Zlob/DNS-Changer

ComboFix 08-12-17.01 - Michael 2008-12-20 14:03:31.9 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.1535.762 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Michael\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Michael\Desktop\CFScript.txt
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PAVBOOT
-------\Service_Brdfpi
-------\Service_pavboot
-------\Service_ZD1201U(ZyXEL)


((((((((((((((((((((((( Dateien erstellt von 2008-11-20 bis 2008-12-20 ))))))))))))))))))))))))))))))
.

2008-12-20 14:07 . 2008-12-20 14:07 <DIR> dr-h----- c:\dokumente und einstellungen\Michael\Recent
2008-12-20 11:48 . 2008-12-20 11:48 <DIR> d--hs---- c:\dokumente und einstellungen\LocalService\Cookies
2008-12-18 14:07 . 2008-12-18 14:08 <DIR> d-------- c:\windows\ERUNT
2008-12-18 13:54 . 2008-12-18 13:55 <DIR> d-------- C:\programm_download
2008-12-18 12:38 . 2008-12-18 13:40 <DIR> d-------- c:\programme\Enigma Software Group
2008-12-18 10:44 . 2008-12-18 10:44 1,393 --a------ c:\windows\imsins.BAK
2008-12-17 17:20 . 2008-12-17 17:19 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-15 09:19 . 2008-12-15 09:19 <DIR> d-------- C:\fsaua.data
2008-12-14 00:14 . 2008-12-14 00:14 <DIR> d-------- c:\programme\Lavasoft
2008-12-14 00:14 . 2008-12-14 00:14 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft
2008-12-13 11:23 . 2008-11-05 08:02 210,944 --a------ c:\windows\mobackup8.exe
2008-12-13 11:23 . 2008-12-13 11:23 1,651 -r------- c:\windows\MOBackup-DatensicherungfürOutlook7_Uninstall.in
2008-12-13 11:15 . 2008-12-19 12:18 4,110,850 --a------ c:\windows\Pfirewall.log.old
2008-12-08 11:37 . 2008-12-08 11:38 <DIR> d-------- c:\programme\iTunes
2008-12-08 11:37 . 2008-12-08 11:37 <DIR> d-------- c:\programme\iPod
2008-12-08 11:37 . 2008-12-08 11:38 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-20 09:19 --------- d-----w c:\programme\CleanUp!
2008-12-19 11:58 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\STAMPIT
2008-12-19 10:51 --------- d-----w c:\programme\StarMoney 6.0 S-Edition
2008-12-18 16:21 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic
2008-12-18 15:11 --------- d-----w c:\programme\TightVNC
2008-12-18 10:17 --------- d-----w c:\programme\SUPERAntiSpyware
2008-12-17 16:19 --------- d-----w c:\programme\Java
2008-12-13 20:52 --------- d-----w c:\programme\Gemeinsame Dateien\Wise Installation Wizard
2008-12-13 20:47 --------- d-----w c:\dokumente und einstellungen\Michael\Anwendungsdaten\Lavasoft
2008-12-13 20:44 --------- d--h--w c:\programme\InstallShield Installation Information
2008-12-13 20:42 --------- d-----w c:\dokumente und einstellungen\Michael\Anwendungsdaten\MailWasherPro
2008-12-13 20:31 --------- d-----w c:\programme\Malwarebytes' Anti-Malware
2008-12-13 10:23 --------- d-----w c:\programme\MOBackup
2008-12-12 11:41 --------- d-----w c:\dokumente und einstellungen\Michael\Anwendungsdaten\ESM-Tools
2008-12-11 08:55 --------- d-----w c:\dokumente und einstellungen\Michael\Anwendungsdaten\U3
2008-12-08 10:37 --------- d-----w c:\programme\Gemeinsame Dateien\Apple
2008-12-08 10:33 --------- d-----w c:\programme\QuickTime
2008-12-08 08:01 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\CanonIJPLM
2008-12-03 18:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-03 18:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-12-02 15:15 --------- d-----w c:\dokumente und einstellungen\Michael\Anwendungsdaten\VSO
2008-11-28 13:30 --------- d-----w c:\dokumente und einstellungen\Michael\Anwendungsdaten\OpenOffice.org2
2008-11-26 15:39 --------- d-----w c:\dokumente und einstellungen\Michael\Anwendungsdaten\Skype
2008-11-23 15:27 --------- d-----w c:\programme\Gemeinsame Dateien\Real
2008-11-17 08:36 --------- d-----w c:\dokumente und einstellungen\Michael\Anwendungsdaten\Microsoft Web Folders
2008-11-07 10:27 --------- d-----w c:\programme\a-squared Free
2008-11-07 09:36 --------- d-----w c:\programme\Spybot - Search & Destroy
2008-11-07 08:08 --------- d-----w c:\programme\Bonjour
2008-11-07 07:09 13,127 ----a-w c:\windows\ujuf.bin
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-06 15:17 11,390 ----a-w c:\dokumente und einstellungen\Michael\Anwendungsdaten\mdb.bin
2008-09-30 13:05 16,269 ----a-w c:\dokumente und einstellungen\Michael\Anwendungsdaten\mdbu.bin
2006-10-04 13:10 17,605 ------w c:\programme\WinSweephosts.bak
2006-09-07 20:52 45,789 ----a-w c:\dokumente und einstellungen\Michael\.cxpg61spc.dat
2006-09-07 20:52 45,789 ----a-w c:\dokumente und einstellungen\\Michael\.cxpg61spc.dat
2006-05-10 17:15 838 ------w c:\programme\index.html
2006-05-10 17:15 407 ------w c:\programme\nav.html
2006-05-10 17:15 1,059 ------w c:\programme\style.css
2007-12-10 16:40 6,275,816 ----a-w c:\programme\mozilla firefox\plugins\ScorchPDFWrapper.dll
2008-09-22 06:49 122,880 ----a-w c:\programme\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-12-12 12:43 67,696 ----a-w c:\programme\mozilla firefox\components\jar50.dll
2008-12-12 12:43 54,376 ----a-w c:\programme\mozilla firefox\components\jsd3250.dll
2008-12-12 12:43 34,952 ----a-w c:\programme\mozilla firefox\components\myspell.dll
2008-12-12 12:43 46,720 ----a-w c:\programme\mozilla firefox\components\spellchk.dll
2008-12-12 12:43 172,144 ----a-w c:\programme\mozilla firefox\components\xpinstal.dll
2006-07-24 15:41 12 --sh--r c:\windows\msmkctrl.dll
2005-08-03 17:20 56 -csh--r c:\windows\system32\3CC9DAE445.sys
2007-04-07 07:30 88 --sh--r c:\windows\system32\52B56A307C.sys
2007-03-24 10:13 56 --sh--r c:\windows\system32\7C306AB552.sys
.

((((((((((((((((((((((((((((( snapshot@2008-12-13_11.06.16.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 14:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2008-12-19 11:24:58 10,113,024 ----a-w c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-12-19 11:24:59 3,301,376 ----a-w c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-08-07 14:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-12-18 13:08:08 10,113,024 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-12-18 13:08:09 3,301,376 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2008-10-17 00:34:18 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2007-03-06 01:14:13 217,312 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:15:22 377,568 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
- 2008-10-17 00:34:18 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2008-12-13 06:36:44 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2008-04-29 09:19:50 12,960 ----a-w c:\windows\system32\drivers\Awrtpd.sys
+ 2008-04-29 09:19:54 15,648 ----a-w c:\windows\system32\drivers\Awrtrd.sys
+ 2008-04-29 09:20:00 15,648 ----a-w c:\windows\system32\drivers\NSDriver.sys
- 2008-06-10 00:21:01 135,168 ----a-w c:\windows\system32\java.exe
+ 2008-12-17 16:19:38 144,792 ----a-w c:\windows\system32\java.exe
- 2008-06-10 00:21:04 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2008-12-17 16:19:38 144,792 ----a-w c:\windows\system32\javaw.exe
- 2008-06-10 01:32:34 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2008-12-17 16:19:38 148,888 ----a-w c:\windows\system32\javaws.exe
- 2008-12-09 15:04:36 8,874 -csha-w c:\windows\system32\KGyGaAvL.sys
+ 2008-12-17 08:50:19 8,874 -csha-w c:\windows\system32\KGyGaAvL.sys
+ 2008-05-16 09:58:04 12,632 ----a-w c:\windows\system32\lsdelete.exe
- 2008-10-17 00:34:18 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-13 06:36:44 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-20 13:10:07 16,384 ----atw c:\windows\temp\Perflib_Perfdata_534.dat
+ 2008-12-20 13:10:07 16,384 ----atw c:\windows\temp\Perflib_Perfdata_550.dat
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EmailNotifier"="c:\programme\EmailNotifier\EN.exe" [2006-02-16 434688]
"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"Rainlendar2"="c:\programme\Rainlendar2\Rainlendar2.exe" [2007-04-15 1291264]
"DVBV Service Ctrl"="c:\programme\DVBViewer\DVBVCtrl.exe" [2007-02-11 53760]
"GMX SMS-Manager"="c:\programme\GMX\GMX SMS-Manager\SMSMngr.exe" [2007-07-19 3539968]
"H/PC Connection Agent"="c:\programme\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2008-10-05 235936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2008-12-17 136600]
"ShowIcon_Vosonic_USB Media Device Driver v1.19r003"="c:\programme\USB Media\shwicon.exe" [2003-01-22 73728]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016]
"Google Desktop Search"="c:\programme\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-22 29744]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"CanonMyPrinter"="c:\programme\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"avgnt"="c:\programme\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"SoundMan"="SOUNDMAN.EXE" [2003-12-19 c:\windows\SOUNDMAN.EXE]

c:\dokumente und einstellungen\Michael\Startmen\Programme\Autostart\
mapdrive_1191912372.cmd [2007-11-04 132]
ShutDownPro.lnk - c:\programme\ShutDownPro\ShutDownPro.EXE [2005-08-05 100352]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Pinnacle ShowCenter StreamServer.lnk - c:\programme\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe [2006-03-11 163840]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 5 (0x5)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msliksurserv.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
@=""

