Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Microsoft Security Essentials meldete W32.ramnit.a

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 26.03.2011, 09:38   #1
Wini_TF2011
 
Microsoft Security Essentials meldete W32.ramnit.a - Standard

Microsoft Security Essentials meldete W32.ramnit.a



Hallo,

hab hier ein Rechner von einem bekannten der ursprünglich den oben genannten Virus drauf gehabt hat.
Hab dann als erstes Live-CD von Avira und Kaspersky laufen lassen. Es wurden auch einige Sachen gefunden und entfernt. Logfiles hiervon habe ich leider nicht.
Nach einem Neustart habe ich als erstes ein neues AV-Prog.(avast! Free Antivirus) installiert und Microsoft Security Essentials entfernt.
Nach kurzer Zeit wurde wieder etwas gefunden und das Prog. empfahl eine Startzeit-Überprüfung die ich auch ausgeführt habe.
Ergebniss: Microsoft Security Essentials meldete W32.ramnit.a-avast.jpg

Frage: Kann ich den Rechner jetzt beruhigt zurückgeben?

Vielen Dank
Gruß

OTL.txt
Code:
ATTFilter
OTL logfile created on: 21.03.2011 10:27:22 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
510,00 Mb Total Physical Memory | 153,00 Mb Available Physical Memory | 30,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): c:\pagefile.sys 768 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 78,13 Gb Total Space | 57,88 Gb Free Space | 74,08% Space Free | Partition Type: NTFS
Drive E: | 67,31 Gb Total Space | 42,86 Gb Free Space | 63,67% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.03.21 10:21:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
PRC - [2011.03.20 05:49:53 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.02.23 16:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2011.02.23 16:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2010.10.22 23:57:40 | 000,210,240 | ---- | M] () -- C:\Programme\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2010.10.22 23:57:26 | 000,660,800 | ---- | M] () -- C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2008.09.05 02:01:00 | 000,364,544 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe
PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.02.02 16:26:44 | 000,283,136 | ---- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\FRITZWLANMini.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.03.21 10:21:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
MOD - [2011.02.23 16:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\snxhk.dll
MOD - [2011.02.23 16:04:11 | 000,122,512 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\ashShell.dll
MOD - [2010.08.23 17:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011.02.23 16:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.10.22 23:57:40 | 000,210,240 | ---- | M] () [Auto | Running] -- C:\Programme\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2008.09.05 02:01:00 | 000,364,544 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2004.10.22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.02.23 15:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.02.23 15:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.02.23 15:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.02.23 15:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011.02.23 15:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.02.23 15:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011.02.23 15:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.05.11 09:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys -- (ssmdrv)
DRV - [2008.09.05 02:01:00 | 000,265,088 | R--- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\fwlanusb.sys -- (FWLANUSB)
DRV - [2008.04.13 19:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007.08.13 19:10:37 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbsermpt.sys -- (usbsermpt)
DRV - [2007.06.15 02:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P17.sys -- (P17)
DRV - [2007.03.25 10:57:17 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ACEDRV07.sys -- (ACEDRV07)
DRV - [2006.08.22 16:03:32 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006.02.26 15:10:12 | 000,097,792 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ACEDRV05.sys -- (ACEDRV05)
DRV - [2005.01.10 10:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2005.01.10 10:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004.08.25 14:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004.08.17 13:00:27 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nwlnknb.sys -- (NwlnkNb)
DRV - [2004.08.17 13:00:27 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004.06.15 23:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004.03.05 23:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004.03.05 23:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004.03.05 23:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2002.11.08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.euro.dell.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
 
FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Programme\AVAST Software\Avast\WebRep\FF [2011.03.20 15:53:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.03.20 05:50:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.03.20 23:45:27 | 000,000,000 | ---D | M]
 
[2009.06.25 19:14:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2011.03.20 20:50:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\toti3rnq.default\extensions
[2010.12.23 18:13:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\toti3rnq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.12.23 18:13:57 | 000,000,000 | ---D | M] (Flashblock) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\toti3rnq.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011.03.20 20:50:47 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\toti3rnq.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.01.30 14:57:03 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\toti3rnq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.12.23 18:13:35 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\toti3rnq.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.03.20 20:50:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.03.20 05:49:58 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.20 05:49:58 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.20 05:49:58 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.20 05:49:58 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.20 05:49:58 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.03.20 22:55:23 | 000,432,337 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.knuddels.de
O1 - Hosts: 127.0.0.1	www.dugg.de
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 14882 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini.exe (AVM Berlin)
O4 - HKLM..\RunOnceEx: []  File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Anleitung.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SYSTEM32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\haufereader {39198710-62F7-42CD-9458-069843FA5D32} - C:\Programme\Haufe\HaufeReader\HRInstmon.dll (Haufe Mediengruppe)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:AutorunsDisabled () - 
O24 - Desktop WallPaper: C:\WINDOWS\Jasc Paint Shop Photo Album Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Jasc Paint Shop Photo Album Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2004.08.18 14:18:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.11.07 19:07:33 | 000,000,100 | ---- | M] () - E:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{00f734e6-d77b-11de-8d78-001f3f066a91}\Shell - "" = AutoRun
O33 - MountPoints2\{00f734e6-d77b-11de-8d78-001f3f066a91}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{00f734e6-d77b-11de-8d78-001f3f066a91}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe R206PC16.vbs
O33 - MountPoints2\{34d1e274-5bfc-11de-8cd9-0011119e48d2}\Shell - "" = AutoRun
O33 - MountPoints2\{34d1e274-5bfc-11de-8cd9-0011119e48d2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{34d1e274-5bfc-11de-8cd9-0011119e48d2}\Shell\AutoRun\command - "" = F:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - Services: "IDriverT"
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Kodak EasyShare Software.lnk - C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe - (Eastman Kodak Company)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^KODAK Software Updater.lnk - C:\Programme\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe - ()
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: ATIPTA - hkey= - key= - C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
MsConfig - StartUpReg: CTSysVol - hkey= - key= - C:\Programme\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
MsConfig - StartUpReg: cxlacuxatx.exe - hkey= - key= -  File not found
MsConfig - StartUpReg: Dell AIO Printer A920 - hkey= - key= - C:\Programme\Dell AIO Printer A920\dlbkbmgr.exe (Dell Computer Corporation)
MsConfig - StartUpReg: dla - hkey= - key= -  File not found
MsConfig - StartUpReg: DVDLauncher - hkey= - key= - C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
MsConfig - StartUpReg: IntelMeM - hkey= - key= - C:\Programme\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
MsConfig - StartUpReg: LexwareInfoService - hkey= - key= - C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
MsConfig - StartUpReg: P17Helper - hkey= - key= -  File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\qttask.exe (Apple Computer, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: UpdateManager - hkey= - key= - C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.21 10:26:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.03.21 10:26:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ERUNT
[2011.03.21 10:26:01 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.03.21 10:21:02 | 000,791,393 | ---- | C] (Lars Hederer                                                ) -- C:\Dokumente und Einstellungen\***\Desktop\Erunt-setup.exe
[2011.03.21 10:21:02 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2011.03.21 10:21:02 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\TFC.exe
[2011.03.20 23:44:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.03.20 23:40:42 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent
[2011.03.20 23:39:23 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2011.03.20 22:46:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy
[2011.03.20 22:13:47 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\***\PrivacIE
[2011.03.20 21:53:54 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\***\IETldCache
[2011.03.20 21:12:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011.03.20 21:09:37 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011.03.20 16:56:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011.03.20 16:15:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011.03.20 15:54:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus
[2011.03.20 15:54:14 | 000,301,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011.03.20 15:54:14 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011.03.20 15:54:09 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011.03.20 15:54:09 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011.03.20 15:54:08 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011.03.20 15:54:07 | 000,102,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011.03.20 15:54:07 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011.03.20 15:54:06 | 000,030,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011.03.20 15:53:40 | 000,040,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011.03.20 15:53:37 | 000,190,016 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011.03.20 15:53:02 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software
[2011.03.20 15:53:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
[2011.03.20 15:12:37 | 000,000,000 | ---D | C] -- C:\Programme\MSXML 6.0
[2011.03.20 08:20:46 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2011.03.20 05:19:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011.03.20 05:03:38 | 000,000,000 | -HSD | C] -- C:\found.000
[2011.03.19 15:12:47 | 000,000,000 | ---D | C] -- C:\Programme\esolmmro
[2011.03.19 15:01:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2011.03.19 14:48:50 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011.03.19 14:48:50 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011.03.19 14:47:16 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011.03.19 12:00:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\dell
[2011.03.19 09:36:33 | 000,000,000 | ---D | C] -- C:\d8update
[2011.03.19 07:33:13 | 000,000,000 | ---D | C] -- C:\INFECTED
[2011.03.14 13:26:11 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011.03.14 11:42:39 | 000,000,000 | ---D | C] -- C:\Programme\tmp
[2011.03.14 11:42:31 | 000,000,000 | ---D | C] -- C:\Programme\temp
[2002.04.11 01:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[1980.01.01 01:00:00 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.21 10:26:02 | 000,000,591 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\NTREGOPT.lnk
[2011.03.21 10:26:02 | 000,000,572 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\ERUNT.lnk
[2011.03.21 10:22:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011.03.21 10:22:40 | 534,925,312 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.21 10:21:12 | 000,301,568 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\g2m3e4r.exe
[2011.03.21 10:21:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2011.03.21 10:21:10 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\TFC.exe
[2011.03.21 10:21:05 | 000,791,393 | ---- | M] (Lars Hederer                                                ) -- C:\Dokumente und Einstellungen\***\Desktop\Erunt-setup.exe
[2011.03.21 10:19:52 | 000,742,874 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Load.exe
[2011.03.20 22:55:23 | 000,432,337 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2011.03.20 22:25:44 | 000,462,170 | ---- | M] () -- C:\WINDOWS\System32\PERFH007.DAT
[2011.03.20 22:25:44 | 000,443,900 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011.03.20 22:25:44 | 000,072,572 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011.03.20 22:25:43 | 000,086,086 | ---- | M] () -- C:\WINDOWS\System32\PERFC007.DAT
[2011.03.20 22:25:26 | 000,000,588 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011.03.20 22:25:26 | 000,000,588 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011.03.20 22:22:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011.03.20 20:56:35 | 000,235,960 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.03.20 20:12:47 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011.03.20 19:26:41 | 000,001,912 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011.03.20 15:54:08 | 000,003,001 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011.03.20 14:59:43 | 054,043,296 | ---- | M] () -- C:\Dokumente und Einstellungen\***
\Eigene Dateien\setup_av_free_ger6.exe
[2011.03.20 05:10:33 | 000,047,332 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\wklnhst.dat
[2011.03.20 05:08:41 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011.03.19 14:52:02 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011.03.19 14:46:15 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011.03.19 14:46:15 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011.03.19 14:46:03 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011.03.19 14:43:52 | 000,023,604 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011.03.19 14:42:48 | 000,000,525 | ---- | M] () -- C:\WINDOWS\System32\MAPISVC.INF
[2011.03.19 11:13:24 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2011.03.19 07:21:03 | 000,021,652 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\xxx.reg
[2011.03.18 17:34:54 | 000,004,524 | ---- | M] () -- C:\safecd.tgz
[2011.03.18 16:48:57 | 000,005,548 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Pellets.htm
[2011.03.18 15:36:50 | 000,272,570 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2011.03.14 14:42:44 | 000,365,461 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Anleitung.exe
[2011.03.14 13:50:55 | 000,021,728 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\xxx.reg~
[2011.03.14 13:40:56 | 000,009,216 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.14 12:18:07 | 000,000,412 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\spider.sav
[2011.03.13 12:36:01 | 000,009,241 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Anleitung.html
[2011.02.23 16:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011.02.23 16:04:17 | 000,190,016 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011.02.23 15:56:55 | 000,371,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011.02.23 15:56:45 | 000,301,528 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011.02.23 15:55:49 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011.02.23 15:55:47 | 000,102,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011.02.23 15:55:44 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011.02.23 15:55:10 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011.02.23 15:54:57 | 000,030,680 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011.02.23 15:54:55 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
 
