programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52	80384	----a-w-	c:\programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Klebezettel NG"="e:\programme\Klebezettel NG\klebez.exe" [2010-05-27 4907520]
"SandboxieControl"="e:\programme\Sandboxie\SbieCtrl.exe" [2010-07-04 398568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\programme\Intel\Wireless\bin\ZCfgSvc.exe" [2005-05-31 401408]
"IntelWireless"="c:\programme\Intel\Wireless\Bin\ifrmewrk.exe" [2005-06-03 385024]
"EOUApp"="c:\programme\Intel\Wireless\Bin\EOUWiz.exe" [2005-05-31 356352]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-30 344064]
"Verknüpfung mit der High Definition Audio-Eigenschaftenseite"="HDAShCut.exe" [2005-01-07 61952]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-14 16010752]
"HControl"="c:\windows\ATK0100\HControl.exe" [2005-07-28 102400]
"SunJavaUpdateSched"="e:\programme\Java\jre6\bin\jusched.exe" [2008-12-08 136600]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="e:\programme\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"LogMeIn Hamachi Ui"="c:\programme\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"VirtualCloneDrive"="e:\programme\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\***\Startmen\Programme\Autostart\
Stardock ObjectDock.lnk - e:\programme\ObjectDock\ObjectDock.exe [2008-11-23 3444008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2005-05-31 21:46	110592	----a-w-	c:\programme\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages	REG_MULTI_SZ   	msv1_0 setuid

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Programme\\mIRC\\mirc.exe"=
"e:\\Programme\\ICQ6.5\\ICQ.exe"=
"e:\\Programme\\iTunes\\iTunes.exe"=
"e:\\Programme\\Klebezettel NG\\klebez.exe"=
"e:\\Programme\\QIP\\qip.exe"=
"e:\\Programme\\NetDraft\\idraft.exe"=
"e:\\Programme\\Spiele\\Worms\\wa.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Programme\\Spiele\\CoD4\\iw3mp.exe"=
"e:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"e:\\Programme\\Spiele\\BGII - SvA\\BGMain.exe"=
"e:\\Programme\\Tunngle\\tnglctrl.exe"=
"e:\\Programme\\Tunngle\\tunngle.exe"=
"e:\\Programme\\Spiele\\nd2.002\\NetDraft 2.002.exe"=
"e:\\Programme\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.05.2009 16:15 445936]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [11.11.2009 13:47 135336]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\programme\LogMeIn Hamachi\hamachi-2.exe [30.03.2010 11:16 1107336]
R2 TunngleService;TunngleService;e:\programme\Tunngle\TnglCtrl.exe [18.03.2010 12:04 716024]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [18.03.2010 12:04 27136]
S2 gupdate1c98c77de87f53e;Google Update Service (gupdate1c98c77de87f53e);c:\programme\Google\Update\GoogleUpdate.exe [11.02.2009 20:38 133104]
.
Inhalt des "geplante Tasks" Ordners

2010-08-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-02-11 18:37]

2010-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-02-11 18:37]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Free YouTube Download - c:\dokumente und einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubedownload.htm
Trusted Zone: uibk.ac.at\semiramisas01
Trusted Zone: uibk.ac.at\semiramisas99
TCP: {B206E285-E3F6-4F83-92E6-EA6CD4557293} = 192.168.111.222
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\3qa6mhcz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig
FF - plugin: c:\programme\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programme\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: e:\programme\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: e:\programme\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: e:\programme\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: e:\programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: e:\programme\Mozilla Firefox\plugins\npwachk.dll

---- FIREFOX Richtlinien ----
e:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
e:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
e:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
e:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
e:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
e:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
e:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
e:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
e:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\programme\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
e:\programme\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
e:\programme\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
e:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
e:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\programme\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
e:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
e:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
e:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
e:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
e:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
e:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
e:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
e:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
e:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-08 14:46
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(1432)
c:\windows\system32\Ati2evxx.dll
c:\programme\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'lsass.exe'(1488)
c:\windows\system32\setuid.dll

- - - - - - - > 'explorer.exe'(504)
e:\programme\ObjectDock\DockShellHook.dll
c:\programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll
e:\programme\TortoiseSVN\bin\TortoiseStub.dll
e:\programme\TortoiseSVN\bin\TortoiseSVN.dll
e:\programme\TortoiseSVN\bin\intl3_tsvn.dll
e:\programme\TortoiseCVS\TortoiseShell.dll
c:\windows\system32\webcheck.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
e:\programme\Sandboxie\SbieSvc.exe
c:\programme\Intel\Wireless\Bin\EvtEng.exe
c:\programme\Intel\Wireless\Bin\S24EvMon.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
e:\programme\Java\jre6\bin\jqs.exe
e:\programme\CDBurnerXP\NMSAccessU.exe
c:\programme\Intel\Wireless\Bin\OProtSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\programme\Intel\Wireless\Bin\RegSrvc.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
e:\programme\TortoiseSVN\bin\TSVNCache.exe
c:\windows\RTHDCPL.EXE
c:\windows\ATK0100\ATKOSD.exe
c:\programme\iPod\bin\iPodService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-08-08  14:50:19 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-08-08 12:50
ComboFix2.txt  2010-08-08 10:55

Vor Suchlauf: 12 Verzeichnis(se), 11.783.999.488 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 11.712.532.480 Bytes frei

- - End Of File - - F2FDA98FAB026222CC698469E8F71285

--- --- ---

cosinus · 08.08.2010, 14:02

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

Syras · 08.08.2010, 16:18

Da der Text des GMER Logs zu lang ist, teile ich den Text auf 2 Posts auf.

Code:

ATTFilter

GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-08 16:44:36
Windows 5.1.2600 Service Pack 3
Running: 7vlc7l6e.exe; Driver: C:\DOKUME~1\***\LOKALE~1\Temp\fxtdypow.sys


---- System - GMER 1.0.15 ----

SSDT      F7D3315E                                                                                                            ZwCreateKey
SSDT      F7D33154                                                                                                            ZwCreateThread
SSDT      F7D33163                                                                                                            ZwDeleteKey
SSDT      F7D3316D                                                                                                            ZwDeleteValueKey
SSDT      sptd.sys                                                                                                            ZwEnumerateKey [0xF7448FFE]
SSDT      sptd.sys                                                                                                            ZwEnumerateValueKey [0xF744938C]
SSDT      F7D33172                                                                                                            ZwLoadKey
SSDT      sptd.sys                                                                                                            ZwOpenKey [0xF7414D00]
SSDT      F7D33140                                                                                                            ZwOpenProcess
SSDT      F7D33145                                                                                                            ZwOpenThread
SSDT      sptd.sys                                                                                                            ZwQueryKey [0xF7449464]
SSDT      sptd.sys                                                                                                            ZwQueryValueKey [0xF74492E4]
SSDT      F7D3317C                                                                                                            ZwReplaceKey
SSDT      F7D33177                                                                                                            ZwRestoreKey
SSDT      F7D33168                                                                                                            ZwSetValueKey

INT 0x62  ?                                                                                                                   86DA1CC8
INT 0x82  ?                                                                                                                   86DA1CC8
INT 0x83  ?                                                                                                                   86AF4CC8
INT 0xA4  ?                                                                                                                   86AF4CC8
INT 0xB4  ?                                                                                                                   86AF4CC8

Code      F7D0FC9C                                                                                                            ZwRequestPort
Code      F7D0FD3C                                                                                                            ZwRequestWaitReplyPort
Code      F7D0FBFC                                                                                                            ZwTraceEvent
Code      F7D0FC9B                                                                                                            NtRequestPort
Code      F7D0FD3B                                                                                                            NtRequestWaitReplyPort
Code      F7D0FBFB                                                                                                            NtTraceEvent