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Acrobat - Schnellstart.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk
backup=c:\windows\pss\Adobe Acrobat - Schnellstart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STAMPIT-Tray]
--a------ 2007-10-26 09:38 61440 c:\programme\STAMPIT\Binary\STRAY.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\EmailNotifier\\EN.exe"=
"c:\\Programme\\Logitech\\Harmony Remote\\PatchHelper.exe"=
"c:\\Programme\\Microsoft Office\\OFFICE11\\OUTLOOK.EXE"=
"c:\\Programme\\WinSweep\\WSProxy.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\SpeedProject\\SpeedCommander 11\\SpeedCommander.exe"=
"c:\\Programme\\DVBViewer\\DVBServer.exe"=
"c:\programme\Microsoft ActiveSync\rapimgr.exe"= c:\programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programme\Microsoft ActiveSync\wcescomm.exe"= c:\programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programme\Microsoft ActiveSync\WCESMgr.exe"= c:\programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programme\\Corel\\CorelDRAW Graphics Suite 13\\Programs\\CorelDRW.exe"=
"c:\\WINDOWS\\System32\\Sessmgr.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:@xpsp2res.dll,-22002
"1900:UDP"= 1900:UDP:@xpsp2res.dll,-22007
"2869:TCP"= 2869:TCP:@xpsp2res.dll,-22008
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"80:TCP"= 80:TCP:Web Server (TCP 80)
"20:TCP"= 20:TCP:FTP (TCP/UDP 20)
"20:UDP"= 20:UDP:FTP (TCP/UDP 20)
"21:UDP"= 21:UDP:FTP (TCP/UDP 21)
"5800:TCP"= 5800:TCP:VNC (TCP/UDP 5800)
"5800:UDP"= 5800:UDP:VNC (TCP/UDP 5800)
"5900:TCP"= 5900:TCP:VNC (TCP/UDP 5900)
"5900:UDP"= 5900:UDP:VNC (TCP/UDP 5900)
"7792:TCP"= 7792:TCP:7792
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"4661:TCP"= 4661:TCP:Emule (TCP/UDP 4661)
"4661:UDP"= 4661:UDP:Emule (TCP/UDP 4661)
"4662:TCP"= 4662:TCP:Emule (TCP/UDP 4662)
"4662:UDP"= 4662:UDP:Emule (TCP/UDP 4662)
"4665:TCP"= 4665:TCP:Emule (TCP/UDP 4665)
"4665:UDP"= 4665:UDP:Emule (TCP/UDP 4665)
"4672:TCP"= 4672:TCP:Emule (TCP/UDP 4672)
"4672:UDP"= 4672:UDP:Emule (TCP/UDP 4672)
"21:TCP"= 21:TCP:FTP (TCP/UDP 21)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\RemoteAdminSettings]
"RemoteAddresses"= *
"Enabled"= 1 (0x1)

R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2006-02-01 22336]
R0 d346bus;d346bus;c:\windows\system32\DRIVERS\d346bus.sys [2005-08-03 156800]
R0 d346prt;d346prt;c:\windows\system32\Drivers\d346prt.sys [2005-08-03 5248]
R0 hotcore;hotcore;c:\windows\system32\drivers\hotcore.sys [2006-02-03 30820]
R1 avgntdd;avgntdd;c:\windows\system32\DRIVERS\avgntdd.sys [2006-02-01 45376]
R1 Cinemsup;Cinemsup;\??\c:\windows\system32\drivers\cinemsup.sys [2002-07-19 6656]
R1 SASDIFSV;SASDIFSV;\??\c:\programme\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 5632]
R1 SASKUTIL;SASKUTIL;\??\c:\programme\SUPERAntiSpyware\SASKUTIL.sys [2007-01-09 32256]
R2 DVBVRecorder;DVBViewer Recording service;c:\programme\DVBViewer\DVBVservice.exe [2007-08-05 324631]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\DRIVERS\SkyNET.SYS [2007-02-14 349184]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"c:\programme\Google\Google Desktop Search\GoogleDesktop.exe" [2006-04-29 29744]
S3 SASENUM;SASENUM;\??\c:\programme\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\DRIVERS\snp325.sys [2007-11-06 10242176]
S3 TTUSB2BDA;TechniSat BDA USB 2.0 Driver;c:\windows\system32\DRIVERS\ttusb2bda.sys [2007-02-12 401024]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73d3a122-aa01-11db-be87-000c76b813e9}]
\Shell\AutoRun\command - J:\pushinst.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abccd370-4fe7-11dd-822e-000c76b813e9}]
\Shell\AutoRun\command - j:\truecrypt\TrueCrypt.exe
\Shell\dismount\command - j:\truecrypt\TrueCrypt.exe /q /d
\Shell\start\command - j:\truecrypt\TrueCrypt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
c:\programme\PixiePack Codec Pack\InstallerHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub
.
Inhalt des "geplante Tasks" Ordners

2008-12-19 c:\windows\Tasks\1-Klick-Wartung.job
- c:\programme\TuneUp Utilities 2008\OneClick.exe [2007-12-14 13:17]

2008-12-17 c:\windows\Tasks\AntiVir PersonalEdition Classic starten.job
- c:\progra~1\ANTIVI~1\avcenter.exe [2008-06-26 10:55]

2008-12-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-12-20 c:\windows\Tasks\Start Outlook.job
- c:\dokumente und einstellungen\All Users\Startmen []

2008-12-20 c:\windows\Tasks\XoftSpySE 2.job
- c:\programme\XoftSpySE\XoftSpy.exe [2007-07-13 13:44]

2008-07-22 c:\windows\Tasks\XoftSpySE.job
- c:\programme\XoftSpySE\XoftSpy.exe [2007-07-13 13:44]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE:
IE: &Preispiratensuche nach markiertem Text - c:\\Programme\\Preispiraten\\Preispiraten4\\preispiraten.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: In vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\programme\ANYCOM\Blue USB-200-250\btsendto_ie_ctx.htm
IE: Senden an Bluetooth - c:\programme\ANYCOM\Blue USB-200-250\btsendto_ie.htm
IE: Subscribe in RSS Popper - c:\programme\RSS Popper\ie_subscribe.htm
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO
IE: {{8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO -

O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
FF - ProfilePath - c:\dokumente und einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\uhh304om.default\
FF - prefs.js: browser.startup.homepage - www.focus.de
FF - component: c:\dokumente und einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\uhh304om.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\dokumente und einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\uhh304om.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\ImageShackCom.dll
FF - component: c:\progra~1\MOZILL~1\components\GoogleDesktopMozilla.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-20 14:10:36
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc21.tmp"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(896)
c:\windows\system32\sfc_os.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\programme\ANYCOM\Blue USB-200-250\bin\btwdins.exe
c:\programme\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\BRSS01A.EXE
c:\windows\system32\netdde.exe
c:\programme\a-squared Free\a2service.exe
c:\programme\AntiVir PersonalEdition Classic\sched.exe
c:\programme\AntiVir PersonalEdition Classic\avguard.exe
c:\programme\Xampp\xampp\apache\bin\apache.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\clipsrv.exe
c:\programme\Xampp\xampp\FileZillaFTP\FileZillaServer.exe
c:\programme\Canon\IJPLM\ijplmsvc.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\programme\Xampp\xampp\apache\bin\apache.exe
c:\programme\Gemeinsame Dateien\Protexis\License Service\PSIService.exe
c:\programme\CyberLink\Shared Files\RichVideo.exe
c:\programme\Spyware Doctor\sdhelp.exe
c:\programme\TightVNC\WinVNC.exe
c:\programme\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\programme\iPod\bin\iPodService.exe
c:\programme\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-12-20 14:17:24 - PC wurde neu gestartet [Michael]
ComboFix-quarantined-files.txt 2008-12-20 13:17:19
ComboFix2.txt 2008-12-20 10:01:34
ComboFix3.txt 2008-12-18 15:28:53
ComboFix4.txt 2008-12-18 10:39:04
ComboFix5.txt 2008-12-20 13:00:55

