Trojaner-Board - fremde seite öffnet sich In Mozilla firefox beim Surfen.

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - fremde seite öffnet sich In Mozilla firefox beim Surfen. (https://www.trojaner-board.de/88340-fremde-seite-oeffnet-mozilla-firefox-beim-surfen.html)

fremde seite öffnet sich In Mozilla firefox beim Surfen.

Hallo,leute.Mein problem ist,wenn ich am suerfen bin(ich benutze Mozilla Firefox)und dann zb geh ich auf w*w.google.de dann öffnet sich eine andere seite die den name Hat

hxxp://w*w.mybrowserbar.com/ und da steht dann Immer Oops this site has broken usw.

Nun bin ich mir nicht sicher Ob das ein Virus/trojaner etc ist.

Ich hoffe ihr könnt mir helfen. Danke

Ps,weiß nicht obs nötig ist aber mein antiviren programm ist McAfee Total protection 2010

:hallo:

Nur im Firefox oder auch mit dem IE ?

kann ich nicht beurteilen benutze Ie nicht aber ich werde es mal testen.

mfg Andre

und hier ist nochmal der genau name von der seite die sich öffnet hxxp://w*w.mybrowserbar.com/cgi/errors.cgi?q=http%3A%2F%2Fwww.google.de%2F&type=dns&ISN=A202A8BB94614DC8971AEBC200B26FB9&ccv=130&cnid=302398&cco=US&ct=12

Wie wärs wenn Du dich um das kümmerst was ich wissen muss ? :D

so ich hab jetzt ne weile mim Ie gesurft.Google,youtube,etc.Da ist nichts passiert.

Mfg Andre

Downloade dir bitte GooredFix.exe auf Deinem Desktop.

Schliesse bitte alle laufenden Programme inklusive Browser.
Doppelklick auf die .exe
Vista User: Mit Rechtsklick "als Administrator starten".
Gib bitte in folgendes Fenster 1 ein und drücke Enter.
Wenn der Scan beendet wurde, erstellt das Tool eine GooredLog.
Diese ist auch auf Deinem Desktop zu finden.

Poste mir bitte den Inhalt der GooredLog.txt
Hinweis: Bitte nicht Option 2 selbständig laufen lassen.

so,habe das programm runtergeladen.Wenn ich es starte kommt da gooredfix will automaticly check for and remove infection. Habe auf yes gedrückt da wenn ich auf No drücke es aus geht.Ich konnte in das fenster Keine 1 eingeben.

und hier der Log

Zitat:

GooredFix by jpshortstuff (03.07.10.1)
Log created at 15:34 on 18/07/2010 (*****)
Firefox version 3.6.6 (de)

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [18:01 15/01/2010]
{AB2CE124-6272-4b12-94A9-7303C7397BD1} [16:38 28/03/2010]
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [19:25 15/01/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor" [10:57 17/04/2010]

-=E.O.F=-

Ich steh drauf wenn was geändert wird und niemand sagt was -.-

Downloade Dir bitte Load.exe

Das Tool benötigt eine aktive Internetverbindung, aber keinen offenen Browser
Sollte deine Firewall meckern, die Anwendung bitte zulassen.

Speichere die Datei am Desktop.
Doppelklick auf die load.exe
Belasse die Häckchen wie sie sind.
Schließe nun alle offenen Programme.
Klicke auf Download
Bitte während dem Download nicht in das Fenster klicken.
Folge den Anweisungen auf dem Bildschirm.
Wenn das Fenster Status aufpoppt klicke Start.

Nach dem Neustart findest Du einen Ordner MFTools auf dem Desktop. Darin befindet sich eine Anleitung.pdf.
Diese bitte öffnen und die darin beschriebenen Schritte abarbeiten.

so bin fertig.hier die ganzen Logs

Otl.log
OTL Logfile:

Code:

OTL logfile created on: 18.07.2010 16:36:49 - Run 1

OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\****\Desktop\MFTools

 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 60,00% Memory free

3,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 69,52 Gb Total Space | 31,15 Gb Free Space | 44,81% Space Free | Partition Type: NTFS

Drive D: | 66,00 Gb Total Space | 30,42 Gb Free Space | 46,09% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: ****

Current User Name: ***

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

 
 ========== Processes (SafeList) ==========

 

PRC - [2010.07.18 15:56:20 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\****\AppData\Local\Temp\RtkBtMnt.exe

PRC - [2010.07.18 15:43:31 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Andre\Desktop\MFTools\OTL.exe

PRC - [2010.06.19 18:39:28 | 001,701,888 | ---- | M] (Curse) -- C:\Users\Andre\AppData\Local\Apps\2.0\V9WYWV5M.VJC\A76PHQKO.V9E\curs..tion_eee711038731a406_0004.0000_172b37d8269e5e48\CurseClient.exe

PRC - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010.04.27 17:16:24 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe

PRC - [2010.04.27 17:16:24 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe

PRC - [2010.04.01 23:05:04 | 001,180,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe

PRC - [2010.01.08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe

PRC - [2010.01.05 18:04:02 | 000,170,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe

PRC - [2010.01.03 18:07:48 | 000,246,520 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe

PRC - [2009.12.14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.08.18 03:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe

PRC - [2009.08.18 03:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe

PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009.06.08 12:11:00 | 001,160,192 | ---- | M] (infoMantis GmbH) -- C:\Program Files\iSaver\iSaverCtrl.exe

PRC - [2009.04.10 21:11:00 | 007,399,968 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

PRC - [2008.07.29 20:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe

PRC - [2008.07.11 02:27:52 | 040,999,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

PRC - [2008.07.10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

 

 
 ========== Modules (SafeList) ==========

 

MOD - [2010.07.18 15:43:31 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Andre\Desktop\MFTools\OTL.exe

MOD - [2010.04.01 09:57:36 | 000,015,056 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll

MOD - [2010.02.23 09:55:24 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieproxy.dll

MOD - [2009.07.14 03:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll

MOD - [2009.07.14 03:16:18 | 001,011,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll

MOD - [2009.07.14 03:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll

MOD - [2009.07.14 03:16:16 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll

MOD - [2009.07.14 03:16:15 | 000,363,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll

MOD - [2009.07.14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll

MOD - [2009.07.14 03:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srvcli.dll

MOD - [2009.07.14 03:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slc.dll

MOD - [2009.07.14 03:16:13 | 000,643,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFolder.dll

MOD - [2009.07.14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll

MOD - [2009.07.14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll

MOD - [2009.07.14 03:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcRtRemote.dll

MOD - [2009.07.14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll

MOD - [2009.07.14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll

MOD - [2009.07.14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll

MOD - [2009.07.14 03:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll

MOD - [2009.07.14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll

MOD - [2009.07.14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll

MOD - [2009.07.14 03:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptsp.dll

MOD - [2009.07.14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll

MOD - [2009.07.14 03:15:07 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll

MOD - [2009.07.14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll

MOD - [2009.07.14 03:14:52 | 000,309,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll

MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010.04.27 17:16:24 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)

SRV - [2010.04.27 17:16:24 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe -- (mfevtp)

SRV - [2010.03.10 11:16:56 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV - [2010.01.08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)

SRV - [2010.01.05 18:04:02 | 000,170,144 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)

SRV - [2010.01.03 18:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)

SRV - [2009.12.14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)

SRV - [2009.12.14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)

SRV - [2009.12.14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)

SRV - [2009.12.14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)

SRV - [2009.12.14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)

SRV - [2009.12.14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)

SRV - [2009.12.14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)

SRV - [2009.08.18 03:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2009.07.14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)

SRV - [2009.07.14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)

SRV - [2009.07.14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)

SRV - [2009.07.14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)

SRV - [2009.07.14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)

SRV - [2009.07.14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)

SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)

SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)

SRV - [2009.07.14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)

SRV - [2009.07.14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)

SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009.07.14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)

SRV - [2009.07.14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2009.07.14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)

SRV - [2009.07.14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)

SRV - [2009.07.14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)

SRV - [2009.07.14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV)

SRV - [2009.07.14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)

SRV - [2009.07.14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)

SRV - [2008.07.11 02:27:52 | 040,999,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)

SRV - [2008.07.11 02:27:52 | 000,369,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server-Agent (SQLEXPRESS)

SRV - [2008.07.11 02:27:48 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100)

SRV - [2008.07.10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)

SRV - [2008.07.10 02:49:34 | 000,258,072 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EagleNT.sys -- (EagleNT)

DRV - [2010.04.27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2010.04.27 17:16:24 | 000,312,616 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)

DRV - [2010.04.27 17:16:24 | 000,160,720 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfewfpk.sys -- (mfewfpk)

DRV - [2010.04.27 17:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2010.04.27 17:16:24 | 000,095,568 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)

DRV - [2010.04.27 17:16:24 | 000,083,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)

DRV - [2010.04.27 17:16:24 | 000,064,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)

DRV - [2010.04.27 17:16:24 | 000,055,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)

DRV - [2010.04.27 17:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2009.12.11 09:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)

DRV - [2009.08.18 04:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2009.07.24 00:48:00 | 000,103,440 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV - [2009.07.20 20:39:20 | 000,116,136 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)

DRV - [2009.07.14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)

DRV - [2009.07.14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)

DRV - [2009.07.14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)

DRV - [2009.07.14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)

DRV - [2009.07.14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)

DRV - [2009.07.14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)

DRV - [2009.07.14 03:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)

DRV - [2009.07.14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)

DRV - [2009.07.14 03:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)

DRV - [2009.07.14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)

DRV - [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)

DRV - [2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)

DRV - [2009.07.14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)

DRV - [2009.07.14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)

DRV - [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)

DRV - [2009.07.14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)

DRV - [2009.07.14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2009.07.14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)

DRV - [2009.07.14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)

DRV - [2009.07.14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)

DRV - [2009.07.14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)

DRV - [2009.07.14 03:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)

DRV - [2009.07.14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)

DRV - [2009.07.14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)

DRV - [2009.07.14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)

DRV - [2009.07.14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)

DRV - [2009.07.14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)

DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)

DRV - [2009.07.14 03:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)

DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)

DRV - [2009.07.14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)

DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)

DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)

DRV - [2009.07.14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)

DRV - [2009.07.14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)

DRV - [2009.07.14 03:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)

DRV - [2009.07.14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)

DRV - [2009.07.14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)

DRV - [2009.07.14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)

DRV - [2009.07.14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)

DRV - [2009.07.14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)

DRV - [2009.07.14 03:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)

DRV - [2009.07.14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC-Seriellschnittstellentreiber (WDM)

DRV - [2009.07.14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)

DRV - [2009.07.14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)

DRV - [2009.07.14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)

DRV - [2009.07.14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)

DRV - [2009.07.14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)

DRV - [2009.07.14 01:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)

DRV - [2009.07.14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)

DRV - [2009.07.14 01:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)

DRV - [2009.07.14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)

DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009.07.14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)

DRV - [2009.07.14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)

DRV - [2009.07.14 01:45:42 | 000,465,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xnacc.sys -- (xnacc)

DRV - [2009.07.14 01:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)

DRV - [2009.07.14 01:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)

DRV - [2009.07.14 01:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)

DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)

DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)

DRV - [2009.07.14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)

DRV - [2009.07.14 01:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)

DRV - [2009.07.14 01:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)

DRV - [2009.07.14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdppm.sys -- (AmdPPM)

DRV - [2009.07.14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009.07.14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) Brother MFC-nur-Fax-Modem (USB)

DRV - [2009.07.14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) Brother MFC-WDM-Treiber (USB,seriell)

DRV - [2009.07.14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) Brother WDM-Treiber (seriell)

DRV - [2009.07.14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)

DRV - [2009.07.14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)

DRV - [2009.07.14 00:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)

DRV - [2009.07.14 00:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)

DRV - [2009.07.14 00:13:45 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (SrvHsfHDA)

DRV - [2009.07.14 00:02:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)

DRV - [2009.07.14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)

DRV - [2009.07.14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)

DRV - [2009.07.14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)

DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2009.06.15 15:01:00 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)

DRV - [2009.05.12 16:53:04 | 000,016,896 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FlashUsb.sys -- (FlashUSB)

DRV - [2009.05.04 22:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)

DRV - [2009.04.10 17:50:00 | 002,358,112 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2009.04.03 07:39:58 | 000,027,320 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)

DRV - [2008.11.08 10:55:24 | 000,101,760 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2008.07.10 02:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0102.sys -- (RsFx0102)

DRV - [2008.04.29 02:54:58 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)

DRV - [2008.02.27 20:36:02 | 000,141,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E7 F9 98 F5 BC 96 CA 01  [binary data]

IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1

FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3

FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010.07.02 14:43:59 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.30 17:06:43 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.30 17:06:43 | 000,000,000 | ---D | M]

 

[2010.01.15 20:01:39 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\mozilla\Extensions

[2010.07.18 15:24:16 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\mozilla\Firefox\Profiles\k2veblcu.default\extensions

[2010.04.20 17:47:27 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\mozilla\Firefox\Profiles\k2veblcu.default\extensions\SkipScreen@SkipScreen

[2010.04.05 21:16:46 | 000,002,252 | ---- | M] () -- C:\Users\Andre\AppData\Roaming\Mozilla\FireFox\Profiles\k2veblcu.default\searchplugins\askcom.xml

[2010.07.11 23:04:19 | 000,000,944 | ---- | M] () -- C:\Users\Andre\AppData\Roaming\Mozilla\FireFox\Profiles\k2veblcu.default\searchplugins\icqplugin.xml

[2010.06.24 18:53:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010.03.28 18:39:00 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2010.04.27 17:16:24 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll

[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml

[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20100518172810.dll (McAfee, Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found

O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found

O4 - HKLM..\Run: [iSaverCtrl] C:\Program Files\iSaver\iSaverCtrl.exe (infoMantis GmbH)

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()

O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)

O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKCU..\Run: [WebcamMaxAutoRun] C:\Program Files\WebcamMax\WebcamMax.exe (CoolwareMax)

O4 - Startup: C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 149

O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{6f537000-86ea-11df-abbd-001eec5d905c}\Shell - "" = AutoRun

O33 - MountPoints2\{6f537000-86ea-11df-abbd-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{6f537002-86ea-11df-abbd-001eec5d905c}\Shell - "" = AutoRun

O33 - MountPoints2\{6f537002-86ea-11df-abbd-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{cb9ac6e2-7633-11df-8a3c-001eec5d905c}\Shell - "" = AutoRun

O33 - MountPoints2\{cb9ac6e2-7633-11df-8a3c-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{d05e8afd-696d-11df-bcf1-001eec5d905c}\Shell - "" = AutoRun

O33 - MountPoints2\{d05e8afd-696d-11df-bcf1-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{d05e8b02-696d-11df-bcf1-001eec5d905c}\Shell - "" = AutoRun

O33 - MountPoints2\{d05e8b02-696d-11df-bcf1-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{f116a294-5169-11df-86b7-001eec5d905c}\Shell - "" = AutoRun

O33 - MountPoints2\{f116a294-5169-11df-86b7-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{f116a299-5169-11df-86b7-001eec5d905c}\Shell - "" = AutoRun

O33 - MountPoints2\{f116a299-5169-11df-86b7-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{f116a2b6-5169-11df-86b7-001eec5d905c}\Shell - "" = AutoRun

O33 - MountPoints2\{f116a2b6-5169-11df-86b7-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias -  File not found

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)

NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

 
 ========== Files/Folders - Created Within 90 Days ==========

 

[2010.07.18 16:29:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2010.07.18 16:00:28 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2010.07.18 15:59:11 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2010.07.18 15:47:30 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\Malwarebytes

[2010.07.18 15:47:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010.07.18 15:47:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010.07.18 15:47:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010.07.18 15:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010.07.18 15:42:11 | 000,000,000 | ---D | C] -- C:\Users\Andre\Desktop\MFTools

[2010.07.18 15:34:28 | 000,000,000 | ---D | C] -- C:\Users\Andre\Desktop\GooredFix Backups

[2010.07.18 15:33:19 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Andre\Desktop\GooredFix.exe

[2010.07.06 12:26:46 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\ScreeNet iSaver

[2010.07.06 12:26:46 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\ScreeNet iSaver

[2010.07.06 12:23:02 | 000,000,000 | ---D | C] -- C:\Program Files\iSaver

[2010.06.24 20:23:16 | 000,000,000 | ---D | C] -- C:\Users\Andre\Desktop\redsn0w_win_0.9.5b5-4

[2010.06.24 18:53:55 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater

[2010.06.24 18:53:47 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar

[2010.06.23 23:06:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010.06.23 23:06:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010.06.23 23:00:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2010.06.12 17:32:19 | 000,621,056 | R--- | C] (DiBcom SA) -- C:\Windows\System32\drivers\mod7700.sys

[2010.06.12 17:32:19 | 000,113,152 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys

[2010.06.12 17:32:19 | 000,101,760 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys

[2010.06.12 17:32:19 | 000,023,424 | R--- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys

[2010.06.04 19:32:24 | 000,190,464 | ---- | C] (Tools & Components) -- C:\Windows\System32\sevImLib.dll

[2010.06.04 19:32:24 | 000,148,992 | ---- | C] (Tools & Components) -- C:\Windows\System32\sevMenuXP2.ocx

[2010.06.04 19:32:24 | 000,062,976 | ---- | C] (Tools & Components) -- C:\Windows\System32\sevList32.ocx

[2010.06.04 19:32:20 | 000,000,000 | ---D | C] -- C:\Stormblade

[2010.05.25 18:10:52 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\Blizzard Entertainment

[2010.05.22 23:32:07 | 000,000,000 | ---D | C] -- C:\Itemmall

[2010.05.14 12:18:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt

[2010.05.09 10:09:56 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\teamspeak2

[2010.05.09 10:09:05 | 000,000,000 | ---D | C] -- C:\Program Files\Teamspeak2_RC2

[2010.05.09 00:20:24 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\Apps

[2010.05.09 00:20:22 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\Deployment

[2010.05.07 19:50:54 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\QuickPar

[2010.05.07 19:50:09 | 000,000,000 | ---D | C] -- C:\Program Files\QuickPar

[2010.05.02 12:55:13 | 000,000,000 | ---D | C] -- C:\Program Files\Surf & E-Mail-Stick

[2010.04.23 16:04:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment

[2010.04.23 16:03:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard

[2010.04.22 20:27:17 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment

 
 ========== Files - Modified Within 90 Days ==========

 

[2010.07.18 16:42:30 | 002,097,152 | -HS- | M] () -- C:\Users\Andre\NTUSER.DAT

[2010.07.18 16:35:02 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010.07.18 16:35:02 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010.07.18 16:30:41 | 000,001,792 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk

[2010.07.18 16:29:47 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010.07.18 16:29:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010.07.18 16:29:33 | 290,143,305 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2010.07.18 16:29:32 | 1408,045,056 | -HS- | M] () -- C:\hiberfil.sys

[2010.07.18 16:14:38 | 000,293,376 | ---- | M] () -- C:\Users\Andre\Desktop\gmer.exe

[2010.07.18 15:59:14 | 000,000,858 | ---- | M] () -- C:\Users\Andre\Desktop\NTREGOPT.lnk

[2010.07.18 15:59:13 | 000,000,839 | ---- | M] () -- C:\Users\Andre\Desktop\ERUNT.lnk

[2010.07.18 15:47:08 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.07.18 15:42:43 | 000,284,915 | ---- | M] () -- C:\Users\Andre\Desktop\Gmer.zip

[2010.07.18 15:41:29 | 000,410,664 | ---- | M] () -- C:\Users\Andre\Desktop\Load.exe

[2010.07.18 15:33:21 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Andre\Desktop\GooredFix.exe

[2010.07.15 14:33:04 | 001,655,272 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010.07.15 14:33:04 | 000,709,178 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2010.07.15 14:33:04 | 000,672,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010.07.15 14:33:04 | 000,150,796 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2010.07.15 14:33:04 | 000,127,970 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010.07.06 12:26:50 | 000,001,969 | ---- | M] () -- C:\Users\Public\Desktop\TV-Guide starten.lnk

[2010.07.02 14:42:20 | 002,689,576 | -H-- | M] () -- C:\Users\Andre\AppData\Local\IconCache.db

[2010.06.29 14:40:22 | 000,072,371 | ---- | M] () -- C:\Users\Andre\Desktop\dun-morogh1.jpg

[2010.06.24 19:02:24 | 000,151,295 | ---- | M] () -- C:\Users\Andre\Documents\DragonBall - Manga - Volume 01 - 001.pdf

[2010.06.24 18:59:35 | 007,311,952 | ---- | M] () -- C:\Users\Andre\Documents\C__Users_Andre_Desktop_Dragonball Manga Volume 1 - Das Geheimnis der Drachenkugeln_DragonBall - Manga - Volume 01 - 002_.pdf.ps

[2010.06.24 09:55:46 | 000,000,589 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft - Stormblade.lnk

[2010.06.23 23:08:02 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010.06.23 22:07:19 | 001,662,622 | ---- | M] () -- C:\Users\Andre\Desktop\dnl-f10x.nzb

[2010.06.20 10:38:20 | 000,065,008 | ---- | M] () -- C:\Users\Andre\Desktop\brachland-zinnerz1.jpg

[2010.06.12 17:32:47 | 000,001,061 | ---- | M] () -- C:\Users\Public\Desktop\Surf & E-Mail-Stick.lnk

[2010.06.12 16:49:25 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010.06.04 19:34:05 | 000,000,188 | ---- | M] () -- C:\Windows\ODBCINST.INI

[2010.05.09 10:09:08 | 000,000,952 | ---- | M] () -- C:\Users\Andre\Desktop\Teamspeak 2 RC2.lnk

[2010.05.09 00:24:11 | 000,000,000 | ---- | M] () -- C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

[2010.05.09 00:23:19 | 000,000,312 | ---- | M] () -- C:\Users\Andre\Desktop\Curse Client.appref-ms

[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010.04.29 00:00:15 | 010,764,236 | ---- | M] () -- C:\Users\Andre\Desktop\Carry on my Wayward Son - Supernatural 2x22 (HQ;german).avi

[2010.04.27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys

[2010.04.27 17:16:24 | 000,312,616 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys

[2010.04.27 17:16:24 | 000,160,720 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys

[2010.04.27 17:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys

[2010.04.27 17:16:24 | 000,095,568 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys

[2010.04.27 17:16:24 | 000,083,496 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys

[2010.04.27 17:16:24 | 000,064,304 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys

[2010.04.27 17:16:24 | 000,055,456 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys

[2010.04.27 17:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys

[2010.04.27 17:16:24 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys

[2010.04.21 21:42:44 | 1548,398,592 | ---- | M] () -- C:\Users\Andre\Desktop\The.Descent.2.2009.HDRip.AC3.German.XviD-2Brothers.avi

 
 ========== Files Created - No Company Name ==========

 

[2010.07.18 16:29:33 | 290,143,305 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2010.07.18 16:14:37 | 000,293,376 | ---- | C] () -- C:\Users\Andre\Desktop\gmer.exe

[2010.07.18 15:59:14 | 000,000,858 | ---- | C] () -- C:\Users\Andre\Desktop\NTREGOPT.lnk

[2010.07.18 15:59:13 | 000,000,839 | ---- | C] () -- C:\Users\Andre\Desktop\ERUNT.lnk

[2010.07.18 15:47:08 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.07.18 15:42:36 | 000,284,915 | ---- | C] () -- C:\Users\Andre\Desktop\Gmer.zip

[2010.07.18 15:41:17 | 000,410,664 | ---- | C] () -- C:\Users\Andre\Desktop\Load.exe

[2010.07.06 12:26:50 | 000,001,969 | ---- | C] () -- C:\Users\Public\Desktop\TV-Guide starten.lnk

[2010.06.29 14:40:16 | 000,072,371 | ---- | C] () -- C:\Users\Andre\Desktop\dun-morogh1.jpg

[2010.06.24 19:02:23 | 000,151,295 | ---- | C] () -- C:\Users\Andre\Documents\DragonBall - Manga - Volume 01 - 001.pdf

[2010.06.24 18:59:35 | 007,311,952 | ---- | C] () -- C:\Users\Andre\Documents\C__Users_Andre_Desktop_Dragonball Manga Volume 1 - Das Geheimnis der Drachenkugeln_DragonBall - Manga - Volume 01 - 002_.pdf.ps

[2010.06.24 09:55:46 | 000,000,589 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft - Stormblade.lnk

[2010.06.23 23:08:02 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010.06.23 22:07:07 | 001,662,622 | ---- | C] () -- C:\Users\Andre\Desktop\dnl-f10x.nzb

[2010.06.20 10:38:15 | 000,065,008 | ---- | C] () -- C:\Users\Andre\Desktop\brachland-zinnerz1.jpg

[2010.06.12 17:32:47 | 000,001,061 | ---- | C] () -- C:\Users\Public\Desktop\Surf & E-Mail-Stick.lnk

[2010.06.04 19:32:23 | 000,002,463 | ---- | C] () -- C:\Windows\System32\MSWINSCK.DEP

[2010.06.04 19:32:22 | 000,002,768 | ---- | C] () -- C:\Windows\System32\classFileDownload.lib

[2010.06.04 19:32:22 | 000,001,049 | ---- | C] () -- C:\Windows\System32\classFileDownload.exp

[2010.05.29 20:59:44 | 1548,398,592 | ---- | C] () -- C:\Users\Andre\Desktop\The.Descent.2.2009.HDRip.AC3.German.XviD-2Brothers.avi

[2010.05.28 14:49:36 | 2644,133,888 | ---- | C] () -- C:\Users\Andre\Desktop\Transformers.Die.Rache.IMAX.EDITION.2009.DL.German.AC3.5.1.HD2DVDRip.XviD-Ms89.avi

[2010.05.09 10:09:08 | 000,000,952 | ---- | C] () -- C:\Users\Andre\Desktop\Teamspeak 2 RC2.lnk

[2010.05.09 00:24:11 | 000,000,000 | ---- | C] () -- C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

[2010.05.09 00:23:19 | 000,000,312 | ---- | C] () -- C:\Users\Andre\Desktop\Curse Client.appref-ms

[2010.04.28 23:59:53 | 010,764,236 | ---- | C] () -- C:\Users\Andre\Desktop\Carry on my Wayward Son - Supernatural 2x22 (HQ;german).avi

[2010.03.13 17:26:38 | 000,000,000 | ---- | C] () -- C:\Windows\iplayer.INI

[2010.01.23 18:42:10 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll

[2010.01.15 20:40:32 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll

[2010.01.15 20:40:32 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini

[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009.04.22 01:19:06 | 000,172,173 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll

[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll

[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll

[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll

[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll

[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll

[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll

[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll

[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll

[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll

[2008.08.18 18:16:08 | 001,634,304 | ---- | C] () -- C:\Windows\System32\myodbc5S.dll

 
 ========== LOP Check ==========

 

[2010.02.01 23:24:01 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\abgx360

[2010.03.18 20:45:45 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\Ashampoo

[2010.07.16 21:30:05 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\ICQ

[2010.01.29 14:24:55 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\ImgBurn

[2010.01.27 18:04:37 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\log

[2010.07.06 12:27:03 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\ScreeNet iSaver

[2010.02.13 22:22:58 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\ShareTV

[2010.02.20 13:09:50 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\ShareTV2

[2010.05.11 21:36:57 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\UseNeXT

[2010.01.26 21:58:47 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\Vso

[2010.04.05 19:28:06 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\WebcamMax

[2009.07.14 06:53:46 | 000,022,048 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %SYSTEMDRIVE%\*.* >

[2009.06.10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2009.07.14 03:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr

[2010.01.15 19:24:10 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2009.06.10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys

[2008.10.25 10:06:11 | 000,002,560 | ---- | M] () -- C:\DVDSample.bmk

[2010.07.18 16:29:32 | 1408,045,056 | -HS- | M] () -- C:\hiberfil.sys

[2009.08.11 22:42:51 | 000,123,195 | ---- | M] () -- C:\Hugo.huc

[2008.10.05 22:17:18 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2009.07.21 21:57:34 | 000,578,600 | ---- | M] () -- C:\KP500.flb

[2009.02.06 21:50:06 | 000,000,090 | ---- | M] () -- C:\LogiSetup.log

[2008.08.21 05:22:17 | 000,000,020 | ---- | M] () -- C:\Medion.ini

[2008.10.05 22:17:18 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2008.06.30 22:27:28 | 000,016,384 | ---- | M] (Egis Incorporated) -- C:\msimg32.dll

[2010.07.18 16:29:36 | 1877,393,408 | -HS- | M] () -- C:\pagefile.sys

[2008.08.21 05:17:42 | 000,000,060 | ---- | M] () -- C:\Partition.txt

[2008.05.20 23:00:53 | 000,000,650 | ---- | M] () -- C:\RHDSetup.log

[2010.01.15 19:43:54 | 000,171,136 | RHS- | M] () -- C:\w7ldr

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2009.07.14 03:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll

[2009.07.14 03:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll

[2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\FirewallAPI.dll

[2009.07.14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\LocationApi.dll

 
 < %systemroot%\Tasks\*.job /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\system32\drivers\*.sys /90 >

[2010.04.27 17:16:24 | 000,055,456 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys

[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010.04.27 17:16:24 | 000,095,568 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys

[2010.04.27 17:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys

[2010.04.27 17:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys

[2010.04.27 17:16:24 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys

[2010.04.27 17:16:24 | 000,312,616 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys

[2010.04.27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys

[2010.04.27 17:16:24 | 000,064,304 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys

[2010.04.27 17:16:24 | 000,083,496 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys

[2010.04.27 17:16:24 | 000,160,720 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys

[2010.04.19 20:47:42 | 000,041,984 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\drivers\usbaapl.sys

 
 < %systemroot%\system32\user32.dll /md5 >

[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll

 
 < %systemroot%\system32\ws2_32.dll /md5 >

[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll

 
 < %systemroot%\system32\ws2help.dll /md5 >

[2009.07.14 03:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\System32\ws2help.dll

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-05-02 16:35:52
 

< End of report >

--- --- ---

extras.log

OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 18.07.2010 16:36:49 - Run 1

OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Andre\Desktop\MFTools

 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 60,00% Memory free

3,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 69,52 Gb Total Space | 31,15 Gb Free Space | 44,81% Space Free | Partition Type: NTFS

Drive D: | 66,00 Gb Total Space | 30,42 Gb Free Space | 46,09% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: MEIN-PC

Current User Name: Andre

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32

"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable

"{0B9CCE86-8E60-4CE5-AE03-26F79D4D8FA9}" = Item-mall

"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour

"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu

"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver

"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1

"{30355ED7-DE49-4C8D-BE23-2161D36E8A9A}" = Microsoft SQL Server 2008 Setup Support Files (English)

"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types

"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger

"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared

"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files

"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008-Browser

"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE 

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2

"{5A67EE53-2CE7-40CD-BA31-70F0C801A189}" = TV-Guide

"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services

"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)

"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes

"{81CC4D29-D7F2-7609-2833-C7AD6D363DF4}" = ATI Catalyst Install Manager

"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support

"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX

"{8F714418-F3C3-3BF0-B548-E4BDA7AD41DE}" = Microsoft Visual Basic 2008 Express Edition with SP1 - DEU

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab

"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari

"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam

"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch

"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support

"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services

"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail

"{C91C4EF4-63E1-41EE-AE6A-5152628FDC21}" = Microsoft SQL Server 2008 Native Client

"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program

"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver

"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared

"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch)

"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files

"4StoryDE_is1" = 4Story 3.3

"5D38134BF8A10D640B30E6B014EECDBC5F881E3D" = Windows Driver Package - ENE (enecir) HIDClass  (04/29/2008 2.5.0.0)

"7D6D030B3D73FCCA3D4E45319380F315DFBE7A54" = Windows-Treiberpaket - Infineon Technologies (FlashUSB) USB  (04/16/2009 1.0.0.6)

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010

"ERUNT_is1" = ERUNT 1.1j

"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]

"Free YouTube Download_is1" = Free YouTube Download 2.3

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2

"ICQToolbar" = ICQ Toolbar

"ImgBurn" = ImgBurn

"Infineon USB driver_is1" = Infineon USB driver 1.0.0.6

"InterActual Player" = InterActual Player

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft SQL Server 10" = Microsoft SQL Server 2008

"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008

"Microsoft Visual Basic 2008 Express Edition with SP1 - DEU" = Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU

"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)

"MSC" = McAfee Total Protection

"OpenAL" = OpenAL

"Palringo" = Palringo

"QuickPar" = QuickPar 0.9

"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)

"Surf & E-Mail-Stick" = Surf & E-Mail-Stick

"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2

"Uninstall_is1" = Uninstall 1.0.0.1

"VLC media player" = VLC media player 1.0.5

"VSO Inspector_is1" = VSO Inspector 2.0.1.7

"WebcamMax" = WebcamMax

"WinImage" = WinImage

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"090215de958f1060" = Curse Client

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 17.07.2010 20:48:43 | Computer Name = Mein-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 4555

 

Error - 17.07.2010 20:48:43 | Computer Name = Mein-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 4555

 

Error - 17.07.2010 20:48:44 | Computer Name = Mein-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 17.07.2010 20:48:44 | Computer Name = Mein-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 5569

 

Error - 17.07.2010 20:48:44 | Computer Name = Mein-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 5569

 

Error - 17.07.2010 20:48:45 | Computer Name = Mein-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 17.07.2010 20:48:45 | Computer Name = Mein-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 6567

 

Error - 17.07.2010 20:48:45 | Computer Name = Mein-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 6567

 

Error - 17.07.2010 20:48:46 | Computer Name = Mein-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 17.07.2010 20:48:46 | Computer Name = Mein-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 7566

 

[ Media Center Events ]

Error - 25.01.2010 11:52:13 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0

Description = 16:52:06 - ClientUpdate konnte nicht abgerufen werden (Fehler: Die

 zugrunde liegende Verbindung wurde geschlossen: Die Verbindung wurde unerwartet

 getrennt..)  

 

Error - 09.02.2010 10:33:22 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0

Description = 15:33:22 - Fehler beim Herstellen der Internetverbindung.  15:33:22 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 09.02.2010 10:33:33 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0

Description = 15:33:28 - Fehler beim Herstellen der Internetverbindung.  15:33:28 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 18.02.2010 11:12:57 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0

Description = 16:12:56 - Directory konnte nicht abgerufen werden (Fehler: Der Remotename

 konnte nicht aufgelöst werden: 'data.tvdownload.microsoft.com')  

 

Error - 25.02.2010 11:13:19 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0

Description = 16:13:19 - Fehler beim Herstellen der Internetverbindung.  16:13:19 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 25.02.2010 11:13:53 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0

Description = 16:13:48 - Fehler beim Herstellen der Internetverbindung.  16:13:48 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 25.02.2010 12:15:51 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0

Description = 17:15:45 - Fehler beim Herstellen der Internetverbindung.  17:15:45 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 25.02.2010 13:17:14 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0

Description = 18:17:13 - Fehler beim Herstellen der Internetverbindung.  18:17:13 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 19.03.2010 06:31:29 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0

Description = 11:31:29 - Fehler beim Herstellen der Internetverbindung.  11:31:29 

-     Serververbindung konnte nicht hergestellt werden..  

 

[ System Events ]

Error - 28.05.2010 14:06:19 | Computer Name = Mein-PC | Source = cdrom | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

 

Error - 28.05.2010 14:06:24 | Computer Name = Mein-PC | Source = cdrom | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

 

Error - 28.05.2010 14:06:29 | Computer Name = Mein-PC | Source = cdrom | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

 

Error - 28.05.2010 14:06:34 | Computer Name = Mein-PC | Source = cdrom | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

 

Error - 28.05.2010 14:06:38 | Computer Name = Mein-PC | Source = cdrom | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

 

Error - 28.05.2010 14:06:43 | Computer Name = Mein-PC | Source = cdrom | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

 

Error - 28.05.2010 14:06:48 | Computer Name = Mein-PC | Source = cdrom | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

 

Error - 28.05.2010 14:06:53 | Computer Name = Mein-PC | Source = cdrom | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

 

Error - 28.05.2010 14:06:58 | Computer Name = Mein-PC | Source = cdrom | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

 

Error - 28.05.2010 14:07:02 | Computer Name = Mein-PC | Source = cdrom | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

 

 

< End of report >

--- --- ---

extras.log
OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 18.07.2010 16:36:49 - Run 1

OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Andre\Desktop\MFTools

 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 60,00% Memory free

3,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 69,52 Gb Total Space | 31,15 Gb Free Space | 44,81% Space Free | Partition Type: NTFS

Drive D: | 66,00 Gb Total Space | 30,42 Gb Free Space | 46,09% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: MEIN-PC

Current User Name: Andre

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32

"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable

"{0B9CCE86-8E60-4CE5-AE03-26F79D4D8FA9}" = Item-mall

"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour

"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu

"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver

"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1

"{30355ED7-DE49-4C8D-BE23-2161D36E8A9A}" = Microsoft SQL Server 2008 Setup Support Files (English)

"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types

"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger

"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared

"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files

"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008-Browser

"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE 

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2

"{5A67EE53-2CE7-40CD-BA31-70F0C801A189}" = TV-Guide

"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services

"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)

"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes

"{81CC4D29-D7F2-7609-2833-C7AD6D363DF4}" = ATI Catalyst Install Manager

"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support

"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX

"{8F714418-F3C3-3BF0-B548-E4BDA7AD41DE}" = Microsoft Visual Basic 2008 Express Edition with SP1 - DEU

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab

"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari

"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam

"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch

"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support

"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services

"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail

"{C91C4EF4-63E1-41EE-AE6A-5152628FDC21}" = Microsoft SQL Server 2008 Native Client

"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program

"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver

"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared

"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch)

"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files

"4StoryDE_is1" = 4Story 3.3

"5D38134BF8A10D640B30E6B014EECDBC5F881E3D" = Windows Driver Package - ENE (enecir) HIDClass  (04/29/2008 2.5.0.0)

"7D6D030B3D73FCCA3D4E45319380F315DFBE7A54" = Windows-Treiberpaket - Infineon Technologies (FlashUSB) USB  (04/16/2009 1.0.0.6)

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010

"ERUNT_is1" = ERUNT 1.1j

"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]

"Free YouTube Download_is1" = Free YouTube Download 2.3

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2

"ICQToolbar" = ICQ Toolbar

"ImgBurn" = ImgBurn

"Infineon USB driver_is1" = Infineon USB driver 1.0.0.6

"InterActual Player" = InterActual Player

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft SQL Server 10" = Microsoft SQL Server 2008

"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008

"Microsoft Visual Basic 2008 Express Edition with SP1 - DEU" = Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU

"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)

"MSC" = McAfee Total Protection

"OpenAL" = OpenAL

"Palringo" = Palringo

"QuickPar" = QuickPar 0.9

"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)

"Surf & E-Mail-Stick" = Surf & E-Mail-Stick

"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2

"Uninstall_is1" = Uninstall 1.0.0.1

"VLC media player" = VLC media player 1.0.5

"VSO Inspector_is1" = VSO Inspector 2.0.1.7

"WebcamMax" = WebcamMax

"WinImage" = WinImage

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"090215de958f1060" = Curse Client

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 17.07.2010 20:48:43 | Computer Name = Mein-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 4555

 

Error - 17.07.2010 20:48:43 | Computer Name = Mein-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 4555

 

Error - 17.07.2010 20:48:44 | Computer Name = Mein-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 17.07.2010 20:48:44 | Computer Name = Mein-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 5569

 

Error - 17.07.2010 20:48:44 | Computer Name = Mein-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 5569

 

Error - 17.07.2010 20:48:45 | Computer Name = Mein-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 17.07.2010 20:48:45 | Computer Name = Mein-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 6567

 

Error - 17.07.2010 20:48:45 | Computer Name = Mein-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 6567

 

Error - 17.07.2010 20:48:46 | Computer Name = Mein-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 17.07.2010 20:48:46 | Computer Name = Mein-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 7566

 

[ Media Center Events ]

Error - 25.01.2010 11:52:13 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0

Description = 16:52:06 - ClientUpdate konnte nicht abgerufen werden (Fehler: Die

 zugrunde liegende Verbindung wurde geschlossen: Die Verbindung wurde unerwartet

 getrennt..)  

 

Error - 09.02.2010 10:33:22 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0

Description = 15:33:22 - Fehler beim Herstellen der Internetverbindung.  15:33:22 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 09.02.2010 10:33:33 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0

Description = 15:33:28 - Fehler beim Herstellen der Internetverbindung.  15:33:28 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 18.02.2010 11:12:57 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0

Description = 16:12:56 - Directory konnte nicht abgerufen werden (Fehler: Der Remotename

 konnte nicht aufgelöst werden: 'data.tvdownload.microsoft.com')  

 

Error - 25.02.2010 11:13:19 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0

Description = 16:13:19 - Fehler beim Herstellen der Internetverbindung.  16:13:19 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 25.02.2010 11:13:53 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0

Description = 16:13:48 - Fehler beim Herstellen der Internetverbindung.  16:13:48 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 25.02.2010 12:15:51 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0

Description = 17:15:45 - Fehler beim Herstellen der Internetverbindung.  17:15:45 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 25.02.2010 13:17:14 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0

Description = 18:17:13 - Fehler beim Herstellen der Internetverbindung.  18:17:13 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 19.03.2010 06:31:29 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0

Description = 11:31:29 - Fehler beim Herstellen der Internetverbindung.  11:31:29 

-     Serververbindung konnte nicht hergestellt werden..  

 

[ System Events ]

Error - 28.05.2010 14:06:19 | Computer Name = Mein-PC | Source = cdrom | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

 

Error - 28.05.2010 14:06:24 | Computer Name = Mein-PC | Source = cdrom | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

 

Error - 28.05.2010 14:06:29 | Computer Name = Mein-PC | Source = cdrom | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

 

Error - 28.05.2010 14:06:34 | Computer Name = Mein-PC | Source = cdrom | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

 

Error - 28.05.2010 14:06:38 | Computer Name = Mein-PC | Source = cdrom | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

 

Error - 28.05.2010 14:06:43 | Computer Name = Mein-PC | Source = cdrom | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

 

Error - 28.05.2010 14:06:48 | Computer Name = Mein-PC | Source = cdrom | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

 

Error - 28.05.2010 14:06:53 | Computer Name = Mein-PC | Source = cdrom | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

 

Error - 28.05.2010 14:06:58 | Computer Name = Mein-PC | Source = cdrom | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

 

Error - 28.05.2010 14:07:02 | Computer Name = Mein-PC | Source = cdrom | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

 

 

< End of report >

--- --- ---

der Gmer log ist zulang wird mir gesagt

GMER

DER Gmer Log ist zu lang hier teil1

Zitat:

GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-07-18 16:27:58
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\****\AppData\Local\Temp\kgtdypog.sys

---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8382AAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8382A104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8382A3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 838132D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83812898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8382A1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8382A958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8382A6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8382AF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8382B1A8

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x88C70D88]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x88C70DB2]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x88C70D9E]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x88C70D74]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 8342B148 5 Bytes JMP 88C70D78 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 83443599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83467F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8F013000, 0x2D5378, 0xE8000020]
.text peauth.sys 9863CC9D 28 Bytes [4F, 07, 60, DE, FC, ED, 7F, ...]
.text peauth.sys 9863CCC1 28 Bytes [4F, 07, 60, DE, FC, ED, 7F, ...]
PAGE peauth.sys 98642B9B 72 Bytes [E7, 47, 98, 9D, CF, 5D, E2, ...]
PAGE peauth.sys 98642BEC 16 Bytes [D0, 74, 44, D1, 54, 26, 49, ...]
PAGE peauth.sys 98642BFF 92 Bytes JMP 2502E8C2
PAGE ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] ntdll.dll!NtCreateFile 776D4A10 5 Bytes JMP 0373000A
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] ntdll.dll!NtCreateProcess 776D4AE0 5 Bytes JMP 03730FD4
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] ntdll.dll!NtProtectVirtualMemory 776D5360 5 Bytes JMP 03730FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!GetStartupInfoA 768D1DF0 5 Bytes JMP 03720F7C
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!CreateProcessW 768D202D 5 Bytes JMP 03720F32
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!CreateProcessA 768D2062 5 Bytes JMP 03720F4D
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!CreateNamedPipeW 76901FD6 5 Bytes JMP 03720040
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!CreatePipe 76904A8B 5 Bytes JMP 037200A5
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!VirtualProtect 769150AB 5 Bytes JMP 03720FA8
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!LoadLibraryExW 7691B6BF 5 Bytes JMP 03720FB9
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!LoadLibraryExA 7691BC8B 5 Bytes JMP 03720FCA
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!CreateFileW 76920B7D 5 Bytes JMP 0372001B
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!GetProcAddress 76921857 5 Bytes JMP 03720F21
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!LoadLibraryA 76922884 5 Bytes JMP 0372005B
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!LoadLibraryW 769228D2 5 Bytes JMP 0372006C
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!CreateFileA 7692291C 5 Bytes JMP 0372000A
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!GetStartupInfoW 76927CD5 5 Bytes JMP 037200B6
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!CreateNamedPipeA 7695D5BF 5 Bytes JMP 03720FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!WinExec 7695E76D 5 Bytes JMP 037200C7
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] kernel32.dll!VirtualProtectEx 7695F729 5 Bytes JMP 03720F97
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] msvcrt.dll!_open 769E7E48 5 Bytes JMP 03740FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] msvcrt.dll!_wsystem 76A1B04F 5 Bytes JMP 03740033
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] msvcrt.dll!system 76A1B16F 5 Bytes JMP 03740018
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] msvcrt.dll!_creat 76A1ED29 5 Bytes JMP 03740FCD
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] msvcrt.dll!_wcreat 76A2038E 5 Bytes JMP 03740FA8
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] msvcrt.dll!_wopen 76A20570 5 Bytes JMP 03740FDE
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] ADVAPI32.dll!RegOpenKeyA 76BDD2ED 5 Bytes JMP 03750FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] ADVAPI32.dll!RegCreateKeyA 76BDD3C1 5 Bytes JMP 03750FA8
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] ADVAPI32.dll!RegCreateKeyExA 76BE1B71 5 Bytes JMP 03750F8D
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] ADVAPI32.dll!RegCreateKeyW 76BE1CC0 5 Bytes JMP 0375002F
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] ADVAPI32.dll!RegOpenKeyW 76BE3129 5 Bytes JMP 03750FDE
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] ADVAPI32.dll!RegCreateKeyExW 76BEB946 5 Bytes JMP 03750F7C
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] ADVAPI32.dll!RegOpenKeyExA 76BEBC0D 5 Bytes JMP 03750FC3
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] ADVAPI32.dll!RegOpenKeyExW 76BEBEC4 5 Bytes JMP 03750014
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] WS2_32.dll!socket 771C3F00 5 Bytes JMP 03760FE5
.text C:\Windows\system32\wuauclt.exe[456] ntdll.dll!NtCreateFile 776D4A10 5 Bytes JMP 00040FEF
.text C:\Windows\system32\wuauclt.exe[456] ntdll.dll!NtCreateProcess 776D4AE0 5 Bytes JMP 00040FDE
.text C:\Windows\system32\wuauclt.exe[456] ntdll.dll!NtProtectVirtualMemory 776D5360 5 Bytes JMP 0004000A
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!GetStartupInfoA 768D1DF0 5 Bytes JMP 00010040
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!CreateProcessW 768D202D 5 Bytes JMP 00010076
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!CreateProcessA 768D2062 5 Bytes JMP 00010EE1
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!CreateNamedPipeW 76901FD6 5 Bytes JMP 00010FB9
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!CreatePipe 76904A8B 5 Bytes JMP 00010F21
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!VirtualProtect 769150AB 5 Bytes JMP 00010F57
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!LoadLibraryExW 7691B6BF 5 Bytes JMP 0001002F
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!LoadLibraryExA 7691BC8B 5 Bytes JMP 00010F72
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!CreateFileW 76920B7D 5 Bytes JMP 0001000A
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!GetProcAddress 76921857 5 Bytes JMP 00010091
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!LoadLibraryA 76922884 5 Bytes JMP 00010F9E
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!LoadLibraryW 769228D2 5 Bytes JMP 00010F8D
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!CreateFileA 7692291C 5 Bytes JMP 00010FEF
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!GetStartupInfoW 76927CD5 5 Bytes JMP 00010051
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!CreateNamedPipeA 7695D5BF 5 Bytes JMP 00010FD4
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!WinExec 7695E76D 5 Bytes JMP 00010EFC
.text C:\Windows\system32\wuauclt.exe[456] kernel32.dll!VirtualProtectEx 7695F729 5 Bytes JMP 00010F32
.text C:\Windows\system32\wuauclt.exe[456] msvcrt.dll!_open 769E7E48 5 Bytes JMP 00080FEF
.text C:\Windows\system32\wuauclt.exe[456] msvcrt.dll!_wsystem 76A1B04F 5 Bytes JMP 0008004E
.text C:\Windows\system32\wuauclt.exe[456] msvcrt.dll!system 76A1B16F 5 Bytes JMP 0008003D
.text C:\Windows\system32\wuauclt.exe[456] msvcrt.dll!_creat 76A1ED29 5 Bytes JMP 00080FCD
.text C:\Windows\system32\wuauclt.exe[456] msvcrt.dll!_wcreat 76A2038E 5 Bytes JMP 00080022
.text C:\Windows\system32\wuauclt.exe[456] msvcrt.dll!_wopen 76A20570 5 Bytes JMP 00080FDE
.text C:\Windows\system32\wuauclt.exe[456] ADVAPI32.dll!RegOpenKeyA 76BDD2ED 5 Bytes JMP 00090FEF
.text C:\Windows\system32\wuauclt.exe[456] ADVAPI32.dll!RegCreateKeyA 76BDD3C1 5 Bytes JMP 00090FB9
.text C:\Windows\system32\wuauclt.exe[456] ADVAPI32.dll!RegCreateKeyExA 76BE1B71 5 Bytes JMP 0009005B
.text C:\Windows\system32\wuauclt.exe[456] ADVAPI32.dll!RegCreateKeyW 76BE1CC0 5 Bytes JMP 0009004A
.text C:\Windows\system32\wuauclt.exe[456] ADVAPI32.dll!RegOpenKeyW 76BE3129 5 Bytes JMP 00090014
.text C:\Windows\system32\wuauclt.exe[456] ADVAPI32.dll!RegCreateKeyExW 76BEB946 5 Bytes JMP 00090FA8
.text C:\Windows\system32\wuauclt.exe[456] ADVAPI32.dll!RegOpenKeyExA 76BEBC0D 5 Bytes JMP 00090FD4
.text C:\Windows\system32\wuauclt.exe[456] ADVAPI32.dll!RegOpenKeyExW 76BEBEC4 5 Bytes JMP 00090025
.text C:\Windows\system32\svchost.exe[564] ntdll.dll!NtCreateFile 776D4A10 5 Bytes JMP 00180FEF
.text C:\Windows\system32\svchost.exe[564] ntdll.dll!NtCreateProcess 776D4AE0 5 Bytes JMP 0018001B
.text C:\Windows\system32\svchost.exe[564] ntdll.dll!NtProtectVirtualMemory 776D5360 5 Bytes JMP 0018000A
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!GetStartupInfoA 768D1DF0 5 Bytes JMP 00170091
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!CreateProcessW 768D202D 5 Bytes JMP 00170F17
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!CreateProcessA 768D2062 5 Bytes JMP 00170F28
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!CreateNamedPipeW 76901FD6 5 Bytes JMP 00170040
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!CreatePipe 76904A8B 5 Bytes JMP 00170F68
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!VirtualProtect 769150AB 5 Bytes JMP 00170F83
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!LoadLibraryExW 7691B6BF 5 Bytes JMP 00170F9E
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!LoadLibraryExA 7691BC8B 5 Bytes JMP 00170FAF
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!CreateFileW 76920B7D 5 Bytes JMP 00170014
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!GetProcAddress 76921857 5 Bytes JMP 001700D1
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!LoadLibraryA 76922884 5 Bytes JMP 00170FD4
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!LoadLibraryW 769228D2 5 Bytes JMP 00170051
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!CreateFileA 7692291C 5 Bytes JMP 00170FEF
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!GetStartupInfoW 76927CD5 5 Bytes JMP 001700A2
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!CreateNamedPipeA 7695D5BF 5 Bytes JMP 00170025
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!WinExec 7695E76D 5 Bytes JMP 00170F39
.text C:\Windows\system32\svchost.exe[564] kernel32.dll!VirtualProtectEx 7695F729 5 Bytes JMP 00170076
.text C:\Windows\system32\svchost.exe[564] msvcrt.dll!_open 769E7E48 5 Bytes JMP 001D0000
.text C:\Windows\system32\svchost.exe[564] msvcrt.dll!_wsystem 76A1B04F 5 Bytes JMP 001D0FAB
.text C:\Windows\system32\svchost.exe[564] msvcrt.dll!system 76A1B16F 5 Bytes JMP 001D0036
.text C:\Windows\system32\svchost.exe[564] msvcrt.dll!_creat 76A1ED29 5 Bytes JMP 001D0FD7
.text C:\Windows\system32\svchost.exe[564] msvcrt.dll!_wcreat 76A2038E 5 Bytes JMP 001D0FC6
.text C:\Windows\system32\svchost.exe[564] msvcrt.dll!_wopen 76A20570 5 Bytes JMP 001D0011
.text C:\Windows\system32\svchost.exe[564] ADVAPI32.dll!RegOpenKeyA 76BDD2ED 5 Bytes JMP 001E000A
.text C:\Windows\system32\svchost.exe[564] ADVAPI32.dll!RegCreateKeyA 76BDD3C1 5 Bytes JMP 001E0040
.text C:\Windows\system32\svchost.exe[564] ADVAPI32.dll!RegCreateKeyExA 76BE1B71 5 Bytes JMP 001E0065
.text C:\Windows\system32\svchost.exe[564] ADVAPI32.dll!RegCreateKeyW 76BE1CC0 5 Bytes JMP 001E0FC3
.text C:\Windows\system32\svchost.exe[564] ADVAPI32.dll!RegOpenKeyW 76BE3129 5 Bytes JMP 001E0FEF
.text C:\Windows\system32\svchost.exe[564] ADVAPI32.dll!RegCreateKeyExW 76BEB946 5 Bytes JMP 001E0FA8
.text C:\Windows\system32\svchost.exe[564] ADVAPI32.dll!RegOpenKeyExA 76BEBC0D 5 Bytes JMP 001E0025
.text C:\Windows\system32\svchost.exe[564] ADVAPI32.dll!RegOpenKeyExW 76BEBEC4 5 Bytes JMP 001E0FD4
.text C:\Windows\system32\services.exe[620] ntdll.dll!NtCreateFile 776D4A10 5 Bytes JMP 00980FEF
.text C:\Windows\system32\services.exe[620] ntdll.dll!NtCreateProcess 776D4AE0 5 Bytes JMP 00980025
.text C:\Windows\system32\services.exe[620] ntdll.dll!NtProtectVirtualMemory 776D5360 5 Bytes JMP 00980014
.text C:\Windows\system32\services.exe[620] kernel32.dll!GetStartupInfoA 768D1DF0 5 Bytes JMP 00950F51
.text C:\Windows\system32\services.exe[620] kernel32.dll!CreateProcessW 768D202D 5 Bytes JMP 009500BD
.text C:\Windows\system32\services.exe[620] kernel32.dll!CreateProcessA 768D2062 5 Bytes JMP 00950F1E
.text C:\Windows\system32\services.exe[620] kernel32.dll!CreateNamedPipeW 76901FD6 5 Bytes JMP 0095002C
.text C:\Windows\system32\services.exe[620] kernel32.dll!CreatePipe 76904A8B 5 Bytes JMP 00950F6C
.text C:\Windows\system32\services.exe[620] kernel32.dll!VirtualProtect 769150AB 5 Bytes JMP 0095005F
.text C:\Windows\system32\services.exe[620] kernel32.dll!LoadLibraryExW 7691B6BF 5 Bytes JMP 00950F91
.text C:\Windows\system32\services.exe[620] kernel32.dll!LoadLibraryExA 7691BC8B 5 Bytes JMP 0095004E
.text C:\Windows\system32\services.exe[620] kernel32.dll!CreateFileW 76920B7D 5 Bytes JMP 00950011
.text C:\Windows\system32\services.exe[620] kernel32.dll!GetProcAddress 76921857 5 Bytes JMP 009500D8
.text C:\Windows\system32\services.exe[620] kernel32.dll!LoadLibraryA 76922884 5 Bytes JMP 0095003D
.text C:\Windows\system32\services.exe[620] kernel32.dll!LoadLibraryW 769228D2 5 Bytes JMP 00950FAC
.text C:\Windows\system32\services.exe[620] kernel32.dll!CreateFileA 7692291C 5 Bytes JMP 00950000
.text C:\Windows\system32\services.exe[620] kernel32.dll!GetStartupInfoW 76927CD5 5 Bytes JMP 00950F40
.text C:\Windows\system32\services.exe[620] kernel32.dll!CreateNamedPipeA 7695D5BF 5 Bytes JMP 00950FDB
.text C:\Windows\system32\services.exe[620] kernel32.dll!WinExec 7695E76D 5 Bytes JMP 00950F2F
.text C:\Windows\system32\services.exe[620] kernel32.dll!VirtualProtectEx 7695F729 5 Bytes JMP 0095007A
.text C:\Windows\system32\services.exe[620] msvcrt.dll!_open 769E7E48 5 Bytes JMP 009D0000
.text C:\Windows\system32\services.exe[620] msvcrt.dll!_wsystem 76A1B04F 5 Bytes JMP 009D0FB2
.text C:\Windows\system32\services.exe[620] msvcrt.dll!system 76A1B16F 5 Bytes JMP 009D003D
.text C:\Windows\system32\services.exe[620] msvcrt.dll!_creat 76A1ED29 5 Bytes JMP 009D0022
.text C:\Windows\system32\services.exe[620] msvcrt.dll!_wcreat 76A2038E 5 Bytes JMP 009D0FCD
.text C:\Windows\system32\services.exe[620] msvcrt.dll!_wopen 76A20570 5 Bytes JMP 009D0011
.text C:\Windows\system32\services.exe[620] ADVAPI32.dll!RegOpenKeyA 76BDD2ED 5 Bytes JMP 00A60FEF
.text C:\Windows\system32\services.exe[620] ADVAPI32.dll!RegCreateKeyA 76BDD3C1 5 Bytes JMP 00A60025
.text C:\Windows\system32\services.exe[620] ADVAPI32.dll!RegCreateKeyExA 76BE1B71 5 Bytes JMP 00A60F83
.text C:\Windows\system32\services.exe[620] ADVAPI32.dll!RegCreateKeyW 76BE1CC0 5 Bytes JMP 00A60F94
.text C:\Windows\system32\services.exe[620] ADVAPI32.dll!RegOpenKeyW 76BE3129 5 Bytes JMP 00A60FCA
.text C:\Windows\system32\services.exe[620] ADVAPI32.dll!RegCreateKeyExW 76BEB946 5 Bytes JMP 00A60F72
.text C:\Windows\system32\services.exe[620] ADVAPI32.dll!RegOpenKeyExA 76BEBC0D 5 Bytes JMP 00A60FB9
.text C:\Windows\system32\services.exe[620] ADVAPI32.dll!RegOpenKeyExW 76BEBEC4 5 Bytes JMP 00A6000A
.text C:\Windows\system32\services.exe[620] WS2_32.dll!socket 771C3F00 5 Bytes JMP 00B3000A
.text C:\Windows\system32\lsass.exe[644] ntdll.dll!NtCreateFile 776D4A10 5 Bytes JMP 00230FE5
.text C:\Windows\system32\lsass.exe[644] ntdll.dll!NtCreateProcess 776D4AE0 5 Bytes JMP 00230FD4
.text C:\Windows\system32\lsass.exe[644] ntdll.dll!NtProtectVirtualMemory 776D5360 5 Bytes JMP 00230000
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!GetStartupInfoA 768D1DF0 5 Bytes JMP 0022008E
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!CreateProcessW 768D202D 5 Bytes JMP 002200B0
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!CreateProcessA 768D2062 5 Bytes JMP 00220F25
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!CreateNamedPipeW 76901FD6 5 Bytes JMP 00220025
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!CreatePipe 76904A8B 5 Bytes JMP 00220F6F
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!VirtualProtect 769150AB 5 Bytes JMP 0022007D
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!LoadLibraryExW 7691B6BF 5 Bytes JMP 0022006C
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!LoadLibraryExA 7691BC8B 5 Bytes JMP 00220051
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!CreateFileW 76920B7D 5 Bytes JMP 00220FE5
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!GetProcAddress 76921857 5 Bytes JMP 00220F0A
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!LoadLibraryA 76922884 5 Bytes JMP 00220FB9
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!LoadLibraryW 769228D2 5 Bytes JMP 00220036
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!CreateFileA 7692291C 5 Bytes JMP 00220000
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!GetStartupInfoW 76927CD5 5 Bytes JMP 00220F4A
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!CreateNamedPipeA 7695D5BF 5 Bytes JMP 00220FD4
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!WinExec 7695E76D 5 Bytes JMP 0022009F
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!VirtualProtectEx 7695F729 5 Bytes JMP 00220F80
.text C:\Windows\system32\lsass.exe[644] msvcrt.dll!_open 769E7E48 5 Bytes JMP 00240FEF
.text C:\Windows\system32\lsass.exe[644] msvcrt.dll!_wsystem 76A1B04F 5 Bytes JMP 00240F92
.text C:\Windows\system32\lsass.exe[644] msvcrt.dll!system 76A1B16F 5 Bytes JMP 0024001D
.text C:\Windows\system32\lsass.exe[644] msvcrt.dll!_creat 76A1ED29 5 Bytes JMP 0024000C
.text C:\Windows\system32\lsass.exe[644] msvcrt.dll!_wcreat 76A2038E 5 Bytes JMP 00240FB7
.text C:\Windows\system32\lsass.exe[644] msvcrt.dll!_wopen 76A20570 5 Bytes JMP 00240FD2
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegOpenKeyA 76BDD2ED 5 Bytes JMP 00250FEF
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegCreateKeyA 76BDD3C1 5 Bytes JMP 0025002F
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegCreateKeyExA 76BE1B71 5 Bytes JMP 00250F9E
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegCreateKeyW 76BE1CC0 5 Bytes JMP 00250040
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegOpenKeyW 76BE3129 5 Bytes JMP 00250FDE
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegCreateKeyExW 76BEB946 5 Bytes JMP 00250F8D
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegOpenKeyExA 76BEBC0D 5 Bytes JMP 00250014
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegOpenKeyExW 76BEBEC4 5 Bytes JMP 00250FC3
.text C:\Windows\system32\lsass.exe[644] WS2_32.dll!socket 771C3F00 5 Bytes JMP 005E000A
.text C:\Windows\system32\svchost.exe[752] ntdll.dll!NtCreateFile 776D4A10 5 Bytes JMP 001B0FEF
.text C:\Windows\system32\svchost.exe[752] ntdll.dll!NtCreateProcess 776D4AE0 5 Bytes JMP 001B0011
.text C:\Windows\system32\svchost.exe[752] ntdll.dll!NtProtectVirtualMemory 776D5360 5 Bytes JMP 001B0000
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!GetStartupInfoA 768D1DF0 5 Bytes JMP 001A00C0
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!CreateProcessW 768D202D 5 Bytes JMP 001A0F4D
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!CreateProcessA 768D2062 5 Bytes JMP 001A00EC
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!CreateNamedPipeW 76901FD6 5 Bytes JMP 001A002F
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!CreatePipe 76904A8B 5 Bytes JMP 001A009B
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!VirtualProtect 769150AB 5 Bytes JMP 001A008A
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!LoadLibraryExW 7691B6BF 5 Bytes JMP 001A0FB2
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!LoadLibraryExA 7691BC8B 5 Bytes JMP 001A0079
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!CreateFileW 76920B7D 5 Bytes JMP 001A0FEF
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!GetProcAddress 76921857 5 Bytes JMP 001A0F32
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!LoadLibraryA 76922884 5 Bytes JMP 001A0FCD
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!LoadLibraryW 769228D2 5 Bytes JMP 001A005E
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!CreateFileA 7692291C 5 Bytes JMP 001A0000
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!GetStartupInfoW 76927CD5 5 Bytes JMP 001A00D1
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!CreateNamedPipeA 7695D5BF 5 Bytes JMP 001A0FDE
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!WinExec 7695E76D 5 Bytes JMP 001A0F72
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!VirtualProtectEx 7695F729 5 Bytes JMP 001A0F97
.text C:\Windows\system32\svchost.exe[752] msvcrt.dll!_open 769E7E48 5 Bytes JMP 00310FEF
.text C:\Windows\system32\svchost.exe[752] msvcrt.dll!_wsystem 76A1B04F 5 Bytes JMP 00310F97
.text C:\Windows\system32\svchost.exe[752] msvcrt.dll!system 76A1B16F 5 Bytes JMP 00310FA8
.text C:\Windows\system32\svchost.exe[752] msvcrt.dll!_creat 76A1ED29 5 Bytes JMP 00310FC3
.text C:\Windows\system32\svchost.exe[752] msvcrt.dll!_wcreat 76A2038E 5 Bytes JMP 00310018
.text C:\Windows\system32\svchost.exe[752] msvcrt.dll!_wopen 76A20570 5 Bytes JMP 00310FDE
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegOpenKeyA 76BDD2ED 5 Bytes JMP 00320FEF
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegCreateKeyA 76BDD3C1 5 Bytes JMP 00320043
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegCreateKeyExA 76BE1B71 5 Bytes JMP 0032006F
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegCreateKeyW 76BE1CC0 5 Bytes JMP 00320054
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegOpenKeyW 76BE3129 5 Bytes JMP 00320FDE
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegCreateKeyExW 76BEB946 5 Bytes JMP 00320080
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegOpenKeyExA 76BEBC0D 5 Bytes JMP 00320FCD
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegOpenKeyExW 76BEBEC4 5 Bytes JMP 00320028
.text C:\Windows\system32\svchost.exe[752] WS2_32.dll!socket 771C3F00 5 Bytes JMP 0039000A
.text C:\Windows\system32\svchost.exe[876] ntdll.dll!NtCreateFile 776D4A10 5 Bytes JMP 00310000
.text C:\Windows\system32\svchost.exe[876] ntdll.dll!NtCreateProcess 776D4AE0 5 Bytes JMP 0031002C
.text C:\Windows\system32\svchost.exe[876] ntdll.dll!NtProtectVirtualMemory 776D5360 5 Bytes JMP 00310011
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!GetStartupInfoA 768D1DF0 5 Bytes JMP 0030006C
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!CreateProcessW 768D202D 5 Bytes JMP 00300EE8
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!CreateProcessA 768D2062 5 Bytes JMP 00300F03
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!CreateNamedPipeW 76901FD6 5 Bytes JMP 00300000
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!CreatePipe 76904A8B 5 Bytes JMP 00300F43
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!VirtualProtect 769150AB 5 Bytes JMP 00300051
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!LoadLibraryExW 7691B6BF 5 Bytes JMP 0030002C
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!LoadLibraryExA 7691BC8B 5 Bytes JMP 00300011
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!CreateFileW 76920B7D 5 Bytes JMP 00300FCA
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!GetProcAddress 76921857 5 Bytes JMP 00300098
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!LoadLibraryA 76922884 5 Bytes JMP 00300F8A
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!LoadLibraryW 769228D2 5 Bytes JMP 00300F79
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!CreateFileA 7692291C 5 Bytes JMP 00300FE5
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!GetStartupInfoW 76927CD5 5 Bytes JMP 0030007D
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!CreateNamedPipeA 7695D5BF 5 Bytes JMP 00300FAF
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!WinExec 7695E76D 5 Bytes JMP 00300F1E
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!VirtualProtectEx 7695F729 5 Bytes JMP 00300F5E
.text C:\Windows\system32\svchost.exe[876] msvcrt.dll!_open 769E7E48 5 Bytes JMP 00320FE3
.text C:\Windows\system32\svchost.exe[876] msvcrt.dll!_wsystem 76A1B04F 5 Bytes JMP 00320049
.text C:\Windows\system32\svchost.exe[876] msvcrt.dll!system 76A1B16F 5 Bytes JMP 00320FC8
.text C:\Windows\system32\svchost.exe[876] msvcrt.dll!_creat 76A1ED29 5 Bytes JMP 0032001D
.text C:\Windows\system32\svchost.exe[876] msvcrt.dll!_wcreat 76A2038E 5 Bytes JMP 0032002E
.text C:\Windows\system32\svchost.exe[876] msvcrt.dll!_wopen 76A20570 5 Bytes JMP 0032000C
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegOpenKeyA 76BDD2ED 5 Bytes JMP 0033000A
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegCreateKeyA 76BDD3C1 5 Bytes JMP 00330047
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegCreateKeyExA 76BE1B71 5 Bytes JMP 00330FC0
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegCreateKeyW 76BE1CC0 5 Bytes JMP 00330062
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegOpenKeyW 76BE3129 5 Bytes JMP 00330FEF
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegCreateKeyExW 76BEB946 5 Bytes JMP 0033007D
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegOpenKeyExA 76BEBC0D 5 Bytes JMP 0033001B
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegOpenKeyExW 76BEBEC4 5 Bytes JMP 00330036
.text C:\Windows\system32\svchost.exe[876] WS2_32.dll!socket 771C3F00 5 Bytes JMP 00340000
.text C:\Windows\System32\svchost.exe[1000] ntdll.dll!NtCreateFile 776D4A10 5 Bytes JMP 00AE0FE5
.text C:\Windows\System32\svchost.exe[1000] ntdll.dll!NtCreateProcess 776D4AE0 5 Bytes JMP 00AE000A
.text C:\Windows\System32\svchost.exe[1000] ntdll.dll!NtProtectVirtualMemory 776D5360 5 Bytes JMP 00AE0FD4
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!GetStartupInfoA 768D1DF0 5 Bytes JMP 00A90F57
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!CreateProcessW 768D202D 5 Bytes JMP 00A90F17
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!CreateProcessA 768D2062 5 Bytes JMP 00A90F28
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!CreateNamedPipeW 76901FD6 5 Bytes JMP 00A90FAF
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!CreatePipe 76904A8B 5 Bytes JMP 00A90F72
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!VirtualProtect 769150AB 5 Bytes JMP 00A9006C
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!LoadLibraryExW 7691B6BF 5 Bytes JMP 00A9005B
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!LoadLibraryExA 7691BC8B 5 Bytes JMP 00A90040
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!CreateFileW 76920B7D 5 Bytes JMP 00A90FD4
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!GetProcAddress 76921857 5 Bytes JMP 00A90EFC
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!LoadLibraryA 76922884 5 Bytes JMP 00A90F9E
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!LoadLibraryW 769228D2 5 Bytes JMP 00A9002F
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!CreateFileA 7692291C 5 Bytes JMP 00A90FE5
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!GetStartupInfoW 76927CD5 5 Bytes JMP 00A9009B
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!CreateNamedPipeA 7695D5BF 5 Bytes JMP 00A90000
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!WinExec 7695E76D 5 Bytes JMP 00A900AC
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!VirtualProtectEx 7695F729 5 Bytes JMP 00A90F83
.text C:\Windows\System32\svchost.exe[1000] msvcrt.dll!_open 769E7E48 5 Bytes JMP 00AF000C
.text C:\Windows\System32\svchost.exe[1000] msvcrt.dll!_wsystem 76A1B04F 5 Bytes JMP 00AF0FBE
.text C:\Windows\System32\svchost.exe[1000] msvcrt.dll!system 76A1B16F 5 Bytes JMP 00AF0049
.text C:\Windows\System32\svchost.exe[1000] msvcrt.dll!_creat 76A1ED29 5 Bytes JMP 00AF0038
.text C:\Windows\System32\svchost.exe[1000] msvcrt.dll!_wcreat 76A2038E 5 Bytes JMP 00AF0FD9
.text C:\Windows\System32\svchost.exe[1000] msvcrt.dll!_wopen 76A20570 5 Bytes JMP 00AF001D
.text C:\Windows\System32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyA 76BDD2ED 5 Bytes JMP 00B00FEF
.text C:\Windows\System32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyA 76BDD3C1 5 Bytes JMP 00B00040
.text C:\Windows\System32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyExA 76BE1B71 5 Bytes JMP 00B00051
.text C:\Windows\System32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyW 76BE1CC0 5 Bytes JMP 00B00FB9
.text C:\Windows\System32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyW 76BE3129 5 Bytes JMP 00B0000A
.text C:\Windows\System32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyExW 76BEB946 5 Bytes JMP 00B00F94
.text C:\Windows\System32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyExA 76BEBC0D 5 Bytes JMP 00B00025
.text C:\Windows\System32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyExW 76BEBEC4 5 Bytes JMP 00B00FD4
.text C:\Windows\System32\svchost.exe[1000] WS2_32.dll!socket 771C3F00 5 Bytes JMP 00B10FEF
.text C:\Windows\System32\svchost.exe[1056] ntdll.dll!NtCreateFile 776D4A10 5 Bytes JMP 00A60000
.text C:\Windows\System32\svchost.exe[1056] ntdll.dll!NtCreateProcess 776D4AE0 5 Bytes JMP 00A60FDB
.text C:\Windows\System32\svchost.exe[1056] ntdll.dll!NtProtectVirtualMemory 776D5360 5 Bytes JMP 00A60011
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!GetStartupInfoA 768D1DF0 5 Bytes JMP 00910F5B
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreateProcessW 768D202D 5 Bytes JMP 00910F0D

DER Gmer Log ist zu lang hier teil1

Zitat:

Hier teil 2. sry wegen den Doppelpost oben mein internet spinnt ein wenig gerade ^^

Zitat:

.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreateProcessA 768D2062 5 Bytes JMP 00910F1E
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreateNamedPipeW 76901FD6 5 Bytes JMP 0091002C
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreatePipe 76904A8B 5 Bytes JMP 00910084
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!VirtualProtect 769150AB 5 Bytes JMP 00910069
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!LoadLibraryExW 7691B6BF 5 Bytes JMP 00910F91
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!LoadLibraryExA 7691BC8B 5 Bytes JMP 0091004E
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreateFileW 76920B7D 5 Bytes JMP 00910011
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!GetProcAddress 76921857 5 Bytes JMP 009100BD
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!LoadLibraryA 76922884 5 Bytes JMP 00910FC0
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!LoadLibraryW 769228D2 5 Bytes JMP 0091003D
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreateFileA 7692291C 5 Bytes JMP 00910000
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!GetStartupInfoW 76927CD5 5 Bytes JMP 00910F40
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreateNamedPipeA 7695D5BF 5 Bytes JMP 00910FDB
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!WinExec 7695E76D 5 Bytes JMP 00910F2F
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!VirtualProtectEx 7695F729 5 Bytes JMP 00910F76
.text C:\Windows\System32\svchost.exe[1056] msvcrt.dll!_open 769E7E48 5 Bytes JMP 00A70FE3
.text C:\Windows\System32\svchost.exe[1056] msvcrt.dll!_wsystem 76A1B04F 5 Bytes JMP 00A7001B
.text C:\Windows\System32\svchost.exe[1056] msvcrt.dll!system 76A1B16F 5 Bytes JMP 00A70F90
.text C:\Windows\System32\svchost.exe[1056] msvcrt.dll!_creat 76A1ED29 5 Bytes JMP 00A70000
.text C:\Windows\System32\svchost.exe[1056] msvcrt.dll!_wcreat 76A2038E 5 Bytes JMP 00A70FAB
.text C:\Windows\System32\svchost.exe[1056] msvcrt.dll!_wopen 76A20570 5 Bytes JMP 00A70FC6
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyA 76BDD2ED 5 Bytes JMP 00DD0FEF
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyA 76BDD3C1 5 Bytes JMP 00DD0036
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyExA 76BE1B71 5 Bytes JMP 00DD0FA5
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyW 76BE1CC0 5 Bytes JMP 00DD0047
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyW 76BE3129 5 Bytes JMP 00DD000A
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyExW 76BEB946 5 Bytes JMP 00DD0062
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyExA 76BEBC0D 5 Bytes JMP 00DD001B
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyExW 76BEBEC4 5 Bytes JMP 00DD0FCA
.text C:\Windows\System32\svchost.exe[1056] WS2_32.dll!socket 771C3F00 5 Bytes JMP 00DE0FEF
.text C:\Windows\system32\svchost.exe[1084] ntdll.dll!NtCreateFile 776D4A10 5 Bytes JMP 00F00FEF
.text C:\Windows\system32\svchost.exe[1084] ntdll.dll!NtCreateProcess 776D4AE0 5 Bytes JMP 00F00FCA
.text C:\Windows\system32\svchost.exe[1084] ntdll.dll!NtProtectVirtualMemory 776D5360 5 Bytes JMP 00F00000
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!GetStartupInfoA 768D1DF0 5 Bytes JMP 00DD0F50
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateProcessW 768D202D 5 Bytes JMP 00DD0EFF
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateProcessA 768D2062 5 Bytes JMP 00DD0094
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateNamedPipeW 76901FD6 5 Bytes JMP 00DD0039
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreatePipe 76904A8B 5 Bytes JMP 00DD0F6B
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!VirtualProtect 769150AB 5 Bytes JMP 00DD0F86
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!LoadLibraryExW 7691B6BF 5 Bytes JMP 00DD0F97
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!LoadLibraryExA 7691BC8B 5 Bytes JMP 00DD0FB2
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateFileW 76920B7D 5 Bytes JMP 00DD0FEF
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!GetProcAddress 76921857 5 Bytes JMP 00DD0EEE
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!LoadLibraryA 76922884 5 Bytes JMP 00DD0FC3
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!LoadLibraryW 769228D2 5 Bytes JMP 00DD004A
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateFileA 7692291C 5 Bytes JMP 00DD0000
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!GetStartupInfoW 76927CD5 5 Bytes JMP 00DD0F3F
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateNamedPipeA 7695D5BF 5 Bytes JMP 00DD0FDE
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!WinExec 7695E76D 5 Bytes JMP 00DD0F1A
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!VirtualProtectEx 7695F729 5 Bytes JMP 00DD0079
.text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!_open 769E7E48 5 Bytes JMP 00F5000C
.text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!_wsystem 76A1B04F 5 Bytes JMP 00F50031
.text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!system 76A1B16F 5 Bytes JMP 00F50FA6
.text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!_creat 76A1ED29 5 Bytes JMP 00F50FD2
.text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!_wcreat 76A2038E 5 Bytes JMP 00F50FB7
.text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!_wopen 76A20570 5 Bytes JMP 00F50FE3
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyA 76BDD2ED 5 Bytes JMP 00F60FEF
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyA 76BDD3C1 5 Bytes JMP 00F6000A
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExA 76BE1B71 5 Bytes JMP 00F6002F
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyW 76BE1CC0 5 Bytes JMP 00F60F8D
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyW 76BE3129 5 Bytes JMP 00F60FD4
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExW 76BEB946 5 Bytes JMP 00F60054
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExA 76BEBC0D 5 Bytes JMP 00F60FAF
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExW 76BEBEC4 5 Bytes JMP 00F60F9E
.text C:\Windows\system32\svchost.exe[1084] WS2_32.dll!socket 771C3F00 5 Bytes JMP 010F0FEF
.text C:\Windows\system32\svchost.exe[1252] ntdll.dll!NtCreateFile 776D4A10 5 Bytes JMP 003A0FEF
.text C:\Windows\system32\svchost.exe[1252] ntdll.dll!NtCreateProcess 776D4AE0 5 Bytes JMP 003A0014
.text C:\Windows\system32\svchost.exe[1252] ntdll.dll!NtProtectVirtualMemory 776D5360 5 Bytes JMP 003A0FDE
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!GetStartupInfoA 768D1DF0 5 Bytes JMP 00390F6C
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!CreateProcessW 768D202D 5 Bytes JMP 003900CB
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!CreateProcessA 768D2062 5 Bytes JMP 003900BA
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!CreateNamedPipeW 76901FD6 5 Bytes JMP 0039002F
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!CreatePipe 76904A8B 5 Bytes JMP 00390095
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!VirtualProtect 769150AB 5 Bytes JMP 00390F91
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!LoadLibraryExW 7691B6BF 5 Bytes JMP 00390073
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!LoadLibraryExA 7691BC8B 5 Bytes JMP 00390062
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!CreateFileW 76920B7D 5 Bytes JMP 0039000A
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!GetProcAddress 76921857 5 Bytes JMP 003900E6
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!LoadLibraryA 76922884 5 Bytes JMP 00390040
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!LoadLibraryW 769228D2 5 Bytes JMP 00390051
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!CreateFileA 7692291C 5 Bytes JMP 00390FEF
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!GetStartupInfoW 76927CD5 5 Bytes JMP 00390F5B
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!CreateNamedPipeA 7695D5BF 5 Bytes JMP 00390FD4
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!WinExec 7695E76D 5 Bytes JMP 00390F40
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!VirtualProtectEx 7695F729 5 Bytes JMP 00390084
.text C:\Windows\system32\svchost.exe[1252] msvcrt.dll!_open 769E7E48 5 Bytes JMP 003C0000
.text C:\Windows\system32\svchost.exe[1252] msvcrt.dll!_wsystem 76A1B04F 5 Bytes JMP 003C0FC8
.text C:\Windows\system32\svchost.exe[1252] msvcrt.dll!system 76A1B16F 5 Bytes JMP 003C0053
.text C:\Windows\system32\svchost.exe[1252] msvcrt.dll!_creat 76A1ED29 5 Bytes JMP 003C0027
.text C:\Windows\system32\svchost.exe[1252] msvcrt.dll!_wcreat 76A2038E 5 Bytes JMP 003C0042
.text C:\Windows\system32\svchost.exe[1252] msvcrt.dll!_wopen 76A20570 5 Bytes JMP 003C0FE3
.text C:\Windows\system32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyA 76BDD2ED 5 Bytes JMP 003D0FEF
.text C:\Windows\system32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyA 76BDD3C1 5 Bytes JMP 003D0036
.text C:\Windows\system32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyExA 76BE1B71 5 Bytes JMP 003D0058
.text C:\Windows\system32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyW 76BE1CC0 5 Bytes JMP 003D0047
.text C:\Windows\system32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyW 76BE3129 5 Bytes JMP 003D0FDE
.text C:\Windows\system32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyExW 76BEB946 5 Bytes JMP 003D0073
.text C:\Windows\system32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyExA 76BEBC0D 5 Bytes JMP 003D0014
.text C:\Windows\system32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyExW 76BEBEC4 5 Bytes JMP 003D0025
.text C:\Windows\system32\svchost.exe[1252] WS2_32.dll!socket 771C3F00 5 Bytes JMP 003E0000
.text C:\Windows\system32\svchost.exe[1392] ntdll.dll!NtCreateFile 776D4A10 5 Bytes JMP 009F000A
.text C:\Windows\system32\svchost.exe[1392] ntdll.dll!NtCreateProcess 776D4AE0 5 Bytes JMP 009F0FEF
.text C:\Windows\system32\svchost.exe[1392] ntdll.dll!NtProtectVirtualMemory 776D5360 5 Bytes JMP 009F0025
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!GetStartupInfoA 768D1DF0 5 Bytes JMP 00920F61
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!CreateProcessW 768D202D 5 Bytes JMP 009200C0
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!CreateProcessA 768D2062 5 Bytes JMP 00920F2B
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!CreateNamedPipeW 76901FD6 5 Bytes JMP 00920FD4
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!CreatePipe 76904A8B 5 Bytes JMP 00920F72
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!VirtualProtect 769150AB 5 Bytes JMP 00920F8D
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!LoadLibraryExW 7691B6BF 5 Bytes JMP 00920F9E
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!LoadLibraryExA 7691BC8B 5 Bytes JMP 0092005B
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!CreateFileW 76920B7D 5 Bytes JMP 00920014
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!GetProcAddress 76921857 5 Bytes JMP 009200D1
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!LoadLibraryA 76922884 5 Bytes JMP 0092004A
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!LoadLibraryW 769228D2 5 Bytes JMP 00920FB9
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!CreateFileA 7692291C 5 Bytes JMP 00920FEF
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!GetStartupInfoW 76927CD5 5 Bytes JMP 00920F46
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!CreateNamedPipeA 7695D5BF 5 Bytes JMP 00920025
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!WinExec 7695E76D 5 Bytes JMP 009200AF
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!VirtualProtectEx 7695F729 5 Bytes JMP 00920080
.text C:\Windows\system32\svchost.exe[1392] msvcrt.dll!_open 769E7E48 5 Bytes JMP 00A00FEF
.text C:\Windows\system32\svchost.exe[1392] msvcrt.dll!_wsystem 76A1B04F 5 Bytes JMP 00A00FA6
.text C:\Windows\system32\svchost.exe[1392] msvcrt.dll!system 76A1B16F 5 Bytes JMP 00A00FB7
.text C:\Windows\system32\svchost.exe[1392] msvcrt.dll!_creat 76A1ED29 5 Bytes JMP 00A00FD2
.text C:\Windows\system32\svchost.exe[1392] msvcrt.dll!_wcreat 76A2038E 5 Bytes JMP 00A00027
.text C:\Windows\system32\svchost.exe[1392] msvcrt.dll!_wopen 76A20570 5 Bytes JMP 00A0000C
.text C:\Windows\system32\svchost.exe[1392] ADVAPI32.dll!RegOpenKeyA 76BDD2ED 5 Bytes JMP 00A10FEF
.text C:\Windows\system32\svchost.exe[1392] ADVAPI32.dll!RegCreateKeyA 76BDD3C1 5 Bytes JMP 00A10FC3
.text C:\Windows\system32\svchost.exe[1392] ADVAPI32.dll!RegCreateKeyExA 76BE1B71 5 Bytes JMP 00A10F9E
.text C:\Windows\system32\svchost.exe[1392] ADVAPI32.dll!RegCreateKeyW 76BE1CC0 5 Bytes JMP 00A1004A
.text C:\Windows\system32\svchost.exe[1392] ADVAPI32.dll!RegOpenKeyW 76BE3129 5 Bytes JMP 00A10FD4
.text C:\Windows\system32\svchost.exe[1392] ADVAPI32.dll!RegCreateKeyExW 76BEB946 5 Bytes JMP 00A10F8D
.text C:\Windows\system32\svchost.exe[1392] ADVAPI32.dll!RegOpenKeyExA 76BEBC0D 5 Bytes JMP 00A10014
.text C:\Windows\system32\svchost.exe[1392] ADVAPI32.dll!RegOpenKeyExW 76BEBEC4 5 Bytes JMP 00A10025
.text C:\Windows\system32\svchost.exe[1392] WS2_32.dll!socket 771C3F00 5 Bytes JMP 00A20FEF
.text C:\Windows\system32\svchost.exe[1648] ntdll.dll!NtCreateFile 776D4A10 5 Bytes JMP 00950000
.text C:\Windows\system32\svchost.exe[1648] ntdll.dll!NtCreateProcess 776D4AE0 5 Bytes JMP 00950FDB
.text C:\Windows\system32\svchost.exe[1648] ntdll.dll!NtProtectVirtualMemory 776D5360 5 Bytes JMP 0095001B
.text C:\Windows\system32\svchost.exe[1648] kernel32.dll!GetStartupInfoA 768D1DF0 5 Bytes JMP 00940F4D
.text C:\Windows\system32\svchost.exe[1648] kernel32.dll!CreateProcessW 768D202D 5 Bytes JMP 009400BD
.text C:\Windows\system32\svchost.exe[1648] kernel32.dll!CreateProcessA 768D2062 5 Bytes JMP 00940F28
.text C:\Windows\system32\svchost.exe[1648] kernel32.dll!CreateNamedPipeW 76901FD6 5 Bytes JMP 00940FCA
.text C:\Windows\system32\svchost.exe[1648] kernel32.dll!CreatePipe 76904A8B 5 Bytes JMP 00940076
.text C:\Windows\system32\svchost.exe[1648] kernel32.dll!VirtualProtect 769150AB 5 Bytes JMP 00940F79
.text C:\Windows\system32\svchost.exe[1648] kernel32.dll!LoadLibraryExW 7691B6BF 5 Bytes JMP 00940051
.text C:\Windows\system32\svchost.exe[1648] kernel32.dll!LoadLibraryExA 7691BC8B 5 Bytes JMP 00940F9E
.text C:\Windows\system32\svchost.exe[1648] kernel32.dll!CreateFileW 76920B7D 5 Bytes JMP 00940FE5
.text C:\Windows\system32\svchost.exe[1648] kernel32.dll!GetProcAddress 76921857 5 Bytes JMP 00940F0D
.text C:\Windows\system32\svchost.exe[1648] kernel32.dll!LoadLibraryA 76922884 5 Bytes JMP 00940FB9
.text C:\Windows\system32\svchost.exe[1648] kernel32.dll!LoadLibraryW 769228D2 5 Bytes JMP 00940040
.text C:\Windows\system32\svchost.exe[1648] kernel32.dll!CreateFileA 7692291C 5 Bytes JMP 0094000A
.text C:\Windows\system32\svchost.exe[1648] kernel32.dll!GetStartupInfoW 76927CD5 5 Bytes JMP 00940087
.text C:\Windows\system32\svchost.exe[1648] kernel32.dll!CreateNamedPipeA 7695D5BF 5 Bytes JMP 00940025
.text C:\Windows\system32\svchost.exe[1648] kernel32.dll!WinExec 7695E76D 5 Bytes JMP 00940098
.text C:\Windows\system32\svchost.exe[1648] kernel32.dll!VirtualProtectEx 7695F729 5 Bytes JMP 00940F5E
.text C:\Windows\system32\svchost.exe[1648] msvcrt.dll!_open 769E7E48 5 Bytes JMP 0096000C
.text C:\Windows\system32\svchost.exe[1648] msvcrt.dll!_wsystem 76A1B04F 5 Bytes JMP 00960FA8
.text C:\Windows\system32\svchost.exe[1648] msvcrt.dll!system 76A1B16F 5 Bytes JMP 00960033
.text C:\Windows\system32\svchost.exe[1648] msvcrt.dll!_creat 76A1ED29 5 Bytes JMP 00960FDE
.text C:\Windows\system32\svchost.exe[1648] msvcrt.dll!_wcreat 76A2038E 5 Bytes JMP 00960FCD
.text C:\Windows\system32\svchost.exe[1648] msvcrt.dll!_wopen 76A20570 5 Bytes JMP 00960FEF
.text C:\Windows\system32\svchost.exe[1648] ADVAPI32.dll!RegOpenKeyA 76BDD2ED 5 Bytes JMP 00970FEF
.text C:\Windows\system32\svchost.exe[1648] ADVAPI32.dll!RegCreateKeyA 76BDD3C1 5 Bytes JMP 00970036
.text C:\Windows\system32\svchost.exe[1648] ADVAPI32.dll!RegCreateKeyExA 76BE1B71 5 Bytes JMP 00970051
.text C:\Windows\system32\svchost.exe[1648] ADVAPI32.dll!RegCreateKeyW 76BE1CC0 5 Bytes JMP 00970FAF
.text C:\Windows\system32\svchost.exe[1648] ADVAPI32.dll!RegOpenKeyW 76BE3129 5 Bytes JMP 0097000A
.text C:\Windows\system32\svchost.exe[1648] ADVAPI32.dll!RegCreateKeyExW 76BEB946 5 Bytes JMP 00970F8A
.text C:\Windows\system32\svchost.exe[1648] ADVAPI32.dll!RegOpenKeyExA 76BEBC0D 5 Bytes JMP 0097001B
.text C:\Windows\system32\svchost.exe[1648] ADVAPI32.dll!RegOpenKeyExW 76BEBEC4 5 Bytes JMP 00970FCA
.text C:\Windows\system32\svchost.exe[1648] WS2_32.dll!socket 771C3F00 5 Bytes JMP 00A40FEF
.text C:\Windows\Explorer.EXE[1756] ntdll.dll!NtCreateFile 776D4A10 5 Bytes JMP 04300000
.text C:\Windows\Explorer.EXE[1756] ntdll.dll!NtCreateProcess 776D4AE0 5 Bytes JMP 04300FE5
.text C:\Windows\Explorer.EXE[1756] ntdll.dll!NtProtectVirtualMemory 776D5360 5 Bytes JMP 04300011
.text C:\Windows\Explorer.EXE[1756] kernel32.dll!GetStartupInfoA 768D1DF0 5 Bytes JMP 042F0F8A
.text C:\Windows\Explorer.EXE[1756] kernel32.dll!CreateProcessW 768D202D 5 Bytes JMP 042F0F65
.text C:\Windows\Explorer.EXE[1756] kernel32.dll!CreateProcessA 768D2062 5 Bytes JMP 042F00FA
.text C:\Windows\Explorer.EXE[1756] kernel32.dll!CreateNamedPipeW 76901FD6 5 Bytes JMP 042F004A
.text C:\Windows\Explorer.EXE[1756] kernel32.dll!CreatePipe 76904A8B 5 Bytes JMP 042F00B3
.text C:\Windows\Explorer.EXE[1756] kernel32.dll!VirtualProtect 769150AB 5 Bytes JMP 042F0FA5
.text C:\Windows\Explorer.EXE[1756] kernel32.dll!LoadLibraryExW 7691B6BF 5 Bytes JMP 042F0FCA
.text C:\Windows\Explorer.EXE[1756] kernel32.dll!LoadLibraryExA 7691BC8B 5 Bytes JMP 042F0087
.text C:\Windows\Explorer.EXE[1756] kernel32.dll!CreateFileW 76920B7D 5 Bytes JMP 042F0025
.text C:\Windows\Explorer.EXE[1756] kernel32.dll!GetProcAddress 76921857 5 Bytes JMP 042F010B
.text C:\Windows\Explorer.EXE[1756] kernel32.dll!LoadLibraryA 76922884 5 Bytes JMP 042F005B
.text C:\Windows\Explorer.EXE[1756] kernel32.dll!LoadLibraryW 769228D2 5 Bytes JMP 042F006C
.text C:\Windows\Explorer.EXE[1756] kernel32.dll!CreateFileA 7692291C 5 Bytes JMP 042F000A
.text C:\Windows\Explorer.EXE[1756] kernel32.dll!GetStartupInfoW 76927CD5 5 Bytes JMP 042F00CE
.text C:\Windows\Explorer.EXE[1756] kernel32.dll!CreateNamedPipeA 7695D5BF 5 Bytes JMP 042F0FEF
.text C:\Windows\Explorer.EXE[1756] kernel32.dll!WinExec 7695E76D 5 Bytes JMP 042F00DF
.text C:\Windows\Explorer.EXE[1756] kernel32.dll!VirtualProtectEx 7695F729 5 Bytes JMP 042F0098
.text C:\Windows\Explorer.EXE[1756] ADVAPI32.dll!RegOpenKeyA 76BDD2ED 5 Bytes JMP 03880000
.text C:\Windows\Explorer.EXE[1756] ADVAPI32.dll!RegCreateKeyA 76BDD3C1 5 Bytes JMP 03880FD4
.text C:\Windows\Explorer.EXE[1756] ADVAPI32.dll!RegCreateKeyExA 76BE1B71 5 Bytes JMP 03880065
.text C:\Windows\Explorer.EXE[1756] ADVAPI32.dll!RegCreateKeyW 76BE1CC0 5 Bytes JMP 03880FC3
.text C:\Windows\Explorer.EXE[1756] ADVAPI32.dll!RegOpenKeyW 76BE3129 5 Bytes JMP 03880FE5
.text C:\Windows\Explorer.EXE[1756] ADVAPI32.dll!RegCreateKeyExW 76BEB946 5 Bytes JMP 03880076
.text C:\Windows\Explorer.EXE[1756] ADVAPI32.dll!RegOpenKeyExA 76BEBC0D 5 Bytes JMP 0388001B
.text C:\Windows\Explorer.EXE[1756] ADVAPI32.dll!RegOpenKeyExW 76BEBEC4 5 Bytes JMP 03880040
.text C:\Windows\Explorer.EXE[1756] msvcrt.dll!_open 769E7E48 5 Bytes JMP 03870000
.text C:\Windows\Explorer.EXE[1756] msvcrt.dll!_wsystem 76A1B04F 5 Bytes JMP 03870047
.text C:\Windows\Explorer.EXE[1756] msvcrt.dll!system 76A1B16F 5 Bytes JMP 03870FBC
.text C:\Windows\Explorer.EXE[1756] msvcrt.dll!_creat 76A1ED29 5 Bytes JMP 03870FD7
.text C:\Windows\Explorer.EXE[1756] msvcrt.dll!_wcreat 76A2038E 5 Bytes JMP 0387002C
.text C:\Windows\Explorer.EXE[1756] msvcrt.dll!_wopen 76A20570 5 Bytes JMP 03870011
.text C:\Windows\Explorer.EXE[1756] WS2_32.dll!socket 771C3F00 5 Bytes JMP 03890000
.text C:\Windows\Explorer.EXE[1756] WININET.dll!InternetOpenA 775B7E1C 5 Bytes JMP 03A60000
.text C:\Windows\Explorer.EXE[1756] WININET.dll!InternetOpenW 775B9DA0 5 Bytes JMP 03A60FE5
.text C:\Windows\Explorer.EXE[1756] WININET.dll!InternetOpenUrlA 775BDC18 5 Bytes JMP 03A60FD4
.text C:\Windows\Explorer.EXE[1756] WININET.dll!InternetOpenUrlW 7760DC34 5 Bytes JMP 03A6002F
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[1920] kernel32.dll!LoadLibraryA 76922884 5 Bytes JMP 6F129A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[1920] kernel32.dll!LoadLibraryW 769228D2 5 Bytes JMP 6F129AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\System32\svchost.exe[2716] ntdll.dll!NtCreateFile 776D4A10 5 Bytes JMP 00050FEF
.text C:\Windows\System32\svchost.exe[2716] ntdll.dll!NtCreateProcess 776D4AE0 5 Bytes JMP 0005001B
.text C:\Windows\System32\svchost.exe[2716] ntdll.dll!NtProtectVirtualMemory 776D5360 5 Bytes JMP 00050000
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!GetStartupInfoA 768D1DF0 5 Bytes JMP 0003007D
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!CreateProcessW 768D202D 5 Bytes JMP 000300B3
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!CreateProcessA 768D2062 5 Bytes JMP 00030F1E
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!CreateNamedPipeW 76901FD6 5 Bytes JMP 00030FAF
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!CreatePipe 76904A8B 5 Bytes JMP 00030062
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!VirtualProtect 769150AB 5 Bytes JMP 00030047
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!LoadLibraryExW 7691B6BF 5 Bytes JMP 00030F6F
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!LoadLibraryExA 7691BC8B 5 Bytes JMP 00030F80
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!CreateFileW 76920B7D 5 Bytes JMP 00030FD4
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!GetProcAddress 76921857 5 Bytes JMP 000300C4
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!LoadLibraryA 76922884 5 Bytes JMP 0003001B
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!LoadLibraryW 769228D2 5 Bytes JMP 0003002C
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!CreateFileA 7692291C 5 Bytes JMP 00030FEF
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!GetStartupInfoW 76927CD5 5 Bytes JMP 0003008E
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!CreateNamedPipeA 7695D5BF 5 Bytes JMP 00030000
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!WinExec 7695E76D 5 Bytes JMP 00030F2F
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!VirtualProtectEx 7695F729 5 Bytes JMP 00030F54
.text C:\Windows\System32\svchost.exe[2716] msvcrt.dll!_open 769E7E48 5 Bytes JMP 000F0FE3
.text C:\Windows\System32\svchost.exe[2716] msvcrt.dll!_wsystem 76A1B04F 5 Bytes JMP 000F0FB0
.text C:\Windows\System32\svchost.exe[2716] msvcrt.dll!system 76A1B16F 5 Bytes JMP 000F0031
.text C:\Windows\System32\svchost.exe[2716] msvcrt.dll!_creat 76A1ED29 5 Bytes JMP 000F0FD2
.text C:\Windows\System32\svchost.exe[2716] msvcrt.dll!_wcreat 76A2038E 5 Bytes JMP 000F0FC1
.text C:\Windows\System32\svchost.exe[2716] msvcrt.dll!_wopen 76A20570 5 Bytes JMP 000F0000
.text C:\Windows\System32\svchost.exe[2716] WS2_32.dll!socket 771C3F00 5 Bytes JMP 00100000
.text C:\Windows\System32\svchost.exe[2716] ADVAPI32.dll!RegOpenKeyA 76BDD2ED 5 Bytes JMP 00150000
.text C:\Windows\System32\svchost.exe[2716] ADVAPI32.dll!RegCreateKeyA 76BDD3C1 5 Bytes JMP 00150047
.text C:\Windows\System32\svchost.exe[2716] ADVAPI32.dll!RegCreateKeyExA 76BE1B71 5 Bytes JMP 00150FAF
.text C:\Windows\System32\svchost.exe[2716] ADVAPI32.dll!RegCreateKeyW 76BE1CC0 5 Bytes JMP 00150FC0
.text C:\Windows\System32\svchost.exe[2716] ADVAPI32.dll!RegOpenKeyW 76BE3129 5 Bytes JMP 0015001B
.text C:\Windows\System32\svchost.exe[2716] ADVAPI32.dll!RegCreateKeyExW 76BEB946 5 Bytes JMP 0015006C
.text C:\Windows\System32\svchost.exe[2716] ADVAPI32.dll!RegOpenKeyExA 76BEBC0D 5 Bytes JMP 00150FE5
.text C:\Windows\System32\svchost.exe[2716] ADVAPI32.dll!RegOpenKeyExW 76BEBEC4 5 Bytes JMP 00150036
.text C:\Windows\system32\svchost.exe[2892] ntdll.dll!NtCreateFile 776D4A10 5 Bytes JMP 0021000A
.text C:\Windows\system32\svchost.exe[2892] ntdll.dll!NtCreateProcess 776D4AE0 5 Bytes JMP 00210FD4
.text C:\Windows\system32\svchost.exe[2892] ntdll.dll!NtProtectVirtualMemory 776D5360 5 Bytes JMP 00210FEF
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!GetStartupInfoA 768D1DF0 5 Bytes JMP 0020008E
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!CreateProcessW 768D202D 5 Bytes JMP 002000BA
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!CreateProcessA 768D2062 5 Bytes JMP 00200F25
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!CreateNamedPipeW 76901FD6 5 Bytes JMP 00200000
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!CreatePipe 76904A8B 5 Bytes JMP 00200073
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!VirtualProtect 769150AB 5 Bytes JMP 00200F65
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!LoadLibraryExW 7691B6BF 5 Bytes JMP 0020003D
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!LoadLibraryExA 7691BC8B 5 Bytes JMP 00200F76
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!CreateFileW 76920B7D 5 Bytes JMP 00200FCA
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!GetProcAddress 76921857 5 Bytes JMP 002000CB
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!LoadLibraryA 76922884 5 Bytes JMP 00200011
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!LoadLibraryW 769228D2 5 Bytes JMP 00200022
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!CreateFileA 7692291C 5 Bytes JMP 00200FE5
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!GetStartupInfoW 76927CD5 5 Bytes JMP 0020009F
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!CreateNamedPipeA 7695D5BF 5 Bytes JMP 00200FB9
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!WinExec 7695E76D 5 Bytes JMP 00200F40
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!VirtualProtectEx 7695F729 5 Bytes JMP 00200058
.text C:\Windows\system32\svchost.exe[2892] msvcrt.dll!_open 769E7E48 5 Bytes JMP 00260FEF
.text C:\Windows\system32\svchost.exe[2892] msvcrt.dll!_wsystem 76A1B04F 5 Bytes JMP 00260F84
.text C:\Windows\system32\svchost.exe[2892] msvcrt.dll!system 76A1B16F 5 Bytes JMP 00260F95
.text C:\Windows\system32\svchost.exe[2892] msvcrt.dll!_creat 76A1ED29 5 Bytes JMP 00260FC1
.text C:\Windows\system32\svchost.exe[2892] msvcrt.dll!_wcreat 76A2038E 5 Bytes JMP 00260FB0
.text C:\Windows\system32\svchost.exe[2892] msvcrt.dll!_wopen 76A20570 5 Bytes JMP 00260FD2
.text C:\Windows\system32\svchost.exe[2892] ADVAPI32.dll!RegOpenKeyA 76BDD2ED 5 Bytes JMP 00270FEF
.text C:\Windows\system32\svchost.exe[2892] ADVAPI32.dll!RegCreateKeyA 76BDD3C1 5 Bytes JMP 00270051
.text C:\Windows\system32\svchost.exe[2892] ADVAPI32.dll!RegCreateKeyExA 76BE1B71 5 Bytes JMP 00270FB9
.text C:\Windows\system32\svchost.exe[2892] ADVAPI32.dll!RegCreateKeyW 76BE1CC0 5 Bytes JMP 00270FCA
.text C:\Windows\system32\svchost.exe[2892] ADVAPI32.dll!RegOpenKeyW 76BE3129 5 Bytes JMP 0027000A
.text C:\Windows\system32\svchost.exe[2892] ADVAPI32.dll!RegCreateKeyExW 76BEB946 5 Bytes JMP 00270F9E
.text C:\Windows\system32\svchost.exe[2892] ADVAPI32.dll!RegOpenKeyExA 76BEBC0D 5 Bytes JMP 00270025
.text C:\Windows\system32\svchost.exe[2892] ADVAPI32.dll!RegOpenKeyExW 76BEBEC4 5 Bytes JMP 00270040
.text C:\Windows\system32\svchost.exe[2892] WS2_32.dll!socket 771C3F00 5 Bytes JMP 00280FE5
.text C:\Windows\system32\svchost.exe[4016] ntdll.dll!NtCreateFile 776D4A10 5 Bytes JMP 0005000A
.text C:\Windows\system32\svchost.exe[4016] ntdll.dll!NtCreateProcess 776D4AE0 5 Bytes JMP 00050025
.text C:\Windows\system32\svchost.exe[4016] ntdll.dll!NtProtectVirtualMemory 776D5360 5 Bytes JMP 00050FEF
.text C:\Windows\system32\svchost.exe[4016] kernel32.dll!GetStartupInfoA 768D1DF0 5 Bytes JMP 00030073
.text C:\Windows\system32\svchost.exe[4016] kernel32.dll!CreateProcessW 768D202D 5 Bytes JMP 00030F0A
.text C:\Windows\system32\svchost.exe[4016] kernel32.dll!CreateProcessA 768D2062 5 Bytes JMP 0003009F
.text C:\Windows\system32\svchost.exe[4016] kernel32.dll!CreateNamedPipeW 76901FD6 5 Bytes JMP 0003002C
.text C:\Windows\system32\svchost.exe[4016] kernel32.dll!CreatePipe 76904A8B 5 Bytes JMP 00030F4A
.text C:\Windows\system32\svchost.exe[4016] kernel32.dll!VirtualProtect 769150AB 5 Bytes JMP 00030F76
.text C:\Windows\system32\svchost.exe[4016] kernel32.dll!LoadLibraryExW 7691B6BF 5 Bytes JMP 00030F91
.text C:\Windows\system32\svchost.exe[4016] kernel32.dll!LoadLibraryExA 7691BC8B 5 Bytes JMP 0003004E
.text C:\Windows\system32\svchost.exe[4016] kernel32.dll!CreateFileW 76920B7D 5 Bytes JMP 00030000
.text C:\Windows\system32\svchost.exe[4016] kernel32.dll!GetProcAddress 76921857 5 Bytes JMP 000300B0
.text C:\Windows\system32\svchost.exe[4016] kernel32.dll!LoadLibraryA 76922884 5 Bytes JMP 0003003D
.text C:\Windows\system32\svchost.exe[4016] kernel32.dll!LoadLibraryW 769228D2 5 Bytes JMP 00030FAC
.text C:\Windows\system32\svchost.exe[4016] kernel32.dll!CreateFileA 7692291C 5 Bytes JMP 00030FE5
.text C:\Windows\system32\svchost.exe[4016] kernel32.dll!GetStartupInfoW 76927CD5 5 Bytes JMP 00030084
.text C:\Windows\system32\svchost.exe[4016] kernel32.dll!CreateNamedPipeA 7695D5BF 5 Bytes JMP 0003001B
.text C:\Windows\system32\svchost.exe[4016] kernel32.dll!WinExec 7695E76D 5 Bytes JMP 00030F2F
.text C:\Windows\system32\svchost.exe[4016] kernel32.dll!VirtualProtectEx 7695F729 5 Bytes JMP 00030F65
.text C:\Windows\system32\svchost.exe[4016] msvcrt.dll!_open 769E7E48 5 Bytes JMP 000F0FE3
.text C:\Windows\system32\svchost.exe[4016] msvcrt.dll!_wsystem 76A1B04F 5 Bytes JMP 000F0FA4
.text C:\Windows\system32\svchost.exe[4016] msvcrt.dll!system 76A1B16F 5 Bytes JMP 000F0025
.text C:\Windows\system32\svchost.exe[4016] msvcrt.dll!_creat 76A1ED29 5 Bytes JMP 000F0000
.text C:\Windows\system32\svchost.exe[4016] msvcrt.dll!_wcreat 76A2038E 5 Bytes JMP 000F0FB5
.text C:\Windows\system32\svchost.exe[4016] msvcrt.dll!_wopen 76A20570 5 Bytes JMP 000F0FC6
.text C:\Windows\system32\svchost.exe[4016] ADVAPI32.dll!RegOpenKeyA 76BDD2ED 5 Bytes JMP 00370FEF
.text C:\Windows\system32\svchost.exe[4016] ADVAPI32.dll!RegCreateKeyA 76BDD3C1 5 Bytes JMP 00370039
.text C:\Windows\system32\svchost.exe[4016] ADVAPI32.dll!RegCreateKeyExA 76BE1B71 5 Bytes JMP 00370FA1
.text C:\Windows\system32\svchost.exe[4016] ADVAPI32.dll!RegCreateKeyW 76BE1CC0 5 Bytes JMP 00370FB2
.text C:\Windows\system32\svchost.exe[4016] ADVAPI32.dll!RegOpenKeyW 76BE3129 5 Bytes JMP 00370FDE
.text C:\Windows\system32\svchost.exe[4016] ADVAPI32.dll!RegCreateKeyExW 76BEB946 5 Bytes JMP 00370054
.text C:\Windows\system32\svchost.exe[4016] ADVAPI32.dll!RegOpenKeyExA 76BEBC0D 5 Bytes JMP 00370FCD
.text C:\Windows\system32\svchost.exe[4016] ADVAPI32.dll!RegOpenKeyExW 76BEBEC4 5 Bytes JMP 00370028
.text C:\Windows\system32\svchost.exe[4016] WS2_32.dll!socket 771C3F00 5 Bytes JMP 00380FEF
.text C:\Windows\system32\svchost.exe[4016] WININET.dll!InternetOpenA 775B7E1C 5 Bytes JMP 00AD0FE5
.text C:\Windows\system32\svchost.exe[4016] WININET.dll!InternetOpenW 775B9DA0 5 Bytes JMP 00AD0FD4
.text C:\Windows\system32\svchost.exe[4016] WININET.dll!InternetOpenUrlA 775BDC18 5 Bytes JMP 00AD0FC3
.text C:\Windows\system32\svchost.exe[4016] WININET.dll!InternetOpenUrlW 7760DC34 5 Bytes JMP 00AD0FB2

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[108] @ C:\Windows\system32\ole32.dll [ntdll.dll!EtwRegisterTraceGuidsW] [7090B0C6] C:\Windows\AppPatch\AcXtrnal.dll (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[176] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[176] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[176] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[1956] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [009B7740] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

Device \Driver\ACPI_HAL \Device\00000055 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Hier teil 2. sry wegen den Doppelpost oben mein internet spinnt ein wenig gerade ^^

Zitat:

und hier der Mbam log

Zitat:

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4323

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

18.07.2010 16:13:54
mbam-log-2010-07-18 (16-13-54).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 125675
Laufzeit: 12 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Umleitungen immernoch vorhanden ?

ach und seit dem ich das alles gemacht habe,werde ich nicht mehr verlinkt auf mybrowserbar =). Hoffe es bleibt so =)

Schritt 1

Software mit Revo Uninstaller deinstallieren

Downlo
ade Dir bitte den Revo Uninstaller

Doppelklick auf die revosetup.exe.
Installiere das Tool in den vorgegebenen Pfad.
Doppelklick auf das Revo Uninstall Icon.
Suche Dir nun folgende Software aus der Code-Box.

Code:

pdfforge Toolbar

Klicke darauf und bestätige mit Ja.
Belasse die Einstellung der Deinstallationsroutine auf Moderat und klicke auf weiter.
Das Tool wird nun nach allen Einträgen auf dem Rechner suchen. Klick auf weiter
Klick auf den Markiere alle Button und klick auf löschen und bestätige mit Ja.

Bebilderte Anleitung

Starte den Rechner neu auf.

Schritt 2

Java aktualisieren

Deine Javaversion ist veraltet. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, muss Java aktualisiert werden und alte Versionen müssen vom System entfernt werden, da die alten Versionen ein Sicherheitsrisiko darstellen. Lade JavaRa von prm753 herunter und entpacke es auf den Desktop. JavaRA ist geeignet für Windows 9x, 2k, XP und Vista (mit deaktivierter Benuterkontensteuerung).

Schließe alle Browserfenster.
Doppelklicke die JavaRa.exe, um das Programm zu starten.
Die Sprache auswählen, nimm Englisch und klicke "Select".
Klicke auf Additional Task, mache Haken bei Remove Useless JRE Files und [b]Remove Sun Download Manager[b].
Klicke auf Go und jeweils auf Ok und schließe das Fenster "Additional Tasks" wieder.
Klicke auf Remove Older Versions, um alte Java-Versionen, die auf dem Rechner installiert sind, zu entfernen.
Klicke auf Yes wenn es verlangt wird. Wenn JavaRa fertig, erscheint eine Notiz, dass ein Logfile erstellt wurde, klicke OK.
Das Logfile wird im Editor geöffnet, bitte speichern und später hier posten.
Kontrolliere in Systemsteuerung => Programme, ob noch Java-Versionen vorhanden sind und deinstalliere diese.
Rechner neu starten.

Downloade nun Java (Java Runtime Environment (JRE) 6 Update XX) von Oracle und installiere es. Vor dem Download musst Du die Lizenzbedingungen akzeptieren, indem Du "Accept License Agreement" aktivierst. Erweiterte Optionen anhaken, Sponsoren-Programm (Toolbar oder ähnliches) ggfs. abwählen.

Schritt 3

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
Dein Anti-Virus-Programm während des Scans deaktivieren.
Button http://img695.imageshack.us/img695/1599/eset1l.jpg drücken.
- Firefox-User: Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
- IE-User: müssen das Installieren eines ActiveX Elements erlauben.
Setze den einen Hacken bei Yes, i accept the Terms of Use.
Drücke den http://img707.imageshack.us/img707/687/starteg.jpg Button.
Warte bis die Komponenten herunter geladen wurden.
Setze einen Haken bei "Remove found threads" und "Scan archives".
http://img707.imageshack.us/img707/687/starteg.jpg drücken.
Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.

Wenn der Scan beendet wurde

Setze einen Hacken bei http://img25.imageshack.us/img25/6167/unbenanntgtd.jpg und drücke Finish.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
Logfile hier posten.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4

Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.

Bitte poste in Deiner nächsten Antwort
ESET logfile
OTL.txt
Extras.txt

mir kam gerade eine meldung von McAfee siteadvisor da kam ne warnung potenziell unerwünschte datei trotzdem downloaden oder Download Blockieren

Meine Glaskugel ist leider in der Reinigung. Jz muss ich doch dich fragen. Welche Datei

weiß ich nicht genau aber jetzt kommt keine meldung mehr ^.^ ich glaub es war bei Javara

und ich hab noch ein problem mit JavaRa hab alles gemacht aber es erstellt KEIN Log

Edit// und wo bekomm ich(Java Runtime Environment (JRE) 6 Update XX) von Oracle und installiere es. Vor dem Download musst Du die

wenn ich auf oracle klicke kommt die Java seite von da?

Für was poste ich eigentlich immer folgendes ?

Zitat:

Bitte poste in Deiner nächsten Antwort
ESET logfile
OTL.txt
Extras.txt

hmm war pdfforge Toolbar

der Auslöser? für die Umleitungen???

is das normal das der Eset scan so lange dauert? fast 4std schon O.o

ok danke und schon 5 viren/trojaner gefunden -.-

ok der eset scan ist fertig aber in dem Ordner Ist kein Log text,O.o warum ist da keiner????? is nicht normal oder??

Es nimmt mir nur Zeit wenn Du andauernd was postest nur nicht das was ich sehen will !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Bitte poste in Deiner nächsten Antwort
ESET logfile
OTL.txt
Extras.txt

Ist keine ESET Log vorhanden, wären zumindest schonmal die anderen vom vorteil

sry das ich so spät antworte Hier Der otl Log

OTL Logfile:

Code:

OTL logfile created on: 19.07.2010 21:14:16 - Run 2

OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Andre\Desktop\MFTools

 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free

3,00 Gb Paging File | 2,00 Gb Available in Paging File | 63,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 69,52 Gb Total Space | 32,09 Gb Free Space | 46,15% Space Free | Partition Type: NTFS

Drive D: | 66,00 Gb Total Space | 30,42 Gb Free Space | 46,08% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

Drive H: | 465,76 Gb Total Space | 46,11 Gb Free Space | 9,90% Space Free | Partition Type: NTFS

I: Drive not present or media not loaded

 

Computer Name: MEIN-PC

Current User Name: Andre

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

 
 ========== Processes (SafeList) ==========

 

PRC - [2010.07.18 15:56:20 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Andre\AppData\Local\Temp\RtkBtMnt.exe

PRC - [2010.07.18 15:43:31 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Andre\Desktop\MFTools\OTL.exe

PRC - [2010.06.30 17:06:29 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe

PRC - [2010.06.30 17:06:18 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010.04.27 17:16:24 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe

PRC - [2010.04.27 17:16:24 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe

PRC - [2010.04.01 23:05:04 | 001,180,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe

PRC - [2010.03.10 11:16:56 | 000,364,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe

PRC - [2010.01.05 18:04:02 | 000,170,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe

PRC - [2010.01.03 18:07:48 | 000,246,520 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe

PRC - [2009.12.14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

PRC - [2009.12.14 20:37:12 | 000,147,392 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\Core\mchost.exe

PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.09.30 20:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe

PRC - [2009.08.18 03:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe

PRC - [2009.08.18 03:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe

PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009.06.08 12:11:00 | 001,160,192 | ---- | M] (infoMantis GmbH) -- C:\Program Files\iSaver\iSaverCtrl.exe

PRC - [2009.04.10 21:11:00 | 007,399,968 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

PRC - [2008.07.29 20:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe

PRC - [2008.07.11 02:27:52 | 040,999,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

PRC - [2008.07.10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

 

 
 ========== Modules (SafeList) ==========

 

MOD - [2010.07.18 15:43:31 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Andre\Desktop\MFTools\OTL.exe

MOD - [2010.04.01 09:57:36 | 000,015,056 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll

MOD - [2009.07.14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll

MOD - [2009.07.14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll

MOD - [2009.07.14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll

MOD - [2009.07.14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll

MOD - [2009.07.14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll

MOD - [2009.07.14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll

MOD - [2009.07.14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll

MOD - [2009.07.14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll

MOD - [2009.07.14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll

MOD - [2009.07.14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll

MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010.04.27 17:16:24 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)

SRV - [2010.04.27 17:16:24 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe -- (mfevtp)

SRV - [2010.03.10 11:16:56 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV - [2010.01.05 18:04:02 | 000,170,144 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)

SRV - [2010.01.03 18:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)

SRV - [2009.12.14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)

SRV - [2009.12.14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)

SRV - [2009.12.14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)

SRV - [2009.12.14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)

SRV - [2009.12.14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)

SRV - [2009.12.14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)

SRV - [2009.12.14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)

SRV - [2009.08.18 03:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2009.07.14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)

SRV - [2009.07.14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)

SRV - [2009.07.14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)

SRV - [2009.07.14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)

SRV - [2009.07.14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)

SRV - [2009.07.14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)

SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)

SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)

SRV - [2009.07.14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)

SRV - [2009.07.14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)

SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009.07.14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)

SRV - [2009.07.14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2009.07.14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)

SRV - [2009.07.14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)

SRV - [2009.07.14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)

SRV - [2009.07.14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV)

SRV - [2009.07.14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)

SRV - [2009.07.14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)

SRV - [2008.07.11 02:27:52 | 040,999,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)

SRV - [2008.07.11 02:27:52 | 000,369,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server-Agent (SQLEXPRESS)

SRV - [2008.07.11 02:27:48 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100)

SRV - [2008.07.10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)

SRV - [2008.07.10 02:49:34 | 000,258,072 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EagleNT.sys -- (EagleNT)

DRV - [2010.04.27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2010.04.27 17:16:24 | 000,312,616 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)

DRV - [2010.04.27 17:16:24 | 000,160,720 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfewfpk.sys -- (mfewfpk)

DRV - [2010.04.27 17:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2010.04.27 17:16:24 | 000,095,568 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)

DRV - [2010.04.27 17:16:24 | 000,083,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)

DRV - [2010.04.27 17:16:24 | 000,064,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)

DRV - [2010.04.27 17:16:24 | 000,055,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)

DRV - [2010.04.27 17:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2009.12.11 09:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)

DRV - [2009.08.18 04:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2009.07.24 00:48:00 | 000,103,440 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV - [2009.07.20 20:39:20 | 000,116,136 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)

DRV - [2009.07.14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)

DRV - [2009.07.14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)

DRV - [2009.07.14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)

DRV - [2009.07.14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)

DRV - [2009.07.14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)

DRV - [2009.07.14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)

DRV - [2009.07.14 03:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)

DRV - [2009.07.14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)

DRV - [2009.07.14 03:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)

DRV - [2009.07.14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)

DRV - [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)

DRV - [2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)

DRV - [2009.07.14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)

DRV - [2009.07.14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)

DRV - [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)

DRV - [2009.07.14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)

DRV - [2009.07.14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2009.07.14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)

DRV - [2009.07.14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)

DRV - [2009.07.14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)

DRV - [2009.07.14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)

DRV - [2009.07.14 03:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)

DRV - [2009.07.14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)

DRV - [2009.07.14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)

DRV - [2009.07.14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)

DRV - [2009.07.14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)

DRV - [2009.07.14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)

DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)

DRV - [2009.07.14 03:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)

DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)

DRV - [2009.07.14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)

DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)

DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)

DRV - [2009.07.14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)

DRV - [2009.07.14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)

DRV - [2009.07.14 03:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)

DRV - [2009.07.14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)

DRV - [2009.07.14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)

DRV - [2009.07.14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)

DRV - [2009.07.14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)

DRV - [2009.07.14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)

DRV - [2009.07.14 03:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)

DRV - [2009.07.14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC-Seriellschnittstellentreiber (WDM)

DRV - [2009.07.14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)

DRV - [2009.07.14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)

DRV - [2009.07.14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)

DRV - [2009.07.14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)

DRV - [2009.07.14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)

DRV - [2009.07.14 01:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)

DRV - [2009.07.14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)

DRV - [2009.07.14 01:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)

DRV - [2009.07.14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)

DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009.07.14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)

DRV - [2009.07.14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)

DRV - [2009.07.14 01:45:42 | 000,465,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xnacc.sys -- (xnacc)

DRV - [2009.07.14 01:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)

DRV - [2009.07.14 01:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)

DRV - [2009.07.14 01:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)

DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)

DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)

DRV - [2009.07.14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)

DRV - [2009.07.14 01:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)

DRV - [2009.07.14 01:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)

DRV - [2009.07.14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdppm.sys -- (AmdPPM)

DRV - [2009.07.14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009.07.14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) Brother MFC-nur-Fax-Modem (USB)

DRV - [2009.07.14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) Brother MFC-WDM-Treiber (USB,seriell)

DRV - [2009.07.14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) Brother WDM-Treiber (seriell)

DRV - [2009.07.14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)

DRV - [2009.07.14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)

DRV - [2009.07.14 00:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)

DRV - [2009.07.14 00:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)

DRV - [2009.07.14 00:13:45 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (SrvHsfHDA)

DRV - [2009.07.14 00:02:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)

DRV - [2009.07.14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)

DRV - [2009.07.14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)

DRV - [2009.07.14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)

DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2009.06.15 15:01:00 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)

DRV - [2009.05.12 16:53:04 | 000,016,896 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FlashUsb.sys -- (FlashUSB)

DRV - [2009.05.04 22:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)

DRV - [2009.04.10 17:50:00 | 002,358,112 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2009.04.03 07:39:58 | 000,027,320 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)

DRV - [2008.11.08 10:55:24 | 000,101,760 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2008.07.10 02:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0102.sys -- (RsFx0102)

DRV - [2008.04.29 02:54:58 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)

DRV - [2008.02.27 20:36:02 | 000,141,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E7 F9 98 F5 BC 96 CA 01  [binary data]

IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010.07.02 14:43:59 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.30 17:06:43 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.18 17:57:24 | 000,000,000 | ---D | M]

 

[2010.01.15 20:01:39 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\mozilla\Extensions

[2010.07.18 21:55:33 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\mozilla\Firefox\Profiles\k2veblcu.default\extensions

[2010.04.20 17:47:27 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\mozilla\Firefox\Profiles\k2veblcu.default\extensions\SkipScreen@SkipScreen

[2010.04.05 21:16:46 | 000,002,252 | ---- | M] () -- C:\Users\Andre\AppData\Roaming\Mozilla\FireFox\Profiles\k2veblcu.default\searchplugins\askcom.xml

[2010.07.19 12:58:13 | 000,000,944 | ---- | M] () -- C:\Users\Andre\AppData\Roaming\Mozilla\FireFox\Profiles\k2veblcu.default\searchplugins\icqplugin.xml

[2010.07.18 17:57:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010.07.18 17:40:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2010.07.18 17:57:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010.04.27 17:16:24 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll

[2010.06.22 04:36:30 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml

[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20100518172810.dll (McAfee, Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found

O4 - HKLM..\Run: [iSaverCtrl] C:\Program Files\iSaver\iSaverCtrl.exe (infoMantis GmbH)

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()

O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKCU..\Run: [WebcamMaxAutoRun] C:\Program Files\WebcamMax\WebcamMax.exe (CoolwareMax)

O4 - Startup: C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 149

O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{6f537000-86ea-11df-abbd-001eec5d905c}\Shell - "" = AutoRun

O33 - MountPoints2\{6f537000-86ea-11df-abbd-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{6f537002-86ea-11df-abbd-001eec5d905c}\Shell - "" = AutoRun

O33 - MountPoints2\{6f537002-86ea-11df-abbd-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{cb9ac6e2-7633-11df-8a3c-001eec5d905c}\Shell - "" = AutoRun

O33 - MountPoints2\{cb9ac6e2-7633-11df-8a3c-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{d05e8afd-696d-11df-bcf1-001eec5d905c}\Shell - "" = AutoRun

O33 - MountPoints2\{d05e8afd-696d-11df-bcf1-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{d05e8b02-696d-11df-bcf1-001eec5d905c}\Shell - "" = AutoRun

O33 - MountPoints2\{d05e8b02-696d-11df-bcf1-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{f116a294-5169-11df-86b7-001eec5d905c}\Shell - "" = AutoRun

O33 - MountPoints2\{f116a294-5169-11df-86b7-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{f116a299-5169-11df-86b7-001eec5d905c}\Shell - "" = AutoRun

O33 - MountPoints2\{f116a299-5169-11df-86b7-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{f116a2b6-5169-11df-86b7-001eec5d905c}\Shell - "" = AutoRun

O33 - MountPoints2\{f116a2b6-5169-11df-86b7-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2010.07.18 17:57:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2010.07.18 17:57:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2010.07.18 17:57:24 | 000,423,656 | ---- | C] (Oracle) -- C:\Windows\System32\deployJava1.dll

[2010.07.18 17:57:24 | 000,153,376 | ---- | C] (Oracle) -- C:\Windows\System32\javaws.exe

[2010.07.18 17:57:24 | 000,145,184 | ---- | C] (Oracle) -- C:\Windows\System32\javaw.exe

[2010.07.18 17:57:24 | 000,145,184 | ---- | C] (Oracle) -- C:\Windows\System32\java.exe

[2010.07.18 17:37:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2010.07.18 17:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group

[2010.07.18 16:29:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2010.07.18 16:00:28 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2010.07.18 15:59:11 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2010.07.18 15:47:30 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\Malwarebytes

[2010.07.18 15:47:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010.07.18 15:47:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010.07.18 15:47:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010.07.18 15:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010.07.18 15:42:11 | 000,000,000 | ---D | C] -- C:\Users\Andre\Desktop\MFTools

[2010.07.06 12:26:46 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\ScreeNet iSaver

[2010.07.06 12:26:46 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\ScreeNet iSaver

[2010.07.06 12:23:02 | 000,000,000 | ---D | C] -- C:\Program Files\iSaver

[2010.06.23 23:06:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010.06.23 23:06:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010.06.23 23:00:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

 
 ========== Files - Modified Within 30 Days ==========

 

[2010.07.19 21:16:57 | 002,097,152 | -HS- | M] () -- C:\Users\Andre\NTUSER.DAT

[2010.07.19 13:02:51 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010.07.19 13:02:51 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010.07.19 12:47:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010.07.18 16:30:41 | 000,001,792 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk

[2010.07.18 16:29:47 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010.07.18 16:29:33 | 290,143,305 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2010.07.18 16:29:32 | 1408,045,056 | -HS- | M] () -- C:\hiberfil.sys

[2010.07.18 15:47:08 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.07.15 14:33:04 | 001,655,272 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010.07.15 14:33:04 | 000,709,178 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2010.07.15 14:33:04 | 000,672,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010.07.15 14:33:04 | 000,150,796 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2010.07.15 14:33:04 | 000,127,970 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010.07.06 12:26:50 | 000,001,969 | ---- | M] () -- C:\Users\Public\Desktop\TV-Guide starten.lnk

[2010.07.02 14:42:20 | 002,689,576 | -H-- | M] () -- C:\Users\Andre\AppData\Local\IconCache.db

[2010.06.29 14:40:22 | 000,072,371 | ---- | M] () -- C:\Users\Andre\Desktop\dun-morogh1.jpg

[2010.06.23 23:08:02 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010.06.23 22:07:19 | 001,662,622 | ---- | M] () -- C:\Users\Andre\Desktop\dnl-f10x.nzb

[2010.06.22 04:36:38 | 000,153,376 | ---- | M] (Oracle) -- C:\Windows\System32\javaws.exe

[2010.06.22 04:36:37 | 000,145,184 | ---- | M] (Oracle) -- C:\Windows\System32\javaw.exe

[2010.06.22 04:36:36 | 000,145,184 | ---- | M] (Oracle) -- C:\Windows\System32\java.exe

[2010.06.22 04:36:29 | 000,423,656 | ---- | M] (Oracle) -- C:\Windows\System32\deployJava1.dll

[2010.06.20 10:38:20 | 000,065,008 | ---- | M] () -- C:\Users\Andre\Desktop\brachland-zinnerz1.jpg

 
 ========== Files Created - No Company Name ==========

 

[2010.07.18 16:29:33 | 290,143,305 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2010.07.18 15:47:08 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.07.06 12:26:50 | 000,001,969 | ---- | C] () -- C:\Users\Public\Desktop\TV-Guide starten.lnk

[2010.06.29 14:40:16 | 000,072,371 | ---- | C] () -- C:\Users\Andre\Desktop\dun-morogh1.jpg

[2010.06.23 23:08:02 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010.06.23 22:07:07 | 001,662,622 | ---- | C] () -- C:\Users\Andre\Desktop\dnl-f10x.nzb

[2010.06.20 10:38:15 | 000,065,008 | ---- | C] () -- C:\Users\Andre\Desktop\brachland-zinnerz1.jpg

[2010.03.13 17:26:38 | 000,000,000 | ---- | C] () -- C:\Windows\iplayer.INI

[2010.01.23 18:42:10 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll

[2010.01.15 20:40:32 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll

[2010.01.15 20:40:32 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini

[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009.04.22 01:19:06 | 000,172,173 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll

[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll

[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll

[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll

[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll

[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll

[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll

[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll

[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll

[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll

[2008.08.18 18:16:08 | 001,634,304 | ---- | C] () -- C:\Windows\System32\myodbc5S.dll

< End of report >

--- --- ---

und hier die extras Liste

OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 19.07.2010 21:14:16 - Run 2

OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Andre\Desktop\MFTools

 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free

3,00 Gb Paging File | 2,00 Gb Available in Paging File | 63,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 69,52 Gb Total Space | 32,09 Gb Free Space | 46,15% Space Free | Partition Type: NTFS

Drive D: | 66,00 Gb Total Space | 30,42 Gb Free Space | 46,08% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

Drive H: | 465,76 Gb Total Space | 46,11 Gb Free Space | 9,90% Space Free | Partition Type: NTFS

I: Drive not present or media not loaded

 

Computer Name: MEIN-PC

Current User Name: ****

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32

"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable

"{0B9CCE86-8E60-4CE5-AE03-26F79D4D8FA9}" = Item-mall

"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour

"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu

"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver

"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 21

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1

"{30355ED7-DE49-4C8D-BE23-2161D36E8A9A}" = Microsoft SQL Server 2008 Setup Support Files (English)

"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types

"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger

"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files

"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008-Browser

"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE 

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{5A67EE53-2CE7-40CD-BA31-70F0C801A189}" = TV-Guide

"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services

"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)

"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes

"{81CC4D29-D7F2-7609-2833-C7AD6D363DF4}" = ATI Catalyst Install Manager

"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support

"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX

"{8F714418-F3C3-3BF0-B548-E4BDA7AD41DE}" = Microsoft Visual Basic 2008 Express Edition with SP1 - DEU

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab

"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari

"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam

"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch

"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support

"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services

"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail

"{C91C4EF4-63E1-41EE-AE6A-5152628FDC21}" = Microsoft SQL Server 2008 Native Client

"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program

"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver

"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared

"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch)

"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files

"4StoryDE_is1" = 4Story 3.3

"5D38134BF8A10D640B30E6B014EECDBC5F881E3D" = Windows Driver Package - ENE (enecir) HIDClass  (04/29/2008 2.5.0.0)

"7D6D030B3D73FCCA3D4E45319380F315DFBE7A54" = Windows-Treiberpaket - Infineon Technologies (FlashUSB) USB  (04/16/2009 1.0.0.6)

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010

"ERUNT_is1" = ERUNT 1.1j

"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]

"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2

"Free YouTube Download_is1" = Free YouTube Download 2.3

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2

"ICQToolbar" = ICQ Toolbar

"ImgBurn" = ImgBurn

"Infineon USB driver_is1" = Infineon USB driver 1.0.0.6

"InterActual Player" = InterActual Player

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft SQL Server 10" = Microsoft SQL Server 2008

"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008

"Microsoft Visual Basic 2008 Express Edition with SP1 - DEU" = Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU

"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)

"MSC" = McAfee Total Protection

"OpenAL" = OpenAL

"Palringo" = Palringo

"QuickPar" = QuickPar 0.9

"Revo Uninstaller" = Revo Uninstaller 1.89

"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)

"Surf & E-Mail-Stick" = Surf & E-Mail-Stick

"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2

"Uninstall_is1" = Uninstall 1.0.0.1

"VLC media player" = VLC media player 1.0.5

"VSO Inspector_is1" = VSO Inspector 2.0.1.7

"WBFS Manager 3.0" = WBFS Manager 3.0

"WebcamMax" = WebcamMax

"WinImage" = WinImage

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"090215de958f1060" = Curse Client

 
 ========== Last 10 Event Log Errors ==========

 
 

 

[ Media Center Events ]

Error - 25.01.2010 11:52:13 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0

Description = 16:52:06 - ClientUpdate konnte nicht abgerufen werden (Fehler: Die

 zugrunde liegende Verbindung wurde geschlossen: Die Verbindung wurde unerwartet

 getrennt..)  

 

Error - 09.02.2010 10:33:22 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0

Description = 15:33:22 - Fehler beim Herstellen der Internetverbindung.  15:33:22 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 09.02.2010 10:33:33 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0

Description = 15:33:28 - Fehler beim Herstellen der Internetverbindung.  15:33:28 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 18.02.2010 11:12:57 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0

Description = 16:12:56 - Directory konnte nicht abgerufen werden (Fehler: Der Remotename

 konnte nicht aufgelöst werden: 'data.tvdownload.microsoft.com')  

 

Error - 25.02.2010 11:13:19 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0

Description = 16:13:19 - Fehler beim Herstellen der Internetverbindung.  16:13:19 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 25.02.2010 11:13:53 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0

Description = 16:13:48 - Fehler beim Herstellen der Internetverbindung.  16:13:48 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 25.02.2010 12:15:51 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0

Description = 17:15:45 - Fehler beim Herstellen der Internetverbindung.  17:15:45 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 25.02.2010 13:17:14 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0

Description = 18:17:13 - Fehler beim Herstellen der Internetverbindung.  18:17:13 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 19.03.2010 06:31:29 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0

Description = 11:31:29 - Fehler beim Herstellen der Internetverbindung.  11:31:29 

-     Serververbindung konnte nicht hergestellt werden..  

 

[ System Events ]

Error - 28.05.2010 14:08:10 | Computer Name = Mein-PC | Source = cdrom | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

 

Error - 28.05.2010 14:08:14 | Computer Name = Mein-PC | Source = cdrom | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

 

Error - 28.05.2010 14:08:19 | Computer Name = Mein-PC | Source = cdrom | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

 

Error - 28.05.2010 14:08:24 | Computer Name = Mein-PC | Source = cdrom | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

 

Error - 28.05.2010 14:08:29 | Computer Name = Mein-PC | Source = cdrom | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

 

Error - 28.05.2010 14:08:34 | Computer Name = Mein-PC | Source = cdrom | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

 

Error - 28.05.2010 14:08:38 | Computer Name = Mein-PC | Source = cdrom | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

 

Error - 28.05.2010 14:08:44 | Computer Name = Mein-PC | Source = cdrom | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

 

Error - 28.05.2010 14:08:49 | Computer Name = Mein-PC | Source = cdrom | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

 

Error - 28.05.2010 14:08:54 | Computer Name = Mein-PC | Source = cdrom | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

 

 

< End of report >

--- --- ---

Hoffe ich ging dir nicht zu sehr auf die Nerven.

Mfg Andre

ob ich noch probleme hab ? mit firefox und den verlinkungen?? nein

Also ich Danke dir ist echt eins spitze forum. man merkt das ihr euch auskennt danke

mfg Andre

Logfile ist sauber :daumenhoc

Hier noch die letzten paar Schritte zur Säuberung Deines Rechners.

Schritt 1

Systemwiederherstellungpunkte leeren

Windows +E Taste drücken --> Rechtsklick über Laufwerk C --> Eigenschaften --> Bereinigen --> weitere Optionen --> Systemwiederherstellung und Schattenkopien bereinigen.

Schritt 2

Tool CleanUp

Starte bitte die OTL.exe.
Klicke nun auf den Bereinigung Button. Dies wird die meisten Tools und Logfiles entfernen.
Sollte denoch etwas bestehen bleiben, bitte manuell entfernen sowie den Papierkorb leeren.

Schritt 3

Automatische Updates

Sehen wir nach ob die Updates für Windows sich automatisch downloaden. Das ist der beste Weg um all die Sicherheits- Patches und Fixes zu erhalten.

Windows + R Taste drücken. Kopiere nun folgenden Text in die Kommandozeile

RunDll32.exe shell32.dll,Control_RunDLL wscui.cpl

und klicke auf OK.
Stelle sicher das die automatischen Updates aktiviert sind.

Schritt 4

Um Dich für die Zukunft vor weiteren Infizierungen zu schützen empfehle ich Dir noch ein paar Programme.

SpywareBlaster
Ein Tutorial zur Verwendung findest Du Hier
MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
Hinweis: MBAM ersetzt keine Anti- Viren- Software.
Temp File Cleaner
TFC ist ein wirklich starkes Tool zum entfernen von Temp Dateien vom IE und WIndows, leert den Papierkorb und noch viel mehr.
Ausserdem hilft es Deinen Computer zu beschleunigen.
Du kannst Dir TFC ( by OldTimer ) hier downloaden.
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
Halte Dein System aktuell
Ich kann gar nicht oft genug betonen, wie wichtig es ist, dass der PC auf dem aktuellsten Stand der Dinge ist.
Es werden oft genug Sicherheitslücken in Windows eigenen Anwendungen gefunden. Diese "Löcher" gehören entfernt, weil Angreifer diese womöglich nutzen um unauthorisiert auf Dein System zu zugreifen.
Jeden zweiten Dienstag im Monat ist Update Tag. Besuche bitte dazu die Microsoft Update Seite.
Halte Deine Software aktuell
Der einfachste Weg dafür ist der Secunia Online Software.

Schritt 5

Tipps für sicheres Surfen

Das sind meine Vorschläge.
Verwende einen alternativen Browser statt den IE.
Ich empfehle Mozilla Firefox.

Für Firefox gibt es verschiedenste AddOns um sicher durch das WWW zu kommen.

NoScript
Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
AdblockPlus
Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
Es spart ausserdem Downloadkapazität.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Dieses Thema scheint erledigt und wird aus den Abos gelöscht. Solltest Du das Thema erneut benötigen, bitte eine PN an mich.

Jeder andere möge bitte einen eigenen Thread starten.