---- Kernel code sections - GMER 1.0.15 ----

.text     ntkrnlpa.exe!NtTraceEvent                                                                                           80531840 5 Bytes  JMP F7D0FC00 
PAGE      ntkrnlpa.exe!NtRequestPort                                                                                          80597DD4 5 Bytes  JMP F7D0FCA0 
PAGE      ntkrnlpa.exe!NtRequestWaitReplyPort                                                                                 80598100 5 Bytes  JMP F7D0FD40 
.text     sptd.sys                                                                                                            F73DB000 32 Bytes  [5E, 87, 6D, 80, 20, 37, 6D, ...]
.text     sptd.sys                                                                                                            F73DB024 4 Bytes  [74, DF, 3C, F7] {JZ 0xffffffffffffffe1; CMP AL, 0xf7}
.text     sptd.sys                                                                                                            F73DB02C 88 Bytes  [D0, 7D, 5D, 80, 92, E9, 5D, ...]
.text     sptd.sys                                                                                                            F73DB085 107 Bytes  [1E, 53, 80, BC, 8F, 4F, 80, ...]
.text     sptd.sys                                                                                                            F73DB0F1 179 Bytes  [5D, 53, 80, B0, 58, 53, 80, ...]
.text     ...                                                                                                                 
.sptd2    C:\WINDOWS\system32\drivers\sptd.sys                                                                                entry point in ".sptd2" section [0xF74EBAE3]
?         C:\WINDOWS\system32\drivers\sptd.sys                                                                                Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
?         Combo-Fix.sys                                                                                                       Das System kann die angegebene Datei nicht finden. !
.text     USBPORT.SYS!DllUnload                                                                                               F68DB8AC 5 Bytes  JMP 86AF41D8 
.text     win32k.sys!EngAcquireSemaphore + 20E2                                                                               BF808308 5 Bytes  JMP F7D0F480 
.text     win32k.sys!EngFreeUserMem + 5BD2                                                                                    BF80EE8F 5 Bytes  JMP F7D0F3E0 
.text     win32k.sys!EngCopyBits + 68D                                                                                        BF838EFF 5 Bytes  JMP F7D0F5C0 
.text     win32k.sys!EngCreateBitmap + 6F4                                                                                    BF83E122 5 Bytes  JMP F7D0F700 
.text     win32k.sys!EngMultiByteToWideChar + 2F32                                                                            BF8A0D51 5 Bytes  JMP F7D0F8E0 
.text     win32k.sys!EngAlphaBlend + 350F                                                                                     BF8AA40A 5 Bytes  JMP F7D0FA20 
.text     win32k.sys!EngMulDiv + 90FA                                                                                         BF8B4264 5 Bytes  JMP F7D0F660 
.text     win32k.sys!XLATEOBJ_iXlate + 3A50                                                                                   BF8B9E25 5 Bytes  JMP F7D0F520 
.text     win32k.sys!EngUnicodeToMultiByteN + 1756                                                                            BF8C322E 5 Bytes  JMP F7D0F7A0 
.text     win32k.sys!PATHOBJ_bCloseFigure + 19F1                                                                              BF8F98FC 5 Bytes  JMP F7D0F980 
.text     win32k.sys!EngCreateClip + 1994                                                                                     BF9132F6 5 Bytes  JMP F7D0FAC0 
.text     win32k.sys!EngCreateClip + 1F24                                                                                     BF913886 5 Bytes  JMP F7D0FB60 
.text     win32k.sys!EngCreateClip + 256A                                                                                     BF913ECC 5 Bytes  JMP F7D0F840 
?         C:\DOKUME~1\***\LOKALE~1\Temp\mbr.sys                                                                              Das System kann die angegebene Datei nicht finden. !
?         C:\cofi\catchme.sys                                                                                                 Das System kann den angegebenen Pfad nicht finden. !
?         C:\WINDOWS\system32\Drivers\PROCEXP113.SYS                                                                          Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtAdjustPrivilegesToken                                  7C91CF0E 4 Bytes  JMP 7D24BB50 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtClose                                                  7C91CFEE 4 Bytes  JMP 7D234F23 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtConnectPort                                            7C91D04E 4 Bytes  JMP 7D23D7C5 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtCreateEvent                                            7C91D08E 4 Bytes  JMP 7D23C83F e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtCreateFile                                             7C91D0AE 4 Bytes  JMP 7D2355F3 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtCreateKey                                              7C91D0EE 4 Bytes  JMP 7D2406FF e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtCreateMailslotFile                                     7C91D0FE 4 Bytes  JMP 7D2332D4 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtCreateMutant                                           7C91D10E 4 Bytes  JMP 7D23CB07 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtCreateNamedPipeFile                                    7C91D11E 4 Bytes  JMP 7D233404 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtCreatePort                                             7C91D13E 4 Bytes  JMP 7D23C428 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtCreateSection                                          7C91D17E 4 Bytes  JMP 7D23D088 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtCreateSemaphore                                        7C91D18E 4 Bytes  JMP 7D23CDC0 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtDeleteFile                                             7C91D23E 4 Bytes  JMP 7D230B38 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtDeleteKey                                              7C91D24E 4 Bytes  JMP 7D240FC0 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtDeleteValueKey                                         7C91D26E 4 Bytes  JMP 7D241B2C e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtDuplicateObject                                        7C91D29E 4 Bytes  JMP 7D24B81F e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtEnumerateKey                                           7C91D2CE 4 Bytes  JMP 7D2412EF e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtEnumerateValueKey                                      7C91D2EE 4 Bytes  JMP 7D2417ED e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtFsControlFile                                          7C91D39E 4 Bytes  JMP 7D234BD9 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtImpersonateClientOfPort                                7C91D3FE 4 Bytes  JMP 7D23C7F0 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtLoadDriver                                             7C91D46E 4 Bytes  JMP 7D242971 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtLoadKey                                                7C91D47E 4 Bytes  JMP 7D23FDAA e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtMapViewOfSection                                       7C91D51E 4 Bytes  JMP 7D242B5F e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtNotifyChangeKey                                        7C91D54E 4 Bytes  JMP 7D240537 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtNotifyChangeMultipleKeys                               7C91D55E 4 Bytes  JMP 7D23FA97 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtOpenEvent                                              7C91D57E 4 Bytes  JMP 7D23C9A3 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtOpenFile                                               7C91D59E 4 Bytes  JMP 7D236131 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtOpenKey                                                7C91D5CE 4 Bytes  JMP 7D240F54 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtOpenMutant                                             7C91D5DE 4 Bytes  JMP 7D23CC5C e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtOpenProcess                                            7C91D5FE 4 Bytes  JMP 7D24B783 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtOpenSection                                            7C91D62E 4 Bytes  JMP 7D23DCC3 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtOpenSemaphore                                          7C91D63E 4 Bytes  JMP 7D23CF24 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtOpenThread                                             7C91D65E 4 Bytes  JMP 7D24B7D1 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtQueryAttributesFile                                    7C91D70E 4 Bytes  JMP 7D230A7E e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtQueryDirectoryFile                                     7C91D76E 4 Bytes  JMP 7D234CCF e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtQueryFullAttributesFile                                7C91D7AE 4 Bytes  JMP 7D2329BA e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtQueryInformationFile                                   7C91D7CE 4 Bytes  JMP 7D2343B4 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtQueryKey                                               7C91D85E 4 Bytes  JMP 7D240FD6 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtQueryMultipleValueKey                                  7C91D86E 4 Bytes  JMP 7D241937 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtQuerySecurityObject                                    7C91D8DE 4 Bytes  JMP 7D24B8E5 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtQuerySystemInformation                                 7C91D92E 4 Bytes  JMP 7D24E8C7 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtQueryValueKey                                          7C91D96E 4 Bytes  JMP 7D24166C e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtQueryVolumeInformationFile                             7C91D98E 4 Bytes  JMP 7D235430 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtReadFile                                               7C91D9CE 4 Bytes  JMP 7D22E734 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtRenameKey                                              7C91DA5E 4 Bytes  JMP 7D23FD8A e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtSaveKey                                                7C91DB4E 4 Bytes  JMP 7D22C4A0 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtSecureConnectPort                                      7C91DB7E 4 Bytes  JMP 7D23D937 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtSetInformationFile                                     7C91DC5E 4 Bytes  JMP 7D235FAC e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtSetInformationToken                                    7C91DCBE 4 Bytes  JMP 7D24BB20 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtSetSecurityObject                                      7C91DD2E 4 Bytes  JMP 7D24B9E4 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtSetValueKey                                            7C91DDCE 4 Bytes  JMP 7D240412 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!NtWriteFile                                              7C91DF7E 4 Bytes  JMP 7D22E803 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!RtlGetFullPathName_U                                     7C9243A9 5 Bytes  JMP 7D233B76 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!RtlGetCurrentDirectory_U                                 7C924506 5 Bytes  JMP 7D235189 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!LdrLoadDll                                               7C9263C3 4 Bytes  JMP 7D2427EA e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!LdrUnloadDll                                             7C92738B 4 Bytes  JMP 7D2428CE e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!RtlSetCurrentDirectory_U                                 7C92E7AA 5 Bytes  JMP 7D2353BD e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ntdll.dll!RtlCreateProcessParameters                               7C932E99 5 Bytes  JMP 7D243E83 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] kernel32.dll!CreateProcessW                                        7C802336 5 Bytes  JMP 7D24583E e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] kernel32.dll!CreateProcessA                                        7C80236B 5 Bytes  JMP 7D245651 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] kernel32.dll!CreateActCtxW                                         7C8154FC 4 Bytes  JMP 7D2504C0 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] kernel32.dll!MoveFileWithProgressW                                 7C81F72E 4 Bytes  JMP 7D230B80 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] kernel32.dll!DefineDosDeviceW                                      7C821F1E 5 Bytes  JMP 7D230BA8 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] kernel32.dll!WaitNamedPipeW                                        7C82C674 5 Bytes  JMP 7D230D27 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] kernel32.dll!DefineDosDeviceA                                      7C85D29D 5 Bytes  JMP 7D230BA8 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] kernel32.dll!WinExec                                               7C86250D 5 Bytes  JMP 7D244940 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] kernel32.dll!CreateActCtxA                                         7C86C8E5 5 Bytes  JMP 7D2504D6 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] kernel32.dll!SetLocaleInfoA                                        7C876A0B 5 Bytes  JMP 7D230BA8 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] kernel32.dll!SetLocaleInfoW                                        7C877FB3 5 Bytes  JMP 7D230BA8 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] WS2_32.dll!WSANSPIoctl                                             71A15086 5 Bytes  JMP 7D243AEA e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!LookupAccountNameW                                    77DB5B59 5 Bytes  JMP 7D227C44 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!CloseServiceHandle                                    77DB6CE5 5 Bytes  JMP 7D248BB6 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!QueryServiceStatus                                    77DB6D50 5 Bytes  JMP 7D249333 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!OpenSCManagerW                                        77DB6F55 5 Bytes  JMP 7D247B61 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!OpenServiceW                                          77DB6FFD 5 Bytes  JMP 7D24A2FE e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!CreateProcessAsUserW                                  77DBA8A9 5 Bytes  JMP 7D2451BF e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!StartServiceA                                         77DBFB58 5 Bytes  JMP 7D24A1A7 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!RegisterServiceCtrlHandlerExA                         77DBFEAB 5 Bytes  JMP 7D2478F4 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!QueryServiceStatusEx                                  77DC120A 5 Bytes  JMP 7D2492D2 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!QueryServiceConfigA                                   77DC1596 5 Bytes  JMP 7D24958E e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!SetServiceStatus                                      77DC3251 5 Bytes  JMP 7D247A81 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!StartServiceCtrlDispatcherW                           77DC359D 5 Bytes  JMP 7D248B8A e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!ReportEventW                                          77DC3681 5 Bytes  JMP 7D247B4E e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!RegisterServiceCtrlHandlerExW                         77DC3E49 5 Bytes  JMP 7D2478F4 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!RegisterServiceCtrlHandlerW                           77DC3E77 5 Bytes  JMP 7D2478DB e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!StartServiceW                                         77DC3E94 5 Bytes  JMP 7D24A10D e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!ControlService                                        77DC4A09 3 Bytes  JMP 7D24A1B5 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!ControlService + 4                                    77DC4A0D 1 Byte  [05]
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!OpenServiceA                                          77DC4C66 5 Bytes  JMP 7D24A3B0 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!RegisterServiceCtrlHandlerA                           77DC4EC6 5 Bytes  JMP 7D2478DB e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!OpenSCManagerA                                        77DC69AE 5 Bytes  JMP 7D247B61 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!EnumServicesStatusA                                   77DC6B47 5 Bytes  JMP 7D24A7ED e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!QueryServiceConfigW                                   77DC6F92 5 Bytes  JMP 7D249369 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!DeregisterEventSource                                 77DC79D3 5 Bytes  JMP 7D247B3B e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!RegisterEventSourceA                                  77DC7B60 5 Bytes  JMP 7D247AE4 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!ReportEventA                                          77DC7CB2 5 Bytes  JMP 7D247B4E e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!RegisterEventSourceW                                  77DC803C 5 Bytes  JMP 7D247ACF e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!RegConnectRegistryW                                   77DC817A 5 Bytes  JMP 7D227CF1 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!CreateProcessAsUserA                                  77DE0CE8 5 Bytes  JMP 7D2453DA e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!CredWriteA                                            77DE7CB9 5 Bytes  JMP 7D22AD5F e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!CredWriteW                                            77DE7D59 5 Bytes  JMP 7D22A7BF e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!CredReadA                                             77DE7DF9 5 Bytes  JMP 7D22ADF7 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!CredReadW                                             77DE7ED1 5 Bytes  JMP 7D22A838 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!CredEnumerateA                                        77DE7FA9 5 Bytes  JMP 7D22AE37 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!CredEnumerateW                                        77DE8099 5 Bytes  JMP 7D22AB2D e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!CredWriteDomainCredentialsA                           77DE8189 5 Bytes  JMP 7D22AD85 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!CredWriteDomainCredentialsW                           77DE8259 5 Bytes  JMP 7D22A909 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!CredReadDomainCredentialsA                            77DE8329 5 Bytes  JMP 7D22AE17 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!CredReadDomainCredentialsW                            77DE8419 5 Bytes  JMP 7D22A9DE e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!CredDeleteA                                           77DE8509 5 Bytes  JMP 7D22ADD1 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!CredDeleteW                                           77DE85B1 5 Bytes  JMP 7D22AAEF e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!CredRenameA                                           77DE8659 5 Bytes  JMP 7D22ADAB e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!CredRenameW                                           77DE8731 5 Bytes  JMP 7D22AD39 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!RegConnectRegistryA                                   77E0512A 5 Bytes  JMP 7D227CC0 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!EnumServicesStatusExW                                 77E069B8 5 Bytes  JMP 7D24A81A e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!EnumServicesStatusExA                                 77E06C2F 5 Bytes  JMP 7D24A859 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!QueryServiceObjectSecurity                            77E06D01 5 Bytes  JMP 7D248612 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!SetServiceObjectSecurity                              77E06D81 5 Bytes  JMP 7D2486F8 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!ChangeServiceConfigA                                  77E06E69 5 Bytes  JMP 7D249DED e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!ChangeServiceConfigW                                  77E07001 5 Bytes  JMP 7D249C30 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!ChangeServiceConfig2A                                 77E07101 5 Bytes  JMP 7D249FD5 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!ChangeServiceConfig2W                                 77E07189 5 Bytes  JMP 7D249F99 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!CreateServiceA                                        77E07211 5 Bytes  JMP 7D24AA74 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!CreateServiceW                                        77E073A9 5 Bytes  JMP 7D24A898 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!DeleteService                                         77E074B1 5 Bytes  JMP 7D249FE3 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!EnumDependentServicesA                                77E07529 5 Bytes  JMP 7D2477FB e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!EnumDependentServicesW                                77E075E1 5 Bytes  JMP 7D2477FB e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!GetServiceDisplayNameA                                77E07699 1 Byte  [E9]
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!GetServiceDisplayNameA                                77E07699 5 Bytes  JMP 7D2499B6 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!GetServiceDisplayNameW                                77E07739 5 Bytes  JMP 7D249933 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!GetServiceKeyNameA                                    77E077D9 5 Bytes  JMP 7D249B34 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!GetServiceKeyNameW                                    77E07879 5 Bytes  JMP 7D249A64 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!LockServiceDatabase                                   77E07919 5 Bytes  JMP 7D247818 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!QueryServiceConfig2A                                  77E07999 5 Bytes  JMP 7D2497C2 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!QueryServiceConfig2W                                  77E07AB1 5 Bytes  JMP 7D249716 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!QueryServiceLockStatusA                               77E07BC9 5 Bytes  JMP 7D2477B7 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!QueryServiceLockStatusW                               77E07C59 5 Bytes  JMP 7D2477B7 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!UnlockServiceDatabase                                 77E07CE9 5 Bytes  JMP 7D24783E e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!EnumServicesStatusW                                   77E07D61 5 Bytes  JMP 7D24A7C0 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ADVAPI32.dll!StartServiceCtrlDispatcherA                           77E07F09 5 Bytes  JMP 7D248BA0 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] RPCRT4.dll!RpcBindingInqAuthClientExW                              77E6A906 5 Bytes  JMP 7D245AA6 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] Secur32.dll!LsaRegisterLogonProcess                                77FC4D17 5 Bytes  JMP 7D2433CB e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!GetWindowLongW                                          7E3688A6 5 Bytes  JMP 7D239590 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!DispatchMessageW                                        7E368A01 5 Bytes  JMP 7D239AAB e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!PostMessageW                                            7E368CCB 5 Bytes  JMP 7D239EF6 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!GetShellWindow                                          7E369252 5 Bytes  JMP 7D239113 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!GetWindowLongA                                          7E36945D 5 Bytes  JMP 7D239620 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!DispatchMessageA                                        7E3696B8 5 Bytes  JMP 7D239A6F e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!UnregisterClassW                                        7E369AA4 5 Bytes  JMP 7D2381DB e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!RegisterClassW                                          7E36A39A 5 Bytes  JMP 7D238075 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!RegisterClassExW                                        7E36AF7F 5 Bytes  JMP 7D237F0F e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!GetClassInfoExA                                         7E36DD58 5 Bytes  JMP 7D2382E2 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!GetClassInfoExW                                         7E36DEBC 5 Bytes  JMP 7D23827F e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!FindWindowExW                                           7E36E0E3 5 Bytes  JMP 7D239009 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!RegisterDeviceNotificationW                             7E36E8B9 5 Bytes  JMP 7D23711E e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!UnregisterDeviceNotification                            7E36E8D7 5 Bytes  JMP 7D247B3B e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!CreateDialogParamW                                      7E36EA3B 5 Bytes  JMP 7D23B00B e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!RegisterDeviceNotificationA                             7E371B3B 2 Bytes  JMP 7D23711E e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!RegisterDeviceNotificationA + 3                         7E371B3E 2 Bytes  [EC, FE]
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!DialogBoxParamW                                         7E3747AB 5 Bytes  JMP 7D23B071 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!DialogBoxIndirectParamAorW                              7E3749D0 5 Bytes  JMP 7D23AF33 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!CreateDialogIndirectParamAorW                           7E37680B 5 Bytes  JMP 7D23AED7 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!RegisterClassExA                                        7E377C39 5 Bytes  JMP 7D237FC2 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!SetWindowsHookExW                                       7E37820F 5 Bytes  JMP 7D23A494 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!FindWindowA                                             7E3782E1 5 Bytes  JMP 7D238F90 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!EnumDesktopWindows                                      7E37851A 5 Bytes  JMP 7D238E13 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!UnregisterClassA                                        7E3789A3 5 Bytes  JMP 7D23822D e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!DefWindowProcW                                          7E378D20 5 Bytes  JMP 7D236EF6 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!SendMessageW                                            7E37929A 5 Bytes  JMP 7D239CA5 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!GetPropW                                                7E3794B3 5 Bytes  JMP 7D239434 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!SetWindowPos                                            7E3799F3 5 Bytes  JMP 7D237033 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!GetClassNameW                                           7E379D12 5 Bytes  JMP 7D2379D7 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!EnumWindows                                             7E37A5AE 5 Bytes  JMP 7D238D78 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!GetWindowTextW                                          7E37A5CD 5 Bytes  JMP 7D238BB3 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!PostMessageA                                            7E37AAFD 5 Bytes  JMP 7D239E7F e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!EnumChildWindows                                        7E37B0F0 5 Bytes  JMP 7D238DBB e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!MoveWindow                                              7E37B29E 5 Bytes  JMP 7D237003 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!RemovePropW                                             7E37C076 5 Bytes  JMP 7D23951E e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!SetPropW                                                7E37C0B9 5 Bytes  JMP 7D2394A6 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!DefWindowProcA                                          7E37C17E 5 Bytes  JMP 7D236F46 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!SetWindowLongA                                          7E37C29D 5 Bytes  JMP 7D239824 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!SetWindowLongW                                          7E37C2BB 5 Bytes  JMP 7D239788 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!SetParent                                               7E37C7F9 5 Bytes  JMP 7D236FD3 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!FindWindowW                                             7E37C9C3 5 Bytes  JMP 7D238F17 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!SendMessageTimeoutW                                     7E37CDAA 5 Bytes  JMP 7D239D68 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!CreateWindowExW                                         7E37D0A3 5 Bytes  JMP 7D236BD0 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!UnhookWindowsHookEx                                     7E37D5F3 5 Bytes  JMP 7D23A209 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!SendNotifyMessageW                                      7E37D64F 5 Bytes  JMP 7D239E3D e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!CreateWindowExA                                         7E37E4A9 5 Bytes  JMP 7D236CC5 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!GetClassInfoW                                           7E37E81E 5 Bytes  JMP 7D238345 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!RegisterClassA                                          7E37EA5E 5 Bytes  JMP 7D238128 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!SendMessageA                                            7E37F3C2 5 Bytes  JMP 7D239C47 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!GetClassNameA                                           7E37F45F 5 Bytes  JMP 7D237AAB e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!EnumThreadWindows                                       7E37F539 5 Bytes  JMP 7D238DE7 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!SendMessageTimeoutA                                     7E37FB6B 5 Bytes  JMP 7D239D27 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!SetPropA                                                7E380000 5 Bytes  JMP 7D2394E2 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!GetPropA                                                7E380042 5 Bytes  JMP 7D23946D e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!RemovePropA                                             7E380094 5 Bytes  JMP 7D239557 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!SetWindowsHookExA                                       7E381211 5 Bytes  JMP 7D23A44C e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!DialogBoxIndirectParamW                                 7E382072 5 Bytes  JMP 7D23AFC7 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!FindWindowExA                                           7E38214A 5 Bytes  JMP 7D23908E e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!GetWindowTextA                                          7E38216B 5 Bytes  JMP 7D238BDA e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!CreateDialogIndirectParamA                              7E389B28 5 Bytes  JMP 7D23AFA5 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!DialogBoxParamA                                         7E38B144 5 Bytes  JMP 7D23B0A4 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!CreateDialogParamA                                      7E38C7DB 5 Bytes  JMP 7D23B03E e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!GetClassInfoA                                           7E38EBFF 5 Bytes  JMP 7D2383A8 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!CreateDialogIndirectParamW                              7E38F01F 5 Bytes  JMP 7D23AF83 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!SendNotifyMessageA                                      7E3A3948 5 Bytes  JMP 7D239DFB e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!DialogBoxIndirectParamA                                 7E3A6D7D 5 Bytes  JMP 7D23AFE9 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!EndTask                                                 7E3AA0A5 5 Bytes  JMP 7D2370ED e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] USER32.dll!ExitWindowsEx                                           7E3AA275 5 Bytes  JMP 7D236F96 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] GDI32.dll!EnumFontFamiliesExW                                      77EFBBF9 5 Bytes  JMP 7D2369FC e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] GDI32.dll!GdiAddFontResourceW                                      77EFCE11 5 Bytes  JMP 7D236626 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] GDI32.dll!RemoveFontResourceExW                                    77F09281 5 Bytes  JMP 7D23669D e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] GDI32.dll!EnumFontFamiliesExA                                      77F1FE3D 5 Bytes  JMP 7D2369E8 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] GDI32.dll!GetFontResourceInfoW                                     77F1FFF4 5 Bytes  JMP 7D23670F e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] GDI32.dll!CreateScalableFontResourceW                              77F20160 5 Bytes  JMP 7D2367D8 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] SHELL32.dll!ShellExecuteExW                                        7E6B991B 5 Bytes  JMP 7D24DC71 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ole32.dll!RegisterDragDrop                                         774CF62A 5 Bytes  JMP 7D25197C e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ole32.dll!CoCreateInstanceEx                                       774D0526 5 Bytes  JMP 7D229CB4 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ole32.dll!CoCreateInstance                                         774D057E 5 Bytes  JMP 7D229C03 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ole32.dll!CoMarshalInterface                                       774DEA71 5 Bytes  JMP 7D228707 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ole32.dll!CoGetClassObject                                         774E56C5 5 Bytes  JMP 7D229B66 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ole32.dll!CoUnmarshalInterface                                     774FD7F4 5 Bytes  JMP 7D229DEF e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\TortoiseSVN\bin\TSVNCache.exe[1592] ole32.dll!RevokeDragDrop                                           77502B55 5 Bytes  JMP 7D2519FA e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)

Syras · 08.08.2010, 16:22

Ich muss leider noch einen 3. Post erstellen um den kompletten Log unterzubringen

Code:

ATTFilter

.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtAdjustPrivilegesToken                                   7C91CF0E 4 Bytes  JMP 7D24BB50 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtClose                                                   7C91CFEE 4 Bytes  JMP 7D234F23 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtConnectPort                                             7C91D04E 4 Bytes  JMP 7D23D7C5 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtCreateEvent                                             7C91D08E 4 Bytes  JMP 7D23C83F e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtCreateFile                                              7C91D0AE 4 Bytes  JMP 7D2355F3 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtCreateKey                                               7C91D0EE 4 Bytes  JMP 7D2406FF e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtCreateMailslotFile                                      7C91D0FE 4 Bytes  JMP 7D2332D4 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtCreateMutant                                            7C91D10E 4 Bytes  JMP 7D23CB07 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtCreateNamedPipeFile                                     7C91D11E 4 Bytes  JMP 7D233404 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtCreatePort                                              7C91D13E 4 Bytes  JMP 7D23C428 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtCreateSection                                           7C91D17E 4 Bytes  JMP 7D23D088 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtCreateSemaphore                                         7C91D18E 4 Bytes  JMP 7D23CDC0 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtDeleteFile                                              7C91D23E 4 Bytes  JMP 7D230B38 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtDeleteKey                                               7C91D24E 4 Bytes  JMP 7D240FC0 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtDeleteValueKey                                          7C91D26E 4 Bytes  JMP 7D241B2C e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtDuplicateObject                                         7C91D29E 4 Bytes  JMP 7D24B81F e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtEnumerateKey                                            7C91D2CE 4 Bytes  JMP 7D2412EF e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtEnumerateValueKey                                       7C91D2EE 4 Bytes  JMP 7D2417ED e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtFsControlFile                                           7C91D39E 4 Bytes  JMP 7D234BD9 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtImpersonateClientOfPort                                 7C91D3FE 4 Bytes  JMP 7D23C7F0 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtLoadDriver                                              7C91D46E 4 Bytes  JMP 7D242971 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtLoadKey                                                 7C91D47E 4 Bytes  JMP 7D23FDAA e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtMapViewOfSection                                        7C91D51E 4 Bytes  JMP 7D242B5F e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtNotifyChangeKey                                         7C91D54E 4 Bytes  JMP 7D240537 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtNotifyChangeMultipleKeys                                7C91D55E 4 Bytes  JMP 7D23FA97 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtOpenEvent                                               7C91D57E 4 Bytes  JMP 7D23C9A3 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtOpenFile                                                7C91D59E 4 Bytes  JMP 7D236131 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtOpenKey                                                 7C91D5CE 4 Bytes  JMP 7D240F54 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtOpenMutant                                              7C91D5DE 4 Bytes  JMP 7D23CC5C e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtOpenProcess                                             7C91D5FE 4 Bytes  JMP 7D24B783 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtOpenSection                                             7C91D62E 4 Bytes  JMP 7D23DCC3 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtOpenSemaphore                                           7C91D63E 4 Bytes  JMP 7D23CF24 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtOpenThread                                              7C91D65E 4 Bytes  JMP 7D24B7D1 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtQueryAttributesFile                                     7C91D70E 4 Bytes  JMP 7D230A7E e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtQueryDirectoryFile                                      7C91D76E 4 Bytes  JMP 7D234CCF e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtQueryFullAttributesFile                                 7C91D7AE 4 Bytes  JMP 7D2329BA e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtQueryInformationFile                                    7C91D7CE 4 Bytes  JMP 7D2343B4 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtQueryKey                                                7C91D85E 4 Bytes  JMP 7D240FD6 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtQueryMultipleValueKey                                   7C91D86E 4 Bytes  JMP 7D241937 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtQuerySecurityObject                                     7C91D8DE 4 Bytes  JMP 7D24B8E5 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtQuerySystemInformation                                  7C91D92E 4 Bytes  JMP 7D24E8C7 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtQueryValueKey                                           7C91D96E 4 Bytes  JMP 7D24166C e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtQueryVolumeInformationFile                              7C91D98E 4 Bytes  JMP 7D235430 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtReadFile                                                7C91D9CE 4 Bytes  JMP 7D22E734 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtRenameKey                                               7C91DA5E 4 Bytes  JMP 7D23FD8A e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtSaveKey                                                 7C91DB4E 4 Bytes  JMP 7D22C4A0 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtSecureConnectPort                                       7C91DB7E 4 Bytes  JMP 7D23D937 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtSetInformationFile                                      7C91DC5E 4 Bytes  JMP 7D235FAC e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtSetInformationProcess                                   7C91DC9E 5 Bytes  JMP 00402300 E:\Programme\Sandboxie\SandboxieRpcSs.exe (Sandboxie COM Services (RPC)/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtSetInformationToken                                     7C91DCBE 4 Bytes  JMP 7D24BB20 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtSetSecurityObject                                       7C91DD2E 4 Bytes  JMP 7D24B9E4 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtSetValueKey                                             7C91DDCE 4 Bytes  JMP 7D240412 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!NtWriteFile                                               7C91DF7E 4 Bytes  JMP 7D22E803 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!RtlGetFullPathName_U                                      7C9243A9 5 Bytes  JMP 7D233B76 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!RtlGetCurrentDirectory_U                                  7C924506 5 Bytes  JMP 7D235189 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!LdrLoadDll                                                7C9263C3 4 Bytes  JMP 7D2427EA e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!LdrUnloadDll                                              7C92738B 4 Bytes  JMP 7D2428CE e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!RtlSetCurrentDirectory_U                                  7C92E7AA 5 Bytes  JMP 7D2353BD e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!RtlCreateProcessParameters                                7C932E99 5 Bytes  JMP 7D243E83 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ntdll.dll!RtlAdjustPrivilege                                        7C939A6D 5 Bytes  JMP 004022C0 E:\Programme\Sandboxie\SandboxieRpcSs.exe (Sandboxie COM Services (RPC)/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] kernel32.dll!CreateProcessW                                         7C802336 5 Bytes  JMP 7D24583E e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] kernel32.dll!CreateProcessA                                         7C80236B 5 Bytes  JMP 7D245651 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] kernel32.dll!CreateFileMappingW                                     7C80943C 5 Bytes  JMP 004025F0 E:\Programme\Sandboxie\SandboxieRpcSs.exe (Sandboxie COM Services (RPC)/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] kernel32.dll!CreateActCtxW                                          7C8154FC 4 Bytes  JMP 7D2504C0 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] kernel32.dll!MoveFileWithProgressW                                  7C81F72E 4 Bytes  JMP 7D230B80 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] kernel32.dll!DefineDosDeviceW                                       7C821F1E 5 Bytes  JMP 7D230BA8 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] kernel32.dll!WaitNamedPipeW                                         7C82C674 5 Bytes  JMP 7D230D27 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] kernel32.dll!DefineDosDeviceA                                       7C85D29D 5 Bytes  JMP 7D230BA8 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] kernel32.dll!WinExec                                                7C86250D 5 Bytes  JMP 7D244940 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] kernel32.dll!CreateActCtxA                                          7C86C8E5 5 Bytes  JMP 7D2504D6 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] kernel32.dll!SetLocaleInfoA                                         7C876A0B 5 Bytes  JMP 7D230BA8 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] kernel32.dll!SetLocaleInfoW                                         7C877FB3 5 Bytes  JMP 7D230BA8 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!RegOpenKeyExW                                          77DA6AAF 5 Bytes  JMP 004026E0 E:\Programme\Sandboxie\SandboxieRpcSs.exe (Sandboxie COM Services (RPC)/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!RegQueryValueExW                                       77DA6FFF 5 Bytes  JMP 00402780 E:\Programme\Sandboxie\SandboxieRpcSs.exe (Sandboxie COM Services (RPC)/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!OpenThreadToken                                        77DA72CC 5 Bytes  JMP 00402680 E:\Programme\Sandboxie\SandboxieRpcSs.exe (Sandboxie COM Services (RPC)/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!GetTokenInformation                                    77DA7305 5 Bytes  JMP 00402440 E:\Programme\Sandboxie\SandboxieRpcSs.exe (Sandboxie COM Services (RPC)/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!SetThreadToken                                         77DAF193 5 Bytes  JMP 00402370 E:\Programme\Sandboxie\SandboxieRpcSs.exe (Sandboxie COM Services (RPC)/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!AccessCheckByType                                      77DAF1C9 5 Bytes  JMP 00402340 E:\Programme\Sandboxie\SandboxieRpcSs.exe (Sandboxie COM Services (RPC)/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!LookupAccountNameW                                     77DB5B59 5 Bytes  JMP 7D227C44 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!CloseServiceHandle                                     77DB6CE5 5 Bytes  JMP 00401EB0 E:\Programme\Sandboxie\SandboxieRpcSs.exe (Sandboxie COM Services (RPC)/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!QueryServiceStatus                                     77DB6D50 5 Bytes  JMP 00401FE0 E:\Programme\Sandboxie\SandboxieRpcSs.exe (Sandboxie COM Services (RPC)/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!OpenSCManagerW                                         77DB6F55 5 Bytes  JMP 7D247B61 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!OpenServiceW                                           77DB6FFD 5 Bytes  JMP 00401DF0 E:\Programme\Sandboxie\SandboxieRpcSs.exe (Sandboxie COM Services (RPC)/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!CreateProcessAsUserW                                   77DBA8A9 5 Bytes  JMP 7D2451BF e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!StartServiceA                                          77DBFB58 5 Bytes  JMP 7D24A1A7 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!RegisterServiceCtrlHandlerExA                          77DBFEAB 5 Bytes  JMP 7D2478F4 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!QueryServiceStatusEx                                   77DC120A 5 Bytes  JMP 00401EF0 E:\Programme\Sandboxie\SandboxieRpcSs.exe (Sandboxie COM Services (RPC)/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!QueryServiceConfigA                                    77DC1596 5 Bytes  JMP 7D24958E e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!SetServiceStatus                                       77DC3251 5 Bytes  JMP 00401C90 E:\Programme\Sandboxie\SandboxieRpcSs.exe (Sandboxie COM Services (RPC)/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!StartServiceCtrlDispatcherW                            77DC359D 5 Bytes  JMP 00401DB0 E:\Programme\Sandboxie\SandboxieRpcSs.exe (Sandboxie COM Services (RPC)/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!ReportEventW                                           77DC3681 5 Bytes  JMP 7D247B4E e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!RegisterServiceCtrlHandlerExW                          77DC3E49 5 Bytes  JMP 7D2478F4 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!RegisterServiceCtrlHandlerW                            77DC3E77 5 Bytes  JMP 7D2478DB e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!StartServiceW                                          77DC3E94 5 Bytes  JMP 00402040 E:\Programme\Sandboxie\SandboxieRpcSs.exe (Sandboxie COM Services (RPC)/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!ControlService                                         77DC4A09 5 Bytes  JMP 004020A0 E:\Programme\Sandboxie\SandboxieRpcSs.exe (Sandboxie COM Services (RPC)/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!OpenServiceA                                           77DC4C66 5 Bytes  JMP 7D24A3B0 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!RegisterServiceCtrlHandlerA                            77DC4EC6 5 Bytes  JMP 7D2478DB e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!OpenSCManagerA                                         77DC69AE 5 Bytes  JMP 7D247B61 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!EnumServicesStatusA                                    77DC6B47 5 Bytes  JMP 7D24A7ED e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!QueryServiceConfigW                                    77DC6F92 5 Bytes  JMP 7D249369 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!DeregisterEventSource                                  77DC79D3 5 Bytes  JMP 7D247B3B e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!RegisterEventSourceA                                   77DC7B60 5 Bytes  JMP 7D247AE4 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!ReportEventA                                           77DC7CB2 5 Bytes  JMP 7D247B4E e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!RegisterEventSourceW                                   77DC803C 5 Bytes  JMP 7D247ACF e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!RegConnectRegistryW                                    77DC817A 5 Bytes  JMP 7D227CF1 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!CreateProcessAsUserA                                   77DE0CE8 5 Bytes  JMP 7D2453DA e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!CredWriteA                                             77DE7CB9 5 Bytes  JMP 7D22AD5F e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!CredWriteW                                             77DE7D59 5 Bytes  JMP 7D22A7BF e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!CredReadA                                              77DE7DF9 5 Bytes  JMP 7D22ADF7 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!CredReadW                                              77DE7ED1 5 Bytes  JMP 7D22A838 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!CredEnumerateA                                         77DE7FA9 5 Bytes  JMP 7D22AE37 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!CredEnumerateW                                         77DE8099 5 Bytes  JMP 7D22AB2D e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!CredWriteDomainCredentialsA                            77DE8189 5 Bytes  JMP 7D22AD85 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!CredWriteDomainCredentialsW                            77DE8259 5 Bytes  JMP 7D22A909 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!CredReadDomainCredentialsA                             77DE8329 5 Bytes  JMP 7D22AE17 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!CredReadDomainCredentialsW                             77DE8419 5 Bytes  JMP 7D22A9DE e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!CredDeleteA                                            77DE8509 5 Bytes  JMP 7D22ADD1 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!CredDeleteW                                            77DE85B1 5 Bytes  JMP 7D22AAEF e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!CredRenameA                                            77DE8659 5 Bytes  JMP 7D22ADAB e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!CredRenameW                                            77DE8731 5 Bytes  JMP 7D22AD39 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!RegConnectRegistryA                                    77E0512A 5 Bytes  JMP 7D227CC0 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!EnumServicesStatusExW                                  77E069B8 5 Bytes  JMP 7D24A81A e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!EnumServicesStatusExA                                  77E06C2F 5 Bytes  JMP 7D24A859 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!QueryServiceObjectSecurity                             77E06D01 5 Bytes  JMP 7D248612 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!SetServiceObjectSecurity                               77E06D81 5 Bytes  JMP 7D2486F8 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!ChangeServiceConfigA                                   77E06E69 5 Bytes  JMP 7D249DED e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!ChangeServiceConfigW                                   77E07001 5 Bytes  JMP 7D249C30 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!ChangeServiceConfig2A                                  77E07101 5 Bytes  JMP 7D249FD5 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!ChangeServiceConfig2W                                  77E07189 5 Bytes  JMP 7D249F99 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!CreateServiceA                                         77E07211 5 Bytes  JMP 7D24AA74 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!CreateServiceW                                         77E073A9 5 Bytes  JMP 7D24A898 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!DeleteService                                          77E074B1 5 Bytes  JMP 7D249FE3 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!EnumDependentServicesA                                 77E07529 5 Bytes  JMP 7D2477FB e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!EnumDependentServicesW                                 77E075E1 5 Bytes  JMP 7D2477FB e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!GetServiceDisplayNameA                                 77E07699 1 Byte  [E9]
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!GetServiceDisplayNameA                                 77E07699 5 Bytes  JMP 7D2499B6 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!GetServiceDisplayNameW                                 77E07739 5 Bytes  JMP 7D249933 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!GetServiceKeyNameA                                     77E077D9 5 Bytes  JMP 7D249B34 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!GetServiceKeyNameW                                     77E07879 5 Bytes  JMP 7D249A64 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!LockServiceDatabase                                    77E07919 5 Bytes  JMP 7D247818 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!QueryServiceConfig2A                                   77E07999 5 Bytes  JMP 7D2497C2 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!QueryServiceConfig2W                                   77E07AB1 5 Bytes  JMP 7D249716 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!QueryServiceLockStatusA                                77E07BC9 5 Bytes  JMP 7D2477B7 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!QueryServiceLockStatusW                                77E07C59 5 Bytes  JMP 7D2477B7 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!UnlockServiceDatabase                                  77E07CE9 5 Bytes  JMP 7D24783E e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!EnumServicesStatusW                                    77E07D61 5 Bytes  JMP 7D24A7C0 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] ADVAPI32.dll!StartServiceCtrlDispatcherA                            77E07F09 5 Bytes  JMP 7D248BA0 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] RPCRT4.dll!RpcBindingInqAuthClientExW                               77E6A906 5 Bytes  JMP 7D245AA6 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] Secur32.dll!LsaRegisterLogonProcess                                 77FC4D17 5 Bytes  JMP 7D2433CB e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!GetWindowLongW                                           7E3688A6 5 Bytes  JMP 7D239590 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!DispatchMessageW                                         7E368A01 5 Bytes  JMP 7D239AAB e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!PostMessageW                                             7E368CCB 5 Bytes  JMP 7D239EF6 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!GetShellWindow                                           7E369252 5 Bytes  JMP 7D239113 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!GetWindowLongA                                           7E36945D 5 Bytes  JMP 7D239620 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!DispatchMessageA                                         7E3696B8 5 Bytes  JMP 7D239A6F e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!UnregisterClassW                                         7E369AA4 5 Bytes  JMP 7D2381DB e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!RegisterClassW                                           7E36A39A 5 Bytes  JMP 7D238075 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!RegisterClassExW                                         7E36AF7F 5 Bytes  JMP 7D237F0F e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!GetClassInfoExA                                          7E36DD58 5 Bytes  JMP 7D2382E2 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!GetClassInfoExW                                          7E36DEBC 5 Bytes  JMP 7D23827F e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!FindWindowExW                                            7E36E0E3 5 Bytes  JMP 7D239009 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!RegisterDeviceNotificationW                              7E36E8B9 5 Bytes  JMP 7D23711E e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!UnregisterDeviceNotification                             7E36E8D7 5 Bytes  JMP 7D247B3B e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!CreateDialogParamW                                       7E36EA3B 5 Bytes  JMP 7D23B00B e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!RegisterDeviceNotificationA                              7E371B3B 2 Bytes  JMP 7D23711E e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!RegisterDeviceNotificationA + 3                          7E371B3E 2 Bytes  [EC, FE]
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!DialogBoxParamW                                          7E3747AB 5 Bytes  JMP 7D23B071 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!DialogBoxIndirectParamAorW                               7E3749D0 5 Bytes  JMP 7D23AF33 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!CreateDialogIndirectParamAorW                            7E37680B 5 Bytes  JMP 7D23AED7 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!RegisterClassExA                                         7E377C39 5 Bytes  JMP 7D237FC2 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!SetWindowsHookExW                                        7E37820F 5 Bytes  JMP 7D23A494 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!FindWindowA                                              7E3782E1 5 Bytes  JMP 7D238F90 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!EnumDesktopWindows                                       7E37851A 5 Bytes  JMP 7D238E13 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!UnregisterClassA                                         7E3789A3 5 Bytes  JMP 7D23822D e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!DefWindowProcW                                           7E378D20 5 Bytes  JMP 7D236EF6 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!SendMessageW                                             7E37929A 5 Bytes  JMP 7D239CA5 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!GetPropW                                                 7E3794B3 5 Bytes  JMP 7D239434 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!SetWindowPos                                             7E3799F3 5 Bytes  JMP 7D237033 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!GetClassNameW                                            7E379D12 5 Bytes  JMP 7D2379D7 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!EnumWindows                                              7E37A5AE 5 Bytes  JMP 7D238D78 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!GetWindowTextW                                           7E37A5CD 5 Bytes  JMP 7D238BB3 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!PostMessageA                                             7E37AAFD 5 Bytes  JMP 7D239E7F e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!EnumChildWindows                                         7E37B0F0 5 Bytes  JMP 7D238DBB e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!MoveWindow                                               7E37B29E 5 Bytes  JMP 7D237003 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!RemovePropW                                              7E37C076 5 Bytes  JMP 7D23951E e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!SetPropW                                                 7E37C0B9 5 Bytes  JMP 7D2394A6 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!DefWindowProcA                                           7E37C17E 5 Bytes  JMP 7D236F46 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!SetWindowLongA                                           7E37C29D 5 Bytes  JMP 7D239824 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!SetWindowLongW                                           7E37C2BB 5 Bytes  JMP 7D239788 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!SetParent                                                7E37C7F9 5 Bytes  JMP 7D236FD3 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!FindWindowW                                              7E37C9C3 5 Bytes  JMP 7D238F17 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!SendMessageTimeoutW                                      7E37CDAA 5 Bytes  JMP 7D239D68 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!CreateWindowExW                                          7E37D0A3 5 Bytes  JMP 7D236BD0 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!UnhookWindowsHookEx                                      7E37D5F3 5 Bytes  JMP 7D23A209 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!SendNotifyMessageW                                       7E37D64F 5 Bytes  JMP 7D239E3D e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!CreateWindowExA                                          7E37E4A9 5 Bytes  JMP 7D236CC5 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!GetClassInfoW                                            7E37E81E 5 Bytes  JMP 7D238345 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!RegisterClassA                                           7E37EA5E 5 Bytes  JMP 7D238128 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!SendMessageA                                             7E37F3C2 5 Bytes  JMP 7D239C47 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!GetClassNameA                                            7E37F45F 5 Bytes  JMP 7D237AAB e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!EnumThreadWindows                                        7E37F539 5 Bytes  JMP 7D238DE7 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!SendMessageTimeoutA                                      7E37FB6B 5 Bytes  JMP 7D239D27 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!SetPropA                                                 7E380000 5 Bytes  JMP 7D2394E2 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!GetPropA                                                 7E380042 5 Bytes  JMP 7D23946D e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!RemovePropA                                              7E380094 5 Bytes  JMP 7D239557 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!SetWindowsHookExA                                        7E381211 5 Bytes  JMP 7D23A44C e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!DialogBoxIndirectParamW                                  7E382072 5 Bytes  JMP 7D23AFC7 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!FindWindowExA                                            7E38214A 5 Bytes  JMP 7D23908E e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!GetWindowTextA                                           7E38216B 5 Bytes  JMP 7D238BDA e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!CreateDialogIndirectParamA                               7E389B28 5 Bytes  JMP 7D23AFA5 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!DialogBoxParamA                                          7E38B144 5 Bytes  JMP 7D23B0A4 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!CreateDialogParamA                                       7E38C7DB 5 Bytes  JMP 7D23B03E e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!GetClassInfoA                                            7E38EBFF 5 Bytes  JMP 7D2383A8 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!CreateDialogIndirectParamW                               7E38F01F 5 Bytes  JMP 7D23AF83 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!SendNotifyMessageA                                       7E3A3948 5 Bytes  JMP 7D239DFB e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!DialogBoxIndirectParamA                                  7E3A6D7D 5 Bytes  JMP 7D23AFE9 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!EndTask                                                  7E3AA0A5 5 Bytes  JMP 7D2370ED e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] USER32.dll!ExitWindowsEx                                            7E3AA275 5 Bytes  JMP 7D236F96 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] GDI32.dll!EnumFontFamiliesExW                                       77EFBBF9 5 Bytes  JMP 7D2369FC e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] GDI32.dll!GdiAddFontResourceW                                       77EFCE11 5 Bytes  JMP 7D236626 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] GDI32.dll!RemoveFontResourceExW                                     77F09281 5 Bytes  JMP 7D23669D e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] GDI32.dll!EnumFontFamiliesExA                                       77F1FE3D 5 Bytes  JMP 7D2369E8 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] GDI32.dll!GetFontResourceInfoW                                      77F1FFF4 5 Bytes  JMP 7D23670F e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] GDI32.dll!CreateScalableFontResourceW                               77F20160 5 Bytes  JMP 7D2367D8 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] WS2_32.dll!WSASocketW                                               71A1404E 5 Bytes  JMP 00402660 E:\Programme\Sandboxie\SandboxieRpcSs.exe (Sandboxie COM Services (RPC)/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] WS2_32.dll!bind                                                     71A14480 5 Bytes  JMP 00402640 E:\Programme\Sandboxie\SandboxieRpcSs.exe (Sandboxie COM Services (RPC)/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] WS2_32.dll!WSANSPIoctl                                              71A15086 5 Bytes  JMP 7D243AEA e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] WS2_32.dll!listen                                                   71A18CD3 5 Bytes  JMP 00402650 E:\Programme\Sandboxie\SandboxieRpcSs.exe (Sandboxie COM Services (RPC)/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] userenv.dll!RegisterGPNotification                                  76628607 5 Bytes  JMP 7D251262 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieRpcSs.exe[2036] userenv.dll!UnregisterGPNotification                                76639894 5 Bytes  JMP 7D247B3B e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     e:\Programme\Tunngle\TnglCtrl.exe[2260] ntdll.dll!DbgBreakPoint                                                     7C91120E 1 Byte  [90]

Syras · 08.08.2010, 16:23

letzter Teil des GMER logs

Code:

ATTFilter

.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtAdjustPrivilegesToken                              7C91CF0E 4 Bytes  JMP 7D24BB50 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtClose                                              7C91CFEE 4 Bytes  JMP 7D234F23 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtConnectPort                                        7C91D04E 4 Bytes  JMP 7D23D7C5 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtCreateEvent                                        7C91D08E 4 Bytes  JMP 7D23C83F e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtCreateFile                                         7C91D0AE 4 Bytes  JMP 7D2355F3 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtCreateKey                                          7C91D0EE 4 Bytes  JMP 7D2406FF e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtCreateMailslotFile                                 7C91D0FE 4 Bytes  JMP 7D2332D4 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtCreateMutant                                       7C91D10E 4 Bytes  JMP 7D23CB07 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtCreateNamedPipeFile                                7C91D11E 4 Bytes  JMP 7D233404 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtCreatePort                                         7C91D13E 4 Bytes  JMP 7D23C428 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtCreateSection                                      7C91D17E 4 Bytes  JMP 7D23D088 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtCreateSemaphore                                    7C91D18E 4 Bytes  JMP 7D23CDC0 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtDeleteFile                                         7C91D23E 4 Bytes  JMP 7D230B38 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtDeleteKey                                          7C91D24E 4 Bytes  JMP 7D240FC0 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtDeleteValueKey                                     7C91D26E 4 Bytes  JMP 7D241B2C e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtDuplicateObject                                    7C91D29E 4 Bytes  JMP 7D24B81F e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtEnumerateKey                                       7C91D2CE 4 Bytes  JMP 7D2412EF e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtEnumerateValueKey                                  7C91D2EE 4 Bytes  JMP 7D2417ED e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtFsControlFile                                      7C91D39E 4 Bytes  JMP 7D234BD9 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtImpersonateClientOfPort                            7C91D3FE 4 Bytes  JMP 7D23C7F0 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtLoadDriver                                         7C91D46E 4 Bytes  JMP 7D242971 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtLoadKey                                            7C91D47E 4 Bytes  JMP 7D23FDAA e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtMapViewOfSection                                   7C91D51E 4 Bytes  JMP 7D242B5F e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtNotifyChangeKey                                    7C91D54E 4 Bytes  JMP 7D240537 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtNotifyChangeMultipleKeys                           7C91D55E 4 Bytes  JMP 7D23FA97 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtOpenEvent                                          7C91D57E 4 Bytes  JMP 7D23C9A3 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtOpenFile                                           7C91D59E 4 Bytes  JMP 7D236131 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtOpenKey                                            7C91D5CE 4 Bytes  JMP 7D240F54 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtOpenMutant                                         7C91D5DE 4 Bytes  JMP 7D23CC5C e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtOpenProcess                                        7C91D5FE 4 Bytes  JMP 7D24B783 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtOpenSection                                        7C91D62E 4 Bytes  JMP 7D23DCC3 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtOpenSemaphore                                      7C91D63E 4 Bytes  JMP 7D23CF24 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtOpenThread                                         7C91D65E 4 Bytes  JMP 7D24B7D1 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtQueryAttributesFile                                7C91D70E 4 Bytes  JMP 7D230A7E e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtQueryDirectoryFile                                 7C91D76E 4 Bytes  JMP 7D234CCF e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtQueryFullAttributesFile                            7C91D7AE 4 Bytes  JMP 7D2329BA e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtQueryInformationFile                               7C91D7CE 4 Bytes  JMP 7D2343B4 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtQueryKey                                           7C91D85E 4 Bytes  JMP 7D240FD6 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtQueryMultipleValueKey                              7C91D86E 4 Bytes  JMP 7D241937 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtQuerySecurityObject                                7C91D8DE 4 Bytes  JMP 7D24B8E5 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtQuerySystemInformation                             7C91D92E 4 Bytes  JMP 7D24E8C7 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtQueryValueKey                                      7C91D96E 4 Bytes  JMP 7D24166C e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtQueryVolumeInformationFile                         7C91D98E 4 Bytes  JMP 7D235430 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtReadFile                                           7C91D9CE 4 Bytes  JMP 7D22E734 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtRenameKey                                          7C91DA5E 4 Bytes  JMP 7D23FD8A e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtSaveKey                                            7C91DB4E 4 Bytes  JMP 7D22C4A0 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtSecureConnectPort                                  7C91DB7E 4 Bytes  JMP 7D23D937 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtSetInformationFile                                 7C91DC5E 4 Bytes  JMP 7D235FAC e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtSetInformationProcess                              7C91DC9E 5 Bytes  JMP 00402040 E:\Programme\Sandboxie\SandboxieDcomLaunch.exe (Sandboxie COM Services (DCOM)/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtSetInformationToken                                7C91DCBE 4 Bytes  JMP 7D24BB20 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtSetSecurityObject                                  7C91DD2E 4 Bytes  JMP 7D24B9E4 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtSetValueKey                                        7C91DDCE 4 Bytes  JMP 7D240412 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!NtWriteFile                                          7C91DF7E 4 Bytes  JMP 7D22E803 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!RtlGetFullPathName_U                                 7C9243A9 5 Bytes  JMP 7D233B76 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!RtlGetCurrentDirectory_U                             7C924506 5 Bytes  JMP 7D235189 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!LdrLoadDll                                           7C9263C3 4 Bytes  JMP 7D2427EA e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!LdrUnloadDll                                         7C92738B 4 Bytes  JMP 7D2428CE e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!RtlSetCurrentDirectory_U                             7C92E7AA 5 Bytes  JMP 7D2353BD e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!RtlCreateProcessParameters                           7C932E99 5 Bytes  JMP 7D243E83 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ntdll.dll!RtlAdjustPrivilege                                   7C939A6D 5 Bytes  JMP 00402000 E:\Programme\Sandboxie\SandboxieDcomLaunch.exe (Sandboxie COM Services (DCOM)/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] kernel32.dll!CreateProcessW                                    7C802336 5 Bytes  JMP 7D24583E e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] kernel32.dll!CreateProcessA                                    7C80236B 5 Bytes  JMP 7D245651 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] kernel32.dll!CreateFileMappingW                                7C80943C 5 Bytes  JMP 00402330 E:\Programme\Sandboxie\SandboxieDcomLaunch.exe (Sandboxie COM Services (DCOM)/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] kernel32.dll!CreateActCtxW                                     7C8154FC 4 Bytes  JMP 7D2504C0 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] kernel32.dll!MoveFileWithProgressW                             7C81F72E 4 Bytes  JMP 7D230B80 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] kernel32.dll!DefineDosDeviceW                                  7C821F1E 5 Bytes  JMP 7D230BA8 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] kernel32.dll!WaitNamedPipeW                                    7C82C674 5 Bytes  JMP 7D230D27 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] kernel32.dll!DefineDosDeviceA                                  7C85D29D 5 Bytes  JMP 7D230BA8 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] kernel32.dll!WinExec                                           7C86250D 5 Bytes  JMP 7D244940 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] kernel32.dll!CreateActCtxA                                     7C86C8E5 5 Bytes  JMP 7D2504D6 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] kernel32.dll!SetLocaleInfoA                                    7C876A0B 5 Bytes  JMP 7D230BA8 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] kernel32.dll!SetLocaleInfoW                                    7C877FB3 5 Bytes  JMP 7D230BA8 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!GetTokenInformation                               77DA7305 5 Bytes  JMP 00402180 E:\Programme\Sandboxie\SandboxieDcomLaunch.exe (Sandboxie COM Services (DCOM)/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!SetThreadToken                                    77DAF193 5 Bytes  JMP 004020B0 E:\Programme\Sandboxie\SandboxieDcomLaunch.exe (Sandboxie COM Services (DCOM)/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!AccessCheckByType                                 77DAF1C9 5 Bytes  JMP 00402080 E:\Programme\Sandboxie\SandboxieDcomLaunch.exe (Sandboxie COM Services (DCOM)/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!LookupAccountNameW                                77DB5B59 5 Bytes  JMP 7D227C44 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!CloseServiceHandle                                77DB6CE5 5 Bytes  JMP 00401BF0 E:\Programme\Sandboxie\SandboxieDcomLaunch.exe (Sandboxie COM Services (DCOM)/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!QueryServiceStatus                                77DB6D50 5 Bytes  JMP 00401D20 E:\Programme\Sandboxie\SandboxieDcomLaunch.exe (Sandboxie COM Services (DCOM)/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!OpenSCManagerW                                    77DB6F55 5 Bytes  JMP 7D247B61 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!OpenServiceW                                      77DB6FFD 5 Bytes  JMP 00401B30 E:\Programme\Sandboxie\SandboxieDcomLaunch.exe (Sandboxie COM Services (DCOM)/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!CreateProcessAsUserW                              77DBA8A9 5 Bytes  JMP 7D2451BF e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!StartServiceA                                     77DBFB58 5 Bytes  JMP 7D24A1A7 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!RegisterServiceCtrlHandlerExA                     77DBFEAB 5 Bytes  JMP 7D2478F4 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!QueryServiceStatusEx                              77DC120A 5 Bytes  JMP 00401C30 E:\Programme\Sandboxie\SandboxieDcomLaunch.exe (Sandboxie COM Services (DCOM)/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!QueryServiceConfigA                               77DC1596 5 Bytes  JMP 7D24958E e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!SetServiceStatus                                  77DC3251 5 Bytes  JMP 004019D0 E:\Programme\Sandboxie\SandboxieDcomLaunch.exe (Sandboxie COM Services (DCOM)/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!StartServiceCtrlDispatcherW                       77DC359D 5 Bytes  JMP 00401AF0 E:\Programme\Sandboxie\SandboxieDcomLaunch.exe (Sandboxie COM Services (DCOM)/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!ReportEventW                                      77DC3681 5 Bytes  JMP 7D247B4E e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!RegisterServiceCtrlHandlerExW                     77DC3E49 5 Bytes  JMP 7D2478F4 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!RegisterServiceCtrlHandlerW                       77DC3E77 5 Bytes  JMP 7D2478DB e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!StartServiceW                                     77DC3E94 5 Bytes  JMP 00401D80 E:\Programme\Sandboxie\SandboxieDcomLaunch.exe (Sandboxie COM Services (DCOM)/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!ControlService                                    77DC4A09 5 Bytes  JMP 00401DE0 E:\Programme\Sandboxie\SandboxieDcomLaunch.exe (Sandboxie COM Services (DCOM)/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!OpenServiceA                                      77DC4C66 5 Bytes  JMP 7D24A3B0 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!RegisterServiceCtrlHandlerA                       77DC4EC6 5 Bytes  JMP 7D2478DB e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!OpenSCManagerA                                    77DC69AE 5 Bytes  JMP 7D247B61 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!EnumServicesStatusA                               77DC6B47 5 Bytes  JMP 7D24A7ED e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!QueryServiceConfigW                               77DC6F92 5 Bytes  JMP 7D249369 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!DeregisterEventSource                             77DC79D3 5 Bytes  JMP 7D247B3B e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!RegisterEventSourceA                              77DC7B60 5 Bytes  JMP 7D247AE4 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!ReportEventA                                      77DC7CB2 5 Bytes  JMP 7D247B4E e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!RegisterEventSourceW                              77DC803C 5 Bytes  JMP 7D247ACF e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!RegConnectRegistryW                               77DC817A 5 Bytes  JMP 7D227CF1 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!CreateProcessAsUserA                              77DE0CE8 5 Bytes  JMP 7D2453DA e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!CredWriteA                                        77DE7CB9 5 Bytes  JMP 7D22AD5F e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!CredWriteW                                        77DE7D59 5 Bytes  JMP 7D22A7BF e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!CredReadA                                         77DE7DF9 5 Bytes  JMP 7D22ADF7 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!CredReadW                                         77DE7ED1 5 Bytes  JMP 7D22A838 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!CredEnumerateA                                    77DE7FA9 5 Bytes  JMP 7D22AE37 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!CredEnumerateW                                    77DE8099 5 Bytes  JMP 7D22AB2D e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!CredWriteDomainCredentialsA                       77DE8189 5 Bytes  JMP 7D22AD85 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!CredWriteDomainCredentialsW                       77DE8259 5 Bytes  JMP 7D22A909 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!CredReadDomainCredentialsA                        77DE8329 5 Bytes  JMP 7D22AE17 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!CredReadDomainCredentialsW                        77DE8419 5 Bytes  JMP 7D22A9DE e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!CredDeleteA                                       77DE8509 5 Bytes  JMP 7D22ADD1 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!CredDeleteW                                       77DE85B1 5 Bytes  JMP 7D22AAEF e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!CredRenameA                                       77DE8659 5 Bytes  JMP 7D22ADAB e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!CredRenameW                                       77DE8731 5 Bytes  JMP 7D22AD39 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!RegConnectRegistryA                               77E0512A 5 Bytes  JMP 7D227CC0 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!EnumServicesStatusExW                             77E069B8 5 Bytes  JMP 7D24A81A e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!EnumServicesStatusExA                             77E06C2F 5 Bytes  JMP 7D24A859 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!QueryServiceObjectSecurity                        77E06D01 5 Bytes  JMP 7D248612 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!SetServiceObjectSecurity                          77E06D81 5 Bytes  JMP 7D2486F8 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!ChangeServiceConfigA                              77E06E69 5 Bytes  JMP 7D249DED e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!ChangeServiceConfigW                              77E07001 5 Bytes  JMP 7D249C30 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!ChangeServiceConfig2A                             77E07101 5 Bytes  JMP 7D249FD5 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!ChangeServiceConfig2W                             77E07189 5 Bytes  JMP 7D249F99 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!CreateServiceA                                    77E07211 5 Bytes  JMP 7D24AA74 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!CreateServiceW                                    77E073A9 5 Bytes  JMP 7D24A898 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!DeleteService                                     77E074B1 5 Bytes  JMP 7D249FE3 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!EnumDependentServicesA                            77E07529 5 Bytes  JMP 7D2477FB e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!EnumDependentServicesW                            77E075E1 5 Bytes  JMP 7D2477FB e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!GetServiceDisplayNameA                            77E07699 1 Byte  [E9]
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!GetServiceDisplayNameA                            77E07699 5 Bytes  JMP 7D2499B6 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!GetServiceDisplayNameW                            77E07739 5 Bytes  JMP 7D249933 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!GetServiceKeyNameA                                77E077D9 5 Bytes  JMP 7D249B34 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!GetServiceKeyNameW                                77E07879 5 Bytes  JMP 7D249A64 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!LockServiceDatabase                               77E07919 5 Bytes  JMP 7D247818 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!QueryServiceConfig2A                              77E07999 5 Bytes  JMP 7D2497C2 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!QueryServiceConfig2W                              77E07AB1 5 Bytes  JMP 7D249716 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!QueryServiceLockStatusA                           77E07BC9 5 Bytes  JMP 7D2477B7 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!QueryServiceLockStatusW                           77E07C59 5 Bytes  JMP 7D2477B7 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!UnlockServiceDatabase                             77E07CE9 5 Bytes  JMP 7D24783E e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!EnumServicesStatusW                               77E07D61 5 Bytes  JMP 7D24A7C0 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] ADVAPI32.dll!StartServiceCtrlDispatcherA                       77E07F09 5 Bytes  JMP 7D248BA0 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] RPCRT4.dll!RpcBindingInqAuthClientExW                          77E6A906 5 Bytes  JMP 7D245AA6 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] Secur32.dll!LsaRegisterLogonProcess                            77FC4D17 5 Bytes  JMP 7D2433CB e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!GetWindowLongW                                      7E3688A6 5 Bytes  JMP 7D239590 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!DispatchMessageW                                    7E368A01 5 Bytes  JMP 7D239AAB e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!PostMessageW                                        7E368CCB 5 Bytes  JMP 7D239EF6 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!GetShellWindow                                      7E369252 5 Bytes  JMP 7D239113 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!GetWindowLongA                                      7E36945D 5 Bytes  JMP 7D239620 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!DispatchMessageA                                    7E3696B8 5 Bytes  JMP 7D239A6F e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!UnregisterClassW                                    7E369AA4 5 Bytes  JMP 7D2381DB e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!RegisterClassW                                      7E36A39A 5 Bytes  JMP 7D238075 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!RegisterClassExW                                    7E36AF7F 5 Bytes  JMP 7D237F0F e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!GetClassInfoExA                                     7E36DD58 5 Bytes  JMP 7D2382E2 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!GetClassInfoExW                                     7E36DEBC 5 Bytes  JMP 7D23827F e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!FindWindowExW                                       7E36E0E3 5 Bytes  JMP 7D239009 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!RegisterDeviceNotificationW                         7E36E8B9 5 Bytes  JMP 7D23711E e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!UnregisterDeviceNotification                        7E36E8D7 5 Bytes  JMP 7D247B3B e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!CreateDialogParamW                                  7E36EA3B 5 Bytes  JMP 7D23B00B e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!RegisterDeviceNotificationA                         7E371B3B 2 Bytes  JMP 7D23711E e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!RegisterDeviceNotificationA + 3                     7E371B3E 2 Bytes  [EC, FE]
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!DialogBoxParamW                                     7E3747AB 5 Bytes  JMP 7D23B071 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!DialogBoxIndirectParamAorW                          7E3749D0 5 Bytes  JMP 7D23AF33 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!CreateDialogIndirectParamAorW                       7E37680B 5 Bytes  JMP 7D23AED7 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!RegisterClassExA                                    7E377C39 5 Bytes  JMP 7D237FC2 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!SetWindowsHookExW                                   7E37820F 5 Bytes  JMP 7D23A494 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!FindWindowA                                         7E3782E1 5 Bytes  JMP 7D238F90 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!EnumDesktopWindows                                  7E37851A 5 Bytes  JMP 7D238E13 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!UnregisterClassA                                    7E3789A3 5 Bytes  JMP 7D23822D e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!DefWindowProcW                                      7E378D20 5 Bytes  JMP 7D236EF6 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!SendMessageW                                        7E37929A 5 Bytes  JMP 7D239CA5 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!GetPropW                                            7E3794B3 5 Bytes  JMP 7D239434 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!SetWindowPos                                        7E3799F3 5 Bytes  JMP 7D237033 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!GetClassNameW                                       7E379D12 5 Bytes  JMP 7D2379D7 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!EnumWindows                                         7E37A5AE 5 Bytes  JMP 7D238D78 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!GetWindowTextW                                      7E37A5CD 5 Bytes  JMP 7D238BB3 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!PostMessageA                                        7E37AAFD 5 Bytes  JMP 7D239E7F e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!EnumChildWindows                                    7E37B0F0 5 Bytes  JMP 7D238DBB e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!MoveWindow                                          7E37B29E 5 Bytes  JMP 7D237003 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!RemovePropW                                         7E37C076 5 Bytes  JMP 7D23951E e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!SetPropW                                            7E37C0B9 5 Bytes  JMP 7D2394A6 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!DefWindowProcA                                      7E37C17E 5 Bytes  JMP 7D236F46 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!SetWindowLongA                                      7E37C29D 5 Bytes  JMP 7D239824 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!SetWindowLongW                                      7E37C2BB 5 Bytes  JMP 7D239788 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!SetParent                                           7E37C7F9 5 Bytes  JMP 7D236FD3 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!FindWindowW                                         7E37C9C3 5 Bytes  JMP 7D238F17 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!SendMessageTimeoutW                                 7E37CDAA 5 Bytes  JMP 7D239D68 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!CreateWindowExW                                     7E37D0A3 5 Bytes  JMP 7D236BD0 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!UnhookWindowsHookEx                                 7E37D5F3 5 Bytes  JMP 7D23A209 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!SendNotifyMessageW                                  7E37D64F 5 Bytes  JMP 7D239E3D e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!CreateWindowExA                                     7E37E4A9 5 Bytes  JMP 7D236CC5 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!GetClassInfoW                                       7E37E81E 5 Bytes  JMP 7D238345 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!RegisterClassA                                      7E37EA5E 5 Bytes  JMP 7D238128 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!SendMessageA                                        7E37F3C2 5 Bytes  JMP 7D239C47 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!GetClassNameA                                       7E37F45F 5 Bytes  JMP 7D237AAB e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!EnumThreadWindows                                   7E37F539 5 Bytes  JMP 7D238DE7 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!SendMessageTimeoutA                                 7E37FB6B 5 Bytes  JMP 7D239D27 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!SetPropA                                            7E380000 5 Bytes  JMP 7D2394E2 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!GetPropA                                            7E380042 5 Bytes  JMP 7D23946D e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!RemovePropA                                         7E380094 5 Bytes  JMP 7D239557 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!SetWindowsHookExA                                   7E381211 5 Bytes  JMP 7D23A44C e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!DialogBoxIndirectParamW                             7E382072 5 Bytes  JMP 7D23AFC7 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!FindWindowExA                                       7E38214A 5 Bytes  JMP 7D23908E e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!GetWindowTextA                                      7E38216B 5 Bytes  JMP 7D238BDA e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!CreateDialogIndirectParamA                          7E389B28 5 Bytes  JMP 7D23AFA5 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!DialogBoxParamA                                     7E38B144 5 Bytes  JMP 7D23B0A4 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!CreateDialogParamA                                  7E38C7DB 5 Bytes  JMP 7D23B03E e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!GetClassInfoA                                       7E38EBFF 5 Bytes  JMP 7D2383A8 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!CreateDialogIndirectParamW                          7E38F01F 5 Bytes  JMP 7D23AF83 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!SendNotifyMessageA                                  7E3A3948 5 Bytes  JMP 7D239DFB e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!DialogBoxIndirectParamA                             7E3A6D7D 5 Bytes  JMP 7D23AFE9 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!EndTask                                             7E3AA0A5 5 Bytes  JMP 7D2370ED e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] USER32.dll!ExitWindowsEx                                       7E3AA275 5 Bytes  JMP 7D236F96 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] GDI32.dll!EnumFontFamiliesExW                                  77EFBBF9 5 Bytes  JMP 7D2369FC e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] GDI32.dll!GdiAddFontResourceW                                  77EFCE11 5 Bytes  JMP 7D236626 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] GDI32.dll!RemoveFontResourceExW                                77F09281 5 Bytes  JMP 7D23669D e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] GDI32.dll!EnumFontFamiliesExA                                  77F1FE3D 5 Bytes  JMP 7D2369E8 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] GDI32.dll!GetFontResourceInfoW                                 77F1FFF4 5 Bytes  JMP 7D23670F e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] GDI32.dll!CreateScalableFontResourceW                          77F20160 5 Bytes  JMP 7D2367D8 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] WS2_32.dll!WSANSPIoctl                                         71A15086 5 Bytes  JMP 7D243AEA e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] userenv.dll!RegisterGPNotification                             76628607 5 Bytes  JMP 7D251262 e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)
.text     E:\Programme\Sandboxie\SandboxieDcomLaunch.exe[3396] userenv.dll!UnregisterGPNotification                           76639894 5 Bytes  JMP 7D247B3B e:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT       \WINDOWS\System32\Drivers\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG]                                                     [F73DC5C4] sptd.sys
IAT       \WINDOWS\System32\Drivers\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR]                                                      [F73DC110] sptd.sys
IAT       \WINDOWS\System32\Drivers\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                     [F73DD030] sptd.sys
IAT       atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                  [F73DC110] sptd.sys
IAT       atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                          [F73DC3B2] sptd.sys
IAT       atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                 [F73DC2F4] sptd.sys
IAT       atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                         [F73DD20C] sptd.sys
IAT       atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                 [F73DD030] sptd.sys
IAT       \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                  [F73F129E] sptd.sys