Vor Suchlauf: 9.405.091.840 Bytes frei
Nach Suchlauf: 9,385,877,504 Bytes frei

348 --- E O F --- 2008-12-18 09:44:29
 
1. TEIL

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-20 14:40:16
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT d346bus.sys (PnP BIOS Extension/ ) ZwClose [0xF75BCD08]
SSDT d346bus.sys (PnP BIOS Extension/ ) ZwCreateKey [0xF75BCCC0]
SSDT d346bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xF75B0A20]
SSDT BA0CD3C4 ZwCreateThread
SSDT d346bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xF75B14FC]
SSDT d346bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xF75BCE00]
SSDT d346bus.sys (PnP BIOS Extension/ ) ZwOpenFile [0xF75B0A60]
SSDT d346bus.sys (PnP BIOS Extension/ ) ZwOpenKey [0xF75BCC84]
SSDT BA0CD3B0 ZwOpenProcess
SSDT BA0CD3B5 ZwOpenThread
SSDT d346bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xF75B151C]
SSDT d346bus.sys (PnP BIOS Extension/ ) ZwQueryValueKey [0xF75BCD56]
SSDT d346bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xF75BC230]
SSDT BA0CD3BF ZwTerminateProcess
SSDT BA0CD3BA ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!ZwYieldExecution + 12A 804E4964 2 Bytes [ 20, 0A ]
? Combo-Fix.sys Das System kann die angegebene Datei nicht finden. !
? C:\WINDOWS\TEMP\mc21.tmp Das System kann die angegebene Datei nicht finden. !
? C:\ComboFix\catchme.sys Das System kann den angegebenen Pfad nicht finden. !
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\spoolsv.exe[180] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[180] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[180] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\spoolsv.exe[180] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\spoolsv.exe[180] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\brss01a.exe[192] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\brss01a.exe[192] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\brss01a.exe[192] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\brss01a.exe[192] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\brss01a.exe[192] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[272] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[272] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[272] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[272] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[272] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[272] kernel32.dll!FreeLibrary + 15 7C80AC13 4 Bytes [ 25, 54, 7F, E2 ]
.text C:\WINDOWS\system32\netdde.exe[408] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\netdde.exe[408] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\netdde.exe[408] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\netdde.exe[408] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\netdde.exe[408] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Programme\ShutDownPro\ShutDownPro.EXE[516] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\ShutDownPro\ShutDownPro.EXE[516] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programme\ShutDownPro\ShutDownPro.EXE[516] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Programme\ShutDownPro\ShutDownPro.EXE[516] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Programme\ShutDownPro\ShutDownPro.EXE[516] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Programme\ShutDownPro\ShutDownPro.EXE[516] kernel32.dll!FreeLibrary + 15 7C80AC13 4 Bytes [ 25, 54, 7F, E2 ]
.text c:\programme\a-squared free\a2service.exe[652] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text c:\programme\a-squared free\a2service.exe[652] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text c:\programme\a-squared free\a2service.exe[652] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text c:\programme\a-squared free\a2service.exe[652] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text c:\programme\a-squared free\a2service.exe[652] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Programme\Xampp\xampp\apache\bin\apache.exe[712] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Xampp\xampp\apache\bin\apache.exe[712] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programme\Xampp\xampp\apache\bin\apache.exe[712] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Programme\Xampp\xampp\apache\bin\apache.exe[712] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Xampp\xampp\apache\bin\apache.exe[712] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[780] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[780] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[780] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[780] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[780] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\clipsrv.exe[796] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\clipsrv.exe[796] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\clipsrv.exe[796] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\clipsrv.exe[796] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\clipsrv.exe[796] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Programme\DVBViewer\DVBVservice.exe[848] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\DVBViewer\DVBVservice.exe[848] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programme\DVBViewer\DVBVservice.exe[848] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Programme\DVBViewer\DVBVservice.exe[848] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Programme\DVBViewer\DVBVservice.exe[848] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\csrss.exe[872] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[872] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\csrss.exe[872] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\csrss.exe[872] KERNEL32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\csrss.exe[872] KERNEL32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\winlogon.exe[896] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[896] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[896] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\winlogon.exe[896] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\winlogon.exe[896] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\notepad.exe[932] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\notepad.exe[932] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\notepad.exe[932] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\notepad.exe[932] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\notepad.exe[932] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\notepad.exe[932] kernel32.dll!FreeLibrary + 15 7C80AC13 4 Bytes [ 25, 54, 7F, E2 ]
.text C:\WINDOWS\system32\services.exe[940] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[940] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\services.exe[940] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\services.exe[940] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\services.exe[940] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\lsass.exe[952] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[952] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\lsass.exe[952] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\lsass.exe[952] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\lsass.exe[952] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Programme\Xampp\xampp\FileZillaFTP\FileZillaServer.exe[1104] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Xampp\xampp\FileZillaFTP\FileZillaServer.exe[1104] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programme\Xampp\xampp\FileZillaFTP\FileZillaServer.exe[1104] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Programme\Xampp\xampp\FileZillaFTP\FileZillaServer.exe[1104] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Xampp\xampp\FileZillaFTP\FileZillaServer.exe[1104] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1148] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1148] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1148] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1148] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1148] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Programme\Canon\IJPLM\IJPLMSVC.EXE[1300] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Canon\IJPLM\IJPLMSVC.EXE[1300] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programme\Canon\IJPLM\IJPLMSVC.EXE[1300] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Programme\Canon\IJPLM\IJPLMSVC.EXE[1300] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Canon\IJPLM\IJPLMSVC.EXE[1300] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1332] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Java\jre6\bin\jqs.exe[1332] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programme\Java\jre6\bin\jqs.exe[1332] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1332] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1332] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Programme\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe[1360] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe[1360] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 40, 76 ]
.text C:\Programme\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe[1360] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 76390F5A
.text C:\Programme\Xampp\xampp\apache\bin\apache.exe[1460] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Xampp\xampp\apache\bin\apache.exe[1460] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programme\Xampp\xampp\apache\bin\apache.exe[1460] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Programme\Xampp\xampp\apache\bin\apache.exe[1460] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Xampp\xampp\apache\bin\apache.exe[1460] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[1528] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1528] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1528] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1528] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[1528] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Programme\ANYCOM\Blue USB-200-250\bin\btwdins.exe[1556] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\ANYCOM\Blue USB-200-250\bin\btwdins.exe[1556] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programme\ANYCOM\Blue USB-200-250\bin\btwdins.exe[1556] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Programme\ANYCOM\Blue USB-200-250\bin\btwdins.exe[1556] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Programme\ANYCOM\Blue USB-200-250\bin\btwdins.exe[1556] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1768] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1768] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Programme\Lavasoft\Ad-Aware\aawservice.exe[1800] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Lavasoft\Ad-Aware\aawservice.exe[1800] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programme\Lavasoft\Ad-Aware\aawservice.exe[1800] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Programme\Lavasoft\Ad-Aware\aawservice.exe[1800] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Lavasoft\Ad-Aware\aawservice.exe[1800] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\alg.exe[2828] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2828] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\alg.exe[2828] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\alg.exe[2828] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\alg.exe[2828] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\alg.exe[2828] kernel32.dll!FreeLibrary + 15 7C80AC13 4 Bytes [ 25, 54, 7F, E2 ]
.text C:\Programme\Gemeinsame Dateien\Protexis\License Service\PSIService.exe[2832] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Gemeinsame Dateien\Protexis\License Service\PSIService.exe[2832] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programme\Gemeinsame Dateien\Protexis\License Service\PSIService.exe[2832] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Programme\Gemeinsame Dateien\Protexis\License Service\PSIService.exe[2832] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Gemeinsame Dateien\Protexis\License Service\PSIService.exe[2832] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Programme\CyberLink\Shared Files\RichVideo.exe[3008] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\CyberLink\Shared Files\RichVideo.exe[3008] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programme\CyberLink\Shared Files\RichVideo.exe[3008] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Programme\CyberLink\Shared Files\RichVideo.exe[3008] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Programme\CyberLink\Shared Files\RichVideo.exe[3008] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[3112] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3112] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3112] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[3112] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[3112] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Programme\TightVNC\WinVNC.exe[3212] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\TightVNC\WinVNC.exe[3212] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programme\TightVNC\WinVNC.exe[3212] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Programme\TightVNC\WinVNC.exe[3212] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Programme\TightVNC\WinVNC.exe[3212] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Programme\TightVNC\WinVNC.exe[3212] kernel32.dll!FreeLibrary + 15 7C80AC13 4 Bytes [ 25, 54, 7F, E2 ]
.text c:\programme\pinnacle\shared files\programs\mediaserver\pmshost.exe[3556] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text c:\programme\pinnacle\shared files\programs\mediaserver\pmshost.exe[3556] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text c:\programme\pinnacle\shared files\programs\mediaserver\pmshost.exe[3556] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text c:\programme\pinnacle\shared files\programs\mediaserver\pmshost.exe[3556] KERNEL32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text c:\programme\pinnacle\shared files\programs\mediaserver\pmshost.exe[3556] KERNEL32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text c:\programme\pinnacle\shared files\programs\mediaserver\pmshost.exe[3556] KERNEL32.dll!FreeLibrary + 15 7C80AC13 4 Bytes [ 25, 54, 7F, E2 ]
.text C:\Programme\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe[4296] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe[4296] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programme\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe[4296] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Programme\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe[4296] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe[4296] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Programme\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe[4296] kernel32.dll!FreeLibrary + 15 7C80AC13 4 Bytes [ 25, 54, 7F, E2 ]
.text C:\WINDOWS\SOUNDMAN.EXE[5032] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SOUNDMAN.EXE[5032] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SOUNDMAN.EXE[5032] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\SOUNDMAN.EXE[5032] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\SOUNDMAN.EXE[5032] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\SOUNDMAN.EXE[5032] kernel32.dll!FreeLibrary + 15 7C80AC13 4 Bytes [ 25, 54, 7F, E2 ]
.text C:\Programme\Java\jre6\bin\jusched.exe[5084] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Java\jre6\bin\jusched.exe[5084] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programme\Java\jre6\bin\jusched.exe[5084] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[5084] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[5084] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[5084] kernel32.dll!FreeLibrary + 15 7C80AC13 4 Bytes [ 25, 54, 7F, E2 ]
.text C:\Programme\USB Media\shwicon.exe[5108] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\USB Media\shwicon.exe[5108] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programme\USB Media\shwicon.exe[5108] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Programme\USB Media\shwicon.exe[5108] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Programme\USB Media\shwicon.exe[5108] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Programme\USB Media\shwicon.exe[5108] kernel32.dll!FreeLibrary + 15 7C80AC13 4 Bytes [ 25, 54, 7F, E2 ]
.text
 
2. Teil

C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[5344] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[5344] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[5344] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[5344] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[5344] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[5344] kernel32.dll!FreeLibrary + 15 7C80AC13 4 Bytes [ 25, 54, 7F, E2 ]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[5388] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[5388] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[5388] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[5388] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[5388] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[5388] kernel32.dll!FreeLibrary + 15 7C80AC13 4 Bytes [ 25, 54, 7F, E2 ]
.text C:\Programme\Canon\MyPrinter\BJMyPrt.exe[5492] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Canon\MyPrinter\BJMyPrt.exe[5492] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programme\Canon\MyPrinter\BJMyPrt.exe[5492] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Programme\Canon\MyPrinter\BJMyPrt.exe[5492] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Canon\MyPrinter\BJMyPrt.exe[5492] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Programme\Canon\MyPrinter\BJMyPrt.exe[5492] kernel32.dll!FreeLibrary + 15 7C80AC13 4 Bytes [ 25, 54, 7F, E2 ]
.text C:\Programme\iTunes\iTunesHelper.exe[5708] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\iTunes\iTunesHelper.exe[5708] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programme\iTunes\iTunesHelper.exe[5708] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Programme\iTunes\iTunesHelper.exe[5708] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Programme\iTunes\iTunesHelper.exe[5708] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Programme\iTunes\iTunesHelper.exe[5708] kernel32.dll!FreeLibrary + 15 7C80AC13 4 Bytes [ 25, 54, 7F, E2 ]
.text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[5740] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[5740] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[5740] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[5740] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[5740] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[5740] kernel32.dll!FreeLibrary + 15 7C80AC13 4 Bytes [ 25, 54, 7F, E2 ]
.text C:\Programme\EmailNotifier\EN.exe[5876] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\EmailNotifier\EN.exe[5876] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programme\EmailNotifier\EN.exe[5876] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Programme\EmailNotifier\EN.exe[5876] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Programme\EmailNotifier\EN.exe[5876] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Programme\EmailNotifier\EN.exe[5876] kernel32.dll!FreeLibrary + 15 7C80AC13 4 Bytes [ 25, 54, 7F, E2 ]
.text C:\Programme\Rainlendar2\Rainlendar2.exe[5944] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Rainlendar2\Rainlendar2.exe[5944] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programme\Rainlendar2\Rainlendar2.exe[5944] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Programme\Rainlendar2\Rainlendar2.exe[5944] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Rainlendar2\Rainlendar2.exe[5944] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Programme\Rainlendar2\Rainlendar2.exe[5944] kernel32.dll!FreeLibrary + 15 7C80AC13 4 Bytes [ 25, 54, 7F, E2 ]
.text C:\Programme\DVBViewer\DVBVCtrl.exe[5952] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\DVBViewer\DVBVCtrl.exe[5952] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programme\DVBViewer\DVBVCtrl.exe[5952] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Programme\DVBViewer\DVBVCtrl.exe[5952] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Programme\DVBViewer\DVBVCtrl.exe[5952] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Programme\DVBViewer\DVBVCtrl.exe[5952] kernel32.dll!FreeLibrary + 15 7C80AC13 4 Bytes [ 25, 54, 7F, E2 ]
.text C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe[5968] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe[5968] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe[5968] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe[5968] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe[5968] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe[5968] kernel32.dll!FreeLibrary + 15 7C80AC13 4 Bytes [ 25, 54, 7F, E2 ]
.text C:\Programme\Microsoft ActiveSync\Wcescomm.exe[6020] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Microsoft ActiveSync\Wcescomm.exe[6020] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programme\Microsoft ActiveSync\Wcescomm.exe[6020] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Programme\Microsoft ActiveSync\Wcescomm.exe[6020] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Microsoft ActiveSync\Wcescomm.exe[6020] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Programme\Microsoft ActiveSync\Wcescomm.exe[6020] kernel32.dll!FreeLibrary + 15 7C80AC13 4 Bytes [ 25, 54, 7F, E2 ]
.text C:\WINDOWS\system32\ctfmon.exe[6036] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[6036] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[6036] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\ctfmon.exe[6036] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[6036] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\ctfmon.exe[6036] kernel32.dll!FreeLibrary + 15 7C80AC13 4 Bytes [ 25, 54, 7F, E2 ]
.text C:\Programme\iPod\bin\iPodService.exe[6112] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\iPod\bin\iPodService.exe[6112] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programme\iPod\bin\iPodService.exe[6112] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Programme\iPod\bin\iPodService.exe[6112] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Programme\iPod\bin\iPodService.exe[6112] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Programme\iPod\bin\iPodService.exe[6112] kernel32.dll!FreeLibrary + 15 7C80AC13 4 Bytes [ 25, 54, 7F, E2 ]
.text C:\Programme\Mozilla Firefox\firefox.exe[6376] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Mozilla Firefox\firefox.exe[6376] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programme\Mozilla Firefox\firefox.exe[6376] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Programme\Mozilla Firefox\firefox.exe[6376] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Mozilla Firefox\firefox.exe[6376] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Programme\Mozilla Firefox\firefox.exe[6376] kernel32.dll!FreeLibrary + 15 7C80AC13 4 Bytes [ 25, 54, 7F, E2 ]
.text C:\WINDOWS\explorer.exe[7728] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\explorer.exe[7728] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\explorer.exe[7728] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\explorer.exe[7728] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\explorer.exe[7728] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\explorer.exe[7728] kernel32.dll!FreeLibrary + 15 7C80AC13 4 Bytes [ 25, 54, 7F, E2 ]
.text C:\Dokumente und Einstellungen\Michael\Desktop\gmer\gmer.exe[8520] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Dokumente und Einstellungen\Michael\Desktop\gmer\gmer.exe[8520] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Dokumente und Einstellungen\Michael\Desktop\gmer\gmer.exe[8520] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Dokumente und Einstellungen\Michael\Desktop\gmer\gmer.exe[8520] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Dokumente und Einstellungen\Michael\Desktop\gmer\gmer.exe[8520] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Dokumente und Einstellungen\Michael\Desktop\gmer\gmer.exe[8520] kernel32.dll!FreeLibrary + 15 7C80AC13 4 Bytes [ 25, 54, 7F, E2 ]

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Programme\Spyware Doctor\sdhelp.exe[3028] @ C:\WINDOWS\system32\user32.dll [KERNEL32.dll!CreateThread] [0042B398] C:\Programme\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd)
IAT C:\Programme\Spyware Doctor\sdhelp.exe[3028] @ C:\WINDOWS\system32\advapi32.dll [KERNEL32.dll!CreateThread] [0042B398] C:\Programme\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd)
IAT C:\Programme\Spyware Doctor\sdhelp.exe[3028] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [0042B398] C:\Programme\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd)
IAT C:\Programme\Spyware Doctor\sdhelp.exe[3028] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [0042B398] C:\Programme\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd)
IAT C:\Programme\Spyware Doctor\sdhelp.exe[3028] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!CreateThread] [0042B398] C:\Programme\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd)
IAT C:\Programme\Spyware Doctor\sdhelp.exe[3028] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0042B398] C:\Programme\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd)
IAT C:\Programme\Spyware Doctor\sdhelp.exe[3028] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [0042B398] C:\Programme\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd)
IAT C:\Programme\Spyware Doctor\sdhelp.exe[3028] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] [0042B398] C:\Programme\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd)

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 8A7C6960

AttachedDevice \FileSystem\Ntfs \Ntfs avgntmgr.sys (Avira AntiVir File Filter Driver Manager/Avira GmbH)
AttachedDevice \FileSystem\Ntfs \Ntfs ikhfile.sys (PCTools Research Pty Ltd.)

Device \Driver\Cdrom \Device\CdRom0 8A3D9E08
Device \FileSystem\Rdbss \Device\FsWrap 892F74A0
Device \Driver\Cdrom \Device\CdRom1 8A3D9E08
Device \Driver\atapi \Device\Ide\IdePort0 8A3C9AE8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 8A3C9AE8
Device \Driver\atapi \Device\Ide\IdePort1 8A3C9AE8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 8A3C9AE8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 8A3C9AE8
Device \Driver\Cdrom \Device\CdRom2 8A3D9E08
Device \FileSystem\Srv \Device\LanmanServer 8A672250
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 894467D0
Device \FileSystem\MRxSmb \Device\LanmanRedirector 894467D0
Device \FileSystem\Npfs \Device\NamedPipe 894409A8
Device \FileSystem\Msfs \Device\Mailslot 89447588
Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 8A3F9D00
Device \Driver\d346prt \Device\Scsi\d346prt1 8A3F9D00
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 89449140
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 89449140
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 89449140
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 89449140
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 89449140
Device \FileSystem\Cdfs \Cdfs 89578DA0

---- Modules - GMER 1.0.14 ----

Module _________ F7472000-F748A000 (98304 bytes)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver\@ÿu\20QQéBÿÿÿ\x2039\a \Device\LanmanServer_NetbiosSmb?\Device\LanmanServer_NetBT_Tcpip_{A7C9F3EE-ED3D-4361-AB22-68B3B7BB12ED}?\Device\LanmanServer_NetBT_Tcpip_{09D2E216-9FC1-4F2B-9B77-1B9AB2EBE369}?\Device\LanmanServer_NetBT_Tcpip_{29524656-449E-4C91-8E68-DA3B5985E5CC}?\Device\LanmanServer_NetBT_Tcpip_{35719485-AAA3-40E7-A8CC-1ADCB9D0E511}?\Device\LanmanServer_NetBT_Tcpip_{3ED824F3-717E-4C8A-BAFF-6D6E22CA2316}?\Device\LanmanServer_NetBT_Tcpip_{4AFE00BB-88C9-415E-A5E9-EB7DA42D3E4A}?\Device\LanmanServer_NetBT_Tcpip_{47636DD0-18B2-414C-9DD8-D6BC19115C82}?\Device\LanmanServer_NetBT_Tcpip_{A396180D-8655-43BB-82F2-1C4B0CE8867F}?
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanworkstation\@ÿu\20QQéBÿÿÿ\x2039\a \Device\LanmanWorkstation_NetbiosSmb?\Device\LanmanWorkstation_NetBT_Tcpip_{A7C9F3EE-ED3D-4361-AB22-68B3B7BB12ED}?\Device\LanmanWorkstation_NetBT_Tcpip_{09D2E216-9FC1-4F2B-9B77-1B9AB2EBE369}?\Device\LanmanWorkstation_NetBT_Tcpip_{29524656-449E-4C91-8E68-DA3B5985E5CC}?\Device\LanmanWorkstation_NetBT_Tcpip_{35719485-AAA3-40E7-A8CC-1ADCB9D0E511}?\Device\LanmanWorkstation_NetBT_Tcpip_{3ED824F3-717E-4C8A-BAFF-6D6E22CA2316}?\Device\LanmanWorkstation_NetBT_Tcpip_{4AFE00BB-88C9-415E-A5E9-EB7DA42D3E4A}?\Device\LanmanWorkstation_NetBT_Tcpip_{47636DD0-18B2-414C-9DD8-D6BC19115C82}?\Device\LanmanWorkstation_NetBT_Tcpip_{A396180D-8655-43BB-82F2-1C4B0CE8867F}?
Reg HKLM\SYSTEM\ControlSet002\Services\Ndisuio\@ÿu\20QQéBÿÿÿ\x2039\a \Device\Ndisuio_{A7C9F3EE-ED3D-4361-AB22-68B3B7BB12ED}?\Device\Ndisuio_{09D2E216-9FC1-4F2B-9B77-1B9AB2EBE369}?\Device\Ndisuio_{4AFE00BB-88C9-415E-A5E9-EB7DA42D3E4A}?
Reg HKLM\SYSTEM\ControlSet002\Services\NetBIOS\@ÿu\20QQéBÿÿÿ\x2039\a \Device\NetBIOS_NetBT_Tcpip_{A7C9F3EE-ED3D-4361-AB22-68B3B7BB12ED}?\Device\NetBIOS_NetBT_Tcpip_{09D2E216-9FC1-4F2B-9B77-1B9AB2EBE369}?\Device\NetBIOS_NetBT_Tcpip_{29524656-449E-4C91-8E68-DA3B5985E5CC}?\Device\NetBIOS_NetBT_Tcpip_{35719485-AAA3-40E7-A8CC-1ADCB9D0E511}?\Device\NetBIOS_NetBT_Tcpip_{3ED824F3-717E-4C8A-BAFF-6D6E22CA2316}?\Device\NetBIOS_NetBT_Tcpip_{4AFE00BB-88C9-415E-A5E9-EB7DA42D3E4A}?\Device\NetBIOS_NetBT_Tcpip_{47636DD0-18B2-414C-9DD8-D6BC19115C82}?\Device\NetBIOS_NetBT_Tcpip_{A396180D-8655-43BB-82F2-1C4B0CE8867F}?
Reg HKLM\SYSTEM\ControlSet002\Services\NetBT\@ÿu\20QQéBÿÿÿ\x2039\a \Device\NetBT_Tcpip_{A7C9F3EE-ED3D-4361-AB22-68B3B7BB12ED}?\Device\NetBT_Tcpip_{09D2E216-9FC1-4F2B-9B77-1B9AB2EBE369}?\Device\NetBT_Tcpip_{29524656-449E-4C91-8E68-DA3B5985E5CC}?\Device\NetBT_Tcpip_{35719485-AAA3-40E7-A8CC-1ADCB9D0E511}?\Device\NetBT_Tcpip_{3ED824F3-717E-4C8A-BAFF-6D6E22CA2316}?\Device\NetBT_Tcpip_{4AFE00BB-88C9-415E-A5E9-EB7DA42D3E4A}?\Device\NetBT_Tcpip_{47636DD0-18B2-414C-9DD8-D6BC19115C82}?\Device\NetBT_Tcpip_{A396180D-8655-43BB-82F2-1C4B0CE8867F}?
Reg HKLM\SYSTEM\ControlSet002\Services\RasPppoe\@ÿu\20QQéBÿÿÿ\x2039\a \Device\RasPppoe_{A7C9F3EE-ED3D-4361-AB22-68B3B7BB12ED}?\Device\RasPppoe_{09D2E216-9FC1-4F2B-9B77-1B9AB2EBE369}?\Device\RasPppoe_{4AFE00BB-88C9-415E-A5E9-EB7DA42D3E4A}?
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\@ÿu\20QQéBÿÿÿ\x2039\a \Device\Tcpip_{A7C9F3EE-ED3D-4361-AB22-68B3B7BB12ED}?\Device\Tcpip_{09D2E216-9FC1-4F2B-9B77-1B9AB2EBE369}?\Device\Tcpip_{29524656-449E-4C91-8E68-DA3B5985E5CC}?\Device\Tcpip_{35719485-AAA3-40E7-A8CC-1ADCB9D0E511}?\Device\Tcpip_{3ED824F3-717E-4C8A-BAFF-6D6E22CA2316}?\Device\Tcpip_{4AFE00BB-88C9-415E-A5E9-EB7DA42D3E4A}?\Device\Tcpip_{47636DD0-18B2-414C-9DD8-D6BC19115C82}?\Device\Tcpip_{A396180D-8655-43BB-82F2-1C4B0CE8867F}?
Reg HKLM\SYSTEM\ControlSet003\Services\lanmanserver\@ÿu\20QQéBÿÿÿ\x2039\a \Device\LanmanServer_NetbiosSmb?\Device\LanmanServer_NetBT_Tcpip_{A7C9F3EE-ED3D-4361-AB22-68B3B7BB12ED}?\Device\LanmanServer_NetBT_Tcpip_{09D2E216-9FC1-4F2B-9B77-1B9AB2EBE369}?\Device\LanmanServer_NetBT_Tcpip_{29524656-449E-4C91-8E68-DA3B5985E5CC}?\Device\LanmanServer_NetBT_Tcpip_{35719485-AAA3-40E7-A8CC-1ADCB9D0E511}?\Device\LanmanServer_NetBT_Tcpip_{3ED824F3-717E-4C8A-BAFF-6D6E22CA2316}?\Device\LanmanServer_NetBT_Tcpip_{4AFE00BB-88C9-415E-A5E9-EB7DA42D3E4A}?\Device\LanmanServer_NetBT_Tcpip_{47636DD0-18B2-414C-9DD8-D6BC19115C82}?\Device\LanmanServer_NetBT_Tcpip_{A396180D-8655-43BB-82F2-1C4B0CE8867F}?
Reg HKLM\SYSTEM\ControlSet003\Services\lanmanworkstation\@ÿu\20QQéBÿÿÿ\x2039\a \Device\LanmanWorkstation_NetbiosSmb?\Device\LanmanWorkstation_NetBT_Tcpip_{A7C9F3EE-ED3D-4361-AB22-68B3B7BB12ED}?\Device\LanmanWorkstation_NetBT_Tcpip_{09D2E216-9FC1-4F2B-9B77-1B9AB2EBE369}?\Device\LanmanWorkstation_NetBT_Tcpip_{29524656-449E-4C91-8E68-DA3B5985E5CC}?\Device\LanmanWorkstation_NetBT_Tcpip_{35719485-AAA3-40E7-A8CC-1ADCB9D0E511}?\Device\LanmanWorkstation_NetBT_Tcpip_{3ED824F3-717E-4C8A-BAFF-6D6E22CA2316}?\Device\LanmanWorkstation_NetBT_Tcpip_{4AFE00BB-88C9-415E-A5E9-EB7DA42D3E4A}?\Device\LanmanWorkstation_NetBT_Tcpip_{47636DD0-18B2-414C-9DD8-D6BC19115C82}?\Device\LanmanWorkstation_NetBT_Tcpip_{A396180D-8655-43BB-82F2-1C4B0CE8867F}?
Reg HKLM\SYSTEM\ControlSet003\Services\Ndisuio\@ÿu\20QQéBÿÿÿ\x2039\a \Device\Ndisuio_{A7C9F3EE-ED3D-4361-AB22-68B3B7BB12ED}?\Device\Ndisuio_{09D2E216-9FC1-4F2B-9B77-1B9AB2EBE369}?\Device\Ndisuio_{4AFE00BB-88C9-415E-A5E9-EB7DA42D3E4A}?
Reg HKLM\SYSTEM\ControlSet003\Services\NetBIOS\@ÿu\20QQéBÿÿÿ\x2039\a \Device\NetBIOS_NetBT_Tcpip_{A7C9F3EE-ED3D-4361-AB22-68B3B7BB12ED}?\Device\NetBIOS_NetBT_Tcpip_{09D2E216-9FC1-4F2B-9B77-1B9AB2EBE369}?\Device\NetBIOS_NetBT_Tcpip_{29524656-449E-4C91-8E68-DA3B5985E5CC}?\Device\NetBIOS_NetBT_Tcpip_{35719485-AAA3-40E7-A8CC-1ADCB9D0E511}?\Device\NetBIOS_NetBT_Tcpip_{3ED824F3-717E-4C8A-BAFF-6D6E22CA2316}?\Device\NetBIOS_NetBT_Tcpip_{4AFE00BB-88C9-415E-A5E9-EB7DA42D3E4A}?\Device\NetBIOS_NetBT_Tcpip_{47636DD0-18B2-414C-9DD8-D6BC19115C82}?\Device\NetBIOS_NetBT_Tcpip_{A396180D-8655-43BB-82F2-1C4B0CE8867F}?
Reg HKLM\SYSTEM\ControlSet003\Services\NetBT\@ÿu\20QQéBÿÿÿ\x2039\a \Device\NetBT_Tcpip_{A7C9F3EE-ED3D-4361-AB22-68B3B7BB12ED}?\Device\NetBT_Tcpip_{09D2E216-9FC1-4F2B-9B77-1B9AB2EBE369}?\Device\NetBT_Tcpip_{29524656-449E-4C91-8E68-DA3B5985E5CC}?\Device\NetBT_Tcpip_{35719485-AAA3-40E7-A8CC-1ADCB9D0E511}?\Device\NetBT_Tcpip_{3ED824F3-717E-4C8A-BAFF-6D6E22CA2316}?\Device\NetBT_Tcpip_{4AFE00BB-88C9-415E-A5E9-EB7DA42D3E4A}?\Device\NetBT_Tcpip_{47636DD0-18B2-414C-9DD8-D6BC19115C82}?\Device\NetBT_Tcpip_{A396180D-8655-43BB-82F2-1C4B0CE8867F}?
Reg HKLM\SYSTEM\ControlSet003\Services\RasPppoe\@ÿu\20QQéBÿÿÿ\x2039\a \Device\RasPppoe_{A7C9F3EE-ED3D-4361-AB22-68B3B7BB12ED}?\Device\RasPppoe_{09D2E216-9FC1-4F2B-9B77-1B9AB2EBE369}?\Device\RasPppoe_{4AFE00BB-88C9-415E-A5E9-EB7DA42D3E4A}?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\@ÿu\20QQéBÿÿÿ\x2039\a \Device\Tcpip_{A7C9F3EE-ED3D-4361-AB22-68B3B7BB12ED}?\Device\Tcpip_{09D2E216-9FC1-4F2B-9B77-1B9AB2EBE369}?\Device\Tcpip_{29524656-449E-4C91-8E68-DA3B5985E5CC}?\Device\Tcpip_{35719485-AAA3-40E7-A8CC-1ADCB9D0E511}?\Device\Tcpip_{3ED824F3-717E-4C8A-BAFF-6D6E22CA2316}?\Device\Tcpip_{4AFE00BB-88C9-415E-A5E9-EB7DA42D3E4A}?\Device\Tcpip_{47636DD0-18B2-414C-9DD8-D6BC19115C82}?\Device\Tcpip_{A396180D-8655-43BB-82F2-1C4B0CE8867F}?
Reg HKLM\SYSTEM\CurrentControlSet\Services\d346prt\Cfg\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\d346prt\Cfg\0Jf40@khjeh 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d346prt\Cfg\0Jf40@hj34z0 0x42 0x99 0xEB 0x6E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\@ÿu\20QQéBÿÿÿ\x2039\a \Device\LanmanServer_NetbiosSmb?\Device\LanmanServer_NetBT_Tcpip_{A7C9F3EE-ED3D-4361-AB22-68B3B7BB12ED}?\Device\LanmanServer_NetBT_Tcpip_{09D2E216-9FC1-4F2B-9B77-1B9AB2EBE369}?\Device\LanmanServer_NetBT_Tcpip_{29524656-449E-4C91-8E68-DA3B5985E5CC}?\Device\LanmanServer_NetBT_Tcpip_{35719485-AAA3-40E7-A8CC-1ADCB9D0E511}?\Device\LanmanServer_NetBT_Tcpip_{3ED824F3-717E-4C8A-BAFF-6D6E22CA2316}?\Device\LanmanServer_NetBT_Tcpip_{4AFE00BB-88C9-415E-A5E9-EB7DA42D3E4A}?\Device\LanmanServer_NetBT_Tcpip_{47636DD0-18B2-414C-9DD8-D6BC19115C82}?\Device\LanmanServer_NetBT_Tcpip_{A396180D-8655-43BB-82F2-1C4B0CE8867F}?
Reg HKLM\SYSTEM\CurrentControlSet\Services\lanmanworkstation\@ÿu\20QQéBÿÿÿ\x2039\a \Device\LanmanWorkstation_NetbiosSmb?\Device\LanmanWorkstation_NetBT_Tcpip_{A7C9F3EE-ED3D-4361-AB22-68B3B7BB12ED}?\Device\LanmanWorkstation_NetBT_Tcpip_{09D2E216-9FC1-4F2B-9B77-1B9AB2EBE369}?\Device\LanmanWorkstation_NetBT_Tcpip_{29524656-449E-4C91-8E68-DA3B5985E5CC}?\Device\LanmanWorkstation_NetBT_Tcpip_{35719485-AAA3-40E7-A8CC-1ADCB9D0E511}?\Device\LanmanWorkstation_NetBT_Tcpip_{3ED824F3-717E-4C8A-BAFF-6D6E22CA2316}?\Device\LanmanWorkstation_NetBT_Tcpip_{4AFE00BB-88C9-415E-A5E9-EB7DA42D3E4A}?\Device\LanmanWorkstation_NetBT_Tcpip_{47636DD0-18B2-414C-9DD8-D6BC19115C82}?\Device\LanmanWorkstation_NetBT_Tcpip_{A396180D-8655-43BB-82F2-1C4B0CE8867F}?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Ndisuio\@ÿu\20QQéBÿÿÿ\x2039\a \Device\Ndisuio_{A7C9F3EE-ED3D-4361-AB22-68B3B7BB12ED}?\Device\Ndisuio_{09D2E216-9FC1-4F2B-9B77-1B9AB2EBE369}?\Device\Ndisuio_{4AFE00BB-88C9-415E-A5E9-EB7DA42D3E4A}?
Reg HKLM\SYSTEM\CurrentControlSet\Services\NetBIOS\@ÿu\20QQéBÿÿÿ\x2039\a \Device\NetBIOS_NetBT_Tcpip_{A7C9F3EE-ED3D-4361-AB22-68B3B7BB12ED}?\Device\NetBIOS_NetBT_Tcpip_{09D2E216-9FC1-4F2B-9B77-1B9AB2EBE369}?\Device\NetBIOS_NetBT_Tcpip_{29524656-449E-4C91-8E68-DA3B5985E5CC}?\Device\NetBIOS_NetBT_Tcpip_{35719485-AAA3-40E7-A8CC-1ADCB9D0E511}?\Device\NetBIOS_NetBT_Tcpip_{3ED824F3-717E-4C8A-BAFF-6D6E22CA2316}?\Device\NetBIOS_NetBT_Tcpip_{4AFE00BB-88C9-415E-A5E9-EB7DA42D3E4A}?\Device\NetBIOS_NetBT_Tcpip_{47636DD0-18B2-414C-9DD8-D6BC19115C82}?\Device\NetBIOS_NetBT_Tcpip_{A396180D-8655-43BB-82F2-1C4B0CE8867F}?
Reg HKLM\SYSTEM\CurrentControlSet\Services\NetBT\@ÿu\20QQéBÿÿÿ\x2039\a \Device\NetBT_Tcpip_{A7C9F3EE-ED3D-4361-AB22-68B3B7BB12ED}?\Device\NetBT_Tcpip_{09D2E216-9FC1-4F2B-9B77-1B9AB2EBE369}?\Device\NetBT_Tcpip_{29524656-449E-4C91-8E68-DA3B5985E5CC}?\Device\NetBT_Tcpip_{35719485-AAA3-40E7-A8CC-1ADCB9D0E511}?\Device\NetBT_Tcpip_{3ED824F3-717E-4C8A-BAFF-6D6E22CA2316}?\Device\NetBT_Tcpip_{4AFE00BB-88C9-415E-A5E9-EB7DA42D3E4A}?\Device\NetBT_Tcpip_{47636DD0-18B2-414C-9DD8-D6BC19115C82}?\Device\NetBT_Tcpip_{A396180D-8655-43BB-82F2-1C4B0CE8867F}?
Reg HKLM\SYSTEM\CurrentControlSet\Services\RasPppoe\@ÿu\20QQéBÿÿÿ\x2039\a \Device\RasPppoe_{A7C9F3EE-ED3D-4361-AB22-68B3B7BB12ED}?\Device\RasPppoe_{09D2E216-9FC1-4F2B-9B77-1B9AB2EBE369}?\Device\RasPppoe_{4AFE00BB-88C9-415E-A5E9-EB7DA42D3E4A}?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\@ÿu\20QQéBÿÿÿ\x2039\a \Device\Tcpip_{A7C9F3EE-ED3D-4361-AB22-68B3B7BB12ED}?\Device\Tcpip_{09D2E216-9FC1-4F2B-9B77-1B9AB2EBE369}?\Device\Tcpip_{29524656-449E-4C91-8E68-DA3B5985E5CC}?\Device\Tcpip_{35719485-AAA3-40E7-A8CC-1ADCB9D0E511}?\Device\Tcpip_{3ED824F3-717E-4C8A-BAFF-6D6E22CA2316}?\Device\Tcpip_{4AFE00BB-88C9-415E-A5E9-EB7DA42D3E4A}?\Device\Tcpip_{47636DD0-18B2-414C-9DD8-D6BC19115C82}?\Device\Tcpip_{A396180D-8655-43BB-82F2-1C4B0CE8867F}?
Reg HKLM\SOFTWARE\Classes\CLSID\{207A1422-7CE2-3F0D-CB0619EAC3E5A348}\{36711064-4D57-673B-128E50084FEF4668}\{C13F5A8B-0B9D-FCC2-F6ECFF62882D3E51}
Reg HKLM\SOFTWARE\Classes\CLSID\{207A1422-7CE2-3F0D-CB0619EAC3E5A348}\{36711064-4D57-673B-128E50084FEF4668}\{C13F5A8B-0B9D-FCC2-F6ECFF62882D3E51}@MNUANRETNQORKOKBIUN6BTGMUH1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{2E59814C-B3DE-44FB-94965C0366D98DF0}\{ABEB2D87-DFA0-F53D-992658CC296F0BC9}\{4501FB50-D3D7-43DD-41A9BB47FD107040}
Reg HKLM\SOFTWARE\Classes\CLSID\{2E59814C-B3DE-44FB-94965C0366D98DF0}\{ABEB2D87-DFA0-F53D-992658CC296F0BC9}\{4501FB50-D3D7-43DD-41A9BB47FD107040}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{90C9B227-00E9-ED2B-D8335C00663422E2}\{BA143829-6513-6AB3-17B76E63BBBF825B}\{B7811D8F-B091-6828-D848878685722533}
Reg HKLM\SOFTWARE\Classes\CLSID\{90C9B227-00E9-ED2B-D8335C00663422E2}\{BA143829-6513-6AB3-17B76E63BBBF825B}\{B7811D8F-B091-6828-D848878685722533}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C00AC832-DAC3-D3ED-D88BC675D0DC65B8}\{08100CF2-289B-F86D-2BCB7398877C8AB2}\{D95C53DA-2809-7029-6D1B6A16698887F7}
Reg HKLM\SOFTWARE\Classes\CLSID\{C00AC832-DAC3-D3ED-D88BC675D0DC65B8}\{08100CF2-289B-F86D-2BCB7398877C8AB2}\{D95C53DA-2809-7029-6D1B6A16698887F7}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xB2 0x46 0x9A 0xE2 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EA20B5D7-213B-BF6A-A687F1F5E27AC26F}\{EEE35091-0AEA-CF92-BEFE1061EF739928}\{47B248DC-A6E0-641B-BA973614FEEFC865}
Reg HKLM\SOFTWARE\Classes\CLSID\{EA20B5D7-213B-BF6A-A687F1F5E27AC26F}\{EEE35091-0AEA-CF92-BEFE1061EF739928}\{47B248DC-A6E0-641B-BA973614FEEFC865}@MNUANRETNQORKOKBIUN6BTGMUH1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EF6C66C5-6F12-D03C-CBD6A967D3458FDE}\{1BFBC393-D5EA-0E65-643DBB56CFD38894}\{E801FD1E-2051-63AF-31DD653F6F47DAA3}
Reg HKLM\SOFTWARE\Classes\CLSID\{EF6C66C5-6F12-D03C-CBD6A967D3458FDE}\{1BFBC393-D5EA-0E65-643DBB56CFD38894}\{E801FD1E-2051-63AF-31DD653F6F47DAA3}@MNUANRETNQORKOKBIUN6BTGMUH1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- EOF - GMER 1.0.14 ----
 
Das sind alle Autostarteinträge die Gmer gefunden hat:

GMER 1.0.14.14536 - http://www.gmer.net
Autostart scan 2008-12-20 14:49:35
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk * ssiefr.e ssiefr.exe lsdelete /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@ShellExplorer.exe = Explorer.exe
@System =
@UIHostlogonui.exe = logonui.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
AtiExtEvent@DLLName = Ati2evxx.dll /*file not found*/
crypt32chain@DLLName = crypt32.dll
cryptnet@DLLName = cryptnet.dll
cscdll@DLLName = cscdll.dll
ScCertProp@DLLName = wlnotify.dll
Schedule@DLLName = wlnotify.dll
sclgntfy@DLLName = sclgntfy.dll
SensLogn@DLLName = WlNotify.dll
termsrv@DLLName = wlnotify.dll
WgaLogon@DLLName = WgaLogon.dll /*file not found*/
wlballoon@DLLName = wlnotify.dll
WRNotifier@DLLName = WRLogonNTF.dll /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
a2free@ = "c:\programme\a-squared free\a2service.exe"
aawservice@ = C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
AntiVirScheduler@ = C:\Programme\AntiVir PersonalEdition Classic\sched.exe
AntiVirService@ = C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
Apache2@ = "C:\Programme\Xampp\xampp\apache\bin\apache.exe" -k runservice
Apple Mobile Device@ = "C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe
AudioSrv@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Bonjour Service@ = C:\Programme\Bonjour\mDNSResponder.exe /*file not found*/
Brother XP spl Service@ = C:\WINDOWS\system32\brsvc01a.exe
Browser@ = %SystemRoot%\system32\svchost.exe -k netsvcs
btwdins@ = C:\Programme\ANYCOM\Blue USB-200-250\bin\btwdins.exe
CCALib8@ = C:\Programme\Canon\CAL\CALMAIN.exe
ClipSrv@ = %SystemRoot%\system32\clipsrv.exe
CryptSvc@ = %SystemRoot%\system32\svchost.exe -k netsvcs
DcomLaunch@ = %SystemRoot%\system32\svchost -k DcomLaunch
Dhcp@ = %SystemRoot%\system32\svchost.exe -k netsvcs
dmserver@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Dnscache@ = %SystemRoot%\system32\svchost.exe -k NetworkService
DVBVRecorder@ = C:\Programme\DVBViewer\DVBVservice.exe
ERSvc@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Eventlog@ = %SystemRoot%\system32\services.exe
Fax@ = %systemroot%\system32\fxssvc.exe
FileZilla Server@ = C:\Programme\Xampp\xampp\FileZillaFTP\FileZillaServer.exe
GEARSecurity@ = SYSTEM32\GEARSEC.EXE
helpsvc@ = %SystemRoot%\System32\svchost.exe -k netsvcs
HidServ@ = %SystemRoot%\System32\svchost.exe -k netsvcs
IJPLMSVC@ = C:\Programme\Canon\IJPLM\IJPLMSVC.EXE
JavaQuickStarterService@ = "C:\Programme\Java\jre6\bin\jqs.exe" -service -config "C:\Programme\Java\jre6\lib\deploy\jqs\jqs.conf"
lanmanserver@ = %SystemRoot%\system32\svchost.exe -k netsvcs
lanmanworkstation@ = %SystemRoot%\system32\svchost.exe -k netsvcs
LmHosts@ = %SystemRoot%\system32\svchost.exe -k LocalService
MSSQL$PINNACLESYS@ = "C:\Programme\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS
mysql@ = C:\Programme\Xampp\xampp\mysql\bin\mysqld-nt.exe --defaults-file=C:\Programme\Xampp\xampp\mysql\bin\my.cnf mysql
NetDDE@ = %SystemRoot%\system32\netdde.exe
NetDDEdsdm@ = %SystemRoot%\system32\netdde.exe
PinnacleSys.MediaServer@ = c:\programme\pinnacle\shared files\programs\mediaserver\pmshost.exe
PlugPlay@ = %SystemRoot%\system32\services.exe
PolicyAgent@ = %SystemRoot%\system32\lsass.exe
ProtectedStorage@ = %SystemRoot%\system32\lsass.exe
ProtexisLicensing@ = "C:\Programme\Gemeinsame Dateien\Protexis\License Service\PSIService.exe"
RichVideo@ = "C:\Programme\CyberLink\Shared Files\RichVideo.exe" ??????????????????????????????????????????????????
RpcSs@ = %SystemRoot%\system32\svchost -k rpcss
SamSs@ = %SystemRoot%\system32\lsass.exe
Schedule@ = %SystemRoot%\System32\svchost.exe -k netsvcs
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
SDhelper@ = C:\Programme\Spyware Doctor\sdhelp.exe
SENS@ = %SystemRoot%\system32\svchost.exe -k netsvcs
SharedAccess@ = %SystemRoot%\System32\svchost.exe -k netsvcs
ShellHWDetection@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Spooler@ = %SystemRoot%\system32\spoolsv.exe
srservice@ = %SystemRoot%\system32\svchost.exe -k netsvcs
stisvc@ = %SystemRoot%\system32\svchost.exe -k imgsvc
Themes@ = %SystemRoot%\System32\svchost.exe -k netsvcs
TrkWks@ = %SystemRoot%\system32\svchost.exe -k netsvcs
uploadmgr@ = %SystemRoot%\System32\svchost.exe -k netsvcs
UxTuneUp@ = %SystemRoot%\System32\svchost.exe -k netsvcs
W32Time@ = %SystemRoot%\System32\svchost.exe -k netsvcs
WebClient@ = %SystemRoot%\system32\svchost.exe -k LocalService
winmgmt@ = %systemroot%\system32\svchost.exe -k netsvcs
winvnc@ = "C:\Programme\TightVNC\WinVNC.exe" -service
wscsvc@ = %SystemRoot%\System32\svchost.exe -k netsvcs
wuauserv@ = %systemroot%\system32\svchost.exe -k netsvcs

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SoundManSOUNDMAN.EXE = SOUNDMAN.EXE
@SunJavaUpdateSched"C:\Programme\Java\jre6\bin\jusched.exe" = "C:\Programme\Java\jre6\bin\jusched.exe"
@ShowIcon_Vosonic_USB Media Device Driver v1.19r003"C:\Programme\USB Media\shwicon.exe" -t"Vosonic\USB Media Device Driver v1.19r003" = "C:\Programme\USB Media\shwicon.exe" -t"Vosonic\USB Media Device Driver v1.19r003"
@PinnacleDriverCheckC:\WINDOWS\system32\PSDrvCheck.exe -CheckReg = C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
@Google Desktop Search"C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup = "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup
@UserFaultCheck%systemroot%\system32\dumprep 0 -u = %systemroot%\system32\dumprep 0 -u
@WrtMon.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe = C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
@CanonMyPrinterC:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon = C:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon
@avgnt"C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min = "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
@iTunesHelper"C:\Programme\iTunes\iTunesHelper.exe" = "C:\Programme\iTunes\iTunesHelper.exe"
@ISUSScheduler"C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start = "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@EmailNotifierC:\Programme\EmailNotifier\EN.exe = C:\Programme\EmailNotifier\EN.exe
@SpybotSD TeaTimerC:\Programme\Spybot - Search & Destroy\TeaTimer.exe = C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
@Rainlendar2C:\Programme\Rainlendar2\Rainlendar2.exe = C:\Programme\Rainlendar2\Rainlendar2.exe
@DVBV Service CtrlC:\Programme\DVBViewer\DVBVCtrl.exe = C:\Programme\DVBViewer\DVBVCtrl.exe
@GMX SMS-ManagerC:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe = C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe
@H/PC Connection Agent"C:\Programme\Microsoft ActiveSync\Wcescomm.exe" = "C:\Programme\Microsoft ActiveSync\Wcescomm.exe"
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
RunOnce@FlashPlayerUpdate = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>>
@PostBootReminder%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@CDBurn%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@WebCheckC:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@SysTray%systemroot%\system32\stobject.dll = %systemroot%\system32\stobject.dll
@UPnPMonitorC:\WINDOWS\system32\upnpui.dll = C:\WINDOWS\system32\upnpui.dll
@WPDShServiceObjC:\WINDOWS\system32\WPDShServiceObj.dll = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /idlist,%I,%L

HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /e,/idlist,%I,%L

HKLM\Software\Classes\ >>>
.exe@ = "%1" %*
.com@ = "%1" %*
.cmd@ = "%1" %*
.bat@ = "%1" %*
.pif@ = "%1" %*
.scr@ = "%1" /S
.hta@ = C:\WINDOWS\system32\mshta.exe "%1" %*

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{AEB6717E-7E19-11d0-97EE-00C04FD91972} = shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Webordner*/C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL = C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programme\Microsoft Office\OFFICE11\msohev.dll = C:\Programme\Microsoft Office\OFFICE11\msohev.dll
@{FED7043D-346A-414D-ACD7-550D052499A7} /*dBpowerAMP Music Converter 1*/C:\Programme\Illustrate\dBpoweramp\dBShell.dll = C:\Programme\Illustrate\dBpoweramp\dBShell.dll
@{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} /*dBpoweramp Music Converter*/C:\Programme\Illustrate\dBpoweramp\dMCShell.dll = C:\Programme\Illustrate\dBpoweramp\dMCShell.dll
@{5F327514-6C5E-4d60-8F16-D07FA08A78ED} /*Auto Update Property Sheet Extension*/C:\WINDOWS\system32\wuaucpl.cpl = C:\WINDOWS\system32\wuaucpl.cpl
@{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} /*Set Program Access and Defaults*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{8DD448E6-C188-4aed-AF92-44956194EB1F} /*Windows Media Player Burn Audio CD Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} /*Windows Media Player Play as Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} /*Windows Media Player Add to Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/C:\Programme\AntiVir PersonalEdition Classic\shlext.dll = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Programme\iTunes\iTunesMiniPlayer.dll = C:\Programme\iTunes\iTunesMiniPlayer.dll
@{e84fda7c-1d6a-45f6-b725-cb260c236066} /*Shell Image Verbs*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} /*Shell Image Data Factory*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*GDI+ Dateiminiaturansicht-Extrahierungsprogramm*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{9DBD2C50-62AD-11d0-B806-00C04FD706EC} /*Zusammenfassungs-Miniaturansichthandler (DOCFILES)*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{EAB841A0-9550-11cf-8C16-00805F1408F3} /*HTML-Extrahierungsprogramm*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} /*Shell Image Property Handler*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved@{BDEADF00-C265-11d0-BCED-00A0C90AB50F} /*Webordner*/ = C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Adobe.Acrobat.ContextMenu@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
Cover Designer@{73FCA462-9BD5-4065-A73F-A8E5F6904EF7} = C:\Programme\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll
Squeez5@{FACEB420-912E-11D3-B7D5-0080AD41AF95} = C:\Programme\SpeedProject\Squeez 5\SQShell.dll
TuneUp Shredder Shell Extension@{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} = C:\Programme\TuneUp Utilities 2008\SDShelEx-win32.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll
WS_FTP@{797F3885-5429-11D4-8823-0050DA59922B} = C:\Programme\Ipswitch\WS_FTP Home\wsftpsi.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers >>>
@{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@{CA8ACAFA-5FBB-467B-B348-90DD488DE003}C:\Programme\SUPERAntiSpyware\SASCTXMN.DLL = C:\Programme\SUPERAntiSpyware\SASCTXMN.DLL
@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}C:\Programme\Nero\Nero 7\Nero BackItUp\NBShell.dll = C:\Programme\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
Squeez5@{FACEB420-912E-11D3-B7D5-0080AD41AF95} = C:\Programme\SpeedProject\Squeez 5\SQShell.dll
TuneUp Shredder Shell Extension@{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} = C:\Programme\TuneUp Utilities 2008\SDShelEx-win32.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers@{CA8ACAFA-5FBB-467B-B348-90DD488DE003} = C:\Programme\SUPERAntiSpyware\SASCTXMN.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
ImageResizer@{2BB59FC0-31E8-42DA-9D3C-E9A52953853B} = C:\PROGRA~1\VSO\IMAGER~1\RSZShell.dll
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Programme\Malwarebytes' Anti-Malware\mbamext.dll
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll
UnlockerShellExtension@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Programme\Unlocker\UnlockerCOM.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll
WS_FTP@{797F3885-5429-11D4-8823-0050DA59922B} = C:\Programme\Ipswitch\WS_FTP Home\wsftpsi.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programme\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~1\SDHelper.dll = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
@{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll = C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Programme\Java\jre6\bin\ssv.dll = C:\Programme\Java\jre6\bin\ssv.dll
@{AE7CD045-E861-484f-8273-0445EE161910}C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll = C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
@{B56A7D7D-6927-48C8-A975-17DF180C71AC}C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll = C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Programme\Java\jre6\bin\jp2ssv.dll = C:\Programme\Java\jre6\bin\jp2ssv.dll
@{E7E6F031-17CE-4C07-BC86-EABFE594F69C}C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll = C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.msn.com/ = http://www.msn.com/
@Local PageC:\WINDOWS\SYSTEM32\blank.htm = C:\WINDOWS\SYSTEM32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.msn.com/ = http://www.msn.com/
@Local PageC:\WINDOWS\SYSTEM32\blank.htm = C:\WINDOWS\SYSTEM32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
application/octet-stream@CLSID = mscoree.dll
application/x-complus@CLSID = mscoree.dll
application/x-msdownload@CLSID = mscoree.dll
Class Install Handler@CLSID = C:\WINDOWS\system32\urlmon.dll
deflate@CLSID = C:\WINDOWS\system32\urlmon.dll
gzip@CLSID = C:\WINDOWS\system32\urlmon.dll
lzdhtml@CLSID = C:\WINDOWS\system32\urlmon.dll
text/webviewhtml@CLSID = %SystemRoot%\system32\SHELL32.dll
text/xml@CLSID = C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
about@CLSID = C:\WINDOWS\system32\mshtml.dll
cdl@CLSID = C:\WINDOWS\system32\urlmon.dll
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
file@CLSID = C:\WINDOWS\system32\urlmon.dll
ftp@CLSID = C:\WINDOWS\system32\urlmon.dll
gopher@CLSID = C:\WINDOWS\system32\urlmon.dll
http@CLSID = C:\WINDOWS\system32\urlmon.dll
https@CLSID = C:\WINDOWS\system32\urlmon.dll
its@CLSID = C:\WINDOWS\system32\ITSS.DLL
javascript@CLSID = C:\WINDOWS\system32\mshtml.dll
local@CLSID = C:\WINDOWS\system32\urlmon.dll
mailto@CLSID = C:\WINDOWS\system32\mshtml.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
mk@CLSID = C:\WINDOWS\system32\urlmon.dll
ms-its@CLSID = C:\WINDOWS\system32\ITSS.DLL
ms-itss@CLSID = C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL
mso-offdap@CLSID = C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
res@CLSID = C:\WINDOWS\system32\mshtml.dll
skype4com@CLSID = C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
sysimage@CLSID = %SystemRoot%\system32\Mshtml.dll
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
vbscript@CLSID = C:\WINDOWS\system32\mshtml.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D0CD24EF-4705-49A8-9A55-4DD7520CDB30} /*LAN-Verbindung 13*/ >>>
@IPAddress192.168.238.238 = 192.168.238.238
@NameServer =
@DefaultGateway =
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\System32\mswsock.dll
000000000002@LibraryPath = %SystemRoot%\System32\winrnr.dll
000000000003@LibraryPath = %SystemRoot%\System32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000002@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000003@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000004@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000005@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000006@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000007@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000008@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000009@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000010@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000011@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000012@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000013@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000014@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000015@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000016@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000017@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000018@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

C:\Dokumente und Einstellungen\Michael\Startmenü\Programme\Autostart >>>
mapdrive_1191912372.cmd = mapdrive_1191912372.cmd
ShutDownPro.lnk = ShutDownPro.lnk

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart = Pinnacle ShowCenter StreamServer.lnk

---- EOF - GMER 1.0.14 ----
 
Hm, da funkt ganz was an "Sicherheitssoftware" dazwischen. Eine dieser Software scheint auch fuer das Zurueckschreiben der Eintraege in der Registrierung verantwortlich zu sein. Misten wir da erstmal aus.

Loesche bitte folgende Dateien:
c:\windows\ujuf.bin
c:\windows\system32\itipicema.reg

Dann solltest du folgende Programme erstmal deinstallieren:

PC Tools Spyware Doctor
a-squared Free Service
SUPERAntiSpyware
Lavasoft adaware
Malwarebytes AM

Auch bitte Spybot deinstallieren, installiere es neu allerdings ohne den Teatimer. Dann lasse die Funde von Spybot erneut bereinigen und schaue, ob sie nach einem neustart verschwunden bleiben...
 
Hi, habe ein paar Tage flach im Bett gelegen.

Habe alle Programme deinstalliert und SB neu installiert.
Zuerst hat er den Eintrag wieder gefunden. Habe dann diesen Eintrag msliksurserv.sys in RegSeeker eingegeben und dann 5 Einträge in der Registry gelöscht. Ab dem Zeitpunkt findet SB nichts mehr.:)

Denke, den bin ich los,oder?

Grüße
Micha
 
Das ganze sah schon danach aus, das es sich nur um "Reste" der Malware handelt.

Es freut mich, das du das so auch mehr oder minder alleine geloest hast! :)

Oh ja, du solltest dein Windows via www.windowsupdate.com aktualisieren. Installiere alle angebotenen wichtigen Updates. Wiederhole das so lange, bis dir keine wichtigen Updates mehr angeboten werden!
 
You must log in or register to reply here.
Back
Top