Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Manche Internetseiten gehen nicht mehr sowie manche Internetprogramme

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.03.2011, 16:36   #1
smex
 
Manche Internetseiten gehen nicht mehr sowie manche Internetprogramme - Standard

Manche Internetseiten gehen nicht mehr sowie manche Internetprogramme



Hallo miteinander,

wie im Topic schon geschrieben, gehen bei mir einige Internetseiten seit gestern plötzlich nicht mehr (Firefox + IE). Betroffen speziell und mir bekannt sind hotmail.com und kwick.de! Erstere kann ich gar nicht aufrufen, bei letzterer komme ich bis zum login-screen.
Nach kurzer Zeit kommt bei beiden: Fehler: Netzwerk Zeitüberschreitung.
Ein betroffenes Programm bei mir ist Steam, das nicht mehr connecten kann.

Habe mich nun durch zahlreiche Beiträge gelesen, und folgende Schritte getestet:

- Router Reset (wobei mein 2. pc hier noch einwandfrei funktioniert)
- Avast Antivi drüberlaufen lassen - keine Funde
- diverse Anti-Spyware-Programme (Ad Aware, MWB, Spybot) auch ohne Erfolg
- host-datei überprüft (C:\WINDOWS\system32\drivers\etc\hosts)
- mit meinem 2.PC die Prozesse verglichen
- auch mal das virenproggi ausgemacht
- cache geleert, temp gelöscht, etc.. jedoch ist ja auch steam betroffen....

Jedoch bisher alles ohne Erfolg.

Ich bitte um eure Hilfe

Vielen Dank im Voraus


EDIT: HJT Log:
HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:37:23, on 08.03.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\WebCam\M1000\M1000Mnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Nero\Update\NASvc.exe
C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe
D:\Programme\CyberLink\Power2Go\CLMLSvc.exe
C:\Programme\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
D:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Programme\Cyberlink\Shared Files\brs.exe
C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programme\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Programme\Lavasoft\Ad-Aware\AAWService.exe
D:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
D:\downloads\HiJackThis204.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1700389
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt
O4 - HKLM\..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "D:\Programme\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "D:\Programme\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [MDS_Menu] "D:\Programme\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "D:\Programme\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
O4 - HKLM\..\Run: [CLMLServer] "D:\Programme\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "D:\Programme\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "D:\Programme\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [RemoteControl8] D:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] D:\Programme\CyberLink\PowerDVD8\Language\Language.exe
O4 - HKLM\..\Run: [BDRegion] C:\Programme\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [UpdatePPShortCut] "D:\Programme\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "D:\Programme\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [UCam_Menu] "D:\Programme\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "D:\Programme\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [LGODDFU] D:\Programme\lg_fwupdate\fwupdate.exe blrun
O4 - HKLM\..\Run: [UpdatePSTShortCut] "D:\Programme\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "D:\Programme\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [NBAgent] "D:\Programme\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast5] "C:\Programme\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [HTC Sync Loader] "D:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [EA Core] "D:\Programme\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Steam] "D:\Programme\Steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Programme\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - D:\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - D:\Programme\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: @C:\Programme\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Programme\Nero\Update\NASvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\Cyberlink\Shared files\RichVideo.exe

--
End of file - 9241 bytes
         
--- --- ---

Geändert von smex (08.03.2011 um 17:35 Uhr)

Alt 08.03.2011, 19:25   #2
smex
 
Manche Internetseiten gehen nicht mehr sowie manche Internetprogramme - Standard

Manche Internetseiten gehen nicht mehr sowie manche Internetprogramme



Sorry habs nimmer in die Edit funktion geschafft.. hier die übrigen Logs:

MWB:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5981

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

08.03.2011 17:08:17
mbam-log-2011-03-08 (17-08-17).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 377094
Laufzeit: 1 Stunde(n), 1 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 08.03.2011 19:30:34 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = D:\downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 81.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 14.65 Gb Total Space | 0.89 Gb Free Space | 6.04% Space Free | Partition Type: NTFS
Drive D: | 451.10 Gb Total Space | 280.76 Gb Free Space | 62.24% Space Free | Partition Type: NTFS
 
Computer Name: SMEXI | User Name: smex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.03.08 19:22:05 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\downloads\OTL.exe
PRC - [2011.03.06 14:05:01 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.02.23 16:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe
PRC - [2011.02.23 16:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.09.16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe
PRC - [2009.08.28 10:36:26 | 000,075,048 | ---- | M] (cyberlink) -- C:\Programme\Cyberlink\Shared files\brs.exe
PRC - [2009.08.20 12:34:04 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
PRC - [2009.07.16 19:08:20 | 000,091,432 | ---- | M] (CyberLink Corp.) -- D:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2009.06.03 19:59:02 | 000,103,720 | ---- | M] (CyberLink) -- D:\Programme\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004.06.18 10:49:40 | 000,073,728 | ---- | M] () -- C:\WINDOWS\WebCam\M1000\M1000Mnt.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.03.08 19:22:05 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\downloads\OTL.exe
MOD - [2011.02.23 16:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\snxhk.dll
MOD - [2010.08.23 17:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (NMIndexingService)
SRV - File not found [On_Demand | Stopped] --  -- (FirebirdServerMAGIXInstance)
SRV - [2011.03.03 11:08:39 | 001,405,384 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- D:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.02.23 16:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.09.16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009.08.20 12:34:04 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2008.11.04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.04.03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.03.03 11:08:40 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011.02.23 15:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.02.23 15:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.02.23 15:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.02.23 15:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011.02.23 15:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.02.23 15:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011.02.23 15:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.01.30 14:04:38 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.01.30 14:04:37 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.12.13 16:33:03 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010.12.01 20:06:29 | 000,108,104 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010.06.22 18:01:50 | 000,021,248 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2009.08.28 17:36:24 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/10/29 17:09:51] [Kernel | Auto | Running] -- D:\Programme\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2009.06.10 00:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009.06.02 11:02:46 | 005,085,184 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.03.04 20:30:04 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV07.sys -- (ACEDRV07)
DRV - [2008.11.13 21:33:11 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.10.20 17:23:22 | 000,154,368 | ---- | M] (CyberLink Corporation.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\CLBUDFR.sys -- (CLBUDFR)
DRV - [2008.10.20 17:23:22 | 000,010,368 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\CLBStor.sys -- (CLBStor)
DRV - [2008.08.05 13:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008.01.03 15:10:16 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006.09.05 19:09:26 | 000,086,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59obex.sys -- (se59obex)
DRV - [2006.09.05 19:08:40 | 000,088,624 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59mgmt.sys -- (se59mgmt) Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM)
DRV - [2006.09.05 19:07:52 | 000,097,088 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59mdm.sys -- (se59mdm)
DRV - [2006.09.05 19:07:48 | 000,009,360 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59mdfl.sys -- (se59mdfl)
DRV - [2006.09.05 19:07:00 | 000,061,536 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59bus.sys -- (se59bus) Sony Ericsson Device 089 driver (WDM)
DRV - [2006.09.05 19:06:28 | 000,018,704 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59nd5.sys -- (se59nd5) Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS)
DRV - [2006.09.05 19:06:22 | 000,090,800 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59unic.sys -- (se59unic) Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM)
DRV - [2006.01.04 08:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2004.06.24 10:55:40 | 000,449,483 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\M1000KNT.sys -- (M1000Srv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1700389
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: ikariam.gamestats.org@gmail.com:1.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.03.06 14:05:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.03.06 14:05:17 | 000,000,000 | ---D | M]
 
[2008.11.13 21:29:53 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\smex\Anwendungsdaten\Mozilla\Extensions
[2011.03.08 12:45:56 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\smex\Anwendungsdaten\Mozilla\Firefox\Profiles\4ck4htvm.default\extensions
[2009.05.07 18:15:20 | 000,000,000 | ---D | M] (ikariam.GameStats.org) -- C:\Dokumente und Einstellungen\smex\Anwendungsdaten\Mozilla\Firefox\Profiles\4ck4htvm.default\extensions\ikariam.gamestats.org@gmail.com
[2011.03.08 12:45:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2008.11.20 19:31:00 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010.03.25 16:35:37 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.25 16:35:37 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.25 16:35:37 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.25 16:35:37 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.25 16:35:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.03.08 13:22:28 | 000,000,791 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BDRegion] C:\Programme\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] D:\Programme\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HTC Sync Loader] D:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [LGODDFU] D:\Programme\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [M1000Mnt]  File not found
O4 - HKLM..\Run: [MDS_Menu] D:\Programme\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NBAgent] D:\Programme\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PDVD8LanguageShortcut] D:\Programme\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] D:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] D:\Programme\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] D:\Programme\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] D:\Programme\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] D:\Programme\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]  File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EA Core]  File not found
O4 - HKCU..\Run: [Steam] D:\Programme\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.161 217.0.43.177
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\smex\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\smex\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.11.13 20:56:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{64db91ee-714c-11df-b4eb-001fd024d14e}\Shell - "" = AutoRun
O33 - MountPoints2\{64db91ee-714c-11df-b4eb-001fd024d14e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{64db91ee-714c-11df-b4eb-001fd024d14e}\Shell\AutoRun\command - "" = I:\Startme.exe
O33 - MountPoints2\{c01d4e54-10fd-11e0-b20f-001fd024d14e}\Shell\AutoRun\command - "" = H:\urDrive.exe
O33 - MountPoints2\{c01d4e55-10fd-11e0-b20f-001fd024d14e}\Shell\AutoRun\command - "" = J:\setup.exe
O33 - MountPoints2\{f3b243e2-308a-11e0-b23c-001fd024d14e}\Shell\AutoRun\command - "" = H:\Toshiba\Launcher\start.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - D:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: EA Core - hkey= - key= -  File not found
MsConfig - StartUpReg: GEST - hkey= - key= -  File not found
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= -  File not found
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= -  File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.08 18:50:38 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\smex\Desktop\TFC.exe
[2011.03.07 19:10:58 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011.03.07 17:36:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\smex\Anwendungsdaten\Malwarebytes
[2011.03.07 17:36:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.03.07 17:36:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.03.07 17:36:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.03.07 17:36:18 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.03.07 17:08:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\smex\Lokale Einstellungen\Anwendungsdaten\Sunbelt Software
[2011.03.07 17:07:50 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{EBDD7DE0-D012-47DF-859B-DB1061E2D512}
[2011.03.07 17:05:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Lavasoft
[2011.03.07 16:56:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy
[2011.03.07 16:55:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2011.03.07 16:54:34 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011.03.06 19:32:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\World of Warcraft
[2011.02.18 14:22:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\smex\Eigene Dateien\ANNO 1404 Venedig
[2011.02.18 11:44:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InstallShield
[2011.02.10 18:47:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\smex\Eigene Dateien\My Photos
[2011.02.10 18:47:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\smex\Eigene Dateien\My Documents
[2011.02.09 16:29:54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[1 C:\Programme\*.tmp files -> C:\Programme\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.08 18:56:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.03.08 18:55:21 | 000,000,333 | ---- | M] () -- C:\WINDOWS\lgfwup.ini
[2011.03.08 18:54:47 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011.03.08 18:54:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.03.08 18:52:00 | 000,452,576 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.03.08 18:52:00 | 000,436,268 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.03.08 18:52:00 | 000,081,824 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.03.08 18:52:00 | 000,069,164 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.03.08 18:50:45 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\smex\Desktop\TFC.exe
[2011.03.07 19:10:58 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011.03.07 17:36:22 | 000,000,630 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.07 17:07:42 | 000,000,731 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware.lnk
[2011.03.07 16:56:01 | 000,000,773 | ---- | M] () -- C:\Dokumente und Einstellungen\smex\Desktop\Spybot - Search & Destroy.lnk
[2011.03.07 16:54:34 | 000,003,002 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011.03.05 19:40:13 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2011.03.03 11:08:40 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011.02.23 16:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011.02.23 16:04:17 | 000,190,016 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011.02.23 15:56:55 | 000,371,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011.02.23 15:56:45 | 000,301,528 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011.02.23 15:55:49 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011.02.23 15:55:47 | 000,102,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011.02.23 15:55:44 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011.02.23 15:55:10 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011.02.23 15:54:57 | 000,030,680 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011.02.23 15:54:55 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011.02.16 16:27:04 | 000,046,592 | ---- | M] () -- C:\Dokumente und Einstellungen\smex\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.11 16:29:36 | 000,001,581 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2011.02.11 16:19:09 | 000,311,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.02.10 18:37:12 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\Programme\*.tmp files -> C:\Programme\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.03.07 17:36:22 | 000,000,630 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.07 17:28:05 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011.03.07 17:07:42 | 000,000,731 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware.lnk
[2011.03.07 16:56:01 | 000,000,773 | ---- | C] () -- C:\Dokumente und Einstellungen\smex\Desktop\Spybot - Search & Destroy.lnk
[2011.02.11 16:29:36 | 000,001,581 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2011.01.30 14:04:38 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2011.01.30 14:04:37 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010.12.08 19:27:07 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2010.10.29 16:15:01 | 000,000,333 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2010.10.12 19:58:22 | 000,000,141 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2010.10.12 19:58:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2010.10.12 19:58:17 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\brlmw03a.ini
[2010.10.12 19:58:16 | 000,009,030 | ---- | C] () -- C:\WINDOWS\HL-2030.INI
[2010.10.12 19:58:09 | 000,000,432 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010.10.12 19:57:00 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\bd2030.dat
[2010.10.12 19:56:39 | 000,000,238 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2010.10.08 19:42:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010.09.15 17:06:49 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010.09.15 17:06:45 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010.09.15 17:06:45 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010.07.02 19:49:37 | 000,000,281 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2010.04.25 15:16:10 | 000,008,024 | ---- | C] () -- C:\Dokumente und Einstellungen\smex\Anwendungsdaten\.civclientrc
[2010.02.26 22:25:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009.11.28 19:43:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009.10.31 23:42:21 | 000,001,809 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2009.08.11 16:17:07 | 000,449,483 | ---- | C] () -- C:\WINDOWS\System32\drivers\M1000KNT.sys
[2009.08.11 16:17:07 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\M1000DIF.dll
[2009.08.11 16:17:07 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M1000Twn.ini
[2009.08.11 16:17:07 | 000,003,053 | ---- | C] () -- C:\WINDOWS\System32\drivers\C10H3111.bin
[2009.08.11 16:17:07 | 000,003,053 | ---- | C] () -- C:\WINDOWS\System32\drivers\C10H2111.bin
[2009.08.11 16:17:07 | 000,003,053 | ---- | C] () -- C:\WINDOWS\System32\drivers\C10H0121.bin
[2009.08.11 16:17:07 | 000,003,053 | ---- | C] () -- C:\WINDOWS\System32\drivers\C10H0111.bin
[2009.08.11 16:17:07 | 000,003,053 | ---- | C] () -- C:\WINDOWS\System32\drivers\C10F3111.bin
[2009.08.11 16:17:07 | 000,003,053 | ---- | C] () -- C:\WINDOWS\System32\drivers\C10F2111.bin
[2009.08.11 16:17:07 | 000,003,053 | ---- | C] () -- C:\WINDOWS\System32\drivers\C10F0121.bin
[2009.08.11 16:17:07 | 000,003,053 | ---- | C] () -- C:\WINDOWS\System32\drivers\C10F0111.bin
[2009.06.27 16:02:41 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2009.06.10 17:33:00 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009.04.14 16:20:01 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009.04.14 16:16:09 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2009.03.07 01:03:11 | 000,006,740 | ---- | C] () -- C:\WINDOWS\AsphaltDuell.ini
[2009.03.04 20:33:29 | 000,000,151 | ---- | C] () -- C:\WINDOWS\MusicMaker.INI
[2009.03.04 20:24:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll
[2009.03.04 20:17:20 | 000,006,537 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2008.11.21 17:32:04 | 000,000,183 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.11.14 15:46:12 | 000,046,592 | ---- | C] () -- C:\Dokumente und Einstellungen\smex\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.11.13 21:29:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008.11.13 21:08:10 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008.11.13 20:57:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.11.13 20:54:12 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.11.13 20:46:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.11.13 20:43:39 | 000,311,584 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.08.02 05:20:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007.11.26 21:56:28 | 000,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2004.08.04 01:12:38 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001.08.23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.08.23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.08.18 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.08.18 13:00:00 | 000,452,576 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2001.08.18 13:00:00 | 000,436,268 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001.08.18 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.08.18 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2001.08.18 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.08.18 13:00:00 | 000,081,824 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2001.08.18 13:00:00 | 000,069,164 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001.08.18 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.08.18 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2001.08.18 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.08.18 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
 
========== LOP Check ==========
 
[2009.04.14 16:33:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Age of Empires 3
[2010.12.28 19:07:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software
[2010.11.06 14:54:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EA Core
[2009.02.13 16:58:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EA Logs
[2010.10.19 15:34:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts
[2010.10.29 16:25:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe
[2009.03.04 20:28:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2010.06.26 12:38:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SimCity Societies
[2010.12.11 16:18:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft
[2011.02.18 14:18:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Solidshield
[2009.08.14 16:59:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tages
[2010.10.29 16:15:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp
[2011.03.07 17:08:08 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{EBDD7DE0-D012-47DF-859B-DB1061E2D512}
[2010.04.25 15:24:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\smex\Anwendungsdaten\.freeciv
[2010.08.06 15:58:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\smex\Anwendungsdaten\Atari
[2009.04.04 23:14:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\smex\Anwendungsdaten\Command & Conquer 3 Tiberium Wars
[2008.11.13 21:33:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\smex\Anwendungsdaten\DAEMON Tools
[2011.02.06 13:58:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\smex\Anwendungsdaten\HTC
[2011.02.06 14:01:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\smex\Anwendungsdaten\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2008.11.14 20:10:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\smex\Anwendungsdaten\ICQ
[2009.03.04 20:34:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\smex\Anwendungsdaten\MAGIX
[2009.09.21 17:27:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\smex\Anwendungsdaten\MobMapUpdater
[2011.03.08 13:14:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\smex\Anwendungsdaten\Teleca
[2009.07.07 16:22:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\smex\Anwendungsdaten\temp
[2010.12.13 17:22:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\smex\Anwendungsdaten\Transcend
[2010.05.28 20:18:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\smex\Anwendungsdaten\TS3Client
[2011.02.18 14:18:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\smex\Anwendungsdaten\Ubisoft
[2010.10.08 19:28:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\smex\Anwendungsdaten\WinAVI
[2010.10.10 15:07:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\smex\Anwendungsdaten\XMedia Recode
[2011.03.08 18:54:47 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.03.08 13:14:49 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2010.12.17 18:49:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2008.11.13 21:05:04 | 000,000,000 | ---D | M] -- C:\Intel
[2009.08.14 20:45:20 | 000,000,000 | ---D | M] -- C:\Logs
[2008.11.28 14:52:14 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2010.10.18 17:40:38 | 000,000,000 | ---D | M] -- C:\ProgramData
[2011.03.08 12:57:39 | 000,000,000 | ---D | M] -- C:\Programme
[2008.11.13 21:46:11 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2010.12.12 19:54:41 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.10.29 16:16:33 | 000,000,000 | ---D | M] -- C:\Temp
[2011.03.08 18:52:38 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
< MD5 for: USERINIT.EXE  >
[2011.03.08 18:53:14 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-07 15:38:18
 
<           >

< End of report >
         
--- --- ---

Extra:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 08.03.2011 19:30:34 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = D:\downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 81.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 14.65 Gb Total Space | 0.89 Gb Free Space | 6.04% Space Free | Partition Type: NTFS
Drive D: | 451.10 Gb Total Space | 280.76 Gb Free Space | 62.24% Space Free | Partition Type: NTFS
 
Computer Name: SMEXI | User Name: smex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"D:\Programme\CyberLink\PowerDVD8\PowerDVD8.exe" = D:\Programme\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Trillian\trillian.exe" = C:\Programme\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"D:\Programme\ICQ6\ICQ.exe" = D:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6
"C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe" = C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup
"C:\Dokumente und Einstellungen\smex\Lokale Einstellungen\Temp\Nero Web\SetupXu.exe" = C:\Dokumente und Einstellungen\smex\Lokale Einstellungen\Temp\Nero Web\SetupXu.exe:*:Enabled:Nero ProductSetup
"D:\Programme\SopCast\adv\SopAdver.exe" = D:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver
"D:\Programme\SopCast\SopCast.exe" = D:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application
"\\192.168.0.2\VOLUME (I)\jannik\CS\cstrike -console.exe" = \\192.168.0.2\VOLUME (I)\jannik\CS\cstrike -console.exe:*:Enabled:cstrike -console.exe
"D:\Spiele\CS\cstrike -console.exe" = D:\Spiele\CS\cstrike -console.exe:*:Enabled:CounterStrike Launcher
"E:\AsphaltDuell.exe" = E:\AsphaltDuell.exe:*:Enabled:AsphaltDuell.exe
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"D:\Programme\Anno 1701\Anno1701.exe" = D:\Programme\Anno 1701\Anno1701.exe:*:Disabled:Anno 1701
"D:\Spiele\pc-spiele\Emp.Earth\ee\Empire Earth.exe" = D:\Spiele\pc-spiele\Emp.Earth\ee\Empire Earth.exe:*:Disabled:Empire Earth
"D:\Programme\Microsoft Games\Age of Empires III\age3y.exe" = D:\Programme\Microsoft Games\Age of Empires III\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties -- (Microsoft Corporation)
"D:\Programme\Microsoft Games\Rise of Nations\rise.exe" = D:\Programme\Microsoft Games\Rise of Nations\rise.exe:*:Enabled:Rise of Nations -- (Big Huge Games, Inc.)
"D:\Programme\Microsoft Games\Rise of Nations\nations.exe" = D:\Programme\Microsoft Games\Rise of Nations\nations.exe:*:Enabled:Rise of Nations -- (Big Huge Games, Inc.)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"D:\Programme\KONAMI\Pro Evolution Soccer 2009\pes2009.exe" = D:\Programme\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009
"D:\Programme\DreamCatcher\Genesis Rising\bin\GenesisRising.exe" = D:\Programme\DreamCatcher\Genesis Rising\bin\GenesisRising.exe:*:Enabled:GenesisRising
"D:\downloads\AOE\AOE II Conquerors Expansion\Age of Empires II Conquerors Expansion.exe" = D:\downloads\AOE\AOE II Conquerors Expansion\Age of Empires II Conquerors Expansion.exe:*:Enabled:Age of Empires II Expansion
"D:\downloads\AOE\AOE II Conquerors Expansion\aoe2_appdata\1000000a00002i\dplaysvr.exe" = D:\downloads\AOE\AOE II Conquerors Expansion\aoe2_appdata\1000000a00002i\dplaysvr.exe:*:Enabled:dplaysvr
"D:\Programme\ICQ6.5\ICQ.exe" = D:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"D:\Programme\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe" = D:\Programme\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe:*:Enabled:Blizzard Downloader
"D:\Programme\EA GAMES\Battlefield 1942\BF1942.exe" = D:\Programme\EA GAMES\Battlefield 1942\BF1942.exe:*:Enabled:BF1942 -- ()
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"D:\Programme\Paradox Interactive\Doomsday\Hoi2.exe" = D:\Programme\Paradox Interactive\Doomsday\Hoi2.exe:*:Enabled:Hearts of Iron 2 -- (Paradox Interactive)
"D:\downloads\AOE II Conquerors Expansion\Age of Empires II Conquerors Expansion.exe" = D:\downloads\AOE II Conquerors Expansion\Age of Empires II Conquerors Expansion.exe:*:Enabled:Age of Empires II Expansion
"D:\downloads\AOE II Conquerors Expansion\aoe2_appdata\1000000a00002i\dplaysvr.exe" = D:\downloads\AOE II Conquerors Expansion\aoe2_appdata\1000000a00002i\dplaysvr.exe:*:Enabled:dplaysvr
"C:\Programme\Electronic Arts\EADM\Core.exe" = C:\Programme\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager
"D:\Programme\EA GAMES\Battlefield Vietnam\bfvietnam.exe" = D:\Programme\EA GAMES\Battlefield Vietnam\bfvietnam.exe:*:Enabled:bfvietnam
"D:\Programme\World of Warcraft\Launcher.exe" = D:\Programme\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher
"D:\Programme\Counter-Strike Source\hl2.exe" = D:\Programme\Counter-Strike Source\hl2.exe:*:Enabled:hl2 -- ()
"D:\Programme\Freeciv-2.1.10-win32\civserver.exe" = D:\Programme\Freeciv-2.1.10-win32\civserver.exe:*:Enabled:civserver
"D:\Programme\EA GAMES\Command and Conquer Generäle\game.dat" = D:\Programme\EA GAMES\Command and Conquer Generäle\game.dat:*:Enabled:game -- ()
"D:\Programme\EA GAMES\Command & Conquer Generäle Stunde Null\game.dat" = D:\Programme\EA GAMES\Command & Conquer Generäle Stunde Null\game.dat:*:Enabled:game -- ()
"D:\Programme\THQ\Zanzarah\System\zanthp.exe" = D:\Programme\THQ\Zanzarah\System\zanthp.exe:*:Enabled:Zanzarah
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"I:\Spiele\wc3tft\Warcraft III.exe" = I:\Spiele\wc3tft\Warcraft III.exe:*:Enabled:Warcraft III
"D:\Programme\EA SPORTS\FIFA 11\Game\fifa.exe" = D:\Programme\EA SPORTS\FIFA 11\Game\fifa.exe:*:Disabled:FIFA 11
"D:\Programme\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe" = D:\Programme\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2
"D:\Programme\CyberLink\PowerDVD8\PowerDVD8.exe" = D:\Programme\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)
"D:\Programme\StarCraft II\StarCraft II.exe" = D:\Programme\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher
"D:\Programme\Ascaron Entertainment\Sacred 2 - Fallen Angel\system\s2gs.exe" = D:\Programme\Ascaron Entertainment\Sacred 2 - Fallen Angel\system\s2gs.exe:*:Enabled:Sacred 2 Game Server -- (Ascaron Entertainment GmbH)
"D:\Programme\Ascaron Entertainment\Sacred 2 - Fallen Angel\system\sacred2.exe" = D:\Programme\Ascaron Entertainment\Sacred 2 - Fallen Angel\system\sacred2.exe:*:Enabled:Sacred 2 -- (Ascaron Entertainment GmbH)
"D:\Programme\Steam\Steam.exe" = D:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"D:\Programme\Paradox Interactive\Victoria 2\v2game.exe" = D:\Programme\Paradox Interactive\Victoria 2\v2game.exe:*:Enabled:v2game -- ()
"H:\Spiele\AOE II Conquerors Expansion\aoe2_appdata\1000000a00002i\dplaysvr.exe" = H:\Spiele\AOE II Conquerors Expansion\aoe2_appdata\1000000a00002i\dplaysvr.exe:*:Enabled:dplaysvr
"H:\Spiele\AOE II Conquerors Expansion\Age of Empires II Conquerors Expansion.exe" = H:\Spiele\AOE II Conquerors Expansion\Age of Empires II Conquerors Expansion.exe:*:Enabled:Age of Empires II Expansion
"D:\Programme\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe" = D:\Programme\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe:*:Disabled:Anno4Web -- ()
"D:\Programme\The Creative Assembly\Shogun - Total War Gold\ShogunM.exe" = D:\Programme\The Creative Assembly\Shogun - Total War Gold\ShogunM.exe:*:Enabled:Shog_CPP
"D:\Programme\Ubisoft\Related Designs\ANNO 1404\tools\AddonWeb.exe" = D:\Programme\Ubisoft\Related Designs\ANNO 1404\tools\AddonWeb.exe:*:Enabled:AddonWeb -- ()
"D:\Programme\Ubisoft\Related Designs\ANNO 1404\Addon.exe" = D:\Programme\Ubisoft\Related Designs\ANNO 1404\Addon.exe:*:Enabled:Anno 1404 - Addon -- (Related Designs)
"D:\Programme\Steam\SteamApps\stylo@haefft.de\counter-strike source\hl2.exe" = D:\Programme\Steam\SteamApps\stylo@haefft.de\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()
"D:\Programme\World of Warcraft 2\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe" = D:\Programme\World of Warcraft 2\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"D:\Programme\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe" = D:\Programme\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0F931735-0098-4FF6-A49D-17882A294F51}" = Microsoft VC90 CRT + OMP
"{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22D90DD2-8654-4E8A-B2F1-B6B86A2BF390}" = CyberLink UDF Reader 5.0
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 15
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5645FB61-898F-4F59-AF80-52FEF3D63A64}" = HTC Sync
"{56A648C2-D185-46A9-BBFF-78AE7A501000}" = USB2.0 Web Camera
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59C80C5E-8C92-40FF-B910-2BB5C7281F61}" = Europa Universalis III
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{69464949-AD9C-4C98-933F-C32FFC86F3C8}" = Doomsday
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{6D0042A0-9064-4C7F-B906-3EAC4427EE07}_is1" = Counter-Strike Source DZ
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87885939-F824-42bf-B790-231B1E8EF2BB}" = dj_sf_software
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9C3B7F54-C6E2-4A74-9937-9C6EBA10C4A2}" = Victoria 2
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7502939-A8CA-45FA-A211-E8E485787023}" = Brother HL-2035
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Programm für Prozessor-IDs
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.2 - Deutsch
"{ADD72094-D289-4714-A62E-70574478A2BC}" = System Requirements Lab for Intel
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BCAF3D46-3BDA-441F-97B9-3878ACD0CD4F}_is1" = Half-Life 2 (Addon) DZ
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0106CC2-E34B-4FA3-B6B6-91F0ACEA2CC3}" = Hearts of Iron III
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null 
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"7-Zip" = 7-Zip 9.20
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AnyDVD" = AnyDVD
"avast" = avast! Free Antivirus
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EADM" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition (D)
"FLV Player" = FLV Player 2.0 (build 25)
"Hearts of Iron 2 Doomsday Armageddon_is1" = HOI2 Doomsday Armageddon 1.2
"Hearts of Iron 2 Doomsday_is1" = Hearts of Iron 2 Doomsday Armageddon
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null 
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Listenserver Erweiterungssystem" = Listenserver Erweiterungssystem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Modern Day Scenario 2" = Modern Day Scenario 2 1.5
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"POD-Bot 2.5" = POD-Bot 2.5
"RiseOfNations 1.0" = Microsoft Rise Of Nations
"Semper Fi_is1" = Semper Fi 2.03
"Steam App 240" = Counter-Strike: Source
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Trillian" = Trillian
"VLC media player" = VLC media player 1.1.4
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WinUHA_is1" = WinUHA 2.0 RC1 (2005.02.27)
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"World of Warcraft" = World of Warcraft
 
========== Last 10 Event Log Errors ==========
 
[ Antivirus Events ]
Error - 21.03.2010 12:35:55 | Computer Name = SMEXI | Source = avast! | ID = 33554522
Description = 
 
Error - 21.03.2010 12:35:55 | Computer Name = SMEXI | Source = avast! | ID = 33554522
Description = 
 
Error - 21.03.2010 12:35:55 | Computer Name = SMEXI | Source = avast! | ID = 33554522
Description = 
 
Error - 21.03.2010 12:35:55 | Computer Name = SMEXI | Source = avast! | ID = 33554522
Description = 
 
Error - 21.03.2010 12:35:55 | Computer Name = SMEXI | Source = avast! | ID = 33554522
Description = 
 
Error - 21.03.2010 12:35:55 | Computer Name = SMEXI | Source = avast! | ID = 33554522
Description = 
 
Error - 21.03.2010 12:35:55 | Computer Name = SMEXI | Source = avast! | ID = 33554522
Description = 
 
Error - 21.03.2010 12:35:55 | Computer Name = SMEXI | Source = avast! | ID = 33554522
Description = 
 
Error - 11.05.2010 13:39:29 | Computer Name = SMEXI | Source = avast! | ID = 33554522
Description = 
 
Error - 02.07.2010 15:25:00 | Computer Name = SMEXI | Source = avast! | ID = 33554522
Description = 
 
[ Application Events ]
Error - 22.02.2011 11:36:54 | Computer Name = SMEXI | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.0-kb982168,
 P2 1031, P3 1618, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10 
0.
 
Error - 22.02.2011 11:38:18 | Computer Name = SMEXI | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2418241,
 P2 1031, P3 1618, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10 
0.
 
Error - 22.02.2011 11:39:16 | Computer Name = SMEXI | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb983583,
 P2 1031, P3 1618, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10 
0.
 
Error - 26.02.2011 07:50:46 | Computer Name = SMEXI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 1.9.2.3989,
 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x0000100b.
 
Error - 26.02.2011 12:06:53 | Computer Name = SMEXI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung hoi2.exe, Version 1.0.0.1, fehlgeschlagenes
 Modul hoi2.exe, Version 1.0.0.1, Fehleradresse 0x001f7b50.
 
Error - 26.02.2011 12:42:09 | Computer Name = SMEXI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung hoi2.exe, Version 1.0.0.1, fehlgeschlagenes
 Modul hoi2.exe, Version 1.0.0.1, Fehleradresse 0x0009d251.
 
Error - 27.02.2011 12:50:52 | Computer Name = SMEXI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung hoi2.exe, Version 1.0.0.1, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x0003002b.
 
Error - 04.03.2011 15:50:42 | Computer Name = SMEXI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung hoi2.exe, Version 1.0.0.1, fehlgeschlagenes
 Modul hoi2.exe, Version 1.0.0.1, Fehleradresse 0x0016e764.
 
Error - 07.03.2011 12:08:24 | Computer Name = SMEXI | Source = Lavasoft Ad-Aware Service | ID = 0
Description = 
 
Error - 07.03.2011 12:23:01 | Computer Name = SMEXI | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Ad-AwareAdmin.exe, Version 9.0.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ OSession Events ]
Error - 07.01.2009 15:44:25 | Computer Name = SMEXI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session 
lasted 247 seconds with 240 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 08.03.2011 13:51:56 | Computer Name = SMEXI | Source = Service Control Manager | ID = 7034
Description = Dienst "@C:\Programme\Nero\Update\NASvc.exe,-200" wurde unerwartet
 beendet. Dies ist bereits 1 Mal passiert.
 
Error - 08.03.2011 13:51:56 | Computer Name = SMEXI | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Internet Pass-Through Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 
Millisekunden durchgeführt: Starten Sie den Dienst neu..
 
Error - 08.03.2011 13:51:56 | Computer Name = SMEXI | Source = Service Control Manager | ID = 7034
Description = Dienst "Cyberlink RichVideo Service(CRVS)" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 08.03.2011 13:51:59 | Computer Name = SMEXI | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Lavasoft Ad-Aware Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden
 durchgeführt: Starten Sie den Dienst neu..
 
Error - 08.03.2011 13:55:30 | Computer Name = SMEXI | Source = Service Control Manager | ID = 7000
Description = Der Dienst "PSTRIP" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 08.03.2011 13:56:50 | Computer Name = SMEXI | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   Lbd
 
Error - 08.03.2011 14:22:58 | Computer Name = SMEXI | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 08.03.2011 14:22:59 | Computer Name = SMEXI | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
 beendet:   %%2
 
Error - 08.03.2011 14:30:50 | Computer Name = SMEXI | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 08.03.2011 14:30:50 | Computer Name = SMEXI | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
 beendet:   %%2
 
 
< End of report >
         
--- --- ---
__________________


Alt 08.03.2011, 19:26   #3
smex
 
Manche Internetseiten gehen nicht mehr sowie manche Internetprogramme - Standard

Manche Internetseiten gehen nicht mehr sowie manche Internetprogramme



Sry 4 3 posts.. beim upload fürn anhang sagt der ständig: ungültige datei.. -.-

gmer:

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-03-08 20:21:50
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-1f SAMSUNG_HD502IJ rev.1AA01113
Running: vjmycum3.exe; Driver: C:\DOKUME~1\smex\LOKALE~1\Temp\pxtdypog.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                ZwAddBootEntry [0xB33779CA]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                ZwAllocateVirtualMemory [0xB33CCA68]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                ZwClose [0xB3397AF5]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                ZwCreateEvent [0xB3379EAC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                ZwCreateEventPair [0xB3379F04]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                ZwCreateIoCompletion [0xB337A01A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                ZwCreateKey [0xB33974A9]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                ZwCreateMutant [0xB3379E02]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                ZwCreateSection [0xB3379F54]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                ZwCreateSemaphore [0xB3379E56]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                ZwCreateTimer [0xB3379FC8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                ZwDeleteBootEntry [0xB33779EE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                ZwDeleteKey [0xB33981BB]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                ZwDeleteValueKey [0xB3398471]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                ZwDuplicateObject [0xB337A29E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                ZwEnumerateKey [0xB3398026]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                ZwEnumerateValueKey [0xB3397E91]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                ZwFreeVirtualMemory [0xB33CCB18]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                ZwLoadDriver [0xB33777B8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                ZwModifyBootEntry [0xB3377A12]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                ZwNotifyChangeKey [0xB337A412]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                ZwNotifyChangeMultipleKeys [0xB33784AA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                ZwOpenEvent [0xB3379EDC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                ZwOpenEventPair [0xB3379F2C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                ZwOpenIoCompletion [0xB337A044]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                ZwOpenKey [0xB3397805]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                ZwOpenMutant [0xB3379E2E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                ZwOpenProcess [0xB337A0D6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                ZwOpenSection [0xB3379F94]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                ZwOpenSemaphore [0xB3379E84]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                ZwOpenThread [0xB337A1BA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                ZwOpenTimer [0xB3379FF2]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                ZwProtectVirtualMemory [0xB33CCBB0]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                ZwQueryKey [0xB3397D0C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                ZwQueryObject [0xB3378370]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                ZwQueryValueKey [0xB3397B5E]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                ZwRenameKey [0xB33D4E26]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                ZwRestoreKey [0xB3396B1C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                ZwSetBootEntryOrder [0xB3377A36]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                ZwSetBootOptions [0xB3377A5A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                ZwSetSystemInformation [0xB3377812]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                ZwSetSystemPowerState [0xB337794E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                ZwSetValueKey [0xB33982C2]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                ZwShutdownSystem [0xB337792A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                ZwSystemDebugControl [0xB3377972]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                ZwVdmControl [0xB3377A7E]

INT 0x62        ?                                                                                                                    8AF88BF8
INT 0x63        ?                                                                                                                    8AD16BF8
INT 0x63        ?                                                                                                                    8AD16BF8
INT 0x63        ?                                                                                                                    8AD16BF8
INT 0x82        ?                                                                                                                    8AF88BF8
INT 0x84        ?                                                                                                                    8AD16BF8
INT 0xA4        ?                                                                                                                    8AD16BF8
INT 0xB4        ?                                                                                                                    8AF88BF8
INT 0xB4        ?                                                                                                                    8AF88BF8
INT 0xB4        ?                                                                                                                    8AF88BF8
INT 0xB4        ?                                                                                                                    8AF88BF8
INT 0xB4        ?                                                                                                                    8AD16BF8
INT 0xB4        ?                                                                                                                    8AF88BF8

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                ZwCreateProcessEx [0xB33E18DE]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                ObInsertObject
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE            ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC                                                                          805A64A8 4 Bytes  CALL B3378E25 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE            ntkrnlpa.exe!ObMakeTemporaryObject                                                                                   805BC556 5 Bytes  JMP B33DD29E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ObInsertObject                                                                                          805C2FDA 5 Bytes  JMP B33DED38 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ZwCreateProcessEx                                                                                       805D117A 7 Bytes  JMP B33E18E2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
?               spra.sys                                                                                                             Das System kann die angegebene Datei nicht finden. !
.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                             section is writeable [0xB725A3A0, 0x59FFE5, 0xE8000020]
.text           USBPORT.SYS!DllUnload                                                                                                B723A8AC 5 Bytes  JMP 8AD161D8 
.text           a6pd1eh1.SYS                                                                                                         B716D386 35 Bytes  [00, 00, 00, 00, 00, 00, 20, ...]
.text           a6pd1eh1.SYS                                                                                                         B716D3AA 24 Bytes  [00, 00, 00, 00, 00, 00, 00, ...]
.text           a6pd1eh1.SYS                                                                                                         B716D3C4 3 Bytes  [00, 70, 02] {ADD [EAX+0x2], DH}
.text           a6pd1eh1.SYS                                                                                                         B716D3C9 1 Byte  [2E]
.text           a6pd1eh1.SYS                                                                                                         B716D3C9 11 Bytes  [2E, 00, 00, 00, 5A, 02, 00, ...]
.text           ...                                                                                                                  
.text           C:\WINDOWS\system32\drivers\ACEDRV07.sys                                                                             section is writeable [0xB3024000, 0x328BA, 0xE8000020]
.pklstb         C:\WINDOWS\system32\drivers\ACEDRV07.sys                                                                             entry point in ".pklstb" section [0xB3068000]
.relo2          C:\WINDOWS\system32\drivers\ACEDRV07.sys                                                                             unknown last section [0xB3084000, 0x8E, 0x42000040]
.text           C:\WINDOWS\system32\DRIVERS\atksgt.sys                                                                               section is writeable [0xB27BD300, 0x3B6D8, 0xE8000020]
.text           C:\WINDOWS\system32\DRIVERS\lirsgt.sys                                                                               section is writeable [0xB369B300, 0x1BEE, 0xE8000020]
.text           D:\Programme\CyberLink\PowerDVD8\000.fcl                                                                             section is writeable [0xB24E2000, 0x2892, 0xE8000020]
.vmp2           D:\Programme\CyberLink\PowerDVD8\000.fcl                                                                             entry point in ".vmp2" section [0xB2505050]

---- User code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[172] ntdll.dll!LdrLoadDll                                                      7C92632D 5 Bytes  JMP 00090030 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[172] ntdll.dll!LdrUnloadDll                                                    7C9271CD 5 Bytes  JMP 0009006C 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[172] ADVAPI32.dll!SetServiceObjectSecurity                                     77E06D81 5 Bytes  JMP 002B01D4 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[172] ADVAPI32.dll!ChangeServiceConfigA                                         77E06E69 5 Bytes  JMP 002B00E4 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[172] ADVAPI32.dll!ChangeServiceConfigW                                         77E07001 5 Bytes  JMP 002B0120 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[172] ADVAPI32.dll!ChangeServiceConfig2A                                        77E07101 5 Bytes  JMP 002B015C 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[172] ADVAPI32.dll!ChangeServiceConfig2W                                        77E07189 5 Bytes  JMP 002B0198 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[172] ADVAPI32.dll!CreateServiceA                                               77E07211 5 Bytes  JMP 002B0030 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[172] ADVAPI32.dll!CreateServiceW                                               77E073A9 5 Bytes  JMP 002B006C 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[172] ADVAPI32.dll!DeleteService                                                77E074B1 5 Bytes  JMP 002B00A8 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[172] USER32.dll!SetWindowsHookExW                                              7E37820F 5 Bytes  JMP 002C00E4 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[172] USER32.dll!UnhookWindowsHookEx                                            7E37D5F3 5 Bytes  JMP 002C0120 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[172] USER32.dll!SetWindowsHookExA                                              7E381211 5 Bytes  JMP 002C00A8 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[172] USER32.dll!SetWinEventHook                                                7E3817F7 5 Bytes  JMP 002C0030 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[172] USER32.dll!UnhookWinEvent                                                 7E3818AC 5 Bytes  JMP 002C006C 
.text           C:\WINDOWS\RTHDCPL.EXE[184] ntdll.dll!LdrLoadDll                                                                     7C92632D 5 Bytes  JMP 00140030 
.text           C:\WINDOWS\RTHDCPL.EXE[184] ntdll.dll!LdrUnloadDll                                                                   7C9271CD 5 Bytes  JMP 0014006C 
.text           C:\WINDOWS\RTHDCPL.EXE[184] ADVAPI32.dll!SetServiceObjectSecurity                                                    77E06D81 5 Bytes  JMP 003801D4 
.text           C:\WINDOWS\RTHDCPL.EXE[184] ADVAPI32.dll!ChangeServiceConfigA                                                        77E06E69 5 Bytes  JMP 003800E4 
.text           C:\WINDOWS\RTHDCPL.EXE[184] ADVAPI32.dll!ChangeServiceConfigW                                                        77E07001 5 Bytes  JMP 00380120 
.text           C:\WINDOWS\RTHDCPL.EXE[184] ADVAPI32.dll!ChangeServiceConfig2A                                                       77E07101 5 Bytes  JMP 0038015C 
.text           C:\WINDOWS\RTHDCPL.EXE[184] ADVAPI32.dll!ChangeServiceConfig2W                                                       77E07189 5 Bytes  JMP 00380198 
.text           C:\WINDOWS\RTHDCPL.EXE[184] ADVAPI32.dll!CreateServiceA                                                              77E07211 5 Bytes  JMP 00380030 
.text           C:\WINDOWS\RTHDCPL.EXE[184] ADVAPI32.dll!CreateServiceW                                                              77E073A9 5 Bytes  JMP 0038006C 
.text           C:\WINDOWS\RTHDCPL.EXE[184] ADVAPI32.dll!DeleteService                                                               77E074B1 5 Bytes  JMP 003800A8 
.text           C:\WINDOWS\RTHDCPL.EXE[184] USER32.dll!SetWindowsHookExW                                                             7E37820F 5 Bytes  JMP 003900E4 
.text           C:\WINDOWS\RTHDCPL.EXE[184] USER32.dll!UnhookWindowsHookEx                                                           7E37D5F3 5 Bytes  JMP 00390120 
.text           C:\WINDOWS\RTHDCPL.EXE[184] USER32.dll!SetWindowsHookExA                                                             7E381211 5 Bytes  JMP 003900A8 
.text           C:\WINDOWS\RTHDCPL.EXE[184] USER32.dll!SetWinEventHook                                                               7E3817F7 5 Bytes  JMP 00390030 
.text           C:\WINDOWS\RTHDCPL.EXE[184] USER32.dll!UnhookWinEvent                                                                7E3818AC 3 Bytes  JMP 0039006C 
.text           C:\WINDOWS\RTHDCPL.EXE[184] USER32.dll!UnhookWinEvent + 4                                                            7E3818B0 1 Byte  [82]
.text           C:\WINDOWS\WebCam\M1000\M1000Mnt.exe[248] ntdll.dll!LdrLoadDll                                                       7C92632D 5 Bytes  JMP 00140030 
.text           C:\WINDOWS\WebCam\M1000\M1000Mnt.exe[248] ntdll.dll!LdrUnloadDll                                                     7C9271CD 5 Bytes  JMP 0014006C 
.text           C:\WINDOWS\WebCam\M1000\M1000Mnt.exe[248] USER32.dll!SetWindowsHookExW                                               7E37820F 5 Bytes  JMP 003800E4 
.text           C:\WINDOWS\WebCam\M1000\M1000Mnt.exe[248] USER32.dll!UnhookWindowsHookEx                                             7E37D5F3 3 Bytes  JMP 00380120 
.text           C:\WINDOWS\WebCam\M1000\M1000Mnt.exe[248] USER32.dll!UnhookWindowsHookEx + 4                                         7E37D5F7 1 Byte  [82]
.text           C:\WINDOWS\WebCam\M1000\M1000Mnt.exe[248] USER32.dll!SetWindowsHookExA                                               7E381211 5 Bytes  JMP 003800A8 
.text           C:\WINDOWS\WebCam\M1000\M1000Mnt.exe[248] USER32.dll!SetWinEventHook                                                 7E3817F7 5 Bytes  JMP 00380030 
.text           C:\WINDOWS\WebCam\M1000\M1000Mnt.exe[248] USER32.dll!UnhookWinEvent                                                  7E3818AC 5 Bytes  JMP 0038006C 
.text           C:\WINDOWS\WebCam\M1000\M1000Mnt.exe[248] ADVAPI32.dll!SetServiceObjectSecurity                                      77E06D81 3 Bytes  JMP 003901D4 
.text           C:\WINDOWS\WebCam\M1000\M1000Mnt.exe[248] ADVAPI32.dll!SetServiceObjectSecurity + 4                                  77E06D85 1 Byte  [88]
.text           C:\WINDOWS\WebCam\M1000\M1000Mnt.exe[248] ADVAPI32.dll!ChangeServiceConfigA                                          77E06E69 5 Bytes  JMP 003900E4 
.text           C:\WINDOWS\WebCam\M1000\M1000Mnt.exe[248] ADVAPI32.dll!ChangeServiceConfigW                                          77E07001 5 Bytes  JMP 00390120 
.text           C:\WINDOWS\WebCam\M1000\M1000Mnt.exe[248] ADVAPI32.dll!ChangeServiceConfig2A                                         77E07101 5 Bytes  JMP 0039015C 
.text           C:\WINDOWS\WebCam\M1000\M1000Mnt.exe[248] ADVAPI32.dll!ChangeServiceConfig2W                                         77E07189 5 Bytes  JMP 00390198 
.text           C:\WINDOWS\WebCam\M1000\M1000Mnt.exe[248] ADVAPI32.dll!CreateServiceA                                                77E07211 5 Bytes  JMP 00390030 
.text           C:\WINDOWS\WebCam\M1000\M1000Mnt.exe[248] ADVAPI32.dll!CreateServiceW                                                77E073A9 5 Bytes  JMP 0039006C 
.text           C:\WINDOWS\WebCam\M1000\M1000Mnt.exe[248] ADVAPI32.dll!DeleteService                                                 77E074B1 5 Bytes  JMP 003900A8 
.text           C:\WINDOWS\system32\RUNDLL32.EXE[264] ntdll.dll!LdrLoadDll                                                           7C92632D 5 Bytes  JMP 00090030 
.text           C:\WINDOWS\system32\RUNDLL32.EXE[264] ntdll.dll!LdrUnloadDll                                                         7C9271CD 5 Bytes  JMP 0009006C 
.text           C:\WINDOWS\system32\RUNDLL32.EXE[264] USER32.dll!SetWindowsHookExW                                                   7E37820F 5 Bytes  JMP 002B00E4 
.text           C:\WINDOWS\system32\RUNDLL32.EXE[264] USER32.dll!UnhookWindowsHookEx                                                 7E37D5F3 5 Bytes  JMP 002B0120 
.text           C:\WINDOWS\system32\RUNDLL32.EXE[264] USER32.dll!SetWindowsHookExA                                                   7E381211 5 Bytes  JMP 002B00A8 
.text           C:\WINDOWS\system32\RUNDLL32.EXE[264] USER32.dll!SetWinEventHook                                                     7E3817F7 5 Bytes  JMP 002B0030 
.text           C:\WINDOWS\system32\RUNDLL32.EXE[264] USER32.dll!UnhookWinEvent                                                      7E3818AC 5 Bytes  JMP 002B006C 
.text           C:\WINDOWS\system32\RUNDLL32.EXE[264] ADVAPI32.dll!SetServiceObjectSecurity                                          77E06D81 5 Bytes  JMP 002C01D4 
.text           C:\WINDOWS\system32\RUNDLL32.EXE[264] ADVAPI32.dll!ChangeServiceConfigA                                              77E06E69 5 Bytes  JMP 002C00E4 
.text           C:\WINDOWS\system32\RUNDLL32.EXE[264] ADVAPI32.dll!ChangeServiceConfigW                                              77E07001 5 Bytes  JMP 002C0120 
.text           C:\WINDOWS\system32\RUNDLL32.EXE[264] ADVAPI32.dll!ChangeServiceConfig2A                                             77E07101 5 Bytes  JMP 002C015C 
.text           C:\WINDOWS\system32\RUNDLL32.EXE[264] ADVAPI32.dll!ChangeServiceConfig2W                                             77E07189 5 Bytes  JMP 002C0198 
.text           C:\WINDOWS\system32\RUNDLL32.EXE[264] ADVAPI32.dll!CreateServiceA                                                    77E07211 5 Bytes  JMP 002C0030 
.text           C:\WINDOWS\system32\RUNDLL32.EXE[264] ADVAPI32.dll!CreateServiceW                                                    77E073A9 5 Bytes  JMP 002C006C 
.text           C:\WINDOWS\system32\RUNDLL32.EXE[264] ADVAPI32.dll!DeleteService                                                     77E074B1 5 Bytes  JMP 002C00A8 
.text           D:\Programme\CyberLink\Power2Go\CLMLSvc.exe[412] ntdll.dll!LdrLoadDll                                                7C92632D 5 Bytes  JMP 00150030 
.text           D:\Programme\CyberLink\Power2Go\CLMLSvc.exe[412] ntdll.dll!LdrUnloadDll                                              7C9271CD 5 Bytes  JMP 0015006C 
.text           D:\Programme\CyberLink\Power2Go\CLMLSvc.exe[412] USER32.dll!SetWindowsHookExW                                        7E37820F 5 Bytes  JMP 003900E4 
.text           D:\Programme\CyberLink\Power2Go\CLMLSvc.exe[412] USER32.dll!UnhookWindowsHookEx                                      7E37D5F3 5 Bytes  JMP 00390120 
.text           D:\Programme\CyberLink\Power2Go\CLMLSvc.exe[412] USER32.dll!SetWindowsHookExA                                        7E381211 5 Bytes  JMP 003900A8 
.text           D:\Programme\CyberLink\Power2Go\CLMLSvc.exe[412] USER32.dll!SetWinEventHook                                          7E3817F7 5 Bytes  JMP 00390030 
.text           D:\Programme\CyberLink\Power2Go\CLMLSvc.exe[412] USER32.dll!UnhookWinEvent                                           7E3818AC 3 Bytes  JMP 0039006C 
.text           D:\Programme\CyberLink\Power2Go\CLMLSvc.exe[412] USER32.dll!UnhookWinEvent + 4                                       7E3818B0 1 Byte  [82]
.text           D:\Programme\CyberLink\Power2Go\CLMLSvc.exe[412] ADVAPI32.dll!SetServiceObjectSecurity                               77E06D81 5 Bytes  JMP 003A01D4 
.text           D:\Programme\CyberLink\Power2Go\CLMLSvc.exe[412] ADVAPI32.dll!ChangeServiceConfigA                                   77E06E69 5 Bytes  JMP 003A00E4 
.text           D:\Programme\CyberLink\Power2Go\CLMLSvc.exe[412] ADVAPI32.dll!ChangeServiceConfigW                                   77E07001 5 Bytes  JMP 003A0120 
.text           D:\Programme\CyberLink\Power2Go\CLMLSvc.exe[412] ADVAPI32.dll!ChangeServiceConfig2A                                  77E07101 5 Bytes  JMP 003A015C 
.text           D:\Programme\CyberLink\Power2Go\CLMLSvc.exe[412] ADVAPI32.dll!ChangeServiceConfig2W                                  77E07189 5 Bytes  JMP 003A0198 
.text           D:\Programme\CyberLink\Power2Go\CLMLSvc.exe[412] ADVAPI32.dll!CreateServiceA                                         77E07211 5 Bytes  JMP 003A0030 
.text           D:\Programme\CyberLink\Power2Go\CLMLSvc.exe[412] ADVAPI32.dll!CreateServiceW                                         77E073A9 5 Bytes  JMP 003A006C 
.text           D:\Programme\CyberLink\Power2Go\CLMLSvc.exe[412] ADVAPI32.dll!DeleteService                                          77E074B1 5 Bytes  JMP 003A00A8 
.text           D:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe[524] ntdll.dll!LdrLoadDll                                             7C92632D 5 Bytes  JMP 00150030 
.text           D:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe[524] ntdll.dll!LdrUnloadDll                                           7C9271CD 5 Bytes  JMP 0015006C 
.text           D:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe[524] ADVAPI32.dll!SetServiceObjectSecurity                            77E06D81 3 Bytes  JMP 003901D4 
.text           D:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe[524] ADVAPI32.dll!SetServiceObjectSecurity + 4                        77E06D85 1 Byte  [88]
.text           D:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe[524] ADVAPI32.dll!ChangeServiceConfigA                                77E06E69 5 Bytes  JMP 003900E4 
.text           D:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe[524] ADVAPI32.dll!ChangeServiceConfigW                                77E07001 5 Bytes  JMP 00390120 
.text           D:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe[524] ADVAPI32.dll!ChangeServiceConfig2A                               77E07101 5 Bytes  JMP 0039015C 
.text           D:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe[524] ADVAPI32.dll!ChangeServiceConfig2W                               77E07189 5 Bytes  JMP 00390198 
.text           D:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe[524] ADVAPI32.dll!CreateServiceA                                      77E07211 5 Bytes  JMP 00390030 
.text           D:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe[524] ADVAPI32.dll!CreateServiceW                                      77E073A9 5 Bytes  JMP 0039006C 
.text           D:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe[524] ADVAPI32.dll!DeleteService                                       77E074B1 5 Bytes  JMP 003900A8 
.text           D:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe[524] USER32.dll!SetWindowsHookExW                                     7E37820F 5 Bytes  JMP 003A00E4 
.text           D:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe[524] USER32.dll!UnhookWindowsHookEx                                   7E37D5F3 5 Bytes  JMP 003A0120 
.text           D:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe[524] USER32.dll!SetWindowsHookExA                                     7E381211 5 Bytes  JMP 003A00A8 
.text           D:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe[524] USER32.dll!SetWinEventHook                                       7E3817F7 5 Bytes  JMP 003A0030 
.text           D:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe[524] USER32.dll!UnhookWinEvent                                        7E3818AC 5 Bytes  JMP 003A006C 
.text           C:\Programme\Cyberlink\Shared Files\brs.exe[628] ntdll.dll!LdrLoadDll                                                7C92632D 5 Bytes  JMP 00140030 
.text           C:\Programme\Cyberlink\Shared Files\brs.exe[628] ntdll.dll!LdrUnloadDll                                              7C9271CD 5 Bytes  JMP 0014006C 
.text           C:\Programme\Cyberlink\Shared Files\brs.exe[628] USER32.dll!SetWindowsHookExW                                        7E37820F 5 Bytes  JMP 003800E4 
.text           C:\Programme\Cyberlink\Shared Files\brs.exe[628] USER32.dll!UnhookWindowsHookEx                                      7E37D5F3 3 Bytes  JMP 00380120 
.text           C:\Programme\Cyberlink\Shared Files\brs.exe[628] USER32.dll!UnhookWindowsHookEx + 4                                  7E37D5F7 1 Byte  [82]
.text           C:\Programme\Cyberlink\Shared Files\brs.exe[628] USER32.dll!SetWindowsHookExA                                        7E381211 5 Bytes  JMP 003800A8 
.text           C:\Programme\Cyberlink\Shared Files\brs.exe[628] USER32.dll!SetWinEventHook                                          7E3817F7 5 Bytes  JMP 00380030 
.text           C:\Programme\Cyberlink\Shared Files\brs.exe[628] USER32.dll!UnhookWinEvent                                           7E3818AC 5 Bytes  JMP 0038006C 
.text           C:\Programme\Cyberlink\Shared Files\brs.exe[628] ADVAPI32.dll!SetServiceObjectSecurity                               77E06D81 3 Bytes  JMP 003901D4 
.text           C:\Programme\Cyberlink\Shared Files\brs.exe[628] ADVAPI32.dll!SetServiceObjectSecurity + 4                           77E06D85 1 Byte  [88]
.text           C:\Programme\Cyberlink\Shared Files\brs.exe[628] ADVAPI32.dll!ChangeServiceConfigA                                   77E06E69 5 Bytes  JMP 003900E4 
.text           C:\Programme\Cyberlink\Shared Files\brs.exe[628] ADVAPI32.dll!ChangeServiceConfigW                                   77E07001 5 Bytes  JMP 00390120 
.text           C:\Programme\Cyberlink\Shared Files\brs.exe[628] ADVAPI32.dll!ChangeServiceConfig2A                                  77E07101 5 Bytes  JMP 0039015C 
.text           C:\Programme\Cyberlink\Shared Files\brs.exe[628] ADVAPI32.dll!ChangeServiceConfig2W                                  77E07189 5 Bytes  JMP 00390198 
.text           C:\Programme\Cyberlink\Shared Files\brs.exe[628] ADVAPI32.dll!CreateServiceA                                         77E07211 5 Bytes  JMP 00390030 
.text           C:\Programme\Cyberlink\Shared Files\brs.exe[628] ADVAPI32.dll!CreateServiceW                                         77E073A9 5 Bytes  JMP 0039006C 
.text           C:\Programme\Cyberlink\Shared Files\brs.exe[628] ADVAPI32.dll!DeleteService                                          77E074B1 5 Bytes  JMP 003900A8 
.text           C:\WINDOWS\system32\winlogon.exe[816] ntdll.dll!LdrLoadDll                                                           7C92632D 5 Bytes  JMP 00070030 
.text           C:\WINDOWS\system32\winlogon.exe[816] ntdll.dll!LdrUnloadDll                                                         7C9271CD 5 Bytes  JMP 0007006C 
.text           C:\WINDOWS\system32\winlogon.exe[816] ADVAPI32.dll!SetServiceObjectSecurity                                          77E06D81 5 Bytes  JMP 002B01D4 
.text           C:\WINDOWS\system32\winlogon.exe[816] ADVAPI32.dll!ChangeServiceConfigA                                              77E06E69 5 Bytes  JMP 002B00E4 
.text           C:\WINDOWS\system32\winlogon.exe[816] ADVAPI32.dll!ChangeServiceConfigW                                              77E07001 5 Bytes  JMP 002B0120 
.text           C:\WINDOWS\system32\winlogon.exe[816] ADVAPI32.dll!ChangeServiceConfig2A                                             77E07101 5 Bytes  JMP 002B015C 
.text           C:\WINDOWS\system32\winlogon.exe[816] ADVAPI32.dll!ChangeServiceConfig2W                                             77E07189 5 Bytes  JMP 002B0198 
.text           C:\WINDOWS\system32\winlogon.exe[816] ADVAPI32.dll!CreateServiceA                                                    77E07211 5 Bytes  JMP 002B0030 
.text           C:\WINDOWS\system32\winlogon.exe[816] ADVAPI32.dll!CreateServiceW                                                    77E073A9 5 Bytes  JMP 002B006C 
.text           C:\WINDOWS\system32\winlogon.exe[816] ADVAPI32.dll!DeleteService                                                     77E074B1 5 Bytes  JMP 002B00A8 
.text           C:\WINDOWS\system32\winlogon.exe[816] USER32.dll!SetWindowsHookExW                                                   7E37820F 5 Bytes  JMP 002C00E4 
.text           C:\WINDOWS\system32\winlogon.exe[816] USER32.dll!UnhookWindowsHookEx                                                 7E37D5F3 5 Bytes  JMP 002C0120 
.text           C:\WINDOWS\system32\winlogon.exe[816] USER32.dll!SetWindowsHookExA                                                   7E381211 5 Bytes  JMP 002C00A8 
.text           C:\WINDOWS\system32\winlogon.exe[816] USER32.dll!SetWinEventHook                                                     7E3817F7 5 Bytes  JMP 002C0030 
.text           C:\WINDOWS\system32\winlogon.exe[816] USER32.dll!UnhookWinEvent                                                      7E3818AC 5 Bytes  JMP 002C006C 
.text           C:\WINDOWS\system32\services.exe[860] ntdll.dll!LdrLoadDll                                                           7C92632D 5 Bytes  JMP 00090030 
.text           C:\WINDOWS\system32\services.exe[860] ntdll.dll!LdrUnloadDll                                                         7C9271CD 5 Bytes  JMP 0009006C 
.text           C:\WINDOWS\system32\services.exe[860] ADVAPI32.dll!SetServiceObjectSecurity                                          77E06D81 5 Bytes  JMP 002B01D4 
.text           C:\WINDOWS\system32\services.exe[860] ADVAPI32.dll!ChangeServiceConfigA                                              77E06E69 5 Bytes  JMP 002B00E4 
.text           C:\WINDOWS\system32\services.exe[860] ADVAPI32.dll!ChangeServiceConfigW                                              77E07001 5 Bytes  JMP 002B0120 
.text           C:\WINDOWS\system32\services.exe[860] ADVAPI32.dll!ChangeServiceConfig2A                                             77E07101 5 Bytes  JMP 002B015C 
.text           C:\WINDOWS\system32\services.exe[860] ADVAPI32.dll!ChangeServiceConfig2W                                             77E07189 5 Bytes  JMP 002B0198 
.text           C:\WINDOWS\system32\services.exe[860] ADVAPI32.dll!CreateServiceA                                                    77E07211 5 Bytes  JMP 002B0030 
.text           C:\WINDOWS\system32\services.exe[860] ADVAPI32.dll!CreateServiceW                                                    77E073A9 5 Bytes  JMP 002B006C 
.text           C:\WINDOWS\system32\services.exe[860] ADVAPI32.dll!DeleteService                                                     77E074B1 5 Bytes  JMP 002B00A8 
.text           C:\WINDOWS\system32\services.exe[860] USER32.dll!SetWindowsHookExW                                                   7E37820F 5 Bytes  JMP 002C00E4 
.text           C:\WINDOWS\system32\services.exe[860] USER32.dll!UnhookWindowsHookEx                                                 7E37D5F3 5 Bytes  JMP 002C0120 
.text           C:\WINDOWS\system32\services.exe[860] USER32.dll!SetWindowsHookExA                                                   7E381211 5 Bytes  JMP 002C00A8 
.text           C:\WINDOWS\system32\services.exe[860] USER32.dll!SetWinEventHook                                                     7E3817F7 5 Bytes  JMP 002C0030 
.text           C:\WINDOWS\system32\services.exe[860] USER32.dll!UnhookWinEvent                                                      7E3818AC 5 Bytes  JMP 002C006C 
.text           C:\WINDOWS\system32\lsass.exe[872] ntdll.dll!LdrLoadDll                                                              7C92632D 5 Bytes  JMP 00090030 
.text           C:\WINDOWS\system32\lsass.exe[872] ntdll.dll!LdrUnloadDll                                                            7C9271CD 5 Bytes  JMP 0009006C 
.text           C:\WINDOWS\system32\lsass.exe[872] ADVAPI32.dll!SetServiceObjectSecurity                                             77E06D81 5 Bytes  JMP 002B01D4 
.text           C:\WINDOWS\system32\lsass.exe[872] ADVAPI32.dll!ChangeServiceConfigA                                                 77E06E69 5 Bytes  JMP 002B00E4 
.text           C:\WINDOWS\system32\lsass.exe[872] ADVAPI32.dll!ChangeServiceConfigW                                                 77E07001 5 Bytes  JMP 002B0120 
.text           C:\WINDOWS\system32\lsass.exe[872] ADVAPI32.dll!ChangeServiceConfig2A                                                77E07101 5 Bytes  JMP 002B015C 
.text           C:\WINDOWS\system32\lsass.exe[872] ADVAPI32.dll!ChangeServiceConfig2W                                                77E07189 5 Bytes  JMP 002B0198 
.text           C:\WINDOWS\system32\lsass.exe[872] ADVAPI32.dll!CreateServiceA                                                       77E07211 5 Bytes  JMP 002B0030 
.text           C:\WINDOWS\system32\lsass.exe[872] ADVAPI32.dll!CreateServiceW                                                       77E073A9 5 Bytes  JMP 002B006C 
.text           C:\WINDOWS\system32\lsass.exe[872] ADVAPI32.dll!DeleteService                                                        77E074B1 5 Bytes  JMP 002B00A8 
.text           C:\WINDOWS\system32\lsass.exe[872] USER32.dll!SetWindowsHookExW                                                      7E37820F 5 Bytes  JMP 002C00E4 
.text           C:\WINDOWS\system32\lsass.exe[872] USER32.dll!UnhookWindowsHookEx                                                    7E37D5F3 5 Bytes  JMP 002C0120 
.text           C:\WINDOWS\system32\lsass.exe[872] USER32.dll!SetWindowsHookExA                                                      7E381211 5 Bytes  JMP 002C00A8 
.text           C:\WINDOWS\system32\lsass.exe[872] USER32.dll!SetWinEventHook                                                        7E3817F7 5 Bytes  JMP 002C0030 
.text           C:\WINDOWS\system32\lsass.exe[872] USER32.dll!UnhookWinEvent                                                         7E3818AC 5 Bytes  JMP 002C006C 
.text           C:\WINDOWS\system32\nvsvc32.exe[1048] ntdll.dll!LdrLoadDll                                                           7C92632D 5 Bytes  JMP 00150030 
.text           C:\WINDOWS\system32\nvsvc32.exe[1048] ntdll.dll!LdrUnloadDll                                                         7C9271CD 5 Bytes  JMP 0015006C 
.text           C:\WINDOWS\system32\nvsvc32.exe[1048] ADVAPI32.dll!SetServiceObjectSecurity                                          77E06D81 3 Bytes  JMP 003901D4 
.text           C:\WINDOWS\system32\nvsvc32.exe[1048] ADVAPI32.dll!SetServiceObjectSecurity + 4                                      77E06D85 1 Byte  [88]
.text           C:\WINDOWS\system32\nvsvc32.exe[1048] ADVAPI32.dll!ChangeServiceConfigA                                              77E06E69 5 Bytes  JMP 003900E4 
.text           C:\WINDOWS\system32\nvsvc32.exe[1048] ADVAPI32.dll!ChangeServiceConfigW                                              77E07001 5 Bytes  JMP 00390120 
.text           C:\WINDOWS\system32\nvsvc32.exe[1048] ADVAPI32.dll!ChangeServiceConfig2A                                             77E07101 5 Bytes  JMP 0039015C 
.text           C:\WINDOWS\system32\nvsvc32.exe[1048] ADVAPI32.dll!ChangeServiceConfig2W                                             77E07189 5 Bytes  JMP 00390198 
.text           C:\WINDOWS\system32\nvsvc32.exe[1048] ADVAPI32.dll!CreateServiceA                                                    77E07211 5 Bytes  JMP 00390030 
.text           C:\WINDOWS\system32\nvsvc32.exe[1048] ADVAPI32.dll!CreateServiceW                                                    77E073A9 5 Bytes  JMP 0039006C 
.text           C:\WINDOWS\system32\nvsvc32.exe[1048] ADVAPI32.dll!DeleteService                                                     77E074B1 5 Bytes  JMP 003900A8 
.text           C:\WINDOWS\system32\nvsvc32.exe[1048] USER32.dll!SetWindowsHookExW                                                   7E37820F 5 Bytes  JMP 003A00E4 
.text           C:\WINDOWS\system32\nvsvc32.exe[1048] USER32.dll!UnhookWindowsHookEx                                                 7E37D5F3 5 Bytes  JMP 003A0120 
.text           C:\WINDOWS\system32\nvsvc32.exe[1048] USER32.dll!SetWindowsHookExA                                                   7E381211 5 Bytes  JMP 003A00A8 
.text           C:\WINDOWS\system32\nvsvc32.exe[1048] USER32.dll!SetWinEventHook                                                     7E3817F7 5 Bytes  JMP 003A0030 
.text           C:\WINDOWS\system32\nvsvc32.exe[1048] USER32.dll!UnhookWinEvent                                                      7E3818AC 5 Bytes  JMP 003A006C 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1084] ntdll.dll!LdrLoadDll                                                        7C92632D 5 Bytes  JMP 00150030 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1084] ntdll.dll!LdrUnloadDll                                                      7C9271CD 5 Bytes  JMP 0015006C 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1084] ADVAPI32.dll!SetServiceObjectSecurity                                       77E06D81 3 Bytes  JMP 003901D4 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1084] ADVAPI32.dll!SetServiceObjectSecurity + 4                                   77E06D85 1 Byte  [88]
.text           C:\Programme\Java\jre6\bin\jqs.exe[1084] ADVAPI32.dll!ChangeServiceConfigA                                           77E06E69 5 Bytes  JMP 003900E4 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1084] ADVAPI32.dll!ChangeServiceConfigW                                           77E07001 5 Bytes  JMP 00390120 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1084] ADVAPI32.dll!ChangeServiceConfig2A                                          77E07101 5 Bytes  JMP 0039015C 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1084] ADVAPI32.dll!ChangeServiceConfig2W                                          77E07189 5 Bytes  JMP 00390198 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1084] ADVAPI32.dll!CreateServiceA                                                 77E07211 5 Bytes  JMP 00390030 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1084] ADVAPI32.dll!CreateServiceW                                                 77E073A9 5 Bytes  JMP 0039006C 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1084] ADVAPI32.dll!DeleteService                                                  77E074B1 5 Bytes  JMP 003900A8 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1084] USER32.dll!SetWindowsHookExW                                                7E37820F 5 Bytes  JMP 003A00E4 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1084] USER32.dll!UnhookWindowsHookEx                                              7E37D5F3 5 Bytes  JMP 003A0120 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1084] USER32.dll!SetWindowsHookExA                                                7E381211 5 Bytes  JMP 003A00A8 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1084] USER32.dll!SetWinEventHook                                                  7E3817F7 5 Bytes  JMP 003A0030 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1084] USER32.dll!UnhookWinEvent                                                   7E3818AC 5 Bytes  JMP 003A006C 
.text           C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!LdrLoadDll                                                           7C92632D 5 Bytes  JMP 00090030 
.text           C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!LdrUnloadDll                                                         7C9271CD 5 Bytes  JMP 0009006C 
.text           C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!SetServiceObjectSecurity                                          77E06D81 5 Bytes  JMP 002B01D4 
.text           C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!ChangeServiceConfigA                                              77E06E69 5 Bytes  JMP 002B00E4 
.text           C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!ChangeServiceConfigW                                              77E07001 5 Bytes  JMP 002B0120 
.text           C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!ChangeServiceConfig2A                                             77E07101 5 Bytes  JMP 002B015C 
.text           C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!ChangeServiceConfig2W                                             77E07189 5 Bytes  JMP 002B0198 
.text           C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!CreateServiceA                                                    77E07211 5 Bytes  JMP 002B0030 
.text           C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!CreateServiceW                                                    77E073A9 5 Bytes  JMP 002B006C 
.text           C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!DeleteService                                                     77E074B1 5 Bytes  JMP 002B00A8 
.text           C:\WINDOWS\system32\svchost.exe[1120] USER32.dll!SetWindowsHookExW                                                   7E37820F 5 Bytes  JMP 002C00E4 
.text           C:\WINDOWS\system32\svchost.exe[1120] USER32.dll!UnhookWindowsHookEx                                                 7E37D5F3 5 Bytes  JMP 002C0120 
.text           C:\WINDOWS\system32\svchost.exe[1120] USER32.dll!SetWindowsHookExA                                                   7E381211 5 Bytes  JMP 002C00A8 
.text           C:\WINDOWS\system32\svchost.exe[1120] USER32.dll!SetWinEventHook                                                     7E3817F7 5 Bytes  JMP 002C0030 
.text           C:\WINDOWS\system32\svchost.exe[1120] USER32.dll!UnhookWinEvent                                                      7E3818AC 5 Bytes  JMP 002C006C 
.text           C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!LdrLoadDll                                                           7C92632D 5 Bytes  JMP 00090030 
.text           C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!LdrUnloadDll                                                         7C9271CD 5 Bytes  JMP 0009006C 
.text           C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!SetServiceObjectSecurity                                          77E06D81 5 Bytes  JMP 002B01D4 
.text           C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!ChangeServiceConfigA                                              77E06E69 5 Bytes  JMP 002B00E4 
.text           C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!ChangeServiceConfigW                                              77E07001 5 Bytes  JMP 002B0120 
.text           C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!ChangeServiceConfig2A                                             77E07101 5 Bytes  JMP 002B015C 
.text           C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!ChangeServiceConfig2W                                             77E07189 5 Bytes  JMP 002B0198 
.text           C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!CreateServiceA                                                    77E07211 5 Bytes  JMP 002B0030 
.text           C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!CreateServiceW                                                    77E073A9 5 Bytes  JMP 002B006C 
.text           C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!DeleteService                                                     77E074B1 5 Bytes  JMP 002B00A8 
.text           C:\WINDOWS\system32\svchost.exe[1188] USER32.dll!SetWindowsHookExW                                                   7E37820F 5 Bytes  JMP 002C00E4 
.text           C:\WINDOWS\system32\svchost.exe[1188] USER32.dll!UnhookWindowsHookEx                                                 7E37D5F3 5 Bytes  JMP 002C0120 
.text           C:\WINDOWS\system32\svchost.exe[1188] USER32.dll!SetWindowsHookExA                                                   7E381211 5 Bytes  JMP 002C00A8 
.text           C:\WINDOWS\system32\svchost.exe[1188] USER32.dll!SetWinEventHook                                                     7E3817F7 5 Bytes  JMP 002C0030 
.text           C:\WINDOWS\system32\svchost.exe[1188] USER32.dll!UnhookWinEvent                                                      7E3818AC 5 Bytes  JMP 002C006C 
.text           C:\WINDOWS\system32\spoolsv.exe[1224] ntdll.dll!LdrLoadDll                                                           7C92632D 5 Bytes  JMP 00090030 
.text           C:\WINDOWS\system32\spoolsv.exe[1224] ntdll.dll!LdrUnloadDll                                                         7C9271CD 5 Bytes  JMP 0009006C 
.text           C:\WINDOWS\system32\spoolsv.exe[1224] ADVAPI32.dll!SetServiceObjectSecurity                                          77E06D81 5 Bytes  JMP 002B01D4 
.text           C:\WINDOWS\system32\spoolsv.exe[1224] ADVAPI32.dll!ChangeServiceConfigA                                              77E06E69 5 Bytes  JMP 002B00E4 
.text           C:\WINDOWS\system32\spoolsv.exe[1224] ADVAPI32.dll!ChangeServiceConfigW                                              77E07001 5 Bytes  JMP 002B0120 
.text           C:\WINDOWS\system32\spoolsv.exe[1224] ADVAPI32.dll!ChangeServiceConfig2A                                             77E07101 5 Bytes  JMP 002B015C 
.text           C:\WINDOWS\system32\spoolsv.exe[1224] ADVAPI32.dll!ChangeServiceConfig2W                                             77E07189 5 Bytes  JMP 002B0198 
.text           C:\WINDOWS\system32\spoolsv.exe[1224] ADVAPI32.dll!CreateServiceA                                                    77E07211 5 Bytes  JMP 002B0030 
.text           C:\WINDOWS\system32\spoolsv.exe[1224] ADVAPI32.dll!CreateServiceW                                                    77E073A9 5 Bytes  JMP 002B006C 
.text           C:\WINDOWS\system32\spoolsv.exe[1224] ADVAPI32.dll!DeleteService                                                     77E074B1 5 Bytes  JMP 002B00A8 
.text           C:\WINDOWS\system32\spoolsv.exe[1224] USER32.dll!SetWindowsHookExW                                                   7E37820F 5 Bytes  JMP 002C00E4 
.text           C:\WINDOWS\system32\spoolsv.exe[1224] USER32.dll!UnhookWindowsHookEx                                                 7E37D5F3 5 Bytes  JMP 002C0120 
.text           C:\WINDOWS\system32\spoolsv.exe[1224] USER32.dll!SetWindowsHookExA                                                   7E381211 5 Bytes  JMP 002C00A8 
.text           C:\WINDOWS\system32\spoolsv.exe[1224] USER32.dll!SetWinEventHook                                                     7E3817F7 5 Bytes  JMP 002C0030 
.text           C:\WINDOWS\system32\spoolsv.exe[1224] USER32.dll!UnhookWinEvent                                                      7E3818AC 5 Bytes  JMP 002C006C 
.text           C:\WINDOWS\System32\svchost.exe[1284] ntdll.dll!LdrLoadDll                                                           7C92632D 5 Bytes  JMP 00090030 
.text           C:\WINDOWS\System32\svchost.exe[1284] ntdll.dll!LdrUnloadDll                                                         7C9271CD 5 Bytes  JMP 0009006C 
.text           C:\WINDOWS\System32\svchost.exe[1284] ADVAPI32.dll!SetServiceObjectSecurity                                          77E06D81 5 Bytes  JMP 002B01D4 
.text           C:\WINDOWS\System32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfigA                                              77E06E69 5 Bytes  JMP 002B00E4 
.text           C:\WINDOWS\System32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfigW                                              77E07001 5 Bytes  JMP 002B0120 
.text           C:\WINDOWS\System32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfig2A                                             77E07101 5 Bytes  JMP 002B015C 
.text           C:\WINDOWS\System32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfig2W                                             77E07189 5 Bytes  JMP 002B0198 
.text           C:\WINDOWS\System32\svchost.exe[1284] ADVAPI32.dll!CreateServiceA                                                    77E07211 5 Bytes  JMP 002B0030 
.text           C:\WINDOWS\System32\svchost.exe[1284] ADVAPI32.dll!CreateServiceW                                                    77E073A9 5 Bytes  JMP 002B006C 
.text           C:\WINDOWS\System32\svchost.exe[1284] ADVAPI32.dll!DeleteService                                                     77E074B1 5 Bytes  JMP 002B00A8 
.text           C:\WINDOWS\System32\svchost.exe[1284] USER32.dll!SetWindowsHookExW                                                   7E37820F 5 Bytes  JMP 002C00E4 
.text           C:\WINDOWS\System32\svchost.exe[1284] USER32.dll!UnhookWindowsHookEx                                                 7E37D5F3 5 Bytes  JMP 002C0120 
.text           C:\WINDOWS\System32\svchost.exe[1284] USER32.dll!SetWindowsHookExA                                                   7E381211 5 Bytes  JMP 002C00A8 
.text           C:\WINDOWS\System32\svchost.exe[1284] USER32.dll!SetWinEventHook                                                     7E3817F7 5 Bytes  JMP 002C0030 
.text           C:\WINDOWS\System32\svchost.exe[1284] USER32.dll!UnhookWinEvent                                                      7E3818AC 5 Bytes  JMP 002C006C 
.text           C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!LdrLoadDll                                                           7C92632D 5 Bytes  JMP 00090030 
.text           C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!LdrUnloadDll                                                         7C9271CD 5 Bytes  JMP 0009006C 
.text           C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!SetServiceObjectSecurity                                          77E06D81 5 Bytes  JMP 002B01D4 
.text           C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!ChangeServiceConfigA                                              77E06E69 5 Bytes  JMP 002B00E4 
.text           C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!ChangeServiceConfigW                                              77E07001 5 Bytes  JMP 002B0120 
.text           C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!ChangeServiceConfig2A                                             77E07101 5 Bytes  JMP 002B015C 
.text           C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!ChangeServiceConfig2W                                             77E07189 5 Bytes  JMP 002B0198 
.text           C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!CreateServiceA                                                    77E07211 5 Bytes  JMP 002B0030 
.text           C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!CreateServiceW                                                    77E073A9 5 Bytes  JMP 002B006C 
.text           C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!DeleteService                                                     77E074B1 5 Bytes  JMP 002B00A8 
.text           C:\WINDOWS\system32\svchost.exe[1376] USER32.dll!SetWindowsHookExW                                                   7E37820F 5 Bytes  JMP 002C00E4 
.text           C:\WINDOWS\system32\svchost.exe[1376] USER32.dll!UnhookWindowsHookEx                                                 7E37D5F3 5 Bytes  JMP 002C0120 
.text           C:\WINDOWS\system32\svchost.exe[1376] USER32.dll!SetWindowsHookExA                                                   7E381211 5 Bytes  JMP 002C00A8 
.text           C:\WINDOWS\system32\svchost.exe[1376] USER32.dll!SetWinEventHook                                                     7E3817F7 5 Bytes  JMP 002C0030 
.text           C:\WINDOWS\system32\svchost.exe[1376] USER32.dll!UnhookWinEvent                                                      7E3818AC 5 Bytes  JMP 002C006C 
.text           C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!LdrLoadDll                                                           7C92632D 5 Bytes  JMP 00090030 
.text           C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!LdrUnloadDll                                                         7C9271CD 5 Bytes  JMP 0009006C 
.text           C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!SetServiceObjectSecurity                                          77E06D81 5 Bytes  JMP 002B01D4 
.text           C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!ChangeServiceConfigA                                              77E06E69 5 Bytes  JMP 002B00E4 
.text           C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!ChangeServiceConfigW                                              77E07001 5 Bytes  JMP 002B0120 
.text           C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!ChangeServiceConfig2A                                             77E07101 5 Bytes  JMP 002B015C 
.text           C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!ChangeServiceConfig2W                                             77E07189 5 Bytes  JMP 002B0198 
.text           C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!CreateServiceA                                                    77E07211 5 Bytes  JMP 002B0030 
.text           C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!CreateServiceW                                                    77E073A9 5 Bytes  JMP 002B006C 
.text           C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!DeleteService                                                     77E074B1 5 Bytes  JMP 002B00A8 
.text           C:\WINDOWS\system32\svchost.exe[1488] USER32.dll!SetWindowsHookExW                                                   7E37820F 5 Bytes  JMP 002C00E4 
.text           C:\WINDOWS\system32\svchost.exe[1488] USER32.dll!UnhookWindowsHookEx                                                 7E37D5F3 5 Bytes  JMP 002C0120 
.text           C:\WINDOWS\system32\svchost.exe[1488] USER32.dll!SetWindowsHookExA                                                   7E381211 5 Bytes  JMP 002C00A8 
.text           C:\WINDOWS\system32\svchost.exe[1488] USER32.dll!SetWinEventHook                                                     7E3817F7 5 Bytes  JMP 002C0030 
.text           C:\WINDOWS\system32\svchost.exe[1488] USER32.dll!UnhookWinEvent                                                      7E3818AC 5 Bytes  JMP 002C006C 
.text           C:\WINDOWS\system32\svchost.exe[1616] ntdll.dll!LdrLoadDll                                                           7C92632D 5 Bytes  JMP 00090030 
.text           C:\WINDOWS\system32\svchost.exe[1616] ntdll.dll!LdrUnloadDll                                                         7C9271CD 5 Bytes  JMP 0009006C 
.text           C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!SetServiceObjectSecurity                                          77E06D81 5 Bytes  JMP 002B01D4 
.text           C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!ChangeServiceConfigA                                              77E06E69 5 Bytes  JMP 002B00E4 
.text           C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!ChangeServiceConfigW                                              77E07001 5 Bytes  JMP 002B0120 
.text           C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!ChangeServiceConfig2A                                             77E07101 5 Bytes  JMP 002B015C 
.text           C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!ChangeServiceConfig2W                                             77E07189 5 Bytes  JMP 002B0198 
.text           C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!CreateServiceA                                                    77E07211 5 Bytes  JMP 002B0030 
.text           C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!CreateServiceW                                                    77E073A9 5 Bytes  JMP 002B006C 
.text           C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!DeleteService                                                     77E074B1 5 Bytes  JMP 002B00A8 
.text           C:\WINDOWS\system32\svchost.exe[1616] USER32.dll!SetWindowsHookExW                                                   7E37820F 5 Bytes  JMP 002C00E4 
.text           C:\WINDOWS\system32\svchost.exe[1616] USER32.dll!UnhookWindowsHookEx                                                 7E37D5F3 5 Bytes  JMP 002C0120 
.text           C:\WINDOWS\system32\svchost.exe[1616] USER32.dll!SetWindowsHookExA                                                   7E381211 5 Bytes  JMP 002C00A8 
.text           C:\WINDOWS\system32\svchost.exe[1616] USER32.dll!SetWinEventHook                                                     7E3817F7 5 Bytes  JMP 002C0030 
.text           C:\WINDOWS\system32\svchost.exe[1616] USER32.dll!UnhookWinEvent                                                      7E3818AC 5 Bytes  JMP 002C006C 
.text           C:\WINDOWS\Explorer.EXE[1712] ntdll.dll!LdrLoadDll                                                                   7C92632D 5 Bytes  JMP 00090030 
.text           C:\WINDOWS\Explorer.EXE[1712] ntdll.dll!LdrUnloadDll                                                                 7C9271CD 5 Bytes  JMP 0009006C 
.text           C:\WINDOWS\Explorer.EXE[1712] ADVAPI32.dll!SetServiceObjectSecurity                                                  77E06D81 5 Bytes  JMP 002C01D4 
.text           C:\WINDOWS\Explorer.EXE[1712] ADVAPI32.dll!ChangeServiceConfigA                                                      77E06E69 5 Bytes  JMP 002C00E4 
.text           C:\WINDOWS\Explorer.EXE[1712] ADVAPI32.dll!ChangeServiceConfigW                                                      77E07001 5 Bytes  JMP 002C0120 
.text           C:\WINDOWS\Explorer.EXE[1712] ADVAPI32.dll!ChangeServiceConfig2A                                                     77E07101 5 Bytes  JMP 002C015C 
.text           C:\WINDOWS\Explorer.EXE[1712] ADVAPI32.dll!ChangeServiceConfig2W                                                     77E07189 5 Bytes  JMP 002C0198 
.text           C:\WINDOWS\Explorer.EXE[1712] ADVAPI32.dll!CreateServiceA                                                            77E07211 5 Bytes  JMP 002C0030 
.text           C:\WINDOWS\Explorer.EXE[1712] ADVAPI32.dll!CreateServiceW                                                            77E073A9 5 Bytes  JMP 002C006C 
.text           C:\WINDOWS\Explorer.EXE[1712] ADVAPI32.dll!DeleteService                                                             77E074B1 5 Bytes  JMP 002C00A8 
.text           C:\WINDOWS\Explorer.EXE[1712] USER32.dll!SetWindowsHookExW                                                           7E37820F 5 Bytes  JMP 002D00E4 
.text           C:\WINDOWS\Explorer.EXE[1712] USER32.dll!UnhookWindowsHookEx                                                         7E37D5F3 5 Bytes  JMP 002D0120 
.text           C:\WINDOWS\Explorer.EXE[1712] USER32.dll!SetWindowsHookExA                                                           7E381211 5 Bytes  JMP 002D00A8 
.text           C:\WINDOWS\Explorer.EXE[1712] USER32.dll!SetWinEventHook                                                             7E3817F7 5 Bytes  JMP 002D0030 
.text           C:\WINDOWS\Explorer.EXE[1712] USER32.dll!UnhookWinEvent                                                              7E3818AC 5 Bytes  JMP 002D006C 
.text           C:\Programme\Alwil Software\Avast5\AvastSvc.exe[1844] kernel32.dll!SetUnhandledExceptionFilter                       7C84495D 4 Bytes  [C2, 04, 00, 90] {RET 0x4; NOP }
.text           C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2040] ntdll.dll!LdrLoadDll                                    7C92632D 5 Bytes  JMP 00150030 
.text           C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2040] ntdll.dll!LdrUnloadDll                                  7C9271CD 5 Bytes  JMP 0015006C 
.text           C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2040] ADVAPI32.dll!SetServiceObjectSecurity                   77E06D81 5 Bytes  JMP 003B01D4 
.text           C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2040] ADVAPI32.dll!ChangeServiceConfigA                       77E06E69 5 Bytes  JMP 003B00E4 
.text           C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2040] ADVAPI32.dll!ChangeServiceConfigW                       77E07001 5 Bytes  JMP 003B0120 
.text           C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2040] ADVAPI32.dll!ChangeServiceConfig2A                      77E07101 5 Bytes  JMP 003B015C 
.text           C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2040] ADVAPI32.dll!ChangeServiceConfig2W                      77E07189 5 Bytes  JMP 003B0198 
.text           C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2040] ADVAPI32.dll!CreateServiceA                             77E07211 5 Bytes  JMP 003B0030 
.text           C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2040] ADVAPI32.dll!CreateServiceW                             77E073A9 5 Bytes  JMP 003B006C 
.text           C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2040] ADVAPI32.dll!DeleteService                              77E074B1 5 Bytes  JMP 003B00A8 
.text           C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2040] USER32.dll!SetWindowsHookExW                            7E37820F 5 Bytes  JMP 003C00E4 
.text           C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2040] USER32.dll!UnhookWindowsHookEx                          7E37D5F3 5 Bytes  JMP 003C0120 
.text           C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2040] USER32.dll!SetWindowsHookExA                            7E381211 5 Bytes  JMP 003C00A8 
.text           C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2040] USER32.dll!SetWinEventHook                              7E3817F7 5 Bytes  JMP 003C0030 
.text           C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2040] USER32.dll!UnhookWinEvent                               7E3818AC 5 Bytes  JMP 003C006C 
.text           D:\downloads\vjmycum3.exe[2176] ntdll.dll!LdrLoadDll                                                                 7C92632D 5 Bytes  JMP 00150030 
.text           D:\downloads\vjmycum3.exe[2176] ntdll.dll!LdrUnloadDll                                                               7C9271CD 5 Bytes  JMP 0015006C 
.text           D:\downloads\vjmycum3.exe[2176] ADVAPI32.dll!SetServiceObjectSecurity                                                77E06D81 5 Bytes  JMP 029401D4 
.text           D:\downloads\vjmycum3.exe[2176] ADVAPI32.dll!ChangeServiceConfigA                                                    77E06E69 5 Bytes  JMP 029400E4 
.text           D:\downloads\vjmycum3.exe[2176] ADVAPI32.dll!ChangeServiceConfigW                                                    77E07001 5 Bytes  JMP 02940120 
.text           D:\downloads\vjmycum3.exe[2176] ADVAPI32.dll!ChangeServiceConfig2A                                                   77E07101 5 Bytes  JMP 0294015C 
.text           D:\downloads\vjmycum3.exe[2176] ADVAPI32.dll!ChangeServiceConfig2W                                                   77E07189 5 Bytes  JMP 02940198 
.text           D:\downloads\vjmycum3.exe[2176] ADVAPI32.dll!CreateServiceA                                                          77E07211 5 Bytes  JMP 02940030 
.text           D:\downloads\vjmycum3.exe[2176] ADVAPI32.dll!CreateServiceW                                                          77E073A9 5 Bytes  JMP 0294006C 
.text           D:\downloads\vjmycum3.exe[2176] ADVAPI32.dll!DeleteService                                                           77E074B1 5 Bytes  JMP 029400A8 
.text           D:\downloads\vjmycum3.exe[2176] USER32.dll!SetWindowsHookExW                                                         7E37820F 5 Bytes  JMP 013100E4 
.text           D:\downloads\vjmycum3.exe[2176] USER32.dll!UnhookWindowsHookEx                                                       7E37D5F3 5 Bytes  JMP 01310120 
.text           D:\downloads\vjmycum3.exe[2176] USER32.dll!SetWindowsHookExA                                                         7E381211 5 Bytes  JMP 013100A8 
.text           D:\downloads\vjmycum3.exe[2176] USER32.dll!SetWinEventHook                                                           7E3817F7 5 Bytes  JMP 01310030 
.text           D:\downloads\vjmycum3.exe[2176] USER32.dll!UnhookWinEvent                                                            7E3818AC 5 Bytes  JMP 0131006C 
.text           C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2236] ntdll.dll!LdrLoadDll                                  7C92632D 5 Bytes  JMP 00150030 
.text           C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2236] ntdll.dll!LdrUnloadDll                                7C9271CD 5 Bytes  JMP 0015006C 
.text           C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2236] USER32.dll!SetWindowsHookExW                          7E37820F 5 Bytes  JMP 003C00E4 
.text           C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2236] USER32.dll!UnhookWindowsHookEx                        7E37D5F3 5 Bytes  JMP 003C0120 
.text           C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2236] USER32.dll!SetWindowsHookExA                          7E381211 5 Bytes  JMP 003C00A8 
.text           C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2236] USER32.dll!SetWinEventHook                            7E3817F7 5 Bytes  JMP 003C0030 
.text           C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2236] USER32.dll!UnhookWinEvent                             7E3818AC 5 Bytes  JMP 003C006C 
.text           C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2236] ADVAPI32.dll!SetServiceObjectSecurity                 77E06D81 5 Bytes  JMP 003D01D4 
.text           C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2236] ADVAPI32.dll!ChangeServiceConfigA                     77E06E69 5 Bytes  JMP 003D00E4 
.text           C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2236] ADVAPI32.dll!ChangeServiceConfigW                     77E07001 5 Bytes  JMP 003D0120 
.text           C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2236] ADVAPI32.dll!ChangeServiceConfig2A                    77E07101 5 Bytes  JMP 003D015C 
.text           C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2236] ADVAPI32.dll!ChangeServiceConfig2W                    77E07189 5 Bytes  JMP 003D0198 
.text           C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2236] ADVAPI32.dll!CreateServiceA                           77E07211 5 Bytes  JMP 003D0030 
.text           C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2236] ADVAPI32.dll!CreateServiceW                           77E073A9 5 Bytes  JMP 003D006C 
.text           C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[2236] ADVAPI32.dll!DeleteService                            77E074B1 5 Bytes  JMP 003D00A8 
.text           C:\Programme\Nero\Update\NASvc.exe[2408] ntdll.dll!LdrLoadDll                                                        7C92632D 5 Bytes  JMP 00150030 
.text           C:\Programme\Nero\Update\NASvc.exe[2408] ntdll.dll!LdrUnloadDll                                                      7C9271CD 5 Bytes  JMP 0015006C 
.text           C:\Programme\Nero\Update\NASvc.exe[2408] USER32.dll!SetWindowsHookExW                                                7E37820F 5 Bytes  JMP 003900E4 
.text           C:\Programme\Nero\Update\NASvc.exe[2408] USER32.dll!UnhookWindowsHookEx                                              7E37D5F3 5 Bytes  JMP 00390120 
.text           C:\Programme\Nero\Update\NASvc.exe[2408] USER32.dll!SetWindowsHookExA                                                7E381211 5 Bytes  JMP 003900A8 
.text           C:\Programme\Nero\Update\NASvc.exe[2408] USER32.dll!SetWinEventHook                                                  7E3817F7 5 Bytes  JMP 00390030 
.text           C:\Programme\Nero\Update\NASvc.exe[2408] USER32.dll!UnhookWinEvent                                                   7E3818AC 3 Bytes  JMP 0039006C 
.text           C:\Programme\Nero\Update\NASvc.exe[2408] USER32.dll!UnhookWinEvent + 4                                               7E3818B0 1 Byte  [82]
.text           C:\Programme\Nero\Update\NASvc.exe[2408] ADVAPI32.dll!SetServiceObjectSecurity                                       77E06D81 5 Bytes  JMP 003A01D4 
.text           C:\Programme\Nero\Update\NASvc.exe[2408] ADVAPI32.dll!ChangeServiceConfigA                                           77E06E69 5 Bytes  JMP 003A00E4 
.text           C:\Programme\Nero\Update\NASvc.exe[2408] ADVAPI32.dll!ChangeServiceConfigW                                           77E07001 5 Bytes  JMP 003A0120 
.text           C:\Programme\Nero\Update\NASvc.exe[2408] ADVAPI32.dll!ChangeServiceConfig2A                                          77E07101 5 Bytes  JMP 003A015C 
.text           C:\Programme\Nero\Update\NASvc.exe[2408] ADVAPI32.dll!ChangeServiceConfig2W                                          77E07189 5 Bytes  JMP 003A0198 
.text           C:\Programme\Nero\Update\NASvc.exe[2408] ADVAPI32.dll!CreateServiceA                                                 77E07211 5 Bytes  JMP 003A0030 
.text           C:\Programme\Nero\Update\NASvc.exe[2408] ADVAPI32.dll!CreateServiceW                                                 77E073A9 5 Bytes  JMP 003A006C 
.text           C:\Programme\Nero\Update\NASvc.exe[2408] ADVAPI32.dll!DeleteService                                                  77E074B1 5 Bytes  JMP 003A00A8 
.text           C:\WINDOWS\system32\ctfmon.exe[2448] ntdll.dll!LdrLoadDll                                                            7C92632D 5 Bytes  JMP 000A0030 
.text           C:\WINDOWS\system32\ctfmon.exe[2448] ntdll.dll!LdrUnloadDll                                                          7C9271CD 5 Bytes  JMP 000A006C 
.text           C:\WINDOWS\system32\ctfmon.exe[2448] ADVAPI32.dll!SetServiceObjectSecurity                                           77E06D81 5 Bytes  JMP 002C01D4 
.text           C:\WINDOWS\system32\ctfmon.exe[2448] ADVAPI32.dll!ChangeServiceConfigA                                               77E06E69 5 Bytes  JMP 002C00E4 
.text           C:\WINDOWS\system32\ctfmon.exe[2448] ADVAPI32.dll!ChangeServiceConfigW                                               77E07001 5 Bytes  JMP 002C0120 
.text           C:\WINDOWS\system32\ctfmon.exe[2448] ADVAPI32.dll!ChangeServiceConfig2A                                              77E07101 5 Bytes  JMP 002C015C 
.text           C:\WINDOWS\system32\ctfmon.exe[2448] ADVAPI32.dll!ChangeServiceConfig2W                                              77E07189 5 Bytes  JMP 002C0198 
.text           C:\WINDOWS\system32\ctfmon.exe[2448] ADVAPI32.dll!CreateServiceA                                                     77E07211 5 Bytes  JMP 002C0030 
.text           C:\WINDOWS\system32\ctfmon.exe[2448] ADVAPI32.dll!CreateServiceW                                                     77E073A9 5 Bytes  JMP 002C006C 
.text           C:\WINDOWS\system32\ctfmon.exe[2448] ADVAPI32.dll!DeleteService                                                      77E074B1 5 Bytes  JMP 002C00A8 
.text           C:\WINDOWS\system32\ctfmon.exe[2448] USER32.dll!SetWindowsHookExW                                                    7E37820F 5 Bytes  JMP 002D00E4 
.text           C:\WINDOWS\system32\ctfmon.exe[2448] USER32.dll!UnhookWindowsHookEx                                                  7E37D5F3 5 Bytes  JMP 002D0120 
.text           C:\WINDOWS\system32\ctfmon.exe[2448] USER32.dll!SetWindowsHookExA                                                    7E381211 5 Bytes  JMP 002D00A8 
.text           C:\WINDOWS\system32\ctfmon.exe[2448] USER32.dll!SetWinEventHook                                                      7E3817F7 5 Bytes  JMP 002D0030 
.text           C:\WINDOWS\system32\ctfmon.exe[2448] USER32.dll!UnhookWinEvent                                                       7E3818AC 5 Bytes  JMP 002D006C 
.text           C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe[2668] ntdll.dll!LdrLoadDll                                    7C92632D 5 Bytes  JMP 00150030 
.text           C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe[2668] ntdll.dll!LdrUnloadDll                                  7C9271CD 5 Bytes  JMP 0015006C 
.text           C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe[2668] ADVAPI32.dll!SetServiceObjectSecurity                   77E06D81 3 Bytes  JMP 003901D4 
.text           C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe[2668] ADVAPI32.dll!SetServiceObjectSecurity + 4               77E06D85 1 Byte  [88]
.text           C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe[2668] ADVAPI32.dll!ChangeServiceConfigA                       77E06E69 5 Bytes  JMP 003900E4 
.text           C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe[2668] ADVAPI32.dll!ChangeServiceConfigW                       77E07001 5 Bytes  JMP 00390120 
.text           C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe[2668] ADVAPI32.dll!ChangeServiceConfig2A                      77E07101 5 Bytes  JMP 0039015C 
.text           C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe[2668] ADVAPI32.dll!ChangeServiceConfig2W                      77E07189 5 Bytes  JMP 00390198 
.text           C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe[2668] ADVAPI32.dll!CreateServiceA                             77E07211 5 Bytes  JMP 00390030 
.text           C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe[2668] ADVAPI32.dll!CreateServiceW                             77E073A9 5 Bytes  JMP 0039006C 
.text           C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe[2668] ADVAPI32.dll!DeleteService                              77E074B1 5 Bytes  JMP 003900A8 
.text           C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe[2668] USER32.dll!SetWindowsHookExW                            7E37820F 5 Bytes  JMP 003A00E4 
.text           C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe[2668] USER32.dll!UnhookWindowsHookEx                          7E37D5F3 5 Bytes  JMP 003A0120 
.text           C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe[2668] USER32.dll!SetWindowsHookExA                            7E381211 5 Bytes  JMP 003A00A8 
.text           C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe[2668] USER32.dll!SetWinEventHook                              7E3817F7 5 Bytes  JMP 003A0030 
.text           C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe[2668] USER32.dll!UnhookWinEvent                               7E3818AC 5 Bytes  JMP 003A006C 
.text           C:\WINDOWS\System32\alg.exe[2688] ntdll.dll!LdrLoadDll                                                               7C92632D 5 Bytes  JMP 00090030 
.text           C:\WINDOWS\System32\alg.exe[2688] ntdll.dll!LdrUnloadDll                                                             7C9271CD 5 Bytes  JMP 0009006C 
.text           C:\WINDOWS\System32\alg.exe[2688] USER32.dll!SetWindowsHookExW                                                       7E37820F 5 Bytes  JMP 002B00E4 
.text           C:\WINDOWS\System32\alg.exe[2688] USER32.dll!UnhookWindowsHookEx                                                     7E37D5F3 5 Bytes  JMP 002B0120 
.text           C:\WINDOWS\System32\alg.exe[2688] USER32.dll!SetWindowsHookExA                                                       7E381211 5 Bytes  JMP 002B00A8 
.text           C:\WINDOWS\System32\alg.exe[2688] USER32.dll!SetWinEventHook                                                         7E3817F7 5 Bytes  JMP 002B0030 
.text           C:\WINDOWS\System32\alg.exe[2688] USER32.dll!UnhookWinEvent                                                          7E3818AC 5 Bytes  JMP 002B006C 
.text           C:\WINDOWS\System32\alg.exe[2688] ADVAPI32.dll!SetServiceObjectSecurity                                              77E06D81 5 Bytes  JMP 002C01D4 
.text           C:\WINDOWS\System32\alg.exe[2688] ADVAPI32.dll!ChangeServiceConfigA                                                  77E06E69 5 Bytes  JMP 002C00E4 
.text           C:\WINDOWS\System32\alg.exe[2688] ADVAPI32.dll!ChangeServiceConfigW                                                  77E07001 5 Bytes  JMP 002C0120 
.text           C:\WINDOWS\System32\alg.exe[2688] ADVAPI32.dll!ChangeServiceConfig2A                                                 77E07101 5 Bytes  JMP 002C015C 
.text           C:\WINDOWS\System32\alg.exe[2688] ADVAPI32.dll!ChangeServiceConfig2W                                                 77E07189 5 Bytes  JMP 002C0198 
.text           C:\WINDOWS\System32\alg.exe[2688] ADVAPI32.dll!CreateServiceA                                                        77E07211 5 Bytes  JMP 002C0030 
.text           C:\WINDOWS\System32\alg.exe[2688] ADVAPI32.dll!CreateServiceW                                                        77E073A9 5 Bytes  JMP 002C006C 
.text           C:\WINDOWS\System32\alg.exe[2688] ADVAPI32.dll!DeleteService                                                         77E074B1 5 Bytes  JMP 002C00A8 
.text           C:\Programme\Cyberlink\Shared files\RichVideo.exe[2740] ntdll.dll!LdrLoadDll                                         7C92632D 5 Bytes  JMP 00150030 
.text           C:\Programme\Cyberlink\Shared files\RichVideo.exe[2740] ntdll.dll!LdrUnloadDll                                       7C9271CD 5 Bytes  JMP 0015006C 
.text           C:\Programme\Cyberlink\Shared files\RichVideo.exe[2740] USER32.dll!SetWindowsHookExW                                 7E37820F 5 Bytes  JMP 003900E4 
.text           C:\Programme\Cyberlink\Shared files\RichVideo.exe[2740] USER32.dll!UnhookWindowsHookEx                               7E37D5F3 5 Bytes  JMP 00390120 
.text           C:\Programme\Cyberlink\Shared files\RichVideo.exe[2740] USER32.dll!SetWindowsHookExA                                 7E381211 5 Bytes  JMP 003900A8 
.text           C:\Programme\Cyberlink\Shared files\RichVideo.exe[2740] USER32.dll!SetWinEventHook                                   7E3817F7 5 Bytes  JMP 00390030 
.text           C:\Programme\Cyberlink\Shared files\RichVideo.exe[2740] USER32.dll!UnhookWinEvent                                    7E3818AC 3 Bytes  JMP 0039006C 
.text           C:\Programme\Cyberlink\Shared files\RichVideo.exe[2740] USER32.dll!UnhookWinEvent + 4                                7E3818B0 1 Byte  [82]
.text           C:\Programme\Cyberlink\Shared files\RichVideo.exe[2740] ADVAPI32.dll!SetServiceObjectSecurity                        77E06D81 5 Bytes  JMP 003A01D4 
.text           C:\Programme\Cyberlink\Shared files\RichVideo.exe[2740] ADVAPI32.dll!ChangeServiceConfigA                            77E06E69 5 Bytes  JMP 003A00E4 
.text           C:\Programme\Cyberlink\Shared files\RichVideo.exe[2740] ADVAPI32.dll!ChangeServiceConfigW                            77E07001 5 Bytes  JMP 003A0120 
.text           C:\Programme\Cyberlink\Shared files\RichVideo.exe[2740] ADVAPI32.dll!ChangeServiceConfig2A                           77E07101 5 Bytes  JMP 003A015C 
.text           C:\Programme\Cyberlink\Shared files\RichVideo.exe[2740] ADVAPI32.dll!ChangeServiceConfig2W                           77E07189 5 Bytes  JMP 003A0198 
.text           C:\Programme\Cyberlink\Shared files\RichVideo.exe[2740] ADVAPI32.dll!CreateServiceA                                  77E07211 5 Bytes  JMP 003A0030 
.text           C:\Programme\Cyberlink\Shared files\RichVideo.exe[2740] ADVAPI32.dll!CreateServiceW                                  77E073A9 5 Bytes  JMP 003A006C 
.text           C:\Programme\Cyberlink\Shared files\RichVideo.exe[2740] ADVAPI32.dll!DeleteService                                   77E074B1 5 Bytes  JMP 003A00A8 
.text           C:\Programme\Mozilla Firefox\firefox.exe[2760] ntdll.dll!LdrLoadDll                                                  7C92632D 5 Bytes  JMP 00150030 
.text           C:\Programme\Mozilla Firefox\firefox.exe[2760] ntdll.dll!LdrUnloadDll                                                7C9271CD 5 Bytes  JMP 0015006C 
.text           C:\Programme\Mozilla Firefox\firefox.exe[2760] ADVAPI32.dll!SetServiceObjectSecurity                                 77E06D81 5 Bytes  JMP 006B01D4 
.text           C:\Programme\Mozilla Firefox\firefox.exe[2760] ADVAPI32.dll!ChangeServiceConfigA                                     77E06E69 5 Bytes  JMP 006B00E4 
.text           C:\Programme\Mozilla Firefox\firefox.exe[2760] ADVAPI32.dll!ChangeServiceConfigW                                     77E07001 5 Bytes  JMP 006B0120 
.text           C:\Programme\Mozilla Firefox\firefox.exe[2760] ADVAPI32.dll!ChangeServiceConfig2A                                    77E07101 5 Bytes  JMP 006B015C 
.text           C:\Programme\Mozilla Firefox\firefox.exe[2760] ADVAPI32.dll!ChangeServiceConfig2W                                    77E07189 5 Bytes  JMP 006B0198 
.text           C:\Programme\Mozilla Firefox\firefox.exe[2760] ADVAPI32.dll!CreateServiceA                                           77E07211 5 Bytes  JMP 006B0030 
.text           C:\Programme\Mozilla Firefox\firefox.exe[2760] ADVAPI32.dll!CreateServiceW                                           77E073A9 5 Bytes  JMP 006B006C 
.text           C:\Programme\Mozilla Firefox\firefox.exe[2760] ADVAPI32.dll!DeleteService                                            77E074B1 5 Bytes  JMP 006B00A8 
.text           C:\Programme\Mozilla Firefox\firefox.exe[2760] USER32.dll!SetWindowsHookExW                                          7E37820F 5 Bytes  JMP 006C00E4 
.text           C:\Programme\Mozilla Firefox\firefox.exe[2760] USER32.dll!UnhookWindowsHookEx                                        7E37D5F3 5 Bytes  JMP 006C0120 
.text           C:\Programme\Mozilla Firefox\firefox.exe[2760] USER32.dll!SetWindowsHookExA                                          7E381211 5 Bytes  JMP 006C00A8 
.text           C:\Programme\Mozilla Firefox\firefox.exe[2760] USER32.dll!SetWinEventHook                                            7E3817F7 5 Bytes  JMP 006C0030 
.text           C:\Programme\Mozilla Firefox\firefox.exe[2760] USER32.dll!UnhookWinEvent                                             7E3818AC 5 Bytes  JMP 006C006C 
.text           C:\WINDOWS\system32\svchost.exe[2780] ntdll.dll!LdrLoadDll                                                           7C92632D 5 Bytes  JMP 00090030 
.text           C:\WINDOWS\system32\svchost.exe[2780] ntdll.dll!LdrUnloadDll                                                         7C9271CD 5 Bytes  JMP 0009006C 
.text           C:\WINDOWS\system32\svchost.exe[2780] ADVAPI32.dll!SetServiceObjectSecurity                                          77E06D81 5 Bytes  JMP 002B01D4 
.text           C:\WINDOWS\system32\svchost.exe[2780] ADVAPI32.dll!ChangeServiceConfigA                                              77E06E69 5 Bytes  JMP 002B00E4 
.text           C:\WINDOWS\system32\svchost.exe[2780] ADVAPI32.dll!ChangeServiceConfigW                                              77E07001 5 Bytes  JMP 002B0120 
.text           C:\WINDOWS\system32\svchost.exe[2780] ADVAPI32.dll!ChangeServiceConfig2A                                             77E07101 5 Bytes  JMP 002B015C 
.text           C:\WINDOWS\system32\svchost.exe[2780] ADVAPI32.dll!ChangeServiceConfig2W                                             77E07189 5 Bytes  JMP 002B0198 
.text           C:\WINDOWS\system32\svchost.exe[2780] ADVAPI32.dll!CreateServiceA                                                    77E07211 5 Bytes  JMP 002B0030 
.text           C:\WINDOWS\system32\svchost.exe[2780] ADVAPI32.dll!CreateServiceW                                                    77E073A9 5 Bytes  JMP 002B006C 
.text           C:\WINDOWS\system32\svchost.exe[2780] ADVAPI32.dll!DeleteService                                                     77E074B1 5 Bytes  JMP 002B00A8 
.text           C:\WINDOWS\system32\svchost.exe[2780] USER32.dll!SetWindowsHookExW                                                   7E37820F 5 Bytes  JMP 002C00E4 
.text           C:\WINDOWS\system32\svchost.exe[2780] USER32.dll!UnhookWindowsHookEx                                                 7E37D5F3 5 Bytes  JMP 002C0120 
.text           C:\WINDOWS\system32\svchost.exe[2780] USER32.dll!SetWindowsHookExA                                                   7E381211 5 Bytes  JMP 002C00A8 
.text           C:\WINDOWS\system32\svchost.exe[2780] USER32.dll!SetWinEventHook                                                     7E3817F7 5 Bytes  JMP 002C0030 
.text           C:\WINDOWS\system32\svchost.exe[2780] USER32.dll!UnhookWinEvent                                                      7E3818AC 5 Bytes  JMP 002C006C 
.text           C:\WINDOWS\system32\wdfmgr.exe[2864] ntdll.dll!LdrLoadDll                                                            7C92632D 5 Bytes  JMP 00080030 
.text           C:\WINDOWS\system32\wdfmgr.exe[2864] ntdll.dll!LdrUnloadDll                                                          7C9271CD 5 Bytes  JMP 0008006C 
.text           C:\WINDOWS\system32\wdfmgr.exe[2864] ADVAPI32.dll!SetServiceObjectSecurity                                           77E06D81 5 Bytes  JMP 002C01D4 
.text           C:\WINDOWS\system32\wdfmgr.exe[2864] ADVAPI32.dll!ChangeServiceConfigA                                               77E06E69 5 Bytes  JMP 002C00E4 
.text           C:\WINDOWS\system32\wdfmgr.exe[2864] ADVAPI32.dll!ChangeServiceConfigW                                               77E07001 5 Bytes  JMP 002C0120 
.text           C:\WINDOWS\system32\wdfmgr.exe[2864] ADVAPI32.dll!ChangeServiceConfig2A                                              77E07101 5 Bytes  JMP 002C015C 
.text           C:\WINDOWS\system32\wdfmgr.exe[2864] ADVAPI32.dll!ChangeServiceConfig2W                                              77E07189 5 Bytes  JMP 002C0198 
.text           C:\WINDOWS\system32\wdfmgr.exe[2864] ADVAPI32.dll!CreateServiceA                                                     77E07211 5 Bytes  JMP 002C0030 
.text           C:\WINDOWS\system32\wdfmgr.exe[2864] ADVAPI32.dll!CreateServiceW                                                     77E073A9 5 Bytes  JMP 002C006C 
.text           C:\WINDOWS\system32\wdfmgr.exe[2864] ADVAPI32.dll!DeleteService                                                      77E074B1 5 Bytes  JMP 002C00A8 
.text           C:\WINDOWS\system32\wdfmgr.exe[2864] USER32.dll!SetWindowsHookExW                                                    7E37820F 5 Bytes  JMP 002D00E4 
.text           C:\WINDOWS\system32\wdfmgr.exe[2864] USER32.dll!UnhookWindowsHookEx                                                  7E37D5F3 5 Bytes  JMP 002D0120 
.text           C:\WINDOWS\system32\wdfmgr.exe[2864] USER32.dll!SetWindowsHookExA                                                    7E381211 5 Bytes  JMP 002D00A8 
.text           C:\WINDOWS\system32\wdfmgr.exe[2864] USER32.dll!SetWinEventHook                                                      7E3817F7 5 Bytes  JMP 002D0030 
.text           C:\WINDOWS\system32\wdfmgr.exe[2864] USER32.dll!UnhookWinEvent                                                       7E3818AC 5 Bytes  JMP 002D006C 

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                               aswSP.SYS (avast! self protection module/AVAST Software)
Device          \FileSystem\Ntfs \Ntfs                                                                                               8AF871F8

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                               aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device          \FileSystem\Fastfat \FatCdrom                                                                                        aswSP.SYS (avast! self protection module/AVAST Software)
Device          \FileSystem\Fastfat \FatCdrom                                                                                        8A0D6500

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                             aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device          \Driver\usbuhci \Device\USBPDO-0                                                                                     8AD151F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{3A0EE99B-A0BE-4145-BF7A-F96235F18B7D}                                             8AB8D1F8
Device          \Driver\dmio \Device\DmControl\DmIoDaemon                                                                            8AF141F8
Device          \Driver\dmio \Device\DmControl\DmConfig                                                                              8AF141F8
Device          \Driver\dmio \Device\DmControl\DmPnP                                                                                 8AF141F8
Device          \Driver\dmio \Device\DmControl\DmInfo                                                                                8AF141F8
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                     8AD151F8
Device          \Driver\usbuhci \Device\USBPDO-2                                                                                     8AD151F8
Device          \Driver\usbehci \Device\USBPDO-3                                                                                     8ACF33E8
Device          \Driver\usbuhci \Device\USBPDO-4                                                                                     8AD151F8

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                            aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device          \Driver\usbuhci \Device\USBPDO-5                                                                                     8AD151F8
Device          \Driver\usbuhci \Device\USBPDO-6                                                                                     8AD151F8
Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                               8AF891F8
Device          \Driver\usbehci \Device\USBPDO-7                                                                                     8ACF33E8
Device          \Driver\Ftdisk \Device\HarddiskVolume2                                                                               8AF891F8
Device          \Driver\Cdrom \Device\CdRom0                                                                                         8AC8B1F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                   [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                   [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort2                                                                                   [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort3                                                                                   [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-1f                                                                         [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort4                                                                                   [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort5                                                                                   [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-12                                                                         [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-7                                                                          [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\Cdrom \Device\CdRom1                                                                                         8AC8B1F8
Device          \Driver\Cdrom \Device\CdRom2                                                                                         8AC8B1F8
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                              8AB8D1F8
Device          \Driver\NetBT \Device\NetbiosSmb                                                                                     8AB8D1F8
Device          \Driver\PCI_PNP0640 \Device\0000004f                                                                                 spra.sys

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                            aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                          aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device          \Driver\usbuhci \Device\USBFDO-0                                                                                     8AD151F8
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                     8AD151F8
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                    8ACA81F8
Device          \Driver\usbuhci \Device\USBFDO-2                                                                                     8AD151F8
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                          8ACA81F8
Device          \Driver\usbehci \Device\USBFDO-3                                                                                     8ACF33E8
Device          \Driver\Ftdisk \Device\FtControl                                                                                     8AF891F8
Device          \Driver\sptd \Device\3413464390                                                                                      spra.sys
Device          \Driver\usbuhci \Device\USBFDO-4                                                                                     8AD151F8
Device          \Driver\usbuhci \Device\USBFDO-5                                                                                     8AD151F8
Device          \Driver\usbuhci \Device\USBFDO-6                                                                                     8AD151F8
Device          \Driver\usbehci \Device\USBFDO-7                                                                                     8ACF33E8
Device          \Driver\a6pd1eh1 \Device\Scsi\a6pd1eh11                                                                              8AC6A1F8
Device          \Driver\a6pd1eh1 \Device\Scsi\a6pd1eh11Port6Path0Target0Lun0                                                         8AC6A1F8
Device          \FileSystem\Fastfat \Fat                                                                                             aswSP.SYS (avast! self protection module/AVAST Software)
Device          \FileSystem\Fastfat \Fat                                                                                             8A0D6500

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                             fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                             aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device          \FileSystem\Cdfs \Cdfs                                                                                               8A0E81F8

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                   771343423
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                   285507792
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                   1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                     
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                  C:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                               0x9D 0xE5 0xC2 0x42 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                            
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                         0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0x9F 0x6B 0xA9 0x6B ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0x32 0xC4 0x9E 0x8A ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                0xDA 0x87 0xA9 0xAA ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0x9D 0xE5 0xC2 0x42 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x9F 0x6B 0xA9 0x6B ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0xCD 0xDC 0xDE 0x46 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0x9D 0xE5 0xC2 0x42 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x9F 0x6B 0xA9 0x6B ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x32 0xC4 0x9E 0x8A ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                    0xDA 0x87 0xA9 0xAA ...

---- EOF - GMER 1.0.15 ----
         
--- --- ---
__________________

Alt 11.03.2011, 08:46   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Manche Internetseiten gehen nicht mehr sowie manche Internetprogramme - Standard

Manche Internetseiten gehen nicht mehr sowie manche Internetprogramme



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.03.2011, 15:21   #5
smex
 
Manche Internetseiten gehen nicht mehr sowie manche Internetprogramme - Standard

Manche Internetseiten gehen nicht mehr sowie manche Internetprogramme



sehen (leider) alle gleich aus.. hier der erste den ich gemacht habe:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5981

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

07.03.2011 22:06:35
mbam-log-2011-03-07 (22-06-35).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 274400
Laufzeit: 3 Stunde(n), 18 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Geändert von smex (11.03.2011 um 15:33 Uhr)

Alt 11.03.2011, 15:26   #6
smex
 
Manche Internetseiten gehen nicht mehr sowie manche Internetprogramme - Standard

Manche Internetseiten gehen nicht mehr sowie manche Internetprogramme



Doppelpost sry

Geändert von smex (11.03.2011 um 15:29 Uhr) Grund: Doppelpost

Alt 11.03.2011, 16:11   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Manche Internetseiten gehen nicht mehr sowie manche Internetprogramme - Standard

Manche Internetseiten gehen nicht mehr sowie manche Internetprogramme



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O33 - MountPoints2\{64db91ee-714c-11df-b4eb-001fd024d14e}\Shell - "" = AutoRun
O33 - MountPoints2\{64db91ee-714c-11df-b4eb-001fd024d14e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{64db91ee-714c-11df-b4eb-001fd024d14e}\Shell\AutoRun\command - "" = I:\Startme.exe
O33 - MountPoints2\{c01d4e54-10fd-11e0-b20f-001fd024d14e}\Shell\AutoRun\command - "" = H:\urDrive.exe
O33 - MountPoints2\{c01d4e55-10fd-11e0-b20f-001fd024d14e}\Shell\AutoRun\command - "" = J:\setup.exe
O33 - MountPoints2\{f3b243e2-308a-11e0-b23c-001fd024d14e}\Shell\AutoRun\command - "" = H:\Toshiba\Launcher\start.exe
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.03.2011, 16:22   #8
smex
 
Manche Internetseiten gehen nicht mehr sowie manche Internetprogramme - Standard

Manche Internetseiten gehen nicht mehr sowie manche Internetprogramme



Hier: bisjetzt besteht der Fehler weiterhin


All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64db91ee-714c-11df-b4eb-001fd024d14e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64db91ee-714c-11df-b4eb-001fd024d14e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64db91ee-714c-11df-b4eb-001fd024d14e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64db91ee-714c-11df-b4eb-001fd024d14e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64db91ee-714c-11df-b4eb-001fd024d14e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64db91ee-714c-11df-b4eb-001fd024d14e}\ not found.
File I:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c01d4e54-10fd-11e0-b20f-001fd024d14e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c01d4e54-10fd-11e0-b20f-001fd024d14e}\ not found.
File H:\urDrive.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c01d4e55-10fd-11e0-b20f-001fd024d14e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c01d4e55-10fd-11e0-b20f-001fd024d14e}\ not found.
File J:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3b243e2-308a-11e0-b23c-001fd024d14e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3b243e2-308a-11e0-b23c-001fd024d14e}\ not found.
File H:\Toshiba\Launcher\start.exe not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: smex
->Temp folder emptied: 387829 bytes
->Temporary Internet Files folder emptied: 49554 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 25138015 bytes
->Flash cache emptied: 619 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 310643 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 25.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03112011_171516

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Alt 11.03.2011, 16:56   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Manche Internetseiten gehen nicht mehr sowie manche Internetprogramme - Standard

Manche Internetseiten gehen nicht mehr sowie manche Internetprogramme



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.03.2011, 17:27   #10
smex
 
Manche Internetseiten gehen nicht mehr sowie manche Internetprogramme - Standard

Manche Internetseiten gehen nicht mehr sowie manche Internetprogramme



Combofix Logfile:
Code:
ATTFilter
ComboFix 11-03-10.04 - smex 11.03.2011  18:11:00.1.4 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.3326.2861 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\smex\Desktop\CoFi.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\AutoRun.inf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-02-11 bis 2011-03-11  ))))))))))))))))))))))))))))))
.
.
2011-03-11 16:15 . 2011-03-11 16:15	--------	d-----w-	C:\_OTL
2011-03-10 19:38 . 2011-02-23 14:55	49240	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2011-03-09 20:51 . 2011-03-09 20:51	--------	d-----w-	c:\dokumente und einstellungen\smex\Anwendungsdaten\SUPERAntiSpyware.com
2011-03-09 20:51 . 2011-03-09 20:51	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2011-03-09 17:41 . 2011-02-23 14:56	301528	----a-w-	c:\windows\system32\drivers\aswSP.sys
2011-03-09 17:41 . 2011-02-23 14:54	19544	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2011-03-09 17:41 . 2011-02-23 14:55	25432	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2011-03-09 17:41 . 2011-02-23 14:56	371544	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2011-03-09 17:41 . 2011-02-23 14:55	102232	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2011-03-09 17:41 . 2011-02-23 14:55	96344	----a-w-	c:\windows\system32\drivers\aswmon.sys
2011-03-09 17:41 . 2011-02-23 14:54	30680	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2011-03-09 17:40 . 2011-02-23 15:04	40648	----a-w-	c:\windows\avastSS.scr
2011-03-09 17:40 . 2011-02-23 15:04	190016	----a-w-	c:\windows\system32\aswBoot.exe
2011-03-09 17:40 . 2011-03-09 17:40	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\AVAST Software
2011-03-09 15:40 . 2011-03-09 15:40	--------	d-----w-	c:\programme\CCleaner
2011-03-09 15:28 . 2011-03-09 15:28	--------	d-----w-	c:\dokumente und einstellungen\smex\Lokale Einstellungen\Anwendungsdaten\Ascaron Entertainment
2011-03-07 18:10 . 2011-03-07 18:10	98392	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
2011-03-07 16:36 . 2011-03-07 16:36	--------	d-----w-	c:\dokumente und einstellungen\smex\Anwendungsdaten\Malwarebytes
2011-03-07 16:36 . 2011-03-07 16:36	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-03-07 16:36 . 2010-12-20 17:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-07 16:36 . 2010-12-20 17:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-03-07 16:08 . 2011-03-07 16:08	--------	d-----w-	c:\dokumente und einstellungen\smex\Lokale Einstellungen\Anwendungsdaten\Sunbelt Software
2011-03-07 15:55 . 2011-03-09 15:26	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2011-02-18 10:44 . 2011-02-18 10:44	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\InstallShield
2011-02-18 10:31 . 2006-03-20 16:34	86960	----a-w-	c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
2011-02-18 10:31 . 2006-03-20 16:34	393216	----a-w-	c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\_isusres.dll
2011-02-18 10:31 . 2006-03-20 16:34	283568	----a-w-	c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\ISDM.exe
2011-02-18 10:31 . 2006-03-20 16:34	865200	----a-w-	c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\agent.exe
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-05 18:40 . 2009-11-28 18:43	43520	-c--a-w-	c:\windows\system32\CmdLineExt03.dll
2011-01-30 13:04 . 2011-01-30 13:04	281760	----a-w-	c:\windows\system32\drivers\atksgt.sys
2011-01-30 13:04 . 2011-01-30 13:04	25888	----a-w-	c:\windows\system32\drivers\lirsgt.sys
2011-01-21 14:44 . 2004-08-03 23:57	440832	------w-	c:\windows\system32\shimgvw.dll
2011-01-15 15:45 . 2011-01-15 15:45	0	----a-w-	c:\programme\izWrTe96609918484991379.tmp
2011-01-14 15:19 . 2011-01-14 15:19	15872	----a-r-	c:\dokumente und einstellungen\smex\Anwendungsdaten\Microsoft\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C9.exe
2011-01-07 14:09 . 2004-08-03 23:54	290048	----a-w-	c:\windows\system32\atmfd.dll
2010-12-31 14:03 . 2004-08-03 23:46	1855104	------w-	c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-03 23:57	301568	----a-w-	c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2004-08-03 23:57	916480	----a-w-	c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2004-08-03 23:58	1469440	------w-	c:\windows\system32\inetcpl.cpl
2010-12-20 23:52 . 2004-08-03 23:57	43520	------w-	c:\windows\system32\licmgr10.dll
2010-12-20 21:27 . 2008-11-14 15:59	413696	-c--a-w-	c:\windows\system32\wrap_oal.dll
2010-12-20 21:27 . 2008-11-14 15:59	110592	-c--a-w-	c:\windows\system32\OpenAL32.dll
2010-12-20 17:25 . 2004-08-03 23:57	737792	------w-	c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-03 23:42	385024	------w-	c:\windows\system32\html.iec
2010-12-16 22:57 . 2010-12-16 22:57	31088	----a-w-	c:\windows\system32\drivers\ElbyCDIO.sys
2010-12-13 15:33 . 2008-11-13 20:04	16608	----a-w-	c:\windows\gdrv.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04	122512	----a-w-	d:\programme\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\programme\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"Steam"="d:\programme\Steam\steam.exe" [2011-01-14 1242448]
"SUPERAntiSpyware"="d:\neuer ordner\SUPERAntiSpyware.exe" [2011-02-18 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600]
"nwiz"="c:\programme\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"Adobe Reader Speed Launcher"="d:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"UpdateLBPShortCut"="d:\programme\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"MDS_Menu"="d:\programme\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"CLMLServer"="d:\programme\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="d:\programme\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"RemoteControl8"="d:\programme\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-07-16 91432]
"PDVD8LanguageShortcut"="d:\programme\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"BDRegion"="c:\programme\Cyberlink\Shared Files\brs.exe" [2009-08-28 75048]
"UpdatePPShortCut"="d:\programme\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UCam_Menu"="d:\programme\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-17 218408]
"LGODDFU"="d:\programme\lg_fwupdate\fwupdate.exe" [2010-10-29 557056]
"UpdatePSTShortCut"="d:\programme\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2009-10-23 210216]
"NBAgent"="d:\programme\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"GrooveMonitor"="c:\programme\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HTC Sync Loader"="d:\programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-07 585728]
"avast"="d:\programme\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\neuer ordner\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21	548352	----a-w-	d:\neuer ordner\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
m’|\ü [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07	932288	----a-r-	c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44	35760	----a-w-	d:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44	31072	----a-w-	c:\programme\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Trillian\\trillian.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"\\\\192.168.0.2\\VOLUME (I)\\jannik\\CS\\cstrike -console.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\Programme\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"c:\\Programme\\Java\\jre6\\bin\\java.exe"=
"d:\\Programme\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Programme\\Paradox Interactive\\Doomsday\\Hoi2.exe"=
"d:\\Programme\\Counter-Strike Source\\hl2.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Programme\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"d:\\Programme\\Ascaron Entertainment\\Sacred 2 - Fallen Angel\\system\\s2gs.exe"=
"d:\\Programme\\Ascaron Entertainment\\Sacred 2 - Fallen Angel\\system\\sacred2.exe"=
"d:\\Programme\\Steam\\Steam.exe"=
"d:\\Programme\\Steam\\SteamApps\\stylo@haefft.de\\counter-strike source\\hl2.exe"=
"d:\\Programme\\World of Warcraft\\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe"=
.
R0 CLBStor;CyberLink InstantBurn UDF Reader Help Driver;c:\windows\system32\drivers\CLBStor.sys [29.10.2010 16:05 10368]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13.11.2008 21:33 717296]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [09.03.2011 18:41 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [09.03.2011 18:41 301528]
R1 SASDIFSV;SASDIFSV;d:\neuer ordner\sasdifsv.sys [17.02.2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;d:\neuer ordner\SASKUTIL.SYS [10.05.2010 19:41 67656]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/10/29 17:09];d:\programme\CyberLink\PowerDVD8\000.fcl [28.08.2009 17:36 87536]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [09.03.2011 18:41 19544]
R2 CLBUDFR;CyberLink UDF Filesystem;c:\windows\system32\drivers\CLBUDFR.sys [29.10.2010 16:05 154368]
R2 NAUpdate;@c:\programme\Nero\Update\NASvc.exe,-200;c:\programme\Nero\Update\NASvc.exe [25.03.2010 14:39 490280]
R2 PassThru Service;Internet Pass-Through Service;c:\programme\HTC\Internet Pass-Through\PassThruSvr.exe [16.09.2010 14:06 80896]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 PSTRIP;PSTRIP;\??\c:\windows\system32\DRIVERS\PSTRIP.SYS --> c:\windows\system32\DRIVERS\PSTRIP.SYS [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [27.06.2009 19:37 1684736]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;d:\magix\Common\Database\bin\fbserver.exe --> d:\magix\Common\Database\bin\fbserver.exe [?]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [06.02.2011 13:56 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22.06.2010 18:01 21248]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\d:\programme\Lavasoft\Ad-Aware\KernExplorer.sys --> d:\programme\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 M1000Srv;M5603C USB2.0 Camera Driver;c:\windows\system32\Drivers\M1000KNT.sys --> c:\windows\system32\Drivers\M1000KNT.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 11:24	451872	----a-w-	c:\programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.de/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\dokumente und einstellungen\smex\Anwendungsdaten\Mozilla\Firefox\Profiles\4ck4htvm.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: avast! WebRep: wrc@avast.com - d:\programme\AVAST Software\Avast\WebRep\FF
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-EA Core - c:\programme\Electronic Arts\EADM\Core.exe
MSConfigStartUp-NeroFilterCheck - c:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-03-11 18:19
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\d:\programme\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-515967899-688789844-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:81,1a,27,b5,a8,b6,7f,d2,92,bf,44,f3,bf,0a,0a,8d,9b,fd,6f,b9,1c,
   60,e6,c1,a5,37,8f,be,8c,ca,31,89,ed,06,04,29,2f,d7,3c,d5,01,25,88,b1,8f,bf,\
"rkeysecu"=hex:41,b0,5e,96,97,45,1a,30,9b,06,b3,13,2b,e7,9d,ee
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(808)
d:\neuer ordner\SASWINLO.DLL
.
Zeit der Fertigstellung: 2011-03-11  18:24:56
ComboFix-quarantined-files.txt  2011-03-11 17:24
.
Vor Suchlauf: 1.805.713.408 Bytes frei
Nach Suchlauf: 5.534.072.832 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - AF492E945366CAFE73858ED12DB281BC
         
--- --- ---

Alt 11.03.2011, 18:02   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Manche Internetseiten gehen nicht mehr sowie manche Internetprogramme - Standard

Manche Internetseiten gehen nicht mehr sowie manche Internetprogramme



Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
ATTFilter
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]

File::
c:\programme\izWrTe96609918484991379.tmp
         
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.03.2011, 18:22   #12
smex
 
Manche Internetseiten gehen nicht mehr sowie manche Internetprogramme - Standard

Manche Internetseiten gehen nicht mehr sowie manche Internetprogramme



Combofix Logfile:
Code:
ATTFilter
ComboFix 11-03-10.04 - smex 11.03.2011  19:08:11.2.4 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.3326.2776 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\smex\Desktop\CoFi.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\smex\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\programme\izWrTe96609918484991379.tmp"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programme\izWrTe96609918484991379.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-02-11 bis 2011-03-11  ))))))))))))))))))))))))))))))
.
.
2011-03-11 16:15 . 2011-03-11 16:15	--------	d-----w-	C:\_OTL
2011-03-10 19:38 . 2011-02-23 14:55	49240	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2011-03-09 20:51 . 2011-03-09 20:51	--------	d-----w-	c:\dokumente und einstellungen\smex\Anwendungsdaten\SUPERAntiSpyware.com
2011-03-09 20:51 . 2011-03-09 20:51	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2011-03-09 17:41 . 2011-02-23 14:56	301528	----a-w-	c:\windows\system32\drivers\aswSP.sys
2011-03-09 17:41 . 2011-02-23 14:54	19544	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2011-03-09 17:41 . 2011-02-23 14:55	25432	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2011-03-09 17:41 . 2011-02-23 14:56	371544	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2011-03-09 17:41 . 2011-02-23 14:55	102232	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2011-03-09 17:41 . 2011-02-23 14:55	96344	----a-w-	c:\windows\system32\drivers\aswmon.sys
2011-03-09 17:41 . 2011-02-23 14:54	30680	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2011-03-09 17:40 . 2011-02-23 15:04	40648	----a-w-	c:\windows\avastSS.scr
2011-03-09 17:40 . 2011-02-23 15:04	190016	----a-w-	c:\windows\system32\aswBoot.exe
2011-03-09 17:40 . 2011-03-09 17:40	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\AVAST Software
2011-03-09 15:40 . 2011-03-09 15:40	--------	d-----w-	c:\programme\CCleaner
2011-03-09 15:28 . 2011-03-09 15:28	--------	d-----w-	c:\dokumente und einstellungen\smex\Lokale Einstellungen\Anwendungsdaten\Ascaron Entertainment
2011-03-07 18:10 . 2011-03-07 18:10	98392	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
2011-03-07 16:36 . 2011-03-07 16:36	--------	d-----w-	c:\dokumente und einstellungen\smex\Anwendungsdaten\Malwarebytes
2011-03-07 16:36 . 2011-03-07 16:36	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-03-07 16:36 . 2010-12-20 17:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-07 16:36 . 2010-12-20 17:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-03-07 16:08 . 2011-03-07 16:08	--------	d-----w-	c:\dokumente und einstellungen\smex\Lokale Einstellungen\Anwendungsdaten\Sunbelt Software
2011-03-07 15:55 . 2011-03-09 15:26	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2011-02-18 10:44 . 2011-02-18 10:44	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\InstallShield
2011-02-18 10:31 . 2006-03-20 16:34	86960	----a-w-	c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
2011-02-18 10:31 . 2006-03-20 16:34	393216	----a-w-	c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\_isusres.dll
2011-02-18 10:31 . 2006-03-20 16:34	283568	----a-w-	c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\ISDM.exe
2011-02-18 10:31 . 2006-03-20 16:34	865200	----a-w-	c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\agent.exe
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-05 18:40 . 2009-11-28 18:43	43520	-c--a-w-	c:\windows\system32\CmdLineExt03.dll
2011-01-30 13:04 . 2011-01-30 13:04	281760	----a-w-	c:\windows\system32\drivers\atksgt.sys
2011-01-30 13:04 . 2011-01-30 13:04	25888	----a-w-	c:\windows\system32\drivers\lirsgt.sys
2011-01-21 14:44 . 2004-08-03 23:57	440832	------w-	c:\windows\system32\shimgvw.dll
2011-01-14 15:19 . 2011-01-14 15:19	15872	----a-r-	c:\dokumente und einstellungen\smex\Anwendungsdaten\Microsoft\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C9.exe
2011-01-07 14:09 . 2004-08-03 23:54	290048	----a-w-	c:\windows\system32\atmfd.dll
2010-12-31 14:03 . 2004-08-03 23:46	1855104	------w-	c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-03 23:57	301568	----a-w-	c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2004-08-03 23:57	916480	----a-w-	c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2004-08-03 23:58	1469440	------w-	c:\windows\system32\inetcpl.cpl
2010-12-20 23:52 . 2004-08-03 23:57	43520	------w-	c:\windows\system32\licmgr10.dll
2010-12-20 21:27 . 2008-11-14 15:59	413696	-c--a-w-	c:\windows\system32\wrap_oal.dll
2010-12-20 21:27 . 2008-11-14 15:59	110592	-c--a-w-	c:\windows\system32\OpenAL32.dll
2010-12-20 17:25 . 2004-08-03 23:57	737792	------w-	c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-03 23:42	385024	------w-	c:\windows\system32\html.iec
2010-12-16 22:57 . 2010-12-16 22:57	31088	----a-w-	c:\windows\system32\drivers\ElbyCDIO.sys
2010-12-13 15:33 . 2008-11-13 20:04	16608	----a-w-	c:\windows\gdrv.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04	122512	----a-w-	d:\programme\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\programme\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"Steam"="d:\programme\Steam\steam.exe" [2011-01-14 1242448]
"SUPERAntiSpyware"="d:\neuer ordner\SUPERAntiSpyware.exe" [2011-02-18 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600]
"nwiz"="c:\programme\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"Adobe Reader Speed Launcher"="d:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"UpdateLBPShortCut"="d:\programme\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"MDS_Menu"="d:\programme\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"CLMLServer"="d:\programme\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="d:\programme\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"RemoteControl8"="d:\programme\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-07-16 91432]
"PDVD8LanguageShortcut"="d:\programme\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"BDRegion"="c:\programme\Cyberlink\Shared Files\brs.exe" [2009-08-28 75048]
"UpdatePPShortCut"="d:\programme\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UCam_Menu"="d:\programme\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-17 218408]
"LGODDFU"="d:\programme\lg_fwupdate\fwupdate.exe" [2010-10-29 557056]
"UpdatePSTShortCut"="d:\programme\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2009-10-23 210216]
"NBAgent"="d:\programme\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"GrooveMonitor"="c:\programme\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HTC Sync Loader"="d:\programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-07 585728]
"avast"="d:\programme\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\neuer ordner\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21	548352	----a-w-	d:\neuer ordner\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07	932288	----a-r-	c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44	35760	----a-w-	d:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44	31072	----a-w-	c:\programme\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Trillian\\trillian.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"\\\\192.168.0.2\\VOLUME (I)\\jannik\\CS\\cstrike -console.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\Programme\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"c:\\Programme\\Java\\jre6\\bin\\java.exe"=
"d:\\Programme\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Programme\\Paradox Interactive\\Doomsday\\Hoi2.exe"=
"d:\\Programme\\Counter-Strike Source\\hl2.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Programme\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"d:\\Programme\\Ascaron Entertainment\\Sacred 2 - Fallen Angel\\system\\s2gs.exe"=
"d:\\Programme\\Ascaron Entertainment\\Sacred 2 - Fallen Angel\\system\\sacred2.exe"=
"d:\\Programme\\Steam\\Steam.exe"=
"d:\\Programme\\Steam\\SteamApps\\stylo@haefft.de\\counter-strike source\\hl2.exe"=
"d:\\Programme\\World of Warcraft\\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe"=
.
R0 CLBStor;CyberLink InstantBurn UDF Reader Help Driver;c:\windows\system32\drivers\CLBStor.sys [29.10.2010 16:05 10368]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13.11.2008 21:33 717296]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [09.03.2011 18:41 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [09.03.2011 18:41 301528]
R1 SASDIFSV;SASDIFSV;d:\neuer ordner\sasdifsv.sys [17.02.2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;d:\neuer ordner\SASKUTIL.SYS [10.05.2010 19:41 67656]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/10/29 17:09];d:\programme\CyberLink\PowerDVD8\000.fcl [28.08.2009 17:36 87536]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [09.03.2011 18:41 19544]
R2 CLBUDFR;CyberLink UDF Filesystem;c:\windows\system32\drivers\CLBUDFR.sys [29.10.2010 16:05 154368]
R2 NAUpdate;@c:\programme\Nero\Update\NASvc.exe,-200;c:\programme\Nero\Update\NASvc.exe [25.03.2010 14:39 490280]
R2 PassThru Service;Internet Pass-Through Service;c:\programme\HTC\Internet Pass-Through\PassThruSvr.exe [16.09.2010 14:06 80896]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 PSTRIP;PSTRIP;\??\c:\windows\system32\DRIVERS\PSTRIP.SYS --> c:\windows\system32\DRIVERS\PSTRIP.SYS [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [27.06.2009 19:37 1684736]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;d:\magix\Common\Database\bin\fbserver.exe --> d:\magix\Common\Database\bin\fbserver.exe [?]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [06.02.2011 13:56 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22.06.2010 18:01 21248]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\d:\programme\Lavasoft\Ad-Aware\KernExplorer.sys --> d:\programme\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 M1000Srv;M5603C USB2.0 Camera Driver;c:\windows\system32\Drivers\M1000KNT.sys --> c:\windows\system32\Drivers\M1000KNT.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 11:24	451872	----a-w-	c:\programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.de/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\dokumente und einstellungen\smex\Anwendungsdaten\Mozilla\Firefox\Profiles\4ck4htvm.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: avast! WebRep: wrc@avast.com - d:\programme\AVAST Software\Avast\WebRep\FF
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-03-11 19:16
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\d:\programme\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-515967899-688789844-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:81,1a,27,b5,a8,b6,7f,d2,92,bf,44,f3,bf,0a,0a,8d,9b,fd,6f,b9,1c,
   60,e6,c1,a5,37,8f,be,8c,ca,31,89,ed,06,04,29,2f,d7,3c,d5,01,25,88,b1,8f,bf,\
"rkeysecu"=hex:41,b0,5e,96,97,45,1a,30,9b,06,b3,13,2b,e7,9d,ee
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(808)
d:\neuer ordner\SASWINLO.DLL
.
Zeit der Fertigstellung: 2011-03-11  19:19:26
ComboFix-quarantined-files.txt  2011-03-11 18:19
ComboFix2.txt  2011-03-11 17:25
.
Vor Suchlauf: 5.544.570.880 Bytes frei
Nach Suchlauf: 5.530.292.224 Bytes frei
.
- - End Of File - - D3B97042CDE77301AB4C52175DAACF9E
         
--- --- ---

Alt 11.03.2011, 19:07   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Manche Internetseiten gehen nicht mehr sowie manche Internetprogramme - Standard

Manche Internetseiten gehen nicht mehr sowie manche Internetprogramme



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur einige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.03.2011, 20:19   #14
smex
 
Manche Internetseiten gehen nicht mehr sowie manche Internetprogramme - Standard

Manche Internetseiten gehen nicht mehr sowie manche Internetprogramme



OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:15:58 on 11.03.2011

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.15

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"Nero BurnRights 10" - "Nero AG" - D:\Programme\Nero\Nero 10\Nero BurnRights\NeroBurnRights_10.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ACEDRV07" (ACEDRV07) - "Protect Software GmbH" - C:\WINDOWS\system32\drivers\ACEDRV07.sys
"akerps93" (akerps93) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\akerps93.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\WINDOWS\System32\Drivers\AnyDVD.sys
"aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswFsBlk.sys
"aswRdr" (aswRdr) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswRdr.sys
"aswSnx" (aswSnx) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswSnx.sys
"aswSP" (aswSP) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswSP.sys
"atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avast! Asynchronous Virus Monitor" (Aavmker4) - "AVAST Software" - C:\WINDOWS\system32\drivers\Aavmker4.sys
"avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswTdi.sys
"avast! Standard Shield Support" (aswMon2) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswMon2.sys
"catchme" (catchme) - ? - C:\DOKUME~1\smex\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"CyberLink InstantBurn UDF Reader Help Driver" (CLBStor) - "Cyberlink Co.,Ltd." - C:\WINDOWS\system32\drivers\CLBStor.sys
"CyberLink UDF Filesystem" (CLBUDFR) - "CyberLink Corporation." - C:\WINDOWS\system32\drivers\CLBUDFR.sys
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyCDIO.sys
"gdrv" (gdrv) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\gdrv.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"Lavasoft helper driver" (Lavasoft Kernexplorer) - ? - D:\Programme\Lavasoft\Ad-Aware\KernExplorer.sys  (File not found)
"Lbd" (Lbd) - ? - C:\WINDOWS\System32\DRIVERS\Lbd.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"M5603C USB2.0 Camera Driver" (M1000Srv) - ? - C:\WINDOWS\System32\Drivers\M1000KNT.sys  (File not found)
"mbr" (mbr) - ? - C:\CoFi\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"Power Control [2010/10/29 17:09:51]" ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) - ? - D:\Programme\CyberLink\PowerDVD8\000.fcl
"PSTRIP" (PSTRIP) - ? - C:\WINDOWS\system32\DRIVERS\PSTRIP.SYS  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"pxtdypog" (pxtdypog) - ? - C:\DOKUME~1\smex\LOKALE~1\Temp\pxtdypog.sys  (Hidden registry entry, rootkit activity | File not found)
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - D:\Neuer Ordner\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - D:\Neuer Ordner\SASKUTIL.SYS
"Sony Ericsson Device 089 driver (WDM)" (se59bus) - "MCCI" - C:\WINDOWS\System32\DRIVERS\se59bus.sys
"Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS)" (se59nd5) - "MCCI" - C:\WINDOWS\System32\DRIVERS\se59nd5.sys
"Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM)" (se59unic) - "MCCI" - C:\WINDOWS\System32\DRIVERS\se59unic.sys
"Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM)" (se59mgmt) - "MCCI" - C:\WINDOWS\System32\DRIVERS\se59mgmt.sys
"Sony Ericsson Device 089 USB WMC Modem Driver" (se59mdm) - "MCCI" - C:\WINDOWS\System32\DRIVERS\se59mdm.sys
"Sony Ericsson Device 089 USB WMC Modem Filter" (se59mdfl) - "MCCI" - C:\WINDOWS\System32\DRIVERS\se59mdfl.sys
"Sony Ericsson Device 089 USB WMC OBEX Interface" (se59obex) - "MCCI" - C:\WINDOWS\System32\DRIVERS\se59obex.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"VClone" (VClone) - "Elaborate Bytes AG" - C:\WINDOWS\System32\DRIVERS\VClone.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe"
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{7D4D6379-F301-4311-BEBA-E26EB0561882} "{7D4D6379-F301-4311-BEBA-E26EB0561882}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - D:\Neuer Ordner\SASSEH.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - D:\Programme\AVAST Software\Avast\ashShell.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler" - ? -   (File not found | COM-object registry key not found)
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler" - ? -   (File not found | COM-object registry key not found)
{F764812A-132C-4013-9960-5CBBEB408A0E} "NeroShellExt Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\NeroShellExt\NeroShellExt.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{738D66C6-0149-4D40-84E4-A7BB2D0CE949} "Sony Ericsson File Manager" - ? -   (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ6" - "ICQ, LLC." - D:\Programme\ICQ6.5\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
{48E73304-E1D6-4330-914C-F5F514E3486C} "Send to OneNote" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Sign-in Helper" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\smex\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun
"Steam" - "Valve Corporation" - "D:\Programme\Steam\steam.exe" -silent
"SUPERAntiSpyware" - "SUPERAntiSpyware.com" - D:\Neuer Ordner\SUPERAntiSpyware.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "D:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avast" - "AVAST Software" - "D:\Programme\AVAST Software\Avast\avastUI.exe" /nogui
"BDRegion" - "cyberlink" - C:\Programme\Cyberlink\Shared Files\brs.exe
"CLMLServer" - "CyberLink" - "D:\Programme\CyberLink\Power2Go\CLMLSvc.exe"
"GrooveMonitor" - "Microsoft Corporation" - "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
"HTC Sync Loader" - ? - "D:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
"LGODDFU" - ? - D:\Programme\lg_fwupdate\fwupdate.exe blrun
"MDS_Menu" - "CyberLink Corp." - "D:\Programme\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "D:\Programme\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
"NBAgent" - "Nero AG" - "D:\Programme\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"nwiz" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nwiz.exe /installquiet
"PDVD8LanguageShortcut" - "CyberLink Corp." - D:\Programme\CyberLink\PowerDVD8\Language\Language.exe
"RemoteControl8" - "CyberLink Corp." - D:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe
"UCam_Menu" - "CyberLink Corp." - "D:\Programme\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "D:\Programme\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
"UpdateLBPShortCut" - "CyberLink Corp." - "D:\Programme\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "D:\Programme\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
"UpdateP2GoShortCut" - "CyberLink Corp." - "D:\Programme\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "D:\Programme\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
"UpdatePPShortCut" - "CyberLink Corp." - "D:\Programme\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "D:\Programme\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
"UpdatePSTShortCut" - "CyberLink Corp." - "D:\Programme\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "D:\Programme\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"LIDIL hpzll5ha" - "Hewlett-Packard Company" - C:\WINDOWS\system32\hpzll5ha.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"@C:\Programme\Nero\Update\NASvc.exe,-200" (NAUpdate) - "Nero AG" - C:\Programme\Nero\Update\NASvc.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"avast! Antivirus" (avast! Antivirus) - "AVAST Software" - D:\Programme\AVAST Software\Avast\AvastSvc.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Programme\Cyberlink\Shared files\RichVideo.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - ? - D:\MAGIX\Common\Database\bin\fbserver.exe  (File not found)
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Internet Pass-Through Service" (PassThru Service) - ? - C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe
"NMIndexingService" (NMIndexingService) - ? - "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe"  (File not found)
"NVIDIA Display Driver Service" (NVSvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"!SASWinLogon" - "SUPERAntiSpyware.com" - D:\Neuer Ordner\SASWINLO.DLL
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Angehängte Dateien
Dateityp: txt gmer.txt (96,6 KB, 141x aufgerufen)
Dateityp: txt MBRCheck_03.11.11_21.16.45.txt (8,7 KB, 140x aufgerufen)

Alt 12.03.2011, 11:27   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Manche Internetseiten gehen nicht mehr sowie manche Internetprogramme - Standard

Manche Internetseiten gehen nicht mehr sowie manche Internetprogramme



Bitte führe mal dieses Tool von Kaspersky aus => http://www.trojaner-board.de/82358-t...entfernen.html
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Manche Internetseiten gehen nicht mehr sowie manche Internetprogramme
ad aware, aufrufe, avast, avast!, aware, c:\windows, diverse, fehler, folge, funktioniert, hkus\s-1-5-18, hosts, internet steam, internetseite, netzwerk, nicht mehr, plötzlich, programm, programme, prozesse, reset, router, seite, seiten, spybot, steam, system, system32, windows



Ähnliche Themen: Manche Internetseiten gehen nicht mehr sowie manche Internetprogramme


  1. Windows7, Internet geht nicht mehr bis auf Google Seite, manche Programm gehen nicht
    Log-Analyse und Auswertung - 30.01.2015 (21)
  2. Opera öffnet manche Seiten nicht mehr!?
    Log-Analyse und Auswertung - 04.11.2014 (4)
  3. Manche Internetseiten laden nicht mehr
    Alles rund um Windows - 25.03.2013 (1)
  4. Internetprobleme? manche Seiten gehen,andere nicht. (reconnect löst kurzzeitig das prob?)
    Alles rund um Windows - 04.09.2012 (2)
  5. manche tasten funktionieren nicht mehr
    Netzwerk und Hardware - 01.05.2012 (12)
  6. Firefox öffnet manche Internetseiten nicht-im IE gehen die ohne Probleme
    Log-Analyse und Auswertung - 17.01.2011 (1)
  7. Kann manche Sieten nicht mehr laden :(
    Alles rund um Windows - 27.10.2010 (21)
  8. Auf einmal werden manche Internetseiten nicht angezeigt
    Log-Analyse und Auswertung - 19.04.2009 (4)
  9. Manche Internetseiten gehen nicht mehr --> Virus?
    Plagegeister aller Art und deren Bekämpfung - 01.03.2009 (1)
  10. Manche Programme können ins Internet, manche nicht... Inkl. Systemscan
    Log-Analyse und Auswertung - 25.09.2008 (0)
  11. Nur manche Internetseiten sind zugänglich (HiJackThis Log-File)
    Log-Analyse und Auswertung - 01.06.2008 (4)
  12. Manche Anwendungen gehen nicht mehr
    Log-Analyse und Auswertung - 28.05.2008 (3)
  13. Internetseiten gehen nur manche - escan log anbei ! HILFE !!!!
    Mülltonne - 18.03.2008 (1)
  14. HILFE! Ich kann manche Seiten nicht mehr aufrufen!
    Plagegeister aller Art und deren Bekämpfung - 18.10.2007 (13)
  15. IE6.1 + FireFox2.0 + Opera9 laden manche Seiten nicht mehr
    Alles rund um Windows - 26.02.2007 (9)
  16. Manche Seiten gehen nicht mehr.. Bitte um Hilfe
    Alles rund um Windows - 22.07.2006 (1)
  17. manche Internetseiten gehen nicht mehr
    Log-Analyse und Auswertung - 23.10.2004 (12)

Zum Thema Manche Internetseiten gehen nicht mehr sowie manche Internetprogramme - Hallo miteinander, wie im Topic schon geschrieben, gehen bei mir einige Internetseiten seit gestern plötzlich nicht mehr (Firefox + IE). Betroffen speziell und mir bekannt sind hotmail.com und kwick.de! Erstere - Manche Internetseiten gehen nicht mehr sowie manche Internetprogramme...
Archiv
Du betrachtest: Manche Internetseiten gehen nicht mehr sowie manche Internetprogramme auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.