---- Devices - GMER 1.0.15 ----

Device    \FileSystem\Ntfs \Ntfs                                                                                              86DA01F8
Device    \FileSystem\Udfs \UdfsCdRom                                                                                         86959430
Device    \FileSystem\Udfs \UdfsDisk                                                                                          86959430
Device    \Driver\usbuhci \Device\USBPDO-0                                                                                    868A91F8
Device    \Driver\dmio \Device\DmControl\DmIoDaemon                                                                           86DCE1F8
Device    \Driver\dmio \Device\DmControl\DmConfig                                                                             86DCE1F8
Device    \Driver\dmio \Device\DmControl\DmPnP                                                                                86DCE1F8
Device    \Driver\dmio \Device\DmControl\DmInfo                                                                               86DCE1F8
Device    \Driver\usbuhci \Device\USBPDO-1                                                                                    868A91F8
Device    \Driver\usbuhci \Device\USBPDO-2                                                                                    868A91F8
Device    \Driver\NetBT \Device\NetBT_Tcpip_{B206E285-E3F6-4F83-92E6-EA6CD4557293}                                            86952430
Device    \Driver\usbuhci \Device\USBPDO-3                                                                                    868A91F8
Device    \Driver\usbehci \Device\USBPDO-4                                                                                    868C61F8
Device    \Driver\Ftdisk \Device\HarddiskVolume1                                                                              86DA21F8
Device    \Driver\Ftdisk \Device\HarddiskVolume2                                                                              86DA21F8
Device    \Driver\Cdrom \Device\CdRom0                                                                                        8688F1F8
Device    \Driver\Cdrom \Device\CdRom1                                                                                        8688F1F8
Device    \Driver\atapi \Device\Ide\IdePort0                                                                                  [F7310B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4                                                                         [F7310B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdePort1                                                                                  [F7310B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c                                                                         [F7310B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\NetBT \Device\NetBt_Wins_Export                                                                             86952430
Device    \Driver\NetBT \Device\NetbiosSmb                                                                                    86952430
Device    \Driver\NetBT \Device\NetBT_Tcpip_{E9A0C7F6-4742-470E-AE93-FC0616DCCB08}                                            86952430
Device    \Driver\usbuhci \Device\USBFDO-0                                                                                    868A91F8
Device    \Driver\usbuhci \Device\USBFDO-1                                                                                    868A91F8
Device    \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                   86929430
Device    \Driver\usbuhci \Device\USBFDO-2                                                                                    868A91F8
Device    \FileSystem\MRxSmb \Device\LanmanRedirector                                                                         86929430
Device    \Driver\usbuhci \Device\USBFDO-3                                                                                    868A91F8
Device    \Driver\Ftdisk \Device\FtControl                                                                                    86DA21F8
Device    \Driver\NetBT \Device\NetBT_Tcpip_{42F7C30B-CACC-4CA6-AC88-BDA3ED793EC3}                                            86952430
Device    \Driver\VClone \Device\Scsi\VClone1                                                                                 8690A430
Device    \Driver\VClone \Device\Scsi\VClone1Port2Path0Target0Lun0                                                            8690A430
Device    \FileSystem\Cdfs \Cdfs                                                                                              86AA5430

---- Registry - GMER 1.0.15 ----

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                  771343423
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                  285507792
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                  1
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x53 0xB6 0x71 0x54 ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0xD4 0xC3 0x97 0x02 ...
Reg       HKLM\SYSTEM\ControlSet002\Services\cvsolw@DisplayName                                                               Installer Task
Reg       HKLM\SYSTEM\ControlSet002\Services\cvsolw@Type                                                                      32
Reg       HKLM\SYSTEM\ControlSet002\Services\cvsolw@Start                                                                     2
Reg       HKLM\SYSTEM\ControlSet002\Services\cvsolw@ErrorControl                                                              0
Reg       HKLM\SYSTEM\ControlSet002\Services\cvsolw@ImagePath                                                                 %SystemRoot%\system32\svchost.exe -k netsvcs
Reg       HKLM\SYSTEM\ControlSet002\Services\cvsolw@ObjectName                                                                LocalSystem
Reg       HKLM\SYSTEM\ControlSet002\Services\cvsolw@Description                                                               Bietet automatische Konfiguration f?r 802.11-Adapter.
Reg       HKLM\SYSTEM\ControlSet002\Services\cvsolw\Parameters (not active ControlSet)                                        
Reg       HKLM\SYSTEM\ControlSet002\Services\cvsolw\Parameters@ServiceDll                                                     C:\WINDOWS\system32\tdhgfdfi.dll
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     e:\Programme\DAEMON Tools Lite\
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x71 0x38 0xAC 0x83 ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0xB3 0x9D 0x67 0xF5 ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x79 0xC1 0xAA 0x37 ...
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x53 0xB6 0x71 0x54 ...
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0xD4 0xC3 0x97 0x02 ...

---- EOF - GMER 1.0.15 ----

Syras · 08.08.2010, 16:25

Hier noch die Logs von OSAM und bootkit remover

Code:

ATTFilter

OSAM Logfile:

	Code: 

 ATTFilter

  
	Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 16:55:24 on 08.08.2010

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"CVSNT" - ? - C:\PROGRA~1\CVSNT\simcpl.cpl  (File found, but it contains no detailed information)
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AEGIS Protocol (IEEE 802.1x) v3.2.0.3" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\cofi\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyCDIO.sys
"fxtdypow" (fxtdypow) - ? - C:\DOKUME~1\***\LOKALE~1\Temp\fxtdypow.sys  (Hidden registry entry, rootkit activity | File not found)
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\WINDOWS\System32\DRIVERS\hamachi.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"mbr" (mbr) - ? - C:\DOKUME~1\***\LOKALE~1\Temp\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"Modem" (Modem) - ? - C:\WINDOWS\system32\drivers\Modem.sys  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PnkBstrK" (PnkBstrK) - ? - C:\WINDOWS\system32\drivers\PnkBstrK.sys  (File found, but it contains no detailed information)
"SbieDrv" (SbieDrv) - "tzuk" - e:\Programme\Sandboxie\SbieDrv.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"TAP-Win32 Adapter V9 (Tunngle)" (tap0901t) - "Tunngle.net" - C:\WINDOWS\System32\DRIVERS\tap0901t.sys
"VClone" (VClone) - "Elaborate Bytes AG" - C:\WINDOWS\System32\DRIVERS\VClone.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"WLAN-Transport" (s24trans) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\s24trans.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{5d1cb710-1c4b-11d4-bed5-005004b1f42f} "TortoiseCVS" - "www.tortoisecvs.org" - e:\Programme\TortoiseCVS\TortoiseShell.dll
{30351349-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - E:\Programme\TortoiseSVN\bin\TortoiseStub.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - E:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - E:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - E:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - E:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - E:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - E:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{5d1cb710-1c4b-11d4-bed5-005004b1f42f} "TortoiseCVS" - "www.tortoisecvs.org" - e:\Programme\TortoiseCVS\TortoiseShell.dll
{5d1cb711-1c4b-11d4-bed5-005004b1f42f} "TortoiseCVS" - "www.tortoisecvs.org" - e:\Programme\TortoiseCVS\TortoiseShell.dll
{5d1cb712-1c4b-11d4-bed5-005004b1f42f} "TortoiseCVS" - "www.tortoisecvs.org" - e:\Programme\TortoiseCVS\TortoiseShell.dll
{5d1cb713-1c4b-11d4-bed5-005004b1f42f} "TortoiseCVS" - "www.tortoisecvs.org" - e:\Programme\TortoiseCVS\TortoiseShell.dll
{5d1cb714-1c4b-11d4-bed5-005004b1f42f} "TortoiseCVS" - "www.tortoisecvs.org" - e:\Programme\TortoiseCVS\TortoiseShell.dll
{5d1cb715-1c4b-11d4-bed5-005004b1f42f} "TortoiseCVS" - "www.tortoisecvs.org" - e:\Programme\TortoiseCVS\TortoiseShell.dll
{5d1cb716-1c4b-11d4-bed5-005004b1f42f} "TortoiseCVS" - "www.tortoisecvs.org" - e:\Programme\TortoiseCVS\TortoiseShell.dll
{30351346-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - E:\Programme\TortoiseSVN\bin\TortoiseStub.dll
{30351347-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - E:\Programme\TortoiseSVN\bin\TortoiseStub.dll
{30351348-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - E:\Programme\TortoiseSVN\bin\TortoiseStub.dll
{30351349-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - E:\Programme\TortoiseSVN\bin\TortoiseStub.dll
{3035134A-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - E:\Programme\TortoiseSVN\bin\TortoiseStub.dll
{3035134B-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - E:\Programme\TortoiseSVN\bin\TortoiseStub.dll
{3035134C-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - E:\Programme\TortoiseSVN\bin\TortoiseStub.dll
{3035134D-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - E:\Programme\TortoiseSVN\bin\TortoiseStub.dll
{3035134E-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - E:\Programme\TortoiseSVN\bin\TortoiseStub.dll
{3035134F-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - E:\Programme\TortoiseSVN\bin\TortoiseStub.dll
{30351350-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - E:\Programme\TortoiseSVN\bin\TortoiseStub.dll
{C5994560-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll
{C5994561-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll
{C5994562-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll
{C5994563-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll
{C5994564-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll
{C5994565-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll
{C5994566-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll
{C5994567-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll
{C5994568-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll
{B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - e:\Programme\VirtualCloneDrive\ElbyVCDShell.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - e:\Programme\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - E:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - E:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - E:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
{140E4DF8-9E14-4A34-9577-C77561ED7883} "SysInfo Class" - "Husdawg, LLC" - C:\Programme\SystemRequirementsLab\srldetect_cyri_4.1.71.0.dll / hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ6" - "ICQ, LLC." - e:\Programme\ICQ6.5\ICQ.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - E:\Programme\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - E:\Programme\Java\jre6\bin\ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - E:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Authentication packages" - "March-Hare Software Ltd" - C:\WINDOWS\system32\setuid.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\desktop.ini
"Stardock ObjectDock.lnk" - "Stardock" - E:\Programme\ObjectDock\ObjectDock.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Klebezettel NG" - "Hollie-Soft" - "E:\Programme\Klebezettel NG\klebez.exe"
"SandboxieControl" - "tzuk" - "e:\Programme\Sandboxie\SbieCtrl.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"ATIPTA" - "ATI Technologies, Inc." - "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"EOUApp" - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\EOUWiz.exe
"IntelWireless" - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
"IntelZeroConfig" - "Intel Corporation" - C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
"iTunesHelper" - "Apple Inc." - "E:\Programme\iTunes\iTunesHelper.exe"
"LogMeIn Hamachi Ui" - "LogMeIn Inc." - "C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "E:\Programme\Java\jre6\bin\jusched.exe"
"VirtualCloneDrive" - "Elaborate Bytes AG" - "e:\Programme\VirtualCloneDrive\VCDDaemon.exe" /s

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PJL Language Monitor" - ? - pjlmon.dll  (File not found)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"CVSNT Dispatch service 2.5.03.2382" (cvsnt) - "March Hare Software Ltd" - C:\Programme\CVSNT\cvsservice.exe
"CVSNT Locking Service 2.5.03.2382" (cvslock) - ? - C:\Programme\CVSNT\cvslock.exe  (File found, but it contains no detailed information)
"EvtEng" (EvtEng) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
"Google Update Service (gupdate1c98c77de87f53e)" (gupdate1c98c77de87f53e) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"HID Input Service" (HidServ) - ? -  C:\WINDOWS\System32\hidserv.dll  (File not found)
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - E:\Programme\Java\jre6\bin\jqs.exe
"LogMeIn Hamachi 2.0 Tunneling Engine" (Hamachi2Svc) - "LogMeIn Inc." - C:\Programme\LogMeIn Hamachi\hamachi-2.exe
"NMSAccessU" (NMSAccessU) - ? - e:\Programme\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"OwnershipProtocol" (OwnershipProtocol) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\OProtSvc.exe
"PnkBstrA" (PnkBstrA) - ? - C:\WINDOWS\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"PnkBstrB" (PnkBstrB) - ? - C:\WINDOWS\system32\PnkBstrB.exe  (File found, but it contains no detailed information)
"RegSrvc" (RegSrvc) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
"Sandboxie Service" (SbieSvc) - "tzuk" - e:\Programme\Sandboxie\SbieSvc.exe
"Spectrum24 Event Monitor" (S24EventMonitor) - "Intel Corporation " - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
"TunngleService" (TunngleService) - "Tunngle.net GmbH" - e:\Programme\Tunngle\TnglCtrl.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"IntelWireless" - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\LgNotify.dll
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
 --- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Code:

ATTFilter

.\debug.cpp(238) : Debug log started at 08.08.2010 - 15:04:51
.\boot_cleaner.cpp(675) : Bootkit Remover
.\boot_cleaner.cpp(676) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(677) : www.esagelab.com
.\boot_cleaner.cpp(681) : Program version: 1.1.0.0
.\boot_cleaner.cpp(688) : OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x804d7000 0x001f9280 "\WINDOWS\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x806d1000 0x00020300 "\WINDOWS\system32\hal.dll"
.\debug.cpp(256) : 0xf7adc000 0x00002000 "\WINDOWS\system32\KDCOM.DLL"
.\debug.cpp(256) : 0xf79ec000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"
.\debug.cpp(256) : 0xf73c4000 0x00117000 "sptd.sys"
.\debug.cpp(256) : 0xf7ade000 0x00002000 "\WINDOWS\System32\Drivers\WMILIB.SYS"
.\debug.cpp(256) : 0xf73ac000 0x00018000 "\WINDOWS\System32\Drivers\SCSIPORT.SYS"
.\debug.cpp(256) : 0xf737d000 0x0002f000 "ACPI.sys"
.\debug.cpp(256) : 0xf736c000 0x00011000 "pci.sys"
.\debug.cpp(256) : 0xf75dc000 0x00010000 "ohci1394.sys"
.\debug.cpp(256) : 0xf75ec000 0x0000e000 "\WINDOWS\system32\DRIVERS\1394BUS.SYS"
.\debug.cpp(256) : 0xf75fc000 0x0000a000 "isapnp.sys"
.\debug.cpp(256) : 0xf79f0000 0x00003000 "compbatt.sys"
.\debug.cpp(256) : 0xf79f4000 0x00004000 "\WINDOWS\system32\DRIVERS\BATTC.SYS"
.\debug.cpp(256) : 0xf7ba4000 0x00001000 "PCIIde.sys"
.\debug.cpp(256) : 0xf785c000 0x00007000 "\WINDOWS\System32\Drivers\PCIIDEX.SYS"
.\debug.cpp(256) : 0xf7ae0000 0x00002000 "intelide.sys"
.\debug.cpp(256) : 0xf734e000 0x0001e000 "pcmcia.sys"
.\debug.cpp(256) : 0xf760c000 0x0000b000 "MountMgr.sys"
.\debug.cpp(256) : 0xf732f000 0x0001f000 "ftdisk.sys"
.\debug.cpp(256) : 0xf7ae2000 0x00002000 "dmload.sys"
.\debug.cpp(256) : 0xf7309000 0x00026000 "dmio.sys"
.\debug.cpp(256) : 0xf79f8000 0x00003000 "ACPIEC.sys"
.\debug.cpp(256) : 0xf7ba5000 0x00001000 "\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS"
.\debug.cpp(256) : 0xf7864000 0x00005000 "PartMgr.sys"
.\debug.cpp(256) : 0xf761c000 0x0000e000 "VolSnap.sys"
.\debug.cpp(256) : 0xf72f1000 0x00018000 "atapi.sys"
.\debug.cpp(256) : 0xf762c000 0x00009000 "disk.sys"
.\debug.cpp(256) : 0xf763c000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0xf72d1000 0x00020000 "fltmgr.sys"
.\debug.cpp(256) : 0xf72bf000 0x00012000 "sr.sys"
.\debug.cpp(256) : 0xf72a8000 0x00017000 "KSecDD.sys"
.\debug.cpp(256) : 0xf721b000 0x0008d000 "Ntfs.sys"
.\debug.cpp(256) : 0xf71ee000 0x0002d000 "NDIS.sys"
.\debug.cpp(256) : 0xf71d4000 0x0001a000 "Mup.sys"
.\debug.cpp(256) : 0xf7b00000 0x00002000 "\SystemRoot\system32\DRIVERS\ATKACPI.sys"
.\debug.cpp(256) : 0xf77ac000 0x0000a000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
.\debug.cpp(256) : 0xf68a7000 0x00154000 "\SystemRoot\system32\DRIVERS\ati2mtag.sys"
.\debug.cpp(256) : 0xf6893000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS"
.\debug.cpp(256) : 0xf686b000 0x00028000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0xf78dc000 0x00006000 "\SystemRoot\system32\DRIVERS\usbuhci.sys"
.\debug.cpp(256) : 0xf6847000 0x00024000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0xf78e4000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0xf6824000 0x00023000 "\SystemRoot\system32\DRIVERS\yukonwxp.sys"
.\debug.cpp(256) : 0xf6810000 0x00014000 "\SystemRoot\system32\DRIVERS\sdbus.sys"
.\debug.cpp(256) : 0xf64ee000 0x00322000 "\SystemRoot\system32\DRIVERS\w29n51.sys"
.\debug.cpp(256) : 0xf77bc000 0x0000d000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0xf78ec000 0x00007000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0xf78f4000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0xf77cc000 0x00010000 "\SystemRoot\System32\Drivers\Serial.SYS"
.\debug.cpp(256) : 0xf78fc000 0x00005000 "\SystemRoot\system32\DRIVERS\irsir.sys"
.\debug.cpp(256) : 0xf7ab4000 0x00003000 "\SystemRoot\system32\DRIVERS\irenum.sys"
.\debug.cpp(256) : 0xf64da000 0x00014000 "\SystemRoot\system32\DRIVERS\parport.sys"
.\debug.cpp(256) : 0xf77dc000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys"
.\debug.cpp(256) : 0xf77ec000 0x00010000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0xf77fc000 0x0000f000 "\SystemRoot\system32\DRIVERS\redbook.sys"
.\debug.cpp(256) : 0xf64b7000 0x00023000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0xf7abc000 0x00003000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys"
.\debug.cpp(256) : 0xf7ac4000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys"
.\debug.cpp(256) : 0xf647a000 0x0003d000 "\SystemRoot\system32\DRIVERS\iwca.sys"
.\debug.cpp(256) : 0xf7c03000 0x00001000 "\SystemRoot\system32\DRIVERS\audstub.sys"
.\debug.cpp(256) : 0xf7904000 0x00005000 "\SystemRoot\system32\DRIVERS\rasirda.sys"
.\debug.cpp(256) : 0xf790c000 0x00005000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0xf780c000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0xf7acc000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0xf6463000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0xf781c000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0xf782c000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0xf6452000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys"
.\debug.cpp(256) : 0xf783c000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys"
.\debug.cpp(256) : 0xf7914000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys"
.\debug.cpp(256) : 0xf791c000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys"
.\debug.cpp(256) : 0xf784c000 0x0000b000 "\SystemRoot\system32\DRIVERS\tap0901t.sys"
.\debug.cpp(256) : 0xf6382000 0x00030000 "\SystemRoot\system32\DRIVERS\rdpdr.sys"
.\debug.cpp(256) : 0xf767c000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0xf768c000 0x0000b000 "\SystemRoot\system32\DRIVERS\VClone.sys"
.\debug.cpp(256) : 0xf7b04000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0xf6324000 0x0005e000 "\SystemRoot\system32\DRIVERS\update.sys"
.\debug.cpp(256) : 0xf71a8000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0xf769c000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0xf1e58000 0x00434000 "\SystemRoot\system32\drivers\RtkHDAud.sys"
.\debug.cpp(256) : 0xf1e34000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0xf76cc000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0xf76fc000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0xf7b1e000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0xf7b2c000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0xf7c82000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0xf7b2e000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0xf794c000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0xf7954000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0xf7b30000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"
.\debug.cpp(256) : 0xf7b32000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0xf795c000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0xf7964000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0xf6300000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0xf1dd9000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys"
.\debug.cpp(256) : 0xf1d80000 0x00059000 "\SystemRoot\system32\DRIVERS\tcpip.sys"
.\debug.cpp(256) : 0xf1d58000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0xf1d36000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"
.\debug.cpp(256) : 0xf770c000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0xf796c000 0x00006000 "\SystemRoot\system32\DRIVERS\ssmdrv.sys"
.\debug.cpp(256) : 0xf1d0b000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0xf1c9b000 0x00070000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xf771c000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"
.\debug.cpp(256) : 0xf1c75000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys"
.\debug.cpp(256) : 0xf772c000 0x00009000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0xf7974000 0x00005000 "\SystemRoot\System32\Drivers\ElbyCDIO.sys"
.\debug.cpp(256) : 0xf1bb3000 0x00022000 "\SystemRoot\system32\DRIVERS\avipbb.sys"
.\debug.cpp(256) : 0xf7b40000 0x00002000 "\??\C:\Programme\Avira\AntiVir Desktop\avgio.sys"
.\debug.cpp(256) : 0xf1b7a000 0x00011000 "\SystemRoot\System32\Drivers\Udfs.SYS"
.\debug.cpp(256) : 0xf1b62000 0x00018000 "\SystemRoot\System32\Drivers\dump_atapi.sys"
.\debug.cpp(256) : 0xf7b4e000 0x00002000 "\SystemRoot\System32\Drivers\dump_WMILIB.SYS"
.\debug.cpp(256) : 0xbf800000 0x001c4000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0xf229c000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0xf7984000 0x00005000 "\SystemRoot\System32\watchdog.sys"
.\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0xf7ced000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
.\debug.cpp(256) : 0xbf012000 0x0003f000 "\SystemRoot\System32\ati2dvag.dll"
.\debug.cpp(256) : 0xbf051000 0x00039000 "\SystemRoot\System32\ati2cqag.dll"
.\debug.cpp(256) : 0xbf08a000 0x00035000 "\SystemRoot\System32\atikvmag.dll"
.\debug.cpp(256) : 0xbf0bf000 0x00252000 "\SystemRoot\System32\ati3duag.dll"
.\debug.cpp(256) : 0xbf311000 0x00093000 "\SystemRoot\System32\ativvaxx.dll"
.\debug.cpp(256) : 0xefaad000 0x00015000 "\SystemRoot\system32\DRIVERS\avgntflt.sys"
.\debug.cpp(256) : 0xef976000 0x0001f000 "\??\e:\Programme\Sandboxie\SbieDrv.sys"
.\debug.cpp(256) : 0xefa09000 0x00004000 "\SystemRoot\system32\DRIVERS\AegisP.sys"
.\debug.cpp(256) : 0xef938000 0x00016000 "\SystemRoot\system32\DRIVERS\irda.sys"
.\debug.cpp(256) : 0xef9fd000 0x00003000 "\SystemRoot\system32\DRIVERS\s24trans.sys"
.\debug.cpp(256) : 0xef952000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0xef63b000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxdav.sys"
.\debug.cpp(256) : 0xf7b18000 0x00002000 "\SystemRoot\System32\Drivers\ParVdm.SYS"
.\debug.cpp(256) : 0xef4a4000 0x00057000 "\SystemRoot\system32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xef41c000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
.\debug.cpp(256) : 0xf78bc000 0x00005000 "\SystemRoot\system32\DRIVERS\hamachi.sys"
.\debug.cpp(256) : 0xeef3f000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"
.\debug.cpp(256) : 0xef2c4000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"
.\debug.cpp(256) : 0xeec30000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys"
.\debug.cpp(256) : 0xee351000 0x0002b000 "\SystemRoot\system32\drivers\kmixer.sys"
.\debug.cpp(256) : 0x7c910000 0x000b9000 "\WINDOWS\system32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) :              Destination="\Device\Ndis"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) :              Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) :              Destination="\Device\Video0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) :              Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) :              Destination="\Device\Video1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000036"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon"
.\debug.cpp(400) :              Destination="\Device\DmControl\DmIoDaemon"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
.\debug.cpp(400) :              Destination="\Device\Ip"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CD#DVDW_TS-L532A_______________TI51____#35354f3431313833353820202020202020202020#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\Ide\IdeDeviceP0T1L0-c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) :              Destination="\Device\Video2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ATKACPI"
.\debug.cpp(400) :              Destination="\Device\ATKACPI"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
.\debug.cpp(400) :              Destination="\Device\IPSEC"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0880&SUBSYS_1043020D&REV_1008#4&15a400f9&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) :              Destination="\Device\0000008c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgio"
.\debug.cpp(400) :              Destination="\Device\avgio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) :              Destination="\Device\Video3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000003b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000035"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :              Destination="\Device\0000004e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"
.\debug.cpp(400) :              Destination="\Device\NDProxy"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#SYN0A04#4&3608c361&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\0000006d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) :              Destination="\Device\Video4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SCSIADAPTER#0000#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\00000042"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\$VDMLPT1"
.\debug.cpp(400) :              Destination="\Device\ParallelVdm0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#INTEL_WCAMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000005"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C684ED97-E3C9-40FD-A9D7-C3CCCF74BC0D}"
.\debug.cpp(400) :              Destination="\Device\{C684ED97-E3C9-40FD-A9D7-C3CCCF74BC0D}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E9A0C7F6-4742-470E-AE93-FC0616DCCB08}.tap"
.\debug.cpp(400) :              Destination="\Device\{E9A0C7F6-4742-470E-AE93-FC0616DCCB08}.tap"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr"
.\debug.cpp(400) :              Destination="\Device\RdpDrDvMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0552&SUBSYS_11771043&REV_08#4&f971712&0&09F0#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0013"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
.\debug.cpp(400) :              Destination="\Device\CompositeBattery"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) :              Destination="\Device\WMIDataDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\F:"
.\debug.cpp(400) :              Destination="\Device\CdRom1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0880&SUBSYS_1043020D&REV_1008#4&15a400f9&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000008c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CX2IOCTL"
.\debug.cpp(400) :              Destination="\Device\CX2IOCTL"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DC6F493E-8936-49C8-8235-4F92D85CAEB8}"
.\debug.cpp(400) :              Destination="\Device\{DC6F493E-8936-49C8-8235-4F92D85CAEB8}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgntflt"
.\debug.cpp(400) :              Destination="\FileSystem\Filters\avgntflt"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0401#4&3608c361&0#{97f76ef0-f883-11d0-af1f-0000f800845c}"
.\debug.cpp(400) :              Destination="\Device\00000071"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_4220&SUBSYS_27018086&REV_05#4&f971712&0&18F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0016"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_5653&SUBSYS_11B21043&REV_00#4&31b86b4b&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0017"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) :              Destination="\Device\NamedPipe"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) :              Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :              Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\s24trans_{B206E285-E3F6-4F83-92E6-EA6CD4557293}"
.\debug.cpp(400) :              Destination="\Device\s24trans_{B206E285-E3F6-4F83-92E6-EA6CD4557293}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{9183DA78-4DBD-4192-B653-D647BE761F5C}"
.\debug.cpp(400) :              Destination="\Device\{9183DA78-4DBD-4192-B653-D647BE761F5C}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D8A49FCF-1BFC-4054-85D4-CA2C01AA97BE}"
.\debug.cpp(400) :              Destination="\Device\{D8A49FCF-1BFC-4054-85D4-CA2C01AA97BE}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_265B&SUBSYS_11771043&REV_04#3&267a616a&0&EB#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0006"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2658&SUBSYS_11771043&REV_04#3&267a616a&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
.\debug.cpp(400) :              Destination="\Device\PSched"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) :              Destination="\Device\Mup"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
.\debug.cpp(400) :              Destination="\Device\IPNAT"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{42F7C30B-CACC-4CA6-AC88-BDA3ED793EC3}"
.\debug.cpp(400) :              Destination="\Device\{42F7C30B-CACC-4CA6-AC88-BDA3ED793EC3}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
.\debug.cpp(400) :              Destination="\Device\GEARAspiWDMDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) :              Destination="\Device\USBFDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) :              Destination="\FileSystem\Filters\FltMgrMsg"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\S24TRANS_S24TRANS_{B206E285-E3F6-4F83-92E6-EA6CD4557293}"
.\debug.cpp(400) :              Destination="\Device\s24trans_{B206E285-E3F6-4F83-92E6-EA6CD4557293}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) :              Destination="\Device\Tcp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) :              Destination="\Device\VideoPdo1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IWCA"
.\debug.cpp(400) :              Destination="\Device\IWCA"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) :              Destination="\Device\USBFDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000003c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{EF8CC154-4C67-40FB-86EB-751A4F1DA97C}"
.\debug.cpp(400) :              Destination="\Device\{EF8CC154-4C67-40FB-86EB-751A4F1DA97C}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) :              Destination="\Device\Harddisk0\DR0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AegisP_{B206E285-E3F6-4F83-92E6-EA6CD4557293}"
.\debug.cpp(400) :              Destination="\Device\AegisP_{B206E285-E3F6-4F83-92E6-EA6CD4557293}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) :              Destination="\DosDevices\LPT1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000039"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) :              Destination="\Device\USBFDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2659&SUBSYS_11771043&REV_04#3&267a616a&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0004"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#NET#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000003e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :              Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{00337B58-87FE-4303-941B-BCFBBD683D1C}"
.\debug.cpp(400) :              Destination="\Device\{00337B58-87FE-4303-941B-BCFBBD683D1C}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature8B008AFOffset7E00Length4E22C6E00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"
.\debug.cpp(400) :              Destination="\Device\sysaudio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D9115971-2E46-4911-AECB-B52A105CC4BE}"
.\debug.cpp(400) :              Destination="\Device\{D9115971-2E46-4911-AECB-B52A105CC4BE}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) :              Destination="\Device\FsWrap"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) :              Destination="\Device\USBFDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000038"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) :              Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) :              Destination="\Device\USBFDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom1"
.\debug.cpp(400) :              Destination="\Device\CdRom1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_ELBY&Prod_CLONEDRIVE&Rev_1.4#1&2afd7d61&0&000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\Scsi\VClone1Port2Path0Target0Lun0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CD#DVDW_TS-L532A_______________TI51____#35354f3431313833353820202020202020202020#{1186654d-47b8-48b9-beb9-7df113ae3c67}"
.\debug.cpp(400) :              Destination="\Device\Ide\IdeDeviceP0T1L0-c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\S24TRANS_S24TRANS.SYS"
.\debug.cpp(400) :              Destination="\Device\S24Trans.sys"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0510#2#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000070"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&337d3025&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{75BEAB69-4D27-449D-9AAA-F0FFC0921470}"
.\debug.cpp(400) :              Destination="\Device\{75BEAB69-4D27-449D-9AAA-F0FFC0921470}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) :              Destination="\GLOBAL??"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :              Destination="\Device\00000050"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HamachiTap.D9115971-2E46-4911-AECB-B52A105CC4BE"
.\debug.cpp(400) :              Destination="\Device\HamachiTap.D9115971-2E46-4911-AECB-B52A105CC4BE"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Pcmcia0"
.\debug.cpp(400) :              Destination="\Device\Pcmcia0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) :              Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_11AB&DEV_4320&SUBSYS_173C1043&REV_13#4&f971712&0&00F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0011"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&193899a4&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :              Destination="\Device\0000004c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
.\debug.cpp(400) :              Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :              Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
.\debug.cpp(400) :              Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#NET#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000003d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#0#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
.\debug.cpp(400) :              Destination="\Device\00000054"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&5aabf49&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskSAMSUNG_HM160HC_________________________LQ100-10#31534151444a5130314139313331202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\Ide\IdeDeviceP0T0L0-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1e87bfd4&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{75144625-b8c6-11dd-b89a-806d6172696f}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{60434B23-9E58-4738-8F94-2D6F02B21015}"
.\debug.cpp(400) :              Destination="\Device\{60434B23-9E58-4738-8F94-2D6F02B21015}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_13#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) :              Destination="\Device\00000049"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) :              Destination="\Device\MountPointManager"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature8B008AFOffset4E22D6A00Length20606A9600#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) :              Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ssmctl"
.\debug.cpp(400) :              Destination="\Device\ssmctl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000034"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig"
.\debug.cpp(400) :              Destination="\Device\DmControl\DmConfig"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :              Destination="\Device\0000004f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0880&SUBSYS_1043020D&REV_1008#4&15a400f9&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000008c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) :              Destination="\Device\WANARP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\00000004"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_ELBY&Prod_CLONEDRIVE&Rev_1.4#1&2afd7d61&0&000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\Scsi\VClone1Port2Path0Target0Lun0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&3608c361&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\0000006c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace"
.\debug.cpp(400) :              Destination="\Device\DmControl\DmTrace"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{75144622-b8c6-11dd-b89a-806d6172696f}"
.\debug.cpp(400) :              Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) :              Destination="\Device\NdisWanIp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\00000003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ElbyCDIO"
.\debug.cpp(400) :              Destination="\Device\ElbyCDIO"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AegisP"
.\debug.cpp(400) :              Destination="\Device\AegisP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
.\debug.cpp(400) :              Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"
.\debug.cpp(400) :              Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) :              Destination="\Device\Ide\IdePort0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0880&SUBSYS_1043020D&REV_1008#4&15a400f9&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000008c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&4432953&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{15584865-92EE-4F90-A30F-46185154CB9C}"
.\debug.cpp(400) :              Destination="\Device\{15584865-92EE-4F90-A30F-46185154CB9C}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0"
.\debug.cpp(400) :              Destination="\Device\1394BUS0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{0940c1c1-9e38-11df-82a6-0012f084b338}"
.\debug.cpp(400) :              Destination="\Device\CdRom1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#5&1cde306f&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}"
.\debug.cpp(400) :              Destination="\Device\Parallel0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) :              Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"
.\debug.cpp(400) :              Destination="\Device\ParTechInc0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
.\debug.cpp(400) :              Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CD#DVDW_TS-L532A_______________TI51____#35354f3431313833353820202020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\Ide\IdeDeviceP0T1L0-c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"
.\debug.cpp(400) :              Destination="\Device\NdisTapi"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) :              Destination="\Device\NdisWan"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\S24Trans.sys"
.\debug.cpp(400) :              Destination="\Device\S24Trans.sys"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) :              Destination="\Device\Ide\IdePort1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"
.\debug.cpp(400) :              Destination="\Device\IPMULTICAST"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1"
.\debug.cpp(400) :              Destination="\Device\Parallel0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"
.\debug.cpp(400) :              Destination="\Device\ParTechInc1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmLoader"
.\debug.cpp(400) :              Destination="\Device\DmLoader"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"
.\debug.cpp(400) :              Destination="\Device\LanmanRedirector"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
.\debug.cpp(400) :              Destination="\Device\ParTechInc2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) :              Destination="\FileSystem\Filters\FltMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E9A0C7F6-4742-470E-AE93-FC0616DCCB08}"
.\debug.cpp(400) :              Destination="\Device\{E9A0C7F6-4742-470E-AE93-FC0616DCCB08}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_IRDAMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000033"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) :              Destination="\Device\FtControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{75144624-b8c6-11dd-b89a-806d6172696f}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0880&SUBSYS_1043020D&REV_1008#4&15a400f9&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) :              Destination="\Device\0000008c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) :              Destination="\Device\MailSlot"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) :              Destination="\DosDevices\COM1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_265C&SUBSYS_11771043&REV_04#3&267a616a&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0007"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{EBC393FB-AAE5-4EE2-A9DE-BBAE7B5954DE}"
.\debug.cpp(400) :              Destination="\Device\{EBC393FB-AAE5-4EE2-A9DE-BBAE7B5954DE}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) :              Destination=""

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) :              Destination="\Device\Ndisuio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\00000041"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) :              Destination="\Device\Scsi\VClone1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) :              Destination="\Device\Null"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{920B0985-6337-4103-8CC5-E1ABCB103FD8}"
.\debug.cpp(400) :              Destination="\Device\{920B0985-6337-4103-8CC5-E1ABCB103FD8}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\00000040"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_265A&SUBSYS_11771043&REV_04#3&267a616a&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0005"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avipbb"
.\debug.cpp(400) :              Destination="\Device\avipbb"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B206E285-E3F6-4F83-92E6-EA6CD4557293}"
.\debug.cpp(400) :              Destination="\Device\{B206E285-E3F6-4F83-92E6-EA6CD4557293}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo"
.\debug.cpp(400) :              Destination="\Device\DmControl\DmInfo"

.\debug.cpp(451) : **********************************************
.\boot_cleaner.cpp(1077) : System volume is \\.\C:
.\boot_cleaner.cpp(1113) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
.\boot_cleaner.cpp(424) : Boot sector MD5 is: 5ddc20efcc4d1dab37c348c7db7289cf
.\boot_cleaner.cpp(1151) : 
.\boot_cleaner.cpp(1152) :      Size  Device Name          MBR Status
.\boot_cleaner.cpp(1153) :  --------------------------------------------
.\boot_cleaner.cpp(1197) :    149 GB  \\.\PhysicalDrive0   Unknown boot code
.\boot_cleaner.cpp(1203) : 
.\boot_cleaner.cpp(1209) : Unknown boot code has been found on some of your physical disks.
.\boot_cleaner.cpp(1211) : To inspect the boot code manually, dump the master boot sector:
.\boot_cleaner.cpp(1212) : remover.exe dump <device_name> [output_file]
.\boot_cleaner.cpp(1216) : To disinfect the master boot sector, use the following command:
.\boot_cleaner.cpp(1217) : remover.exe fix <device_name>
.\boot_cleaner.cpp(1220) : 
.\boot_cleaner.cpp(1242) : Done;