Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Problem mit Onlinebanking Sparkasse - Trojaner?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 26.06.2011, 07:57   #1
Remasuri
 
Problem mit Onlinebanking Sparkasse - Trojaner? - Standard

Problem mit Onlinebanking Sparkasse - Trojaner?



Hallo liebe Experten,

ich hatte gestern Abend ein Problem beim Online-Banking meiner Sparkasse und habe Grund zur Annahme, dass ich mir einen Trojaner eingefangen habe.

Der Malewarebytes Anti-Maleware Scan hatte folgendes Ergebnis:

Datenbank Version: 6949

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

26.06.2011 08:05:45
mbam-log-2011-06-26 (08-05-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 236167
Laufzeit: 1 Stunde(n), 19 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Ich habe defogger durchgeführt:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:04 on 26/06/2011 (Frank)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-


Ich habe auch schon den Custom - OLT Scan wie hier im Forum beschrieben durchgeführt, Datei ist im Anhang.

Es wäre sehr nett, wenn mir jemand schreiben könnte ob ich ein ersthaftes Problem habe.

Viele Grüße
Frank

Geändert von Remasuri (26.06.2011 um 08:16 Uhr)

Alt 26.06.2011, 13:35   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Problem mit Onlinebanking Sparkasse - Trojaner? - Standard

Problem mit Onlinebanking Sparkasse - Trojaner?



Zitat:
ich hatte gestern Abend ein Problem beim Online-Banking meiner Sparkasse und habe Grund zur Annahme, dass ich mir einen Trojaner eingefangen habe.
Welches Problem genau, bitte kurz erläutern.
__________________

__________________

Alt 26.06.2011, 14:43   #3
Remasuri
 
Problem mit Onlinebanking Sparkasse - Trojaner? - Standard

Problem mit Onlinebanking Sparkasse - Trojaner?



Ich wollte mich mit Kontonummer und Passwort anmelden aber es wurde 3 mal "falsches Passwort" gemeldet. Danach erschien eine Seite, auf der mir mitgeteilt wurde, dass ich das Konto durch Eingabe einer TAN-NR. wieder entsperren kann. Das habe ich auch probiert, aber es kam die Meldung, dass die TAN falsch sei und ich sollte die Prozedur mit einer anderen TAN wiederholen.
Ich habe dann auf einem anderen Rechner geschaut, ob ich mich da anmelden kann, aber dort kam der gleiche Bildschirm. Ich habe dann gleich über die Telefonnummer 116116 meinen Onlinezugang zum Konto gesperrt.
Gruß frank
__________________

Alt 26.06.2011, 14:52   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Problem mit Onlinebanking Sparkasse - Trojaner? - Standard

Problem mit Onlinebanking Sparkasse - Trojaner?



Bei Onlinebanking solltest du generell sehr vorsichtig sein und überlegen ob du den Kompromiss einer Bereinigung wirklich eingehen willst.
Normalerweise empfiehlt man bei sowas eine Neuinstallation von Windows.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.06.2011, 15:00   #5
Remasuri
 
Problem mit Onlinebanking Sparkasse - Trojaner? - Standard

Problem mit Onlinebanking Sparkasse - Trojaner?



Danke erstmal für die schnelle Reaktion. Ich wollte eigentlich erstmal wissen, ob ich mir da etwas eingefangen habe, oder ob es vielleicht an der Bank liegt oder ob ich mich wirklich vertippt habe, was ich aber zumindest bei der TAN Eingabe 100%ig ausschließen kann.
Kannst du in dem angehängten OTL Log erkennen, ob ich mir spyeye o.ä. eingefangen habe?
Das System neu aufsetzen würde ich nur ungern, das habe ich erst vor einem Monat nach einem Festplattencrash gemacht und es war sehr zeitintensiv. Daher möchte ich das nur machen, wenn ich wirklich was böses drauf habe.