========== Files Created - No Company Name ==========
 
[2011.03.21 10:26:02 | 000,000,591 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\NTREGOPT.lnk
[2011.03.21 10:26:02 | 000,000,572 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\ERUNT.lnk
[2011.03.21 10:21:03 | 000,301,568 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\g2m3e4r.exe
[2011.03.21 10:19:47 | 000,742,874 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Load.exe
[2011.03.20 23:45:27 | 000,001,804 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader X.lnk
[2011.03.20 21:54:00 | 000,000,783 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Internet Explorer.lnk
[2011.03.20 20:41:35 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sbe.dll
[2011.03.20 20:41:35 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\encdec.dll
[2011.03.20 15:11:55 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2011.03.20 15:11:55 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2011.03.20 15:11:55 | 000,001,730 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2011.03.20 15:11:54 | 000,660,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2011.03.20 15:11:54 | 000,076,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2011.03.20 15:11:54 | 000,026,141 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2011.03.20 15:11:54 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2011.03.20 15:11:53 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2011.03.20 15:11:53 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2011.03.20 15:11:53 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2011.03.20 15:11:53 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2011.03.20 15:11:53 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2011.03.20 15:11:53 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2011.03.20 15:11:53 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2011.03.20 15:11:53 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2011.03.20 15:11:53 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2011.03.20 15:11:53 | 000,058,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2011.03.20 15:11:46 | 000,013,540 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2011.03.20 15:11:45 | 000,034,554 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2011.03.20 15:11:44 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2011.03.20 15:11:44 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2011.03.20 15:11:44 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2011.03.20 15:11:44 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2011.03.20 15:11:44 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2011.03.20 15:11:44 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2011.03.20 15:11:44 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2011.03.20 15:11:43 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2011.03.20 15:11:43 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2011.03.20 15:11:29 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2011.03.20 15:11:29 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2011.03.20 15:11:29 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2011.03.20 15:11:11 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2011.03.20 15:11:11 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2011.03.20 15:11:11 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2011.03.20 15:11:11 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2011.03.20 15:11:11 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2011.03.20 15:11:11 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2011.03.20 15:11:08 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2011.03.20 15:11:08 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2011.03.20 15:11:08 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2011.03.20 15:11:08 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2011.03.20 15:10:53 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2011.03.20 15:10:49 | 000,001,810 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2011.03.20 15:10:33 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2011.03.20 15:10:30 | 000,066,132 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2011.03.20 15:10:13 | 000,084,531 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2011.03.20 15:10:13 | 000,001,476 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2011.03.20 15:10:13 | 000,001,471 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2011.03.20 15:10:13 | 000,001,471 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2011.03.20 15:10:13 | 000,001,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2011.03.20 15:10:13 | 000,001,467 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2011.03.20 15:10:13 | 000,001,261 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2011.03.20 15:10:13 | 000,001,055 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2011.03.20 15:10:13 | 000,001,047 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2011.03.20 15:10:13 | 000,001,038 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2011.03.20 15:10:13 | 000,000,807 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2011.03.20 15:10:13 | 000,000,800 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2011.03.20 15:10:13 | 000,000,782 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2011.03.20 15:10:13 | 000,000,779 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2011.03.20 15:10:13 | 000,000,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2011.03.20 15:10:13 | 000,000,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2011.03.20 15:09:45 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2011.03.20 15:09:40 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2011.03.20 15:09:39 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2011.03.20 15:08:48 | 000,036,610 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2011.03.20 15:08:48 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2011.03.20 15:08:48 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2011.03.20 15:08:34 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2011.03.20 15:07:21 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2011.03.20 15:06:51 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2011.03.20 15:06:51 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2011.03.20 15:06:51 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2011.03.20 15:06:51 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2011.03.20 15:06:48 | 000,184,109 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2011.03.20 15:06:47 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2011.03.20 15:06:47 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2011.03.20 15:06:47 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2011.03.20 15:06:46 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2011.03.20 15:06:46 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2011.03.20 15:06:37 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2011.03.20 14:59:32 | 054,043,296 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\setup_av_free_ger6.exe
[2011.03.19 14:59:23 | 000,000,772 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Windows Media Player.lnk
[2011.03.19 14:48:40 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011.03.19 14:48:11 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011.03.19 14:48:01 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011.03.19 14:48:00 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011.03.19 14:47:57 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011.03.19 14:47:48 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011.03.19 14:47:41 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011.03.19 14:47:20 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011.03.19 14:44:52 | 000,000,758 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Windows Movie Maker.lnk
[2011.03.19 11:10:59 | 001,014,663 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2011.03.19 11:10:59 | 000,817,199 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011.03.19 11:10:59 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011.03.19 11:10:59 | 000,041,270 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011.03.19 11:10:59 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011.03.19 11:10:59 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011.03.19 11:10:59 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011.03.19 11:10:59 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2011.03.19 07:21:02 | 000,021,652 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\xxx.reg
[2011.03.18 17:34:54 | 000,004,524 | ---- | C] () -- C:\safecd.tgz
[2011.03.14 13:57:59 | 534,925,312 | -HS- | C] () -- C:\hiberfil.sys
[2011.03.14 13:50:55 | 000,021,728 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\xxx.reg~
[2011.03.13 12:41:20 | 000,009,241 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Anleitung.html
[2011.03.13 12:16:23 | 000,365,461 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Anleitung.exe
[2009.11.15 18:14:35 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009.11.15 18:14:35 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009.11.15 18:14:35 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009.06.18 12:35:44 | 000,097,360 | R--- | C] () -- C:\WINDOWS\System32\drivers\Fwusb1b.bin
[2008.08.05 17:56:21 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006.02.13 20:12:13 | 000,003,138 | ---- | C] () -- C:\WINDOWS\tm.ini
[2006.02.04 15:07:47 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006.02.04 15:07:42 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2006.02.04 15:07:36 | 000,002,901 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005.10.23 17:00:18 | 000,000,110 | ---- | C] () -- C:\WINDOWS\ka.ini
[2005.07.16 13:45:32 | 000,047,332 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\wklnhst.dat
[2005.07.09 16:45:14 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005.07.09 16:45:13 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2005.02.24 12:24:45 | 000,009,216 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005.02.22 00:07:05 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005.01.15 19:39:35 | 000,000,166 | ---- | C] () -- C:\WINDOWS\mandant.ini
[2005.01.14 15:45:56 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005.01.11 18:38:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2004.12.28 15:53:26 | 000,000,049 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2004.12.28 15:47:36 | 000,000,772 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2004.12.28 15:47:07 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2004.12.21 20:31:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004.12.21 20:27:49 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2004.12.21 20:27:49 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004.12.21 20:27:38 | 000,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2004.12.21 20:27:38 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004.12.21 20:27:32 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004.12.21 20:17:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004.12.21 20:16:58 | 000,462,170 | ---- | C] () -- C:\WINDOWS\System32\PERFH007.DAT
[2004.12.21 20:16:58 | 000,443,900 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004.12.21 20:16:58 | 000,086,086 | ---- | C] () -- C:\WINDOWS\System32\PERFC007.DAT
[2004.12.21 20:16:58 | 000,072,572 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004.12.21 20:06:52 | 000,000,558 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004.09.15 23:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004.08.18 14:27:54 | 000,000,849 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004.08.18 14:22:44 | 000,235,960 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004.08.18 14:18:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004.08.18 14:16:56 | 000,023,604 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004.08.17 13:09:36 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004.08.17 13:09:35 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004.08.17 13:02:39 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.17 13:01:04 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.17 13:01:04 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.17 13:01:02 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.17 13:01:02 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.17 12:57:28 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.17 12:57:22 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.17 12:54:36 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.17 12:54:13 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.04 15:00:00 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004.08.04 15:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2004.07.19 17:01:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SETPWRCG.EXE
[2003.07.31 18:16:46 | 000,000,017 | -H-- | C] () -- C:\WINDOWS\System32\drivers\DVEMODEM.DAT
[2003.04.22 16:37:50 | 000,000,141 | ---- | C] () -- C:\WINDOWS\System32\DLBKPLC.INI
[2003.01.07 22:15:26 | 000,000,255 | ---- | C] () -- C:\WINDOWS\System32\dlbkcoin.ini
[2002.11.13 20:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbkvs.dll
[1980.01.01 01:00:00 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[1980.01.01 01:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[1980.01.01 01:00:00 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[1980.01.01 01:00:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
 
========== LOP Check ==========
 
[2011.03.20 15:53:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
[2008.12.30 14:10:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve
[2007.08.13 19:10:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2008.06.08 19:40:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ElsterFormular
[2008.12.30 14:04:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe
[2009.01.08 18:07:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware
[2006.08.22 16:04:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
[2005.10.23 16:56:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vivendi Universal Games
[2008.06.02 20:55:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WEBDE
[2006.09.21 18:07:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ Toolbar
[2008.11.19 11:35:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQLite
[2004.12.30 16:46:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Leadertech
[2008.12.31 11:20:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Lexware
[2005.01.28 20:07:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MSNInstaller
[2011.01.20 18:48:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SmartSurfer
[2004.12.28 17:55:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Template
[2005.10.13 23:51:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\WEBDE
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2006.03.31 17:58:13 | 000,000,000 | ---D | M] -- C:\Bibi_und_Tina
[2006.11.19 16:57:38 | 000,000,000 | ---D | M] -- C:\CL
[2011.03.20 23:48:08 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2010.12.03 14:00:55 | 000,000,000 | -H-D | M] -- C:\cxlacuxatx.exe
[2011.03.19 08:12:24 | 000,000,000 | ---D | M] -- C:\d8update
[2011.03.20 12:25:55 | 000,000,000 | ---D | M] -- C:\DELL
[2011.03.14 13:23:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2011.03.19 11:13:25 | 000,000,000 | ---D | M] -- C:\DRIVERS
[2011.03.20 05:03:38 | 000,000,000 | -HSD | M] -- C:\found.000
[2008.08.05 18:08:25 | 000,000,000 | ---D | M] -- C:\I386
[2011.03.19 07:33:13 | 000,000,000 | ---D | M] -- C:\INFECTED
[2011.03.20 15:44:21 | 000,000,000 | ---D | M] -- C:\Kaspersky Rescue Disk 10.0
[2005.01.14 15:48:33 | 000,000,000 | ---D | M] -- C:\Lexware
[2006.08.22 16:03:33 | 000,000,000 | ---D | M] -- C:\My Music
[2010.11.26 20:57:43 | 000,000,000 | ---D | M] -- C:\Program Files
[2011.03.21 10:26:01 | 000,000,000 | R--D | M] -- C:\Programme
[2011.03.20 17:03:42 | 000,000,000 | -H-D | M] -- C:\Recycle.Bin
[2011.03.14 13:25:01 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011.03.19 14:54:00 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2007.02.25 13:41:37 | 000,000,000 | ---D | M] -- C:\Temp
[2011.03.21 10:26:26 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2004.08.17 12:54:46 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\explorer.exe
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\userinit.exe
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SYSTEM32\userinit.exe
[2004.08.04 15:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\I386\USERINIT.EXE
[2004.08.17 13:05:54 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 15:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\I386\WINLOGON.EXE
[2004.08.17 13:07:21 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SYSTEM32\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-20 20:57:31

< End of report >
         
Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 21.03.2011 10:27:22 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
510,00 Mb Total Physical Memory | 153,00 Mb Available Physical Memory | 30,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): c:\pagefile.sys 768 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 78,13 Gb Total Space | 57,88 Gb Free Space | 74,08% Space Free | Partition Type: NTFS
Drive E: | 67,31 Gb Total Space | 42,86 Gb Free Space | 63,67% Space Free | Partition Type: NTFS
 
Computer Name: FELDMANN | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\ABBYY FineReader 5.0 Sprint\Sprint.exe" = C:\Programme\ABBYY FineReader 5.0 Sprint\Sprint.exe:*:Disabled:ABBYY FineReader 5.0 Sprint -- (ABBYY (BIT Software))
"C:\WINDOWS\SYSTEM32\FXSCLNT.EXE" = C:\WINDOWS\SYSTEM32\FXSCLNT.EXE:*:Enabled:Microsoft  Fax Console -- (Microsoft Corporation)
"C:\WINDOWS\SYSTEM32\MMC.EXE" = C:\WINDOWS\SYSTEM32\MMC.EXE:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Programme\Motorola\Software Update\msu.exe" = C:\Programme\Motorola\Software Update\msu.exe:*:Enabled:msu
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Disabled:AOL
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Disabled:AOL
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Disabled:AOL 9.0
"C:\Programme\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Programme\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater -- ()
"C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03ED6584-5A5A-4CA3-B61D-741618E510DF}" = Steuer 2008
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{05440044-64A6-4248-A026-9745C1E9E159}" = Microsoft Encarta Enzyklopädie 2005
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{11CA6E01-3992-4115-AB6E-D325552C166D}" = WEB.DE SmartSurfer AutoUpdate 5.2
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel(R) PROSet for Wired Connections
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It!-Bibliothek 10
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Foto Premium 10
"{56AB063D-1450-4BDE-9F0D-E9C693429C51}" = netbrdg
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{6181E138-C21C-471C-9238-F2F59C314C6C}" = Steuer 2008
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{67DABCB4-239C-4E02-805E-DEA0DDCB1926}" = Steuer Hilfesammlung
"{67E4EE98-59F4-4220-89A6-A20AF5BEC689}" = Microsoft AutoRoute 2005
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{69496452-FAF3-43BC-9907-BA9CEC65FC10}" = Lexware Info Service
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74D2638F-E20C-4EC0-97AA-6B6ECACA5D5C}" = Motorola Mobile Drivers Installation 4.8.0
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{76EA55BD-535F-4AB4-AD80-A8CA331F4E6F}" = Windows Messenger 5.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C438DF2B-C5DF-4783-9CA5-9B89E501FA62}" = Works Update
"{C6A12D9B-D86A-4ee6-B980-95E4B26A2E13}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}" = ElsterFormular 2006/2007
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB481CC-F57C-4397-81A0-DADD22257047}" = Sound Blaster Live! 24-bit
"{CF59708F-60F4-11D5-866A-00A0D2183227}" = On2 VP3 Video for Windows Codec
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare Software
"{D5C8E140-6E6F-11DD-9AA9-0050560400B1}" = Haufe iDesk-Service
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0 
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F48AAE0F-52F4-11DD-B1F7-0050560400B1}" = Haufe iDesk-Browser
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F850185A-1BB1-41E8-8438-ABE28DFF5A9B}" = DA920GE
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"CCleaner" = CCleaner
"Dell AIO Printer A920" = Dell AIO Printer A920
"DFÜ-Optimierer" = DFÜ-Optimierer 1.25
"ERUNT_is1" = ERUNT 1.1j
"HaufeReader" = HaufeReader
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Intel(R) 537EP V9x DFV PCI Modem" = Intel(R) 537EP V9x DFV PCI Modem
"MahJongg2003" = MahJongg2003
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MotoHelper" = MotoHelper 2.0.34 Driver 4.8.0
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PictureItPrem_v10" = Microsoft Picture It! Foto Premium 10
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer Basic
"Shockwave" = Shockwave
"StreetPlugin" = Learn2 Player (Uninstall Only)
"VAR_05" = Steuer Hilfesammlung Version 2
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WEB.DE SmartSurfer" = WEB.DE SmartSurfer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2005Setup" = Setup-Start von Microsoft Works 2005
"XTTB00001.XTTB00001Toolbar" = ICQ Toolbar
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 20.03.2011 10:44:38 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung logonui.exe, Version 6.0.2900.2180, fehlgeschlagenes
 Modul kernel32.dll, Version 5.1.2600.2180, Fehleradresse 0x00039277.
 
Error - 20.03.2011 10:45:08 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung logonui.exe, Version 6.0.2900.2180, fehlgeschlagenes
 Modul kernel32.dll, Version 5.1.2600.2180, Fehleradresse 0x00039277.
 
Error - 20.03.2011 10:48:15 | Computer Name = *** | Source = Application Error | ID = 1004
Description = Fehlgeschlagene Anwendung rundll32.exe, Version 5.1.2600.2180, fehlgeschlagenes
 Modul kernel32.dll, Version 5.1.2600.2180, Fehleradresse 0x00039277.
 
Error - 20.03.2011 10:49:40 | Computer Name = *** | Source = Application Error | ID = 1004
Description = Fehlgeschlagene Anwendung MpCmdRun.exe, Version 3.0.8107.0, fehlgeschlagenes
 Modul kernel32.dll, Version 5.1.2600.2180, Fehleradresse 0x00039277.
 
Error - 20.03.2011 10:49:43 | Computer Name = *** | Source = Application Error | ID = 1004
Description = Fehlgeschlagene Anwendung logonui.exe, Version 6.0.2900.2180, fehlgeschlagenes
 Modul kernel32.dll, Version 5.1.2600.2180, Fehleradresse 0x00039277.
 
Error - 20.03.2011 10:49:49 | Computer Name = *** | Source = Application Error | ID = 1004
Description = Fehlgeschlagene Anwendung logonui.exe, Version 6.0.2900.2180, fehlgeschlagenes
 Modul kernel32.dll, Version 5.1.2600.2180, Fehleradresse 0x00039277.
 
Error - 20.03.2011 10:49:50 | Computer Name = *** | Source = Application Error | ID = 1004
Description = Fehlgeschlagene Anwendung logonui.exe, Version 6.0.2900.2180, fehlgeschlagenes
 Modul kernel32.dll, Version 5.1.2600.2180, Fehleradresse 0x00039277.
 
Error - 20.03.2011 12:01:12 | Computer Name = *** | Source = MPSampleSubmission | ID = 5000
Description = 
 
Error - 20.03.2011 12:01:14 | Computer Name = *** | Source = MPSampleSubmission | ID = 5000
Description = 
 
Error - 20.03.2011 14:26:09 | Computer Name = *** | Source = Microsoft Security Client | ID = 1001
Description = 
 
[ System Events ]
Error - 20.03.2011 10:44:25 | Computer Name = *** | Source = SideBySide | ID = 16842811
Description = Generate Activation Context ist für C:\WINDOWS\WindowsShell.Manifest
 fehlgeschlagen.  Referenzfehlermeldung: Der Vorgang wurde erfolgreich beendet.  .
 
Error - 20.03.2011 12:03:39 | Computer Name = *** | Source = System Error | ID = 1003
Description = Fehlercode c000021a, 1. Parameter e2750738, 2. Parameter c0000005,
 3. Parameter 00000000, 4. Parameter 00000000.
 
Error - 21.03.2011 05:21:36 | Computer Name = *** | Source = Service Control Manager | ID = 7034
Description = Dienst "Ati HotKey Poller" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 21.03.2011 05:21:36 | Computer Name = *** | Source = Service Control Manager | ID = 7034
Description = Dienst "LexBce Server" wurde unerwartet beendet. Dies ist bereits 
1 Mal passiert.
 
Error - 21.03.2011 05:21:36 | Computer Name = *** | Source = Service Control Manager | ID = 7034
Description = Dienst "AVM WLAN Connection Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 21.03.2011 05:21:36 | Computer Name = *** | Source = Service Control Manager | ID = 7034
Description = Dienst "Creative Service for CDROM Access" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 21.03.2011 05:21:36 | Computer Name = *** | Source = Service Control Manager | ID = 7031
Description = Der Dienst "MotoHelper Service" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden
 durchgeführt: Starten Sie den Dienst neu..
 
Error - 21.03.2011 05:21:36 | Computer Name = *** | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows-Bilderfassung (WIA)" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 21.03.2011 05:28:12 | Computer Name = *** | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 21.03.2011 05:28:13 | Computer Name = *** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
 beendet:   %%2
 
 
< End of report >
         
Gmer.txt
Code:
ATTFilter
GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-03-21 11:07:48
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e WDC_WD1600JD-75HBB0 rev.08.02D08
Running: g2m3e4r.exe; Driver: C:\DOKUME~1\***\LOKALE~1\Temp\awlyypob.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwAddBootEntry [0xEEBC99CA]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)               ZwAllocateVirtualMemory [0xEEC1EA68]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwClose [0xEEBE9AF5]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwCreateEvent [0xEEBCBEAC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwCreateEventPair [0xEEBCBF04]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwCreateIoCompletion [0xEEBCC01A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwCreateKey [0xEEBE94A9]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwCreateMutant [0xEEBCBE02]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwCreateSection [0xEEBCBF54]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwCreateSemaphore [0xEEBCBE56]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwCreateTimer [0xEEBCBFC8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwDeleteBootEntry [0xEEBC99EE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwDeleteKey [0xEEBEA1BB]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwDeleteValueKey [0xEEBEA471]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwDuplicateObject [0xEEBCC29E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwEnumerateKey [0xEEBEA026]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwEnumerateValueKey [0xEEBE9E91]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)               ZwFreeVirtualMemory [0xEEC1EB18]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwLoadDriver [0xEEBC97B8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwModifyBootEntry [0xEEBC9A12]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwNotifyChangeKey [0xEEBCC412]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwNotifyChangeMultipleKeys [0xEEBCA4AA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwOpenEvent [0xEEBCBEDC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwOpenEventPair [0xEEBCBF2C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwOpenIoCompletion [0xEEBCC044]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwOpenKey [0xEEBE9805]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwOpenMutant [0xEEBCBE2E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwOpenProcess [0xEEBCC0D6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwOpenSection [0xEEBCBF94]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwOpenSemaphore [0xEEBCBE84]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwOpenThread [0xEEBCC1BA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwOpenTimer [0xEEBCBFF2]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)               ZwProtectVirtualMemory [0xEEC1EBB0]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwQueryKey [0xEEBE9D0C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwQueryObject [0xEEBCA370]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwQueryValueKey [0xEEBE9B5E]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)               ZwRenameKey [0xEEC26E26]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwRestoreKey [0xEEBE8B1C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwSetBootEntryOrder [0xEEBC9A36]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwSetBootOptions [0xEEBC9A5A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwSetSystemInformation [0xEEBC9812]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwSetSystemPowerState [0xEEBC994E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwSetValueKey [0xEEBEA2C2]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwShutdownSystem [0xEEBC992A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwSystemDebugControl [0xEEBC9972]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwVdmControl [0xEEBC9A7E]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)               ZwCreateProcessEx [0xEEC338DE]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)               ObInsertObject
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)               ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!ZwYieldExecution + BA                                                                  804E4914 4 Bytes  JMP D9E8EEC1 
PAGE            ntoskrnl.exe!ObInsertObject                                                                         8056DA64 5 Bytes  JMP EEC30D38 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC                                                         805766FB 4 Bytes  CALL EEBCAE25 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE            ntoskrnl.exe!ZwCreateProcessEx                                                                      8058B9EC 7 Bytes  JMP EEC338E2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntoskrnl.exe!ObMakeTemporaryObject                                                                  805AD1E0 5 Bytes  JMP EEC2F29E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
init            C:\WINDOWS\system32\DRIVERS\mohfilt.sys                                                             entry point in "init" section [0xF8AEB760]
.text           C:\WINDOWS\system32\drivers\ACEDRV05.sys                                                            section is writeable [0xED9D9000, 0x30A4A, 0xE8000020]
.pklstb         C:\WINDOWS\system32\drivers\ACEDRV05.sys                                                            entry point in ".pklstb" section [0xEDA1B000]
.relo2          C:\WINDOWS\system32\drivers\ACEDRV05.sys                                                            unknown last section [0xEDA36000, 0x8E, 0x42000040]
.text           C:\WINDOWS\system32\drivers\ACEDRV07.sys                                                            section is writeable [0xED977000, 0x328BA, 0xE8000020]
.pklstb         C:\WINDOWS\system32\drivers\ACEDRV07.sys                                                            entry point in ".pklstb" section [0xED9BB000]
.relo2          C:\WINDOWS\system32\drivers\ACEDRV07.sys                                                            unknown last section [0xED9D7000, 0x8E, 0x42000040]

---- User code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\system32\MsPMSPSv.exe[320] ntdll.dll!LdrLoadDll                                          7C92632D 5 Bytes  JMP 00140030 
.text           C:\WINDOWS\system32\MsPMSPSv.exe[320] ntdll.dll!LdrUnloadDll                                        7C9271CD 5 Bytes  JMP 0014006C 
.text           C:\WINDOWS\system32\MsPMSPSv.exe[320] ADVAPI32.dll!SetServiceObjectSecurity                         77E06D81 5 Bytes  JMP 003801D4 
.text           C:\WINDOWS\system32\MsPMSPSv.exe[320] ADVAPI32.dll!ChangeServiceConfigA                             77E06E69 5 Bytes  JMP 003800E4 
.text           C:\WINDOWS\system32\MsPMSPSv.exe[320] ADVAPI32.dll!ChangeServiceConfigW                             77E07001 5 Bytes  JMP 00380120 
.text           C:\WINDOWS\system32\MsPMSPSv.exe[320] ADVAPI32.dll!ChangeServiceConfig2A                            77E07101 5 Bytes  JMP 0038015C 
.text           C:\WINDOWS\system32\MsPMSPSv.exe[320] ADVAPI32.dll!ChangeServiceConfig2W                            77E07189 5 Bytes  JMP 00380198 
.text           C:\WINDOWS\system32\MsPMSPSv.exe[320] ADVAPI32.dll!CreateServiceA                                   77E07211 5 Bytes  JMP 00380030 
.text           C:\WINDOWS\system32\MsPMSPSv.exe[320] ADVAPI32.dll!CreateServiceW                                   77E073A9 5 Bytes  JMP 0038006C 
.text           C:\WINDOWS\system32\MsPMSPSv.exe[320] ADVAPI32.dll!DeleteService                                    77E074B1 5 Bytes  JMP 003800A8 
.text           C:\WINDOWS\system32\MsPMSPSv.exe[320] USER32.dll!SetWindowsHookExW                                  7E37820F 5 Bytes  JMP 003900E4 
.text           C:\WINDOWS\system32\MsPMSPSv.exe[320] USER32.dll!UnhookWindowsHookEx                                7E37D5F3 5 Bytes  JMP 00390120 
.text           C:\WINDOWS\system32\MsPMSPSv.exe[320] USER32.dll!SetWindowsHookExA                                  7E381211 5 Bytes  JMP 003900A8 
.text           C:\WINDOWS\system32\MsPMSPSv.exe[320] USER32.dll!SetWinEventHook                                    7E3817F7 5 Bytes  JMP 00390030 
.text           C:\WINDOWS\system32\MsPMSPSv.exe[320] USER32.dll!UnhookWinEvent                                     7E3818AC 3 Bytes  JMP 0039006C 
.text           C:\WINDOWS\system32\MsPMSPSv.exe[320] USER32.dll!UnhookWinEvent + 4                                 7E3818B0 1 Byte  [82]
.text           C:\WINDOWS\system32\fxssvc.exe[408] ntdll.dll!LdrLoadDll                                            7C92632D 5 Bytes  JMP 00140030 
.text           C:\WINDOWS\system32\fxssvc.exe[408] ntdll.dll!LdrUnloadDll                                          7C9271CD 5 Bytes  JMP 0014006C 
.text           C:\WINDOWS\system32\fxssvc.exe[408] ADVAPI32.dll!SetServiceObjectSecurity                           77E06D81 5 Bytes  JMP 003801D4 
.text           C:\WINDOWS\system32\fxssvc.exe[408] ADVAPI32.dll!ChangeServiceConfigA                               77E06E69 5 Bytes  JMP 003800E4 
.text           C:\WINDOWS\system32\fxssvc.exe[408] ADVAPI32.dll!ChangeServiceConfigW                               77E07001 5 Bytes  JMP 00380120 
.text           C:\WINDOWS\system32\fxssvc.exe[408] ADVAPI32.dll!ChangeServiceConfig2A                              77E07101 5 Bytes  JMP 0038015C 
.text           C:\WINDOWS\system32\fxssvc.exe[408] ADVAPI32.dll!ChangeServiceConfig2W                              77E07189 5 Bytes  JMP 00380198 
.text           C:\WINDOWS\system32\fxssvc.exe[408] ADVAPI32.dll!CreateServiceA                                     77E07211 5 Bytes  JMP 00380030 
.text           C:\WINDOWS\system32\fxssvc.exe[408] ADVAPI32.dll!CreateServiceW                                     77E073A9 5 Bytes  JMP 0038006C 
.text           C:\WINDOWS\system32\fxssvc.exe[408] ADVAPI32.dll!DeleteService                                      77E074B1 5 Bytes  JMP 003800A8 
.text           C:\WINDOWS\system32\fxssvc.exe[408] USER32.dll!SetWindowsHookExW                                    7E37820F 5 Bytes  JMP 003900E4 
.text           C:\WINDOWS\system32\fxssvc.exe[408] USER32.dll!UnhookWindowsHookEx                                  7E37D5F3 5 Bytes  JMP 00390120 
.text           C:\WINDOWS\system32\fxssvc.exe[408] USER32.dll!SetWindowsHookExA                                    7E381211 5 Bytes  JMP 003900A8 
.text           C:\WINDOWS\system32\fxssvc.exe[408] USER32.dll!SetWinEventHook                                      7E3817F7 5 Bytes  JMP 00390030 
.text           C:\WINDOWS\system32\fxssvc.exe[408] USER32.dll!UnhookWinEvent                                       7E3818AC 3 Bytes  JMP 0039006C 
.text           C:\WINDOWS\system32\fxssvc.exe[408] USER32.dll!UnhookWinEvent + 4                                   7E3818B0 1 Byte  [82]
.text           C:\WINDOWS\system32\winlogon.exe[704] ntdll.dll!LdrLoadDll                                          7C92632D 5 Bytes  JMP 00070030 
.text           C:\WINDOWS\system32\winlogon.exe[704] ntdll.dll!LdrUnloadDll                                        7C9271CD 5 Bytes  JMP 0007006C 
.text           C:\WINDOWS\system32\winlogon.exe[704] ADVAPI32.dll!SetServiceObjectSecurity                         77E06D81 5 Bytes  JMP 002B01D4 
.text           C:\WINDOWS\system32\winlogon.exe[704] ADVAPI32.dll!ChangeServiceConfigA                             77E06E69 5 Bytes  JMP 002B00E4 
.text           C:\WINDOWS\system32\winlogon.exe[704] ADVAPI32.dll!ChangeServiceConfigW                             77E07001 5 Bytes  JMP 002B0120 
.text           C:\WINDOWS\system32\winlogon.exe[704] ADVAPI32.dll!ChangeServiceConfig2A                            77E07101 5 Bytes  JMP 002B015C 
.text           C:\WINDOWS\system32\winlogon.exe[704] ADVAPI32.dll!ChangeServiceConfig2W                            77E07189 5 Bytes  JMP 002B0198 
.text           C:\WINDOWS\system32\winlogon.exe[704] ADVAPI32.dll!CreateServiceA                                   77E07211 5 Bytes  JMP 002B0030 
.text           C:\WINDOWS\system32\winlogon.exe[704] ADVAPI32.dll!CreateServiceW                                   77E073A9 5 Bytes  JMP 002B006C 
.text           C:\WINDOWS\system32\winlogon.exe[704] ADVAPI32.dll!DeleteService                                    77E074B1 5 Bytes  JMP 002B00A8 
.text           C:\WINDOWS\system32\winlogon.exe[704] USER32.dll!SetWindowsHookExW                                  7E37820F 5 Bytes  JMP 002C00E4 
.text           C:\WINDOWS\system32\winlogon.exe[704] USER32.dll!UnhookWindowsHookEx                                7E37D5F3 5 Bytes  JMP 002C0120 
.text           C:\WINDOWS\system32\winlogon.exe[704] USER32.dll!SetWindowsHookExA                                  7E381211 5 Bytes  JMP 002C00A8 
.text           C:\WINDOWS\system32\winlogon.exe[704] USER32.dll!SetWinEventHook                                    7E3817F7 5 Bytes  JMP 002C0030 
.text           C:\WINDOWS\system32\winlogon.exe[704] USER32.dll!UnhookWinEvent                                     7E3818AC 5 Bytes  JMP 002C006C 
.text           C:\WINDOWS\system32\services.exe[748] ntdll.dll!LdrLoadDll                                          7C92632D 5 Bytes  JMP 00090030 
.text           C:\WINDOWS\system32\services.exe[748] ntdll.dll!LdrUnloadDll                                        7C9271CD 5 Bytes  JMP 0009006C 
.text           C:\WINDOWS\system32\services.exe[748] ADVAPI32.dll!SetServiceObjectSecurity                         77E06D81 5 Bytes  JMP 002B01D4 
.text           C:\WINDOWS\system32\services.exe[748] ADVAPI32.dll!ChangeServiceConfigA                             77E06E69 5 Bytes  JMP 002B00E4 
.text           C:\WINDOWS\system32\services.exe[748] ADVAPI32.dll!ChangeServiceConfigW                             77E07001 5 Bytes  JMP 002B0120 
.text           C:\WINDOWS\system32\services.exe[748] ADVAPI32.dll!ChangeServiceConfig2A                            77E07101 5 Bytes  JMP 002B015C 
.text           C:\WINDOWS\system32\services.exe[748] ADVAPI32.dll!ChangeServiceConfig2W                            77E07189 5 Bytes  JMP 002B0198 
.text           C:\WINDOWS\system32\services.exe[748] ADVAPI32.dll!CreateServiceA                                   77E07211 5 Bytes  JMP 002B0030 
.text           C:\WINDOWS\system32\services.exe[748] ADVAPI32.dll!CreateServiceW                                   77E073A9 5 Bytes  JMP 002B006C 
.text           C:\WINDOWS\system32\services.exe[748] ADVAPI32.dll!DeleteService                                    77E074B1 5 Bytes  JMP 002B00A8 
.text           C:\WINDOWS\system32\services.exe[748] USER32.dll!SetWindowsHookExW                                  7E37820F 5 Bytes  JMP 002C00E4 
.text           C:\WINDOWS\system32\services.exe[748] USER32.dll!UnhookWindowsHookEx                                7E37D5F3 5 Bytes  JMP 002C0120 
.text           C:\WINDOWS\system32\services.exe[748] USER32.dll!SetWindowsHookExA                                  7E381211 5 Bytes  JMP 002C00A8 
.text           C:\WINDOWS\system32\services.exe[748] USER32.dll!SetWinEventHook                                    7E3817F7 5 Bytes  JMP 002C0030 
.text           C:\WINDOWS\system32\services.exe[748] USER32.dll!UnhookWinEvent                                     7E3818AC 5 Bytes  JMP 002C006C 
.text           C:\WINDOWS\system32\lsass.exe[760] ntdll.dll!LdrLoadDll                                             7C92632D 5 Bytes  JMP 00090030 
.text           C:\WINDOWS\system32\lsass.exe[760] ntdll.dll!LdrUnloadDll                                           7C9271CD 5 Bytes  JMP 0009006C 
.text           C:\WINDOWS\system32\lsass.exe[760] ADVAPI32.dll!SetServiceObjectSecurity                            77E06D81 5 Bytes  JMP 002B01D4 
.text           C:\WINDOWS\system32\lsass.exe[760] ADVAPI32.dll!ChangeServiceConfigA                                77E06E69 5 Bytes  JMP 002B00E4 
.text           C:\WINDOWS\system32\lsass.exe[760] ADVAPI32.dll!ChangeServiceConfigW                                77E07001 5 Bytes  JMP 002B0120 
.text           C:\WINDOWS\system32\lsass.exe[760] ADVAPI32.dll!ChangeServiceConfig2A                               77E07101 5 Bytes  JMP 002B015C 
.text           C:\WINDOWS\system32\lsass.exe[760] ADVAPI32.dll!ChangeServiceConfig2W                               77E07189 5 Bytes  JMP 002B0198 
.text           C:\WINDOWS\system32\lsass.exe[760] ADVAPI32.dll!CreateServiceA                                      77E07211 5 Bytes  JMP 002B0030 
.text           C:\WINDOWS\system32\lsass.exe[760] ADVAPI32.dll!CreateServiceW                                      77E073A9 5 Bytes  JMP 002B006C 
.text           C:\WINDOWS\system32\lsass.exe[760] ADVAPI32.dll!DeleteService                                       77E074B1 5 Bytes  JMP 002B00A8 
.text           C:\WINDOWS\system32\lsass.exe[760] USER32.dll!SetWindowsHookExW                                     7E37820F 5 Bytes  JMP 002C00E4 
.text           C:\WINDOWS\system32\lsass.exe[760] USER32.dll!UnhookWindowsHookEx                                   7E37D5F3 5 Bytes  JMP 002C0120 
.text           C:\WINDOWS\system32\lsass.exe[760] USER32.dll!SetWindowsHookExA                                     7E381211 5 Bytes  JMP 002C00A8 
.text           C:\WINDOWS\system32\lsass.exe[760] USER32.dll!SetWinEventHook                                       7E3817F7 5 Bytes  JMP 002C0030 
.text           C:\WINDOWS\system32\lsass.exe[760] USER32.dll!UnhookWinEvent                                        7E3818AC 5 Bytes  JMP 002C006C 
.text           C:\WINDOWS\system32\Ati2evxx.exe[948] ntdll.dll!LdrLoadDll                                          7C92632D 5 Bytes  JMP 00140030 
.text           C:\WINDOWS\system32\Ati2evxx.exe[948] ntdll.dll!LdrUnloadDll                                        7C9271CD 5 Bytes  JMP 0014006C 
.text           C:\WINDOWS\system32\Ati2evxx.exe[948] USER32.dll!SetWindowsHookExW                                  7E37820F 5 Bytes  JMP 003800E4 
.text           C:\WINDOWS\system32\Ati2evxx.exe[948] USER32.dll!UnhookWindowsHookEx                                7E37D5F3 3 Bytes  JMP 00380120 
.text           C:\WINDOWS\system32\Ati2evxx.exe[948] USER32.dll!UnhookWindowsHookEx + 4                            7E37D5F7 1 Byte  [82]
.text           C:\WINDOWS\system32\Ati2evxx.exe[948] USER32.dll!SetWindowsHookExA                                  7E381211 5 Bytes  JMP 003800A8 
.text           C:\WINDOWS\system32\Ati2evxx.exe[948] USER32.dll!SetWinEventHook                                    7E3817F7 5 Bytes  JMP 00380030 
.text           C:\WINDOWS\system32\Ati2evxx.exe[948] USER32.dll!UnhookWinEvent                                     7E3818AC 5 Bytes  JMP 0038006C 
.text           C:\WINDOWS\system32\Ati2evxx.exe[948] ADVAPI32.dll!SetServiceObjectSecurity                         77E06D81 3 Bytes  JMP 003901D4 
.text           C:\WINDOWS\system32\Ati2evxx.exe[948] ADVAPI32.dll!SetServiceObjectSecurity + 4                     77E06D85 1 Byte  [88]
.text           C:\WINDOWS\system32\Ati2evxx.exe[948] ADVAPI32.dll!ChangeServiceConfigA                             77E06E69 5 Bytes  JMP 003900E4 
.text           C:\WINDOWS\system32\Ati2evxx.exe[948] ADVAPI32.dll!ChangeServiceConfigW                             77E07001 5 Bytes  JMP 00390120 
.text           C:\WINDOWS\system32\Ati2evxx.exe[948] ADVAPI32.dll!ChangeServiceConfig2A                            77E07101 5 Bytes  JMP 0039015C 
.text           C:\WINDOWS\system32\Ati2evxx.exe[948] ADVAPI32.dll!ChangeServiceConfig2W                            77E07189 5 Bytes  JMP 00390198 
.text           C:\WINDOWS\system32\Ati2evxx.exe[948] ADVAPI32.dll!CreateServiceA                                   77E07211 5 Bytes  JMP 00390030 
.text           C:\WINDOWS\system32\Ati2evxx.exe[948] ADVAPI32.dll!CreateServiceW                                   77E073A9 5 Bytes  JMP 0039006C 
.text           C:\WINDOWS\system32\Ati2evxx.exe[948] ADVAPI32.dll!DeleteService                                    77E074B1 5 Bytes  JMP 003900A8 
.text           C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!LdrLoadDll                                           7C92632D 5 Bytes  JMP 00090030 
.text           C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!LdrUnloadDll                                         7C9271CD 5 Bytes  JMP 0009006C 
.text           C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!SetServiceObjectSecurity                          77E06D81 5 Bytes  JMP 002B01D4 
.text           C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfigA                              77E06E69 5 Bytes  JMP 002B00E4 
.text           C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfigW                              77E07001 5 Bytes  JMP 002B0120 
.text           C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfig2A                             77E07101 5 Bytes  JMP 002B015C 
.text           C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfig2W                             77E07189 5 Bytes  JMP 002B0198 
.text           C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!CreateServiceA                                    77E07211 5 Bytes  JMP 002B0030 
.text           C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!CreateServiceW                                    77E073A9 5 Bytes  JMP 002B006C 
.text           C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!DeleteService                                     77E074B1 5 Bytes  JMP 002B00A8 
.text           C:\WINDOWS\system32\svchost.exe[964] USER32.dll!SetWindowsHookExW                                   7E37820F 5 Bytes  JMP 002C00E4 
.text           C:\WINDOWS\system32\svchost.exe[964] USER32.dll!UnhookWindowsHookEx                                 7E37D5F3 5 Bytes  JMP 002C0120 
.text           C:\WINDOWS\system32\svchost.exe[964] USER32.dll!SetWindowsHookExA                                   7E381211 5 Bytes  JMP 002C00A8 
.text           C:\WINDOWS\system32\svchost.exe[964] USER32.dll!SetWinEventHook                                     7E3817F7 5 Bytes  JMP 002C0030 
.text           C:\WINDOWS\system32\svchost.exe[964] USER32.dll!UnhookWinEvent                                      7E3818AC 5 Bytes  JMP 002C006C 
.text           C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!LdrLoadDll                                          7C92632D 5 Bytes  JMP 00090030 
.text           C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!LdrUnloadDll                                        7C9271CD 5 Bytes  JMP 0009006C 
.text           C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!SetServiceObjectSecurity                         77E06D81 5 Bytes  JMP 002B01D4 
.text           C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfigA                             77E06E69 5 Bytes  JMP 002B00E4 
.text           C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfigW                             77E07001 5 Bytes  JMP 002B0120 
.text           C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfig2A                            77E07101 5 Bytes  JMP 002B015C 
.text           C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfig2W                            77E07189 5 Bytes  JMP 002B0198 
.text           C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!CreateServiceA                                   77E07211 5 Bytes  JMP 002B0030 
.text           C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!CreateServiceW                                   77E073A9 5 Bytes  JMP 002B006C 
.text           C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!DeleteService                                    77E074B1 5 Bytes  JMP 002B00A8 
.text           C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWindowsHookExW                                  7E37820F 5 Bytes  JMP 002C00E4 
.text           C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!UnhookWindowsHookEx                                7E37D5F3 5 Bytes  JMP 002C0120 
.text           C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWindowsHookExA                                  7E381211 5 Bytes  JMP 002C00A8 
.text           C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWinEventHook                                    7E3817F7 5 Bytes  JMP 002C0030 
.text           C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!UnhookWinEvent                                     7E3818AC 5 Bytes  JMP 002C006C 
.text           C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!LdrLoadDll                                          7C92632D 5 Bytes  JMP 00090030 
.text           C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!LdrUnloadDll                                        7C9271CD 5 Bytes  JMP 0009006C 
.text           C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!SetServiceObjectSecurity                         77E06D81 5 Bytes  JMP 002B01D4 
.text           C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfigA                             77E06E69 5 Bytes  JMP 002B00E4 
.text           C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfigW                             77E07001 5 Bytes  JMP 002B0120 
.text           C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfig2A                            77E07101 5 Bytes  JMP 002B015C 
.text           C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfig2W                            77E07189 5 Bytes  JMP 002B0198 
.text           C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!CreateServiceA                                   77E07211 5 Bytes  JMP 002B0030 
.text           C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!CreateServiceW                                   77E073A9 5 Bytes  JMP 002B006C 
.text           C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!DeleteService                                    77E074B1 5 Bytes  JMP 002B00A8 
.text           C:\WINDOWS\system32\svchost.exe[1080] USER32.dll!SetWindowsHookExW                                  7E37820F 5 Bytes  JMP 002C00E4 
.text           C:\WINDOWS\system32\svchost.exe[1080] USER32.dll!UnhookWindowsHookEx                                7E37D5F3 5 Bytes  JMP 002C0120 
.text           C:\WINDOWS\system32\svchost.exe[1080] USER32.dll!SetWindowsHookExA                                  7E381211 5 Bytes  JMP 002C00A8 
.text           C:\WINDOWS\system32\svchost.exe[1080] USER32.dll!SetWinEventHook                                    7E3817F7 5 Bytes  JMP 002C0030 
.text           C:\WINDOWS\system32\svchost.exe[1080] USER32.dll!UnhookWinEvent                                     7E3818AC 5 Bytes  JMP 002C006C 
.text           C:\Programme\avmwlanstick\WlanNetService.exe[1112] ntdll.dll!LdrLoadDll                             7C92632D 5 Bytes  JMP 00150030 
.text           C:\Programme\avmwlanstick\WlanNetService.exe[1112] ntdll.dll!LdrUnloadDll                           7C9271CD 5 Bytes  JMP 0015006C 
.text           C:\Programme\avmwlanstick\WlanNetService.exe[1112] ADVAPI32.dll!SetServiceObjectSecurity            77E06D81 3 Bytes  JMP 003901D4 
.text           C:\Programme\avmwlanstick\WlanNetService.exe[1112] ADVAPI32.dll!SetServiceObjectSecurity + 4        77E06D85 1 Byte  [88]
.text           C:\Programme\avmwlanstick\WlanNetService.exe[1112] ADVAPI32.dll!ChangeServiceConfigA                77E06E69 5 Bytes  JMP 003900E4 
.text           C:\Programme\avmwlanstick\WlanNetService.exe[1112] ADVAPI32.dll!ChangeServiceConfigW                77E07001 5 Bytes  JMP 00390120 
.text           C:\Programme\avmwlanstick\WlanNetService.exe[1112] ADVAPI32.dll!ChangeServiceConfig2A               77E07101 5 Bytes  JMP 0039015C 
.text           C:\Programme\avmwlanstick\WlanNetService.exe[1112] ADVAPI32.dll!ChangeServiceConfig2W               77E07189 5 Bytes  JMP 00390198 
.text           C:\Programme\avmwlanstick\WlanNetService.exe[1112] ADVAPI32.dll!CreateServiceA                      77E07211 5 Bytes  JMP 00390030 
.text           C:\Programme\avmwlanstick\WlanNetService.exe[1112] ADVAPI32.dll!CreateServiceW                      77E073A9 5 Bytes  JMP 0039006C 
.text           C:\Programme\avmwlanstick\WlanNetService.exe[1112] ADVAPI32.dll!DeleteService                       77E074B1 5 Bytes  JMP 003900A8 
.text           C:\Programme\avmwlanstick\WlanNetService.exe[1112] USER32.dll!SetWindowsHookExW                     7E37820F 5 Bytes  JMP 003A00E4 
.text           C:\Programme\avmwlanstick\WlanNetService.exe[1112] USER32.dll!UnhookWindowsHookEx                   7E37D5F3 5 Bytes  JMP 003A0120 
.text           C:\Programme\avmwlanstick\WlanNetService.exe[1112] USER32.dll!SetWindowsHookExA                     7E381211 5 Bytes  JMP 003A00A8 
.text           C:\Programme\avmwlanstick\WlanNetService.exe[1112] USER32.dll!SetWinEventHook                       7E3817F7 5 Bytes  JMP 003A0030 
.text           C:\Programme\avmwlanstick\WlanNetService.exe[1112] USER32.dll!UnhookWinEvent                        7E3818AC 5 Bytes  JMP 003A006C 
.text           C:\WINDOWS\System32\svchost.exe[1132] ntdll.dll!LdrLoadDll                                          7C92632D 5 Bytes  JMP 00090030 
.text           C:\WINDOWS\System32\svchost.exe[1132] ntdll.dll!LdrUnloadDll                                        7C9271CD 5 Bytes  JMP 0009006C 
.text           C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!SetServiceObjectSecurity                         77E06D81 5 Bytes  JMP 002B01D4 
.text           C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!ChangeServiceConfigA                             77E06E69 5 Bytes  JMP 002B00E4 
.text           C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!ChangeServiceConfigW                             77E07001 5 Bytes  JMP 002B0120 
.text           C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!ChangeServiceConfig2A                            77E07101 5 Bytes  JMP 002B015C 
.text           C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!ChangeServiceConfig2W                            77E07189 5 Bytes  JMP 002B0198 
.text           C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!CreateServiceA                                   77E07211 5 Bytes  JMP 002B0030 
.text           C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!CreateServiceW                                   77E073A9 5 Bytes  JMP 002B006C 
.text           C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!DeleteService                                    77E074B1 5 Bytes  JMP 002B00A8 
.text           C:\WINDOWS\System32\svchost.exe[1132] USER32.dll!SetWindowsHookExW                                  7E37820F 5 Bytes  JMP 002C00E4 
.text           C:\WINDOWS\System32\svchost.exe[1132] USER32.dll!UnhookWindowsHookEx                                7E37D5F3 5 Bytes  JMP 002C0120 
.text           C:\WINDOWS\System32\svchost.exe[1132] USER32.dll!SetWindowsHookExA                                  7E381211 5 Bytes  JMP 002C00A8 
.text           C:\WINDOWS\System32\svchost.exe[1132] USER32.dll!SetWinEventHook                                    7E3817F7 5 Bytes  JMP 002C0030 
.text           C:\WINDOWS\System32\svchost.exe[1132] USER32.dll!UnhookWinEvent                                     7E3818AC 5 Bytes  JMP 002C006C 
.text           C:\WINDOWS\system32\CTsvcCDA.EXE[1200] ntdll.dll!LdrLoadDll                                         7C92632D 5 Bytes  JMP 00140030 
.text           C:\WINDOWS\system32\CTsvcCDA.EXE[1200] ntdll.dll!LdrUnloadDll                                       7C9271CD 5 Bytes  JMP 0014006C 
.text           C:\WINDOWS\system32\CTsvcCDA.EXE[1200] USER32.dll!SetWindowsHookExW                                 7E37820F 5 Bytes  JMP 003800E4 
.text           C:\WINDOWS\system32\CTsvcCDA.EXE[1200] USER32.dll!UnhookWindowsHookEx                               7E37D5F3 3 Bytes  JMP 00380120 
.text           C:\WINDOWS\system32\CTsvcCDA.EXE[1200] USER32.dll!UnhookWindowsHookEx + 4                           7E37D5F7 1 Byte  [82]
.text           C:\WINDOWS\system32\CTsvcCDA.EXE[1200] USER32.dll!SetWindowsHookExA                                 7E381211 5 Bytes  JMP 003800A8 
.text           C:\WINDOWS\system32\CTsvcCDA.EXE[1200] USER32.dll!SetWinEventHook                                   7E3817F7 5 Bytes  JMP 00380030 
.text           C:\WINDOWS\system32\CTsvcCDA.EXE[1200] USER32.dll!UnhookWinEvent                                    7E3818AC 5 Bytes  JMP 0038006C 
.text           C:\WINDOWS\system32\CTsvcCDA.EXE[1200] ADVAPI32.dll!SetServiceObjectSecurity                        77E06D81 3 Bytes  JMP 003901D4 
.text           C:\WINDOWS\system32\CTsvcCDA.EXE[1200] ADVAPI32.dll!SetServiceObjectSecurity + 4                    77E06D85 1 Byte  [88]
.text           C:\WINDOWS\system32\CTsvcCDA.EXE[1200] ADVAPI32.dll!ChangeServiceConfigA                            77E06E69 5 Bytes  JMP 003900E4 
.text           C:\WINDOWS\system32\CTsvcCDA.EXE[1200] ADVAPI32.dll!ChangeServiceConfigW                            77E07001 5 Bytes  JMP 00390120 
.text           C:\WINDOWS\system32\CTsvcCDA.EXE[1200] ADVAPI32.dll!ChangeServiceConfig2A                           77E07101 5 Bytes  JMP 0039015C 
.text           C:\WINDOWS\system32\CTsvcCDA.EXE[1200] ADVAPI32.dll!ChangeServiceConfig2W                           77E07189 5 Bytes  JMP 00390198 
.text           C:\WINDOWS\system32\CTsvcCDA.EXE[1200] ADVAPI32.dll!CreateServiceA                                  77E07211 5 Bytes  JMP 00390030 
.text           C:\WINDOWS\system32\CTsvcCDA.EXE[1200] ADVAPI32.dll!CreateServiceW                                  77E073A9 5 Bytes  JMP 0039006C 
.text           C:\WINDOWS\system32\CTsvcCDA.EXE[1200] ADVAPI32.dll!DeleteService                                   77E074B1 5 Bytes  JMP 003900A8 
.text           C:\Programme\Motorola\MotoHelper\MotoHelperService.exe[1232] ntdll.dll!LdrLoadDll                   7C92632D 5 Bytes  JMP 00150030 
.text           C:\Programme\Motorola\MotoHelper\MotoHelperService.exe[1232] ntdll.dll!LdrUnloadDll                 7C9271CD 5 Bytes  JMP 0015006C 
.text           C:\Programme\Motorola\MotoHelper\MotoHelperService.exe[1232] ADVAPI32.dll!SetServiceObjectSecurity  77E06D81 5 Bytes  JMP 003B01D4 
.text           C:\Programme\Motorola\MotoHelper\MotoHelperService.exe[1232] ADVAPI32.dll!ChangeServiceConfigA      77E06E69 5 Bytes  JMP 003B00E4 
.text           C:\Programme\Motorola\MotoHelper\MotoHelperService.exe[1232] ADVAPI32.dll!ChangeServiceConfigW      77E07001 5 Bytes  JMP 003B0120 
.text           C:\Programme\Motorola\MotoHelper\MotoHelperService.exe[1232] ADVAPI32.dll!ChangeServiceConfig2A     77E07101 5 Bytes  JMP 003B015C 
.text           C:\Programme\Motorola\MotoHelper\MotoHelperService.exe[1232] ADVAPI32.dll!ChangeServiceConfig2W     77E07189 5 Bytes  JMP 003B0198 
.text           C:\Programme\Motorola\MotoHelper\MotoHelperService.exe[1232] ADVAPI32.dll!CreateServiceA            77E07211 5 Bytes  JMP 003B0030 
.text           C:\Programme\Motorola\MotoHelper\MotoHelperService.exe[1232] ADVAPI32.dll!CreateServiceW            77E073A9 5 Bytes  JMP 003B006C 
.text           C:\Programme\Motorola\MotoHelper\MotoHelperService.exe[1232] ADVAPI32.dll!DeleteService             77E074B1 5 Bytes  JMP 003B00A8 
.text           C:\Programme\Motorola\MotoHelper\MotoHelperService.exe[1232] USER32.dll!SetWindowsHookExW           7E37820F 5 Bytes  JMP 003C00E4 
.text           C:\Programme\Motorola\MotoHelper\MotoHelperService.exe[1232] USER32.dll!UnhookWindowsHookEx         7E37D5F3 5 Bytes  JMP 003C0120 
.text           C:\Programme\Motorola\MotoHelper\MotoHelperService.exe[1232] USER32.dll!SetWindowsHookExA           7E381211 5 Bytes  JMP 003C00A8 
.text           C:\Programme\Motorola\MotoHelper\MotoHelperService.exe[1232] USER32.dll!SetWinEventHook             7E3817F7 5 Bytes  JMP 003C0030 
.text           C:\Programme\Motorola\MotoHelper\MotoHelperService.exe[1232] USER32.dll!UnhookWinEvent              7E3818AC 5 Bytes  JMP 003C006C 
.text           C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!LdrLoadDll                                          7C92632D 5 Bytes  JMP 00090030 
.text           C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!LdrUnloadDll                                        7C9271CD 5 Bytes  JMP 0009006C 
.text           C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!SetServiceObjectSecurity                         77E06D81 5 Bytes  JMP 002B01D4 
.text           C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfigA                             77E06E69 5 Bytes  JMP 002B00E4 
.text           C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfigW                             77E07001 5 Bytes  JMP 002B0120 
.text           C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfig2A                            77E07101 5 Bytes  JMP 002B015C 
.text           C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfig2W                            77E07189 5 Bytes  JMP 002B0198 
.text           C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!CreateServiceA                                   77E07211 5 Bytes  JMP 002B0030 
.text           C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!CreateServiceW                                   77E073A9 5 Bytes  JMP 002B006C 
.text           C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!DeleteService                                    77E074B1 5 Bytes  JMP 002B00A8 
.text           C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!SetWindowsHookExW                                  7E37820F 5 Bytes  JMP 002C00E4 
.text           C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!UnhookWindowsHookEx                                7E37D5F3 5 Bytes  JMP 002C0120 
.text           C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!SetWindowsHookExA                                  7E381211 5 Bytes  JMP 002C00A8 
.text           C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!SetWinEventHook                                    7E3817F7 5 Bytes  JMP 002C0030 
.text           C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!UnhookWinEvent                                     7E3818AC 5 Bytes  JMP 002C006C 
.text           C:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!LdrLoadDll                                          7C92632D 5 Bytes  JMP 00090030 
.text           C:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!LdrUnloadDll                                        7C9271CD 5 Bytes  JMP 0009006C 
.text           C:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!SetServiceObjectSecurity                         77E06D81 5 Bytes  JMP 002B01D4 
.text           C:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!ChangeServiceConfigA                             77E06E69 5 Bytes  JMP 002B00E4 
.text           C:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!ChangeServiceConfigW                             77E07001 5 Bytes  JMP 002B0120 
.text           C:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!ChangeServiceConfig2A                            77E07101 5 Bytes  JMP 002B015C 
.text           C:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!ChangeServiceConfig2W                            77E07189 5 Bytes  JMP 002B0198 
.text           C:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!CreateServiceA                                   77E07211 5 Bytes  JMP 002B0030 
.text           C:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!CreateServiceW                                   77E073A9 5 Bytes  JMP 002B006C 
.text           C:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!DeleteService                                    77E074B1 5 Bytes  JMP 002B00A8 
.text           C:\WINDOWS\system32\svchost.exe[1392] USER32.dll!SetWindowsHookExW                                  7E37820F 5 Bytes  JMP 002C00E4 
.text           C:\WINDOWS\system32\svchost.exe[1392] USER32.dll!UnhookWindowsHookEx                                7E37D5F3 5 Bytes  JMP 002C0120 
.text           C:\WINDOWS\system32\svchost.exe[1392] USER32.dll!SetWindowsHookExA                                  7E381211 5 Bytes  JMP 002C00A8 
.text           C:\WINDOWS\system32\svchost.exe[1392] USER32.dll!SetWinEventHook                                    7E3817F7 5 Bytes  JMP 002C0030 
.text           C:\WINDOWS\system32\svchost.exe[1392] USER32.dll!UnhookWinEvent                                     7E3818AC 5 Bytes  JMP 002C006C 
.text           C:\Programme\AVAST Software\Avast\AvastSvc.exe[1460] kernel32.dll!SetUnhandledExceptionFilter       7C84495D 4 Bytes  [C2, 04, 00, 90] {RET 0x4; NOP }
.text           C:\Dokumente und Einstellungen\***\Desktop\OTL.exe[1724] ntdll.dll!LdrLoadDll                    7C92632D 5 Bytes  JMP 00150030 
.text           C:\Dokumente und Einstellungen\***\Desktop\OTL.exe[1724] ntdll.dll!LdrUnloadDll                  7C9271CD 5 Bytes  JMP 0015006C 
.text           C:\Dokumente und Einstellungen\***\Desktop\OTL.exe[1724] user32.dll!SetWindowsHookExW            7E37820F 5 Bytes  JMP 010700E4 
.text           C:\Dokumente und Einstellungen\***\Desktop\OTL.exe[1724] user32.dll!UnhookWindowsHookEx          7E37D5F3 5 Bytes  JMP 01070120 
.text           C:\Dokumente und Einstellungen\***\Desktop\OTL.exe[1724] user32.dll!SetWindowsHookExA            7E381211 5 Bytes  JMP 010700A8 
.text           C:\Dokumente und Einstellungen\***\Desktop\OTL.exe[1724] user32.dll!SetWinEventHook              7E3817F7 5 Bytes  JMP 01070030 
.text           C:\Dokumente und Einstellungen\***\Desktop\OTL.exe[1724] user32.dll!UnhookWinEvent               7E3818AC 5 Bytes  JMP 0107006C 
.text           C:\Dokumente und Einstellungen\***\Desktop\OTL.exe[1724] ADVAPI32.dll!SetServiceObjectSecurity   77E06D81 5 Bytes  JMP 010D01D4 
.text           C:\Dokumente und Einstellungen\***\Desktop\OTL.exe[1724] ADVAPI32.dll!ChangeServiceConfigA       77E06E69 5 Bytes  JMP 010D00E4 
.text           C:\Dokumente und Einstellungen\***\Desktop\OTL.exe[1724] ADVAPI32.dll!ChangeServiceConfigW       77E07001 5 Bytes  JMP 010D0120 
.text           C:\Dokumente und Einstellungen\***\Desktop\OTL.exe[1724] ADVAPI32.dll!ChangeServiceConfig2A      77E07101 5 Bytes  JMP 010D015C 
.text           C:\Dokumente und Einstellungen\***\Desktop\OTL.exe[1724] ADVAPI32.dll!ChangeServiceConfig2W      77E07189 5 Bytes  JMP 010D0198 
.text           C:\Dokumente und Einstellungen\***\Desktop\OTL.exe[1724] ADVAPI32.dll!CreateServiceA             77E07211 5 Bytes  JMP 010D0030 
.text           C:\Dokumente und Einstellungen\***\Desktop\OTL.exe[1724] ADVAPI32.dll!CreateServiceW             77E073A9 5 Bytes  JMP 010D006C 
.text           C:\Dokumente und Einstellungen\***\Desktop\OTL.exe[1724] ADVAPI32.dll!DeleteService              77E074B1 5 Bytes  JMP 010D00A8 
.text           C:\WINDOWS\system32\LEXBCES.EXE[1860] ntdll.dll!LdrLoadDll                                          7C92632D 5 Bytes  JMP 00140030 
.text           C:\WINDOWS\system32\LEXBCES.EXE[1860] ntdll.dll!LdrUnloadDll                                        7C9271CD 5 Bytes  JMP 0014006C 
.text           C:\WINDOWS\system32\LEXBCES.EXE[1860] USER32.dll!SetWindowsHookExW                                  7E37820F 5 Bytes  JMP 003800E4 
.text           C:\WINDOWS\system32\LEXBCES.EXE[1860] USER32.dll!UnhookWindowsHookEx                                7E37D5F3 3 Bytes  JMP 00380120 
.text           C:\WINDOWS\system32\LEXBCES.EXE[1860] USER32.dll!UnhookWindowsHookEx + 4                            7E37D5F7 1 Byte  [82]
.text           C:\WINDOWS\system32\LEXBCES.EXE[1860] USER32.dll!SetWindowsHookExA                                  7E381211 5 Bytes  JMP 003800A8 
.text           C:\WINDOWS\system32\LEXBCES.EXE[1860] USER32.dll!SetWinEventHook                                    7E3817F7 5 Bytes  JMP 00380030 
.text           C:\WINDOWS\system32\LEXBCES.EXE[1860] USER32.dll!UnhookWinEvent                                     7E3818AC 5 Bytes  JMP 0038006C 
.text           C:\WINDOWS\system32\LEXBCES.EXE[1860] ADVAPI32.dll!SetServiceObjectSecurity                         77E06D81 3 Bytes  JMP 003901D4 
.text           C:\WINDOWS\system32\LEXBCES.EXE[1860] ADVAPI32.dll!SetServiceObjectSecurity + 4                     77E06D85 1 Byte  [88]
.text           C:\WINDOWS\system32\LEXBCES.EXE[1860] ADVAPI32.dll!ChangeServiceConfigA                             77E06E69 5 Bytes  JMP 003900E4 
.text           C:\WINDOWS\system32\LEXBCES.EXE[1860] ADVAPI32.dll!ChangeServiceConfigW                             77E07001 5 Bytes  JMP 00390120 
.text           C:\WINDOWS\system32\LEXBCES.EXE[1860] ADVAPI32.dll!ChangeServiceConfig2A                            77E07101 5 Bytes  JMP 0039015C 
.text           C:\WINDOWS\system32\LEXBCES.EXE[1860] ADVAPI32.dll!ChangeServiceConfig2W                            77E07189 5 Bytes  JMP 00390198 
.text           C:\WINDOWS\system32\LEXBCES.EXE[1860] ADVAPI32.dll!CreateServiceA                                   77E07211 5 Bytes  JMP 00390030 
.text           C:\WINDOWS\system32\LEXBCES.EXE[1860] ADVAPI32.dll!CreateServiceW                                   77E073A9 5 Bytes  JMP 0039006C 
.text           C:\WINDOWS\system32\LEXBCES.EXE[1860] ADVAPI32.dll!DeleteService                                    77E074B1 5 Bytes  JMP 003900A8 
.text           C:\WINDOWS\system32\svchost.exe[1920] ntdll.dll!LdrLoadDll                                          7C92632D 5 Bytes  JMP 00090030 
.text           C:\WINDOWS\system32\svchost.exe[1920] ntdll.dll!LdrUnloadDll                                        7C9271CD 5 Bytes  JMP 0009006C 
.text           C:\WINDOWS\system32\svchost.exe[1920] ADVAPI32.dll!SetServiceObjectSecurity                         77E06D81 5 Bytes  JMP 002B01D4 
.text           C:\WINDOWS\system32\svchost.exe[1920] ADVAPI32.dll!ChangeServiceConfigA                             77E06E69 5 Bytes  JMP 002B00E4 
.text           C:\WINDOWS\system32\svchost.exe[1920] ADVAPI32.dll!ChangeServiceConfigW                             77E07001 5 Bytes  JMP 002B0120 
.text           C:\WINDOWS\system32\svchost.exe[1920] ADVAPI32.dll!ChangeServiceConfig2A                            77E07101 5 Bytes  JMP 002B015C 
.text           C:\WINDOWS\system32\svchost.exe[1920] ADVAPI32.dll!ChangeServiceConfig2W                            77E07189 5 Bytes  JMP 002B0198 
.text           C:\WINDOWS\system32\svchost.exe[1920] ADVAPI32.dll!CreateServiceA                                   77E07211 5 Bytes  JMP 002B0030 
.text           C:\WINDOWS\system32\svchost.exe[1920] ADVAPI32.dll!CreateServiceW                                   77E073A9 5 Bytes  JMP 002B006C 
.text           C:\WINDOWS\system32\svchost.exe[1920] ADVAPI32.dll!DeleteService                                    77E074B1 5 Bytes  JMP 002B00A8 
.text           C:\WINDOWS\system32\svchost.exe[1920] USER32.dll!SetWindowsHookExW                                  7E37820F 5 Bytes  JMP 002C00E4 
.text           C:\WINDOWS\system32\svchost.exe[1920] USER32.dll!UnhookWindowsHookEx                                7E37D5F3 5 Bytes  JMP 002C0120 
.text           C:\WINDOWS\system32\svchost.exe[1920] USER32.dll!SetWindowsHookExA                                  7E381211 5 Bytes  JMP 002C00A8 
.text           C:\WINDOWS\system32\svchost.exe[1920] USER32.dll!SetWinEventHook                                    7E3817F7 5 Bytes  JMP 002C0030 
.text           C:\WINDOWS\system32\svchost.exe[1920] USER32.dll!UnhookWinEvent                                     7E3818AC 5 Bytes  JMP 002C006C 
.text           C:\WINDOWS\system32\spoolsv.exe[2016] ntdll.dll!LdrLoadDll                                          7C92632D 5 Bytes  JMP 00090030 
.text           C:\WINDOWS\system32\spoolsv.exe[2016] ntdll.dll!LdrUnloadDll                                        7C9271CD 5 Bytes  JMP 0009006C 
.text           C:\WINDOWS\system32\spoolsv.exe[2016] ADVAPI32.dll!SetServiceObjectSecurity                         77E06D81 5 Bytes  JMP 002B01D4 
.text           C:\WINDOWS\system32\spoolsv.exe[2016] ADVAPI32.dll!ChangeServiceConfigA                             77E06E69 5 Bytes  JMP 002B00E4 
.text           C:\WINDOWS\system32\spoolsv.exe[2016] ADVAPI32.dll!ChangeServiceConfigW                             77E07001 5 Bytes  JMP 002B0120 
.text           C:\WINDOWS\system32\spoolsv.exe[2016] ADVAPI32.dll!ChangeServiceConfig2A                            77E07101 5 Bytes  JMP 002B015C 
.text           C:\WINDOWS\system32\spoolsv.exe[2016] ADVAPI32.dll!ChangeServiceConfig2W                            77E07189 5 Bytes  JMP 002B0198 
.text           C:\WINDOWS\system32\spoolsv.exe[2016] ADVAPI32.dll!CreateServiceA                                   77E07211 5 Bytes  JMP 002B0030 
.text           C:\WINDOWS\system32\spoolsv.exe[2016] ADVAPI32.dll!CreateServiceW                                   77E073A9 5 Bytes  JMP 002B006C 
.text           C:\WINDOWS\system32\spoolsv.exe[2016] ADVAPI32.dll!DeleteService                                    77E074B1 5 Bytes  JMP 002B00A8 
.text           C:\WINDOWS\system32\spoolsv.exe[2016] USER32.dll!SetWindowsHookExW                                  7E37820F 5 Bytes  JMP 002C00E4 
.text           C:\WINDOWS\system32\spoolsv.exe[2016] USER32.dll!UnhookWindowsHookEx                                7E37D5F3 5 Bytes  JMP 002C0120 
.text           C:\WINDOWS\system32\spoolsv.exe[2016] USER32.dll!SetWindowsHookExA                                  7E381211 5 Bytes  JMP 002C00A8 
.text           C:\WINDOWS\system32\spoolsv.exe[2016] USER32.dll!SetWinEventHook                                    7E3817F7 5 Bytes  JMP 002C0030 
.text           C:\WINDOWS\system32\spoolsv.exe[2016] USER32.dll!UnhookWinEvent                                     7E3818AC 5 Bytes  JMP 002C006C 
.text           C:\WINDOWS\system32\LEXPPS.EXE[2024] ntdll.dll!LdrLoadDll                                           7C92632D 5 Bytes  JMP 00140030 
.text           C:\WINDOWS\system32\LEXPPS.EXE[2024] ntdll.dll!LdrUnloadDll                                         7C9271CD 5 Bytes  JMP 0014006C 
.text           C:\WINDOWS\system32\LEXPPS.EXE[2024] ADVAPI32.dll!SetServiceObjectSecurity                          77E06D81 5 Bytes  JMP 003801D4 
.text           C:\WINDOWS\system32\LEXPPS.EXE[2024] ADVAPI32.dll!ChangeServiceConfigA                              77E06E69 5 Bytes  JMP 003800E4 
.text           C:\WINDOWS\system32\LEXPPS.EXE[2024] ADVAPI32.dll!ChangeServiceConfigW                              77E07001 5 Bytes  JMP 00380120 
.text           C:\WINDOWS\system32\LEXPPS.EXE[2024] ADVAPI32.dll!ChangeServiceConfig2A                             77E07101 5 Bytes  JMP 0038015C 
.text           C:\WINDOWS\system32\LEXPPS.EXE[2024] ADVAPI32.dll!ChangeServiceConfig2W                             77E07189 5 Bytes  JMP 00380198 
.text           C:\WINDOWS\system32\LEXPPS.EXE[2024] ADVAPI32.dll!CreateServiceA                                    77E07211 5 Bytes  JMP 00380030 
.text           C:\WINDOWS\system32\LEXPPS.EXE[2024] ADVAPI32.dll!CreateServiceW                                    77E073A9 5 Bytes  JMP 0038006C 
.text           C:\WINDOWS\system32\LEXPPS.EXE[2024] ADVAPI32.dll!DeleteService                                     77E074B1 5 Bytes  JMP 003800A8 
.text           C:\WINDOWS\system32\LEXPPS.EXE[2024] USER32.dll!SetWindowsHookExW                                   7E37820F 5 Bytes  JMP 003900E4 
.text           C:\WINDOWS\system32\LEXPPS.EXE[2024] USER32.dll!UnhookWindowsHookEx                                 7E37D5F3 5 Bytes  JMP 00390120 
.text           C:\WINDOWS\system32\LEXPPS.EXE[2024] USER32.dll!SetWindowsHookExA                                   7E381211 5 Bytes  JMP 003900A8 
.text           C:\WINDOWS\system32\LEXPPS.EXE[2024] USER32.dll!SetWinEventHook                                     7E3817F7 5 Bytes  JMP 00390030 
.text           C:\WINDOWS\system32\LEXPPS.EXE[2024] USER32.dll!UnhookWinEvent                                      7E3818AC 3 Bytes  JMP 0039006C 
.text           C:\WINDOWS\system32\LEXPPS.EXE[2024] USER32.dll!UnhookWinEvent + 4                                  7E3818B0 1 Byte  [82]
.text           C:\WINDOWS\System32\alg.exe[2160] ntdll.dll!LdrLoadDll                                              7C92632D 5 Bytes  JMP 00090030 
.text           C:\WINDOWS\System32\alg.exe[2160] ntdll.dll!LdrUnloadDll                                            7C9271CD 5 Bytes  JMP 0009006C 
.text           C:\WINDOWS\System32\alg.exe[2160] USER32.dll!SetWindowsHookExW                                      7E37820F 5 Bytes  JMP 002B00E4 
.text           C:\WINDOWS\System32\alg.exe[2160] USER32.dll!UnhookWindowsHookEx                                    7E37D5F3 5 Bytes  JMP 002B0120 
.text           C:\WINDOWS\System32\alg.exe[2160] USER32.dll!SetWindowsHookExA                                      7E381211 5 Bytes  JMP 002B00A8 
.text           C:\WINDOWS\System32\alg.exe[2160] USER32.dll!SetWinEventHook                                        7E3817F7 5 Bytes  JMP 002B0030 
.text           C:\WINDOWS\System32\alg.exe[2160] USER32.dll!UnhookWinEvent                                         7E3818AC 5 Bytes  JMP 002B006C 
.text           C:\WINDOWS\System32\alg.exe[2160] ADVAPI32.dll!SetServiceObjectSecurity                             77E06D81 5 Bytes  JMP 002C01D4 
.text           C:\WINDOWS\System32\alg.exe[2160] ADVAPI32.dll!ChangeServiceConfigA                                 77E06E69 5 Bytes  JMP 002C00E4 
.text           C:\WINDOWS\System32\alg.exe[2160] ADVAPI32.dll!ChangeServiceConfigW                                 77E07001 5 Bytes  JMP 002C0120 
.text           C:\WINDOWS\System32\alg.exe[2160] ADVAPI32.dll!ChangeServiceConfig2A                                77E07101 5 Bytes  JMP 002C015C 
.text           C:\WINDOWS\System32\alg.exe[2160] ADVAPI32.dll!ChangeServiceConfig2W                                77E07189 5 Bytes  JMP 002C0198 
.text           C:\WINDOWS\System32\alg.exe[2160] ADVAPI32.dll!CreateServiceA                                       77E07211 5 Bytes  JMP 002C0030 
.text           C:\WINDOWS\System32\alg.exe[2160] ADVAPI32.dll!CreateServiceW                                       77E073A9 5 Bytes  JMP 002C006C 
.text           C:\WINDOWS\System32\alg.exe[2160] ADVAPI32.dll!DeleteService                                        77E074B1 5 Bytes  JMP 002C00A8 
.text           C:\WINDOWS\Explorer.EXE[2744] ntdll.dll!LdrLoadDll                                                  7C92632D 5 Bytes  JMP 00090030 
.text           C:\WINDOWS\Explorer.EXE[2744] ntdll.dll!LdrUnloadDll                                                7C9271CD 5 Bytes  JMP 0009006C 
.text           C:\WINDOWS\Explorer.EXE[2744] ADVAPI32.dll!SetServiceObjectSecurity                                 77E06D81 5 Bytes  JMP 002C01D4 
.text           C:\WINDOWS\Explorer.EXE[2744] ADVAPI32.dll!ChangeServiceConfigA                                     77E06E69 5 Bytes  JMP 002C00E4 
.text           C:\WINDOWS\Explorer.EXE[2744] ADVAPI32.dll!ChangeServiceConfigW                                     77E07001 5 Bytes  JMP 002C0120 
.text           C:\WINDOWS\Explorer.EXE[2744] ADVAPI32.dll!ChangeServiceConfig2A                                    77E07101 5 Bytes  JMP 002C015C 
.text           C:\WINDOWS\Explorer.EXE[2744] ADVAPI32.dll!ChangeServiceConfig2W                                    77E07189 5 Bytes  JMP 002C0198 
.text           C:\WINDOWS\Explorer.EXE[2744] ADVAPI32.dll!CreateServiceA                                           77E07211 5 Bytes  JMP 002C0030 
.text           C:\WINDOWS\Explorer.EXE[2744] ADVAPI32.dll!CreateServiceW                                           77E073A9 5 Bytes  JMP 002C006C 
.text           C:\WINDOWS\Explorer.EXE[2744] ADVAPI32.dll!DeleteService                                            77E074B1 5 Bytes  JMP 002C00A8 
.text           C:\WINDOWS\Explorer.EXE[2744] USER32.dll!SetWindowsHookExW                                          7E37820F 5 Bytes  JMP 002D00E4 
.text           C:\WINDOWS\Explorer.EXE[2744] USER32.dll!UnhookWindowsHookEx                                        7E37D5F3 5 Bytes  JMP 002D0120 
.text           C:\WINDOWS\Explorer.EXE[2744] USER32.dll!SetWindowsHookExA                                          7E381211 5 Bytes  JMP 002D00A8 
.text           C:\WINDOWS\Explorer.EXE[2744] USER32.dll!SetWinEventHook                                            7E3817F7 5 Bytes  JMP 002D0030 
.text           C:\WINDOWS\Explorer.EXE[2744] USER32.dll!UnhookWinEvent                                             7E3818AC 5 Bytes  JMP 002D006C 
.text           C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe[2776] ntdll.dll!LdrLoadDll                     7C92632D 5 Bytes  JMP 00150030 
.text           C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe[2776] ntdll.dll!LdrUnloadDll                   7C9271CD 5 Bytes  JMP 0015006C 
.text           C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe[2776] ADVAPI32.dll!SetServiceObjectSecurity    77E06D81 5 Bytes  JMP 003A01D4 
.text           C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe[2776] ADVAPI32.dll!ChangeServiceConfigA        77E06E69 5 Bytes  JMP 003A00E4 
.text           C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe[2776] ADVAPI32.dll!ChangeServiceConfigW        77E07001 5 Bytes  JMP 003A0120 
.text           C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe[2776] ADVAPI32.dll!ChangeServiceConfig2A       77E07101 5 Bytes  JMP 003A015C 
.text           C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe[2776] ADVAPI32.dll!ChangeServiceConfig2W       77E07189 5 Bytes  JMP 003A0198 
.text           C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe[2776] ADVAPI32.dll!CreateServiceA              77E07211 5 Bytes  JMP 003A0030 
.text           C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe[2776] ADVAPI32.dll!CreateServiceW              77E073A9 5 Bytes  JMP 003A006C 
.text           C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe[2776] ADVAPI32.dll!DeleteService               77E074B1 5 Bytes  JMP 003A00A8 
.text           C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe[2776] USER32.dll!SetWindowsHookExW             7E37820F 5 Bytes  JMP 003B00E4 
.text           C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe[2776] USER32.dll!UnhookWindowsHookEx           7E37D5F3 5 Bytes  JMP 003B0120 
.text           C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe[2776] USER32.dll!SetWindowsHookExA             7E381211 5 Bytes  JMP 003B00A8 
.text           C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe[2776] USER32.dll!SetWinEventHook               7E3817F7 5 Bytes  JMP 003B0030 
.text           C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe[2776] USER32.dll!UnhookWinEvent                7E3818AC 5 Bytes  JMP 003B006C 
.text           C:\Programme\avmwlanstick\FRITZWLANMini.exe[2848] ntdll.dll!LdrLoadDll                              7C92632D 5 Bytes  JMP 00090030 
.text           C:\Programme\avmwlanstick\FRITZWLANMini.exe[2848] ntdll.dll!LdrUnloadDll                            7C9271CD 5 Bytes  JMP 0009006C 
.text           C:\Programme\avmwlanstick\FRITZWLANMini.exe[2848] ADVAPI32.dll!SetServiceObjectSecurity             77E06D81 5 Bytes  JMP 002D01D4 
.text           C:\Programme\avmwlanstick\FRITZWLANMini.exe[2848] ADVAPI32.dll!ChangeServiceConfigA                 77E06E69 5 Bytes  JMP 002D00E4 
.text           C:\Programme\avmwlanstick\FRITZWLANMini.exe[2848] ADVAPI32.dll!ChangeServiceConfigW                 77E07001 5 Bytes  JMP 002D0120 
.text           C:\Programme\avmwlanstick\FRITZWLANMini.exe[2848] ADVAPI32.dll!ChangeServiceConfig2A                77E07101 5 Bytes  JMP 002D015C 
.text           C:\Programme\avmwlanstick\FRITZWLANMini.exe[2848] ADVAPI32.dll!ChangeServiceConfig2W                77E07189 5 Bytes  JMP 002D0198 
.text           C:\Programme\avmwlanstick\FRITZWLANMini.exe[2848] ADVAPI32.dll!CreateServiceA                       77E07211 5 Bytes  JMP 002D0030 
.text           C:\Programme\avmwlanstick\FRITZWLANMini.exe[2848] ADVAPI32.dll!CreateServiceW                       77E073A9 5 Bytes  JMP 002D006C 
.text           C:\Programme\avmwlanstick\FRITZWLANMini.exe[2848] ADVAPI32.dll!DeleteService                        77E074B1 5 Bytes  JMP 002D00A8 
.text           C:\Programme\avmwlanstick\FRITZWLANMini.exe[2848] USER32.dll!SetWindowsHookExW                      7E37820F 5 Bytes  JMP 002E00E4 
.text           C:\Programme\avmwlanstick\FRITZWLANMini.exe[2848] USER32.dll!UnhookWindowsHookEx                    7E37D5F3 5 Bytes  JMP 002E0120 
.text           C:\Programme\avmwlanstick\FRITZWLANMini.exe[2848] USER32.dll!SetWindowsHookExA                      7E381211 5 Bytes  JMP 002E00A8 
.text           C:\Programme\avmwlanstick\FRITZWLANMini.exe[2848] USER32.dll!SetWinEventHook                        7E3817F7 5 Bytes  JMP 002E0030 
.text           C:\Programme\avmwlanstick\FRITZWLANMini.exe[2848] USER32.dll!UnhookWinEvent                         7E3818AC 5 Bytes  JMP 002E006C 
.text           C:\Programme\Messenger\Msmsgs.exe[3156] ntdll.dll!LdrLoadDll                                        7C92632D 5 Bytes  JMP 00090030 
.text           C:\Programme\Messenger\Msmsgs.exe[3156] ntdll.dll!LdrUnloadDll                                      7C9271CD 5 Bytes  JMP 0009006C 
.text           C:\Programme\Messenger\Msmsgs.exe[3156] ADVAPI32.dll!SetServiceObjectSecurity                       77E06D81 5 Bytes  JMP 002D01D4 
.text           C:\Programme\Messenger\Msmsgs.exe[3156] ADVAPI32.dll!ChangeServiceConfigA                           77E06E69 5 Bytes  JMP 002D00E4 
.text           C:\Programme\Messenger\Msmsgs.exe[3156] ADVAPI32.dll!ChangeServiceConfigW                           77E07001 5 Bytes  JMP 002D0120 
.text           C:\Programme\Messenger\Msmsgs.exe[3156] ADVAPI32.dll!ChangeServiceConfig2A                          77E07101 5 Bytes  JMP 002D015C 
.text           C:\Programme\Messenger\Msmsgs.exe[3156] ADVAPI32.dll!ChangeServiceConfig2W                          77E07189 5 Bytes  JMP 002D0198 
.text           C:\Programme\Messenger\Msmsgs.exe[3156] ADVAPI32.dll!CreateServiceA                                 77E07211 5 Bytes  JMP 002D0030 
.text           C:\Programme\Messenger\Msmsgs.exe[3156] ADVAPI32.dll!CreateServiceW                                 77E073A9 5 Bytes  JMP 002D006C 
.text           C:\Programme\Messenger\Msmsgs.exe[3156] ADVAPI32.dll!DeleteService                                  77E074B1 5 Bytes  JMP 002D00A8 
.text           C:\Programme\Messenger\Msmsgs.exe[3156] USER32.dll!SetWindowsHookExW                                7E37820F 5 Bytes  JMP 002E00E4 
.text           C:\Programme\Messenger\Msmsgs.exe[3156] USER32.dll!UnhookWindowsHookEx                              7E37D5F3 5 Bytes  JMP 002E0120 
.text           C:\Programme\Messenger\Msmsgs.exe[3156] USER32.dll!SetWindowsHookExA                                7E381211 5 Bytes  JMP 002E00A8 
.text           C:\Programme\Messenger\Msmsgs.exe[3156] USER32.dll!SetWinEventHook                                  7E3817F7 5 Bytes  JMP 002E0030 
.text           C:\Programme\Messenger\Msmsgs.exe[3156] USER32.dll!UnhookWinEvent                                   7E3818AC 5 Bytes  JMP 002E006C 
.text           C:\WINDOWS\system32\ctfmon.exe[3284] ntdll.dll!LdrLoadDll                                           7C92632D 5 Bytes  JMP 000A0030 
.text           C:\WINDOWS\system32\ctfmon.exe[3284] ntdll.dll!LdrUnloadDll                                         7C9271CD 5 Bytes  JMP 000A006C 
.text           C:\WINDOWS\system32\ctfmon.exe[3284] ADVAPI32.dll!SetServiceObjectSecurity                          77E06D81 5 Bytes  JMP 002C01D4 
.text           C:\WINDOWS\system32\ctfmon.exe[3284] ADVAPI32.dll!ChangeServiceConfigA                              77E06E69 5 Bytes  JMP 002C00E4 
.text           C:\WINDOWS\system32\ctfmon.exe[3284] ADVAPI32.dll!ChangeServiceConfigW                              77E07001 5 Bytes  JMP 002C0120 
.text           C:\WINDOWS\system32\ctfmon.exe[3284] ADVAPI32.dll!ChangeServiceConfig2A                             77E07101 5 Bytes  JMP 002C015C 
.text           C:\WINDOWS\system32\ctfmon.exe[3284] ADVAPI32.dll!ChangeServiceConfig2W                             77E07189 5 Bytes  JMP 002C0198 
.text           C:\WINDOWS\system32\ctfmon.exe[3284] ADVAPI32.dll!CreateServiceA                                    77E07211 5 Bytes  JMP 002C0030 
.text           C:\WINDOWS\system32\ctfmon.exe[3284] ADVAPI32.dll!CreateServiceW                                    77E073A9 5 Bytes  JMP 002C006C 
.text           C:\WINDOWS\system32\ctfmon.exe[3284] ADVAPI32.dll!DeleteService                                     77E074B1 5 Bytes  JMP 002C00A8 
.text           C:\WINDOWS\system32\ctfmon.exe[3284] USER32.dll!SetWindowsHookExW                                   7E37820F 5 Bytes  JMP 002D00E4 
.text           C:\WINDOWS\system32\ctfmon.exe[3284] USER32.dll!UnhookWindowsHookEx                                 7E37D5F3 5 Bytes  JMP 002D0120 
.text           C:\WINDOWS\system32\ctfmon.exe[3284] USER32.dll!SetWindowsHookExA                                   7E381211 5 Bytes  JMP 002D00A8 
.text           C:\WINDOWS\system32\ctfmon.exe[3284] USER32.dll!SetWinEventHook                                     7E3817F7 5 Bytes  JMP 002D0030 
.text           C:\WINDOWS\system32\ctfmon.exe[3284] USER32.dll!UnhookWinEvent                                      7E3818AC 5 Bytes  JMP 002D006C 
.text           C:\WINDOWS\System32\svchost.exe[3360] ntdll.dll!LdrLoadDll                                          7C92632D 5 Bytes  JMP 00090030 
.text           C:\WINDOWS\System32\svchost.exe[3360] ntdll.dll!LdrUnloadDll                                        7C9271CD 5 Bytes  JMP 0009006C 
.text           C:\WINDOWS\System32\svchost.exe[3360] ADVAPI32.dll!SetServiceObjectSecurity                         77E06D81 5 Bytes  JMP 002B01D4 
.text           C:\WINDOWS\System32\svchost.exe[3360] ADVAPI32.dll!ChangeServiceConfigA                             77E06E69 5 Bytes  JMP 002B00E4 
.text           C:\WINDOWS\System32\svchost.exe[3360] ADVAPI32.dll!ChangeServiceConfigW                             77E07001 5 Bytes  JMP 002B0120 
.text           C:\WINDOWS\System32\svchost.exe[3360] ADVAPI32.dll!ChangeServiceConfig2A                            77E07101 5 Bytes  JMP 002B015C 
.text           C:\WINDOWS\System32\svchost.exe[3360] ADVAPI32.dll!ChangeServiceConfig2W                            77E07189 5 Bytes  JMP 002B0198 
.text           C:\WINDOWS\System32\svchost.exe[3360] ADVAPI32.dll!CreateServiceA                                   77E07211 5 Bytes  JMP 002B0030 
.text           C:\WINDOWS\System32\svchost.exe[3360] ADVAPI32.dll!CreateServiceW                                   77E073A9 5 Bytes  JMP 002B006C 
.text           C:\WINDOWS\System32\svchost.exe[3360] ADVAPI32.dll!DeleteService                                    77E074B1 5 Bytes  JMP 002B00A8 
.text           C:\WINDOWS\System32\svchost.exe[3360] USER32.dll!SetWindowsHookExW                                  7E37820F 5 Bytes  JMP 002C00E4 
.text           C:\WINDOWS\System32\svchost.exe[3360] USER32.dll!UnhookWindowsHookEx                                7E37D5F3 5 Bytes  JMP 002C0120 
.text           C:\WINDOWS\System32\svchost.exe[3360] USER32.dll!SetWindowsHookExA                                  7E381211 5 Bytes  JMP 002C00A8 
.text           C:\WINDOWS\System32\svchost.exe[3360] USER32.dll!SetWinEventHook                                    7E3817F7 5 Bytes  JMP 002C0030 
.text           C:\WINDOWS\System32\svchost.exe[3360] USER32.dll!UnhookWinEvent                                     7E3818AC 5 Bytes  JMP 002C006C 
.text           C:\Programme\Mozilla Firefox\firefox.exe[3636] ntdll.dll!LdrLoadDll                                 7C92632D 5 Bytes  JMP 00150030 
.text           C:\Programme\Mozilla Firefox\firefox.exe[3636] ntdll.dll!LdrUnloadDll                               7C9271CD 5 Bytes  JMP 0015006C 
.text           C:\Programme\Mozilla Firefox\firefox.exe[3636] ADVAPI32.dll!SetServiceObjectSecurity                77E06D81 5 Bytes  JMP 006B01D4 
.text           C:\Programme\Mozilla Firefox\firefox.exe[3636] ADVAPI32.dll!ChangeServiceConfigA                    77E06E69 5 Bytes  JMP 006B00E4 
.text           C:\Programme\Mozilla Firefox\firefox.exe[3636] ADVAPI32.dll!ChangeServiceConfigW                    77E07001 5 Bytes  JMP 006B0120 
.text           C:\Programme\Mozilla Firefox\firefox.exe[3636] ADVAPI32.dll!ChangeServiceConfig2A                   77E07101 5 Bytes  JMP 006B015C 
.text           C:\Programme\Mozilla Firefox\firefox.exe[3636] ADVAPI32.dll!ChangeServiceConfig2W                   77E07189 5 Bytes  JMP 006B0198 
.text           C:\Programme\Mozilla Firefox\firefox.exe[3636] ADVAPI32.dll!CreateServiceA                          77E07211 5 Bytes  JMP 006B0030 
.text           C:\Programme\Mozilla Firefox\firefox.exe[3636] ADVAPI32.dll!CreateServiceW                          77E073A9 5 Bytes  JMP 006B006C 
.text           C:\Programme\Mozilla Firefox\firefox.exe[3636] ADVAPI32.dll!DeleteService                           77E074B1 5 Bytes  JMP 006B00A8 
.text           C:\Programme\Mozilla Firefox\firefox.exe[3636] USER32.dll!SetWindowsHookExW                         7E37820F 5 Bytes  JMP 006C00E4 
.text           C:\Programme\Mozilla Firefox\firefox.exe[3636] USER32.dll!UnhookWindowsHookEx                       7E37D5F3 5 Bytes  JMP 006C0120 
.text           C:\Programme\Mozilla Firefox\firefox.exe[3636] USER32.dll!SetWindowsHookExA                         7E381211 5 Bytes  JMP 006C00A8 
.text           C:\Programme\Mozilla Firefox\firefox.exe[3636] USER32.dll!SetWinEventHook                           7E3817F7 5 Bytes  JMP 006C0030 
.text           C:\Programme\Mozilla Firefox\firefox.exe[3636] USER32.dll!UnhookWinEvent                            7E3818AC 5 Bytes  JMP 006C006C 

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                              aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                              aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                            aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                           aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                           aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                         aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device          \FileSystem\Fastfat \Fat                                                                            EC9B4D20

AttachedDevice  \FileSystem\Fastfat \Fat                                                                            fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                            aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device          \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer                                                  tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device          \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer                                                   tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device          \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer                                                       tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device          \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer                                                    tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device          \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer                                                   tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device          \FileSystem\Cdfs \Cdfs                                                                              tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----
         
Malwarebytes' Anti-Malware
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6173

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

26.03.2011 10:51:13
mbam-log-2011-03-26 (10-51-13).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 169608
Laufzeit: 3 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         

Alt 28.03.2011, 11:08   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Microsoft Security Essentials meldete W32.ramnit.a - Standard

Microsoft Security Essentials meldete W32.ramnit.a



Zitat:
Art des Suchlaufs: Quick-Scan
Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________

__________________

Antwort

Themen zu Microsoft Security Essentials meldete W32.ramnit.a
0x00000001, acedrv05.sys, adblock, adobe, antivirus, avast, avast!, avira, bho, c:\windows\system32\rundll32.exe, c:\windows\system32\services.exe, dell computer, einstellungen, error, firefox, flash player, format, gruppe, home, installation, kaspersky, kaspersky rescue, location, microsoft security, microsoft security essentials, mmc.exe, monitor, mozilla, ntdll.dll, oldtimer, registry, rundll, safer networking, saver, scan, searchplugins, security, shell32.dll, software, starten, stick, system error, udp, virus, windows internet, wscript.exe



Ähnliche Themen: Microsoft Security Essentials meldete W32.ramnit.a


  1. Microsoft Security Essentials Einstellungen
    Antiviren-, Firewall- und andere Schutzprogramme - 07.04.2014 (12)
  2. Microsoft Security Essentials
    Antiviren-, Firewall- und andere Schutzprogramme - 06.01.2014 (4)
  3. Sicherheirheitscenter und Microsoft Security Essentials deaktiviert!
    Plagegeister aller Art und deren Bekämpfung - 09.11.2012 (24)
  4. Sirefef.AK, M und W gefunden (Microsoft Security Essentials)
    Plagegeister aller Art und deren Bekämpfung - 10.06.2012 (1)
  5. Microsoft Security Essentials
    Antiviren-, Firewall- und andere Schutzprogramme - 03.11.2011 (1)
  6. Microsoft Security Essentials + Threatfire
    Antiviren-, Firewall- und andere Schutzprogramme - 22.10.2011 (2)
  7. Microsoft Security Essentials - Befall
    Log-Analyse und Auswertung - 05.06.2011 (3)
  8. Microsoft Security Essentials Alert
    Plagegeister aller Art und deren Bekämpfung - 03.03.2011 (16)
  9. Microsoft Security Essentials
    Antiviren-, Firewall- und andere Schutzprogramme - 05.02.2011 (76)
  10. Microsoft Security Essentials Alert
    Plagegeister aller Art und deren Bekämpfung - 15.10.2010 (9)
  11. Microsoft Security Essentials Alert
    Plagegeister aller Art und deren Bekämpfung - 10.10.2010 (1)
  12. Microsoft Security Essentials Alert
    Plagegeister aller Art und deren Bekämpfung - 28.09.2010 (39)
  13. Fake Microsoft Security Essentials Alert
    Plagegeister aller Art und deren Bekämpfung - 26.09.2010 (24)
  14. Microsoft Security Essentials Alert
    Plagegeister aller Art und deren Bekämpfung - 24.09.2010 (27)
  15. Microsoft Security Essentials Alert die zweite
    Plagegeister aller Art und deren Bekämpfung - 24.09.2010 (12)
  16. Microsoft Security Essentials Alert entfernen
    Anleitungen, FAQs & Links - 22.08.2010 (2)
  17. Betaversion von Microsoft Security Essentials 2
    Nachrichten - 24.07.2010 (0)

Zum Thema Microsoft Security Essentials meldete W32.ramnit.a - Hallo, hab hier ein Rechner von einem bekannten der ursprünglich den oben genannten Virus drauf gehabt hat. Hab dann als erstes Live-CD von Avira und Kaspersky laufen lassen. Es wurden - Microsoft Security Essentials meldete W32.ramnit.a...
Archiv
Du betrachtest: Microsoft Security Essentials meldete W32.ramnit.a auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.