Grüße
frank


Alt 26.06.2011, 15:01   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Problem mit Onlinebanking Sparkasse - Trojaner? - Standard

Problem mit Onlinebanking Sparkasse - Trojaner?



Das OTL-Log ist rel. unauffällig. Mach mal ein Durchgang mit CF:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
--> Problem mit Onlinebanking Sparkasse - Trojaner?

Alt 26.06.2011, 16:04   #7
Remasuri
 
Problem mit Onlinebanking Sparkasse - Trojaner? - Standard

Problem mit Onlinebanking Sparkasse - Trojaner?



So, anbei der Log vom Combofix.

Vielen Dank schon mal.

Alt 26.06.2011, 16:08   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Problem mit Onlinebanking Sparkasse - Trojaner? - Standard

Problem mit Onlinebanking Sparkasse - Trojaner?



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.06.2011, 18:10   #9
Remasuri
 
Problem mit Onlinebanking Sparkasse - Trojaner? - Standard

Problem mit Onlinebanking Sparkasse - Trojaner?



Das Forum sagt mir, dass der GMER log zu lang ist zum als text posten und die log.txt ist auch zu groß. Was tun?

Osam:

OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:02:28 on 26.06.2011

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 5.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"PCDoctorBackgroundMonitorTask.job" - "PC-Doctor, Inc." - C:\Programme\Lenovo\Toolbox\PC-Doctor\uaclauncher.exe
"PMTask.job" - ? - C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE  (File found, but it contains no detailed information)
"MP Scheduled Scan.job" - "Microsoft Corporation" - c:\Programme\Microsoft Security Client\Antimalware\MpCmdRun.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"camcpl.cpl" - "Logitech Inc." - C:\WINDOWS\system32\camcpl.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl
"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
"PWMCPl.cpl" - "Lenovo Group Limited" - C:\WINDOWS\system32\PWMCPl.cpl
"TpShCPL.cpl" - "Lenovo." - C:\WINDOWS\system32\TpShCPL.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"APS Digitizer Activity Monitor" (TPDIGIMN) - "Lenovo." - C:\WINDOWS\System32\DRIVERS\ApsHM86.sys
"aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswFsBlk.sys
"aswRdr" (aswRdr) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswRdr.sys
"aswSnx" (aswSnx) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswSnx.sys
"aswSP" (aswSP) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswSP.sys
"avast! Asynchronous Virus Monitor" (Aavmker4) - "AVAST Software" - C:\WINDOWS\system32\drivers\Aavmker4.sys
"avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswTdi.sys
"avast! Standard Shield Support" (aswMon2) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswMon2.sys
"catchme" (catchme) - ? - C:\DOKUME~1\Frank\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"DozeHDD" (DozeHDD) - "Lenovo." - C:\WINDOWS\System32\DRIVERS\DozeHDD.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys
"MpKsl353e453d" (MpKsl353e453d) - "Microsoft Corporation" - c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{A385B1BA-3CB0-4E9A-A233-96AE150F72C0}\MpKsl353e453d.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"pxtdipow" (pxtdipow) - ? - C:\DOKUME~1\Frank\LOKALE~1\Temp\pxtdipow.sys  (Hidden registry entry, rootkit activity | File not found)
"Shockprf" (Shockprf) - "Lenovo." - C:\WINDOWS\System32\DRIVERS\Apsx86.sys
"TPPWRIF" (TPPWRIF) - "Lenovo Group Limited" - C:\WINDOWS\System32\drivers\Tppwrif.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"WLAN-Transport" (s24trans) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\s24trans.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Programme\AVAST Software\Avast\ashShell.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3} "Eigene Logitech-Bilder" - "Logitech Inc." - C:\Programme\Logitech\Video\Namespc2.dll
{09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - c:\PROGRA~1\MICROS~2\shellext.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? -   (File not found | COM-object registry key not found)
{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Programme\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
DirectAnimation Java Classes "DirectAnimation Java Classes" - ? -   (File not found | COM-object registry key not found) / file://C:\WINDOWS\Java\classes\dajava.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Microsoft XML Parser for Java "Microsoft XML Parser for Java" - ? -   (File not found | COM-object registry key not found) / file://C:\WINDOWS\Java\classes\xmldso.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "avast! WebRep" - "AVAST Software" - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! WebRep" - "AVAST Software" - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Frank\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"LogitechSoftwareUpdate" - "Logitech Inc." - C:\Programme\Logitech\Video\ManifestEngine.exe boot
"PC Suite Tray" - "Nokia" - "C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"Skype" - "Skype Technologies S.A." - "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"avast" - "AVAST Software" - "C:\Programme\AVAST Software\Avast\avastUI.exe" /nogui
"LenovoAutoScrollUtility" - "Lenovo Group Limited" - C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe
"LogitechVideoTray" - "Logitech Inc." - C:\Programme\Logitech\Video\LogiTray.exe
"LVCOMSX" - "Logitech Inc." - C:\WINDOWS\system32\LVCOMSX.EXE
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"MSC" - "Microsoft Corporation" - "c:\Programme\Microsoft Security Client\msseces.exe" -hide -runkey
"nwiz" - "NVIDIA Corporation" - nwiz.exe /installquiet /keeploaded /nodetect
"PWRMGRTR" - "Lenovo Group Limited" - rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"TPKMAPHELPER" - "Lenovo" - C:\Programme\ThinkPad\Utilities\TpKmapAp.exe -helper
"TpShocks" - "Lenovo." - TpShocks.exe

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"Anzeige am Bildschirm" (TPHKSVC) - "Lenovo Group Limited" - C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Programme\AVAST Software\Avast\AvastSvc.exe
"Cisco EnergyWise Enabler" (PwmEWSvc) - ? - C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe  (File found, but it contains no detailed information)
"IBM KCU Service" (TpKmpSVC) - ? - C:\WINDOWS\system32\TpKmpSVC.exe  (File found, but it contains no detailed information)
"IBM PM Service" (IBMPMSVC) - ? - C:\WINDOWS\system32\ibmpmsvc.exe  (File signed by Microsoft | File found, but it contains no detailed information)
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Programme\Intel\WiFi\bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
"Intel(R) PROSet/Wireless WiFi Service" (S24EventMonitor) - "Intel(R) Corporation" - C:\Programme\Intel\WiFi\bin\S24EvMon.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Lenovo Doze Mode Service" (DozeSvc) - "Lenovo." - C:\Programme\ThinkPad\Utilities\DOZESVC.EXE
"Lenovo Hotkey Client Loader" (TPHKLOAD) - "Lenovo Group Limited" - C:\Programme\LENOVO\HOTKEY\TPHKLOAD.exe
"Lenovo Microphone Mute" (LENOVO.MICMUTE) - "Lenovo Group Limited" - C:\Programme\LENOVO\HOTKEY\MICMUTE.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
"Power Manager DBC Service" (Power Manager DBC Service) - ? - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
"ThinkPad HDD APS Logging Service" (TPHDEXLGSVC) - "Lenovo." - C:\WINDOWS\System32\TPHDEXLG.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Alt 26.06.2011, 20:08   #10
Remasuri
 
Problem mit Onlinebanking Sparkasse - Trojaner? - Standard

Problem mit Onlinebanking Sparkasse - Trojaner?



Ich versuche mal den GMER log in mehreren Teile zu posten:

GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-06-26 18:40:45
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD3200BEKT-00KA9T0 rev.01.01A01
Running: lyy0gg6w.exe; Driver: C:\DOKUME~1\Frank\LOKALE~1\Temp\pxtdipow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB718C202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB71F2CB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB71B06C1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB718E81C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB718E874]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB718E98A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB71B0075]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB718E772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB718E8C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB718E7C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB718E938]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB718C226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB71B0D87]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB71B103D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB718EC0E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB71B0BF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB71B0A5D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB71F2D62]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB718BFF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB718C24A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB718ED82]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB718CCDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB718E84C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB718E89C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB718E9B4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB71B03D1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB718E79E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB718EA46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB718E904]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB718E7F4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB718EB2A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB718E962]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB71F2DFA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB71B08D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB718CBA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB71B072A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB71FBE48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB71AF6E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB718C26E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB718C292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB718C04A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB718C186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB71B0E8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB718C162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB718C1AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB718C2B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB7208902]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C70 8050450C 8 Bytes [1C, E8, 18, B7, 74, E8, 18, ...] {SBB AL, 0xe8; SBB [EDI-0x48e7178c], DH}
.text ntkrnlpa.exe!ZwCallbackReturn + 2C7C 80504518 4 Bytes JMP D656FC35
.text ntkrnlpa.exe!ZwCallbackReturn + 2CAC 80504548 8 Bytes [C4, E8, 18, B7, C6, E7, 18, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2CBC 80504558 4 Bytes [38, E9, 18, B7]
.text ntkrnlpa.exe!ZwCallbackReturn + 2DAC 80504648 8 Bytes [4C, E8, 18, B7, 9C, E8, 18, ...]
.text ...
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64A8 4 Bytes CALL B718D335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC556 5 Bytes JMP B72042BE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FDA 5 Bytes JMP B7205D5C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D117A 7 Bytes JMP B7208906 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9071360, 0x388D2D, 0xE8000020]
.text win32k.sys!EngFreeUserMem + 674 BF809922 5 Bytes JMP B718FCCE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP B718FBDA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 783B BF824157 5 Bytes JMP B718EF60 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828CE9 5 Bytes JMP B718FE38 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316DA 5 Bytes JMP B7190040 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B8F2 BF83A37C 5 Bytes JMP B718FB4A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 5F35 BF857E69 5 Bytes JMP B718EFD0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 348C BF866FF4 5 Bytes JMP B718F1AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3517 BF86707F 5 Bytes JMP B718F352 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3F47 BF867AAF 5 Bytes JMP B718EE84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + AAFC BF86E664 5 Bytes JMP B718FC04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnicodeToMultiByteN + 2ED7 BF871F85 5 Bytes JMP B718FF9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 411E BF88C9D8 5 Bytes JMP B718F32A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTextOut + 4149 BF8B0CBE 5 Bytes JMP B718EE9C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 2DBF BF8C26A3 5 Bytes JMP B718FD80 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 450 BF8C3048 5 Bytes JMP B718F06A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CB4AA 5 Bytes JMP B718F0DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CB72A 5 Bytes JMP B718F114 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8ED1B7 5 Bytes JMP B718EDB8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19B2 BF913F1F 5 Bytes JMP B718EF1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2586 BF914AF3 5 Bytes JMP B718F034 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4EE5 BF917452 5 Bytes JMP B718F46C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1924 BF945FB0 5 Bytes JMP B718FEF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Programme\Microsoft Security Client\msseces.exe[160] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\Programme\Microsoft Security Client\msseces.exe[160] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Microsoft Security Client\msseces.exe[160] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\Programme\Microsoft Security Client\msseces.exe[160] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Microsoft Security Client\msseces.exe[160] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002D1014
.text C:\Programme\Microsoft Security Client\msseces.exe[160] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002D0804
.text C:\Programme\Microsoft Security Client\msseces.exe[160] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002D0A08
.text C:\Programme\Microsoft Security Client\msseces.exe[160] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002D0C0C
.text C:\Programme\Microsoft Security Client\msseces.exe[160] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002D0E10
.text C:\Programme\Microsoft Security Client\msseces.exe[160] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002D01F8
.text C:\Programme\Microsoft Security Client\msseces.exe[160] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002D03FC
.text C:\Programme\Microsoft Security Client\msseces.exe[160] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002D0600
.text C:\Programme\Microsoft Security Client\msseces.exe[160] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002E0804
.text C:\Programme\Microsoft Security Client\msseces.exe[160] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002E0A08
.text C:\Programme\Microsoft Security Client\msseces.exe[160] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002E0600
.text C:\Programme\Microsoft Security Client\msseces.exe[160] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002E01F8
.text C:\Programme\Microsoft Security Client\msseces.exe[160] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002E03FC
.text C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe[200] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe[200] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe[200] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe[200] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe[200] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe[200] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe[200] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe[200] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe[200] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe[200] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe[200] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe[200] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe[200] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe[200] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003A0804
.text C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe[200] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003A0A08
.text C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe[200] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003A0600
.text C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe[200] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003A01F8
.text C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe[200] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003A03FC
.text C:\Programme\AVAST Software\Avast\AvastSvc.exe[256] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\AVAST Software\Avast\AvastSvc.exe[256] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Programme\AVAST Software\Avast\AvastSvc.exe[256] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[616] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[616] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[616] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[616] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[616] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\spoolsv.exe[616] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[616] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[616] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\spoolsv.exe[616] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\spoolsv.exe[616] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[616] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\spoolsv.exe[616] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[616] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\spoolsv.exe[616] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\spoolsv.exe[616] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\spoolsv.exe[616] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\spoolsv.exe[616] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[728] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[728] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[728] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[728] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[728] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[728] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[728] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[728] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[728] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[728] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[728] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[728] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[728] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[728] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[728] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[728] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[728] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\smss.exe[832] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\LENOVO\HOTKEY\TPHKLOAD.exe[852] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Programme\LENOVO\HOTKEY\TPHKLOAD.exe[852] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\LENOVO\HOTKEY\TPHKLOAD.exe[852] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Programme\LENOVO\HOTKEY\TPHKLOAD.exe[852] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\LENOVO\HOTKEY\TPHKLOAD.exe[852] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\Programme\LENOVO\HOTKEY\TPHKLOAD.exe[852] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\Programme\LENOVO\HOTKEY\TPHKLOAD.exe[852] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\Programme\LENOVO\HOTKEY\TPHKLOAD.exe[852] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\Programme\LENOVO\HOTKEY\TPHKLOAD.exe[852] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\Programme\LENOVO\HOTKEY\TPHKLOAD.exe[852] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\Programme\LENOVO\HOTKEY\TPHKLOAD.exe[852] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\Programme\LENOVO\HOTKEY\TPHKLOAD.exe[852] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\Programme\LENOVO\HOTKEY\TPHKLOAD.exe[852] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\Programme\LENOVO\HOTKEY\TPHKLOAD.exe[852] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003A0804
.text C:\Programme\LENOVO\HOTKEY\TPHKLOAD.exe[852] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003A0A08
.text C:\Programme\LENOVO\HOTKEY\TPHKLOAD.exe[852] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003A0600
.text C:\Programme\LENOVO\HOTKEY\TPHKLOAD.exe[852] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003A01F8
.text C:\Programme\LENOVO\HOTKEY\TPHKLOAD.exe[852] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003A03FC
.text C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe[888] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe[888] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe[888] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe[888] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe[888] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe[888] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe[888] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe[888] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe[888] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe[888] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe[888] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe[888] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe[888] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe[888] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003A0804
.text C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe[888] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003A0A08
.text C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe[888] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003A0600
.text C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe[888] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003A01F8
.text C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe[888] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\csrss.exe[896] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[896] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[928] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[928] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[928] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[928] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[928] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\winlogon.exe[928] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[928] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[928] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\winlogon.exe[928] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\winlogon.exe[928] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[928] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[928] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[928] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\winlogon.exe[928] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\winlogon.exe[928] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\winlogon.exe[928] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\winlogon.exe[928] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\services.exe[972] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[972] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[972] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[972] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[972] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\services.exe[972] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[972] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[972] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\services.exe[972] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\services.exe[972] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[972] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\services.exe[972] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[972] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\services.exe[972] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\services.exe[972] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\services.exe[972] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\services.exe[972] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\lsass.exe[984] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[984] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[984] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[984] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[984] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[984] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[984] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[984] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[984] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[984] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[984] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[984] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[984] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[984] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[984] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[984] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[984] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\ibmpmsvc.exe[1148] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\ibmpmsvc.exe[1148] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\ibmpmsvc.exe[1148] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\ibmpmsvc.exe[1148] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ibmpmsvc.exe[1148] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\ibmpmsvc.exe[1148] USER32.dll!UnhookWindowsHookEx 7E37D5F3 3 Bytes JMP 00380A08
.text C:\WINDOWS\system32\ibmpmsvc.exe[1148] USER32.dll!UnhookWindowsHookEx + 4 7E37D5F7 1 Byte [82]
.text C:\WINDOWS\system32\ibmpmsvc.exe[1148] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\ibmpmsvc.exe[1148] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\ibmpmsvc.exe[1148] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\ibmpmsvc.exe[1148] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\WINDOWS\system32\ibmpmsvc.exe[1148] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\WINDOWS\system32\ibmpmsvc.exe[1148] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\ibmpmsvc.exe[1148] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\ibmpmsvc.exe[1148] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\ibmpmsvc.exe[1148] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\ibmpmsvc.exe[1148] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\ibmpmsvc.exe[1148] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\ibmpmsvc.exe[1148] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1192] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1192] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1192] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1192] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1192] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\Programme\Logitech\Video\LogiTray.exe[1204] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001401F8
.text C:\Programme\Logitech\Video\LogiTray.exe[1204] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Logitech\Video\LogiTray.exe[1204] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001403FC
.text C:\Programme\Logitech\Video\LogiTray.exe[1204] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Logitech\Video\LogiTray.exe[1204] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00380804
.text C:\Programme\Logitech\Video\LogiTray.exe[1204] USER32.dll!UnhookWindowsHookEx 7E37D5F3 3 Bytes JMP 00380A08
.text C:\Programme\Logitech\Video\LogiTray.exe[1204] USER32.dll!UnhookWindowsHookEx + 4 7E37D5F7 1 Byte [82]
.text C:\Programme\Logitech\Video\LogiTray.exe[1204] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00380600
.text C:\Programme\Logitech\Video\LogiTray.exe[1204] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003801F8
.text C:\Programme\Logitech\Video\LogiTray.exe[1204] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003803FC
.text C:\Programme\Logitech\Video\LogiTray.exe[1204] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\Programme\Logitech\Video\LogiTray.exe[1204] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\Programme\Logitech\Video\LogiTray.exe[1204] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\Programme\Logitech\Video\LogiTray.exe[1204] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\Programme\Logitech\Video\LogiTray.exe[1204] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\Programme\Logitech\Video\LogiTray.exe[1204] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\Programme\Logitech\Video\LogiTray.exe[1204] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\Programme\Logitech\Video\LogiTray.exe[1204] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\Programme\Logitech\Video\LogiTray.exe[1204] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\LVCOMSX.EXE[1208] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\LVCOMSX.EXE[1208] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\LVCOMSX.EXE[1208] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\LVCOMSX.EXE[1208] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\LVCOMSX.EXE[1208] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\LVCOMSX.EXE[1208] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\LVCOMSX.EXE[1208] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\LVCOMSX.EXE[1208] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\LVCOMSX.EXE[1208] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\LVCOMSX.EXE[1208] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\LVCOMSX.EXE[1208] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\LVCOMSX.EXE[1208] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\LVCOMSX.EXE[1208] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\LVCOMSX.EXE[1208] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\LVCOMSX.EXE[1208] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\LVCOMSX.EXE[1208] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\LVCOMSX.EXE[1208] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\WINDOWS\system32\LVCOMSX.EXE[1208] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\WINDOWS\system32\svchost.exe[1276] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1276] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1276] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1276] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1276] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1276] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1276] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1276] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe[1316] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe[1316] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe[1316] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe[1316] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe[1316] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002D0804
.text c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe[1316] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002D0A08
.text c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe[1316] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002D0600
.text c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe[1316] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002D01F8
.text c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe[1316] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002D03FC
.text c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe[1316] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002E1014
.text c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe[1316] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002E0804
.text c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe[1316] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002E0A08
.text c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe[1316] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002E0C0C
.text c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe[1316] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002E0E10
.text c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe[1316] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002E01F8
.text c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe[1316] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002E03FC
.text c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe[1316] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1352] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1352] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1352] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1352] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1352] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1352] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1352] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1352] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1352] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\Programme\ThinkPad\Utilities\DOZESVC.EXE[1372] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Programme\ThinkPad\Utilities\DOZESVC.EXE[1372] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\ThinkPad\Utilities\DOZESVC.EXE[1372] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Programme\ThinkPad\Utilities\DOZESVC.EXE[1372] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\ThinkPad\Utilities\DOZESVC.EXE[1372] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\Programme\ThinkPad\Utilities\DOZESVC.EXE[1372] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\Programme\ThinkPad\Utilities\DOZESVC.EXE[1372] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\Programme\ThinkPad\Utilities\DOZESVC.EXE[1372] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\Programme\ThinkPad\Utilities\DOZESVC.EXE[1372] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\Programme\ThinkPad\Utilities\DOZESVC.EXE[1372] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\Programme\ThinkPad\Utilities\DOZESVC.EXE[1372] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\Programme\ThinkPad\Utilities\DOZESVC.EXE[1372] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\Programme\ThinkPad\Utilities\DOZESVC.EXE[1372] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\Programme\Intel\WiFi\bin\EvtEng.exe[1420] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Programme\Intel\WiFi\bin\EvtEng.exe[1420] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Intel\WiFi\bin\EvtEng.exe[1420] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Programme\Intel\WiFi\bin\EvtEng.exe[1420] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Intel\WiFi\bin\EvtEng.exe[1420] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003A1014
.text C:\Programme\Intel\WiFi\bin\EvtEng.exe[1420] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003A0804
.text C:\Programme\Intel\WiFi\bin\EvtEng.exe[1420] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003A0A08
.text C:\Programme\Intel\WiFi\bin\EvtEng.exe[1420] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003A0C0C
.text C:\Programme\Intel\WiFi\bin\EvtEng.exe[1420] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003A0E10
.text C:\Programme\Intel\WiFi\bin\EvtEng.exe[1420] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003A01F8
.text C:\Programme\Intel\WiFi\bin\EvtEng.exe[1420] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003A03FC
.text C:\Programme\Intel\WiFi\bin\EvtEng.exe[1420] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003A0600
.text C:\Programme\Intel\WiFi\bin\EvtEng.exe[1420] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003B0804
.text C:\Programme\Intel\WiFi\bin\EvtEng.exe[1420] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003B0A08
.text C:\Programme\Intel\WiFi\bin\EvtEng.exe[1420] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003B0600
.text C:\Programme\Intel\WiFi\bin\EvtEng.exe[1420] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003B01F8
.text C:\Programme\Intel\WiFi\bin\EvtEng.exe[1420] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003B03FC
.text C:\Programme\Java\jre6\bin\jqs.exe[1592] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Programme\Java\jre6\bin\jqs.exe[1592] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Java\jre6\bin\jqs.exe[1592] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Programme\Java\jre6\bin\jqs.exe[1592] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Java\jre6\bin\jqs.exe[1592] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\Programme\Java\jre6\bin\jqs.exe[1592] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\Programme\Java\jre6\bin\jqs.exe[1592] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\Programme\Java\jre6\bin\jqs.exe[1592] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\Programme\Java\jre6\bin\jqs.exe[1592] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\Programme\Java\jre6\bin\jqs.exe[1592] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\Programme\Java\jre6\bin\jqs.exe[1592] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\Programme\Java\jre6\bin\jqs.exe[1592] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\Programme\Java\jre6\bin\jqs.exe[1592] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\Programme\Java\jre6\bin\jqs.exe[1592] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003A0804
.text C:\Programme\Java\jre6\bin\jqs.exe[1592] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003A0A08
.text C:\Programme\Java\jre6\bin\jqs.exe[1592] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003A0600
.text C:\Programme\Java\jre6\bin\jqs.exe[1592] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003A01F8
.text C:\Programme\Java\jre6\bin\jqs.exe[1592] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003A03FC
.text C:\Programme\Intel\WiFi\bin\S24EvMon.exe[1608] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Programme\Intel\WiFi\bin\S24EvMon.exe[1608] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Intel\WiFi\bin\S24EvMon.exe[1608] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Programme\Intel\WiFi\bin\S24EvMon.exe[1608] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Intel\WiFi\bin\S24EvMon.exe[1608] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00531014
.text C:\Programme\Intel\WiFi\bin\S24EvMon.exe[1608] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00530804
.text C:\Programme\Intel\WiFi\bin\S24EvMon.exe[1608] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00530A08
.text C:\Programme\Intel\WiFi\bin\S24EvMon.exe[1608] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00530C0C
.text C:\Programme\Intel\WiFi\bin\S24EvMon.exe[1608] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00530E10
.text C:\Programme\Intel\WiFi\bin\S24EvMon.exe[1608] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 005301F8
.text C:\Programme\Intel\WiFi\bin\S24EvMon.exe[1608] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 005303FC
.text C:\Programme\Intel\WiFi\bin\S24EvMon.exe[1608] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00530600
.text C:\Programme\Intel\WiFi\bin\S24EvMon.exe[1608] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00540804
.text C:\Programme\Intel\WiFi\bin\S24EvMon.exe[1608] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00540A08
.text C:\Programme\Intel\WiFi\bin\S24EvMon.exe[1608] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00540600
.text C:\Programme\Intel\WiFi\bin\S24EvMon.exe[1608] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005401F8
.text C:\Programme\Intel\WiFi\bin\S24EvMon.exe[1608] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005403FC
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1644] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1644] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1644] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1644] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1644] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003A1014
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1644] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003A0804
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1644] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003A0A08
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1644] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003A0C0C
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1644] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003A0E10
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1644] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003A01F8
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1644] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003A03FC
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1644] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003A0600
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1644] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003B0804
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1644] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003B0A08
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1644] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003B0600
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1644] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003B01F8
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1644] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003B03FC
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[1664] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001401F8
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[1664] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[1664] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001403FC
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[1664] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[1664] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00381014
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[1664] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00380804
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[1664] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00380A08
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[1664] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00380C0C
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[1664] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00380E10
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[1664] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003801F8
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[1664] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003803FC
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[1664] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00380600
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[1664] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[1664] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[1664] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[1664] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[1664] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[1664] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\WINDOWS\system32\wscntfy.exe[1676] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wscntfy.exe[1676] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[1676] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wscntfy.exe[1676] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[1676] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\wscntfy.exe[1676] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\wscntfy.exe[1676] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\wscntfy.exe[1676] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\wscntfy.exe[1676] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\wscntfy.exe[1676] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\system32\wscntfy.exe[1676] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\system32\wscntfy.exe[1676] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\system32\wscntfy.exe[1676] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\system32\wscntfy.exe[1676] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\system32\wscntfy.exe[1676] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\system32\wscntfy.exe[1676] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\wscntfy.exe[1676] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\Explorer.EXE[1732] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[1732] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1732] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1732] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\Explorer.EXE[1732] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[1732] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[1732] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\Explorer.EXE[1732] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\Explorer.EXE[1732] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[1732] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[1732] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[1732] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\Explorer.EXE[1732] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\Explorer.EXE[1732] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002D0600
.text C:\WINDOWS\Explorer.EXE[1732] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\Explorer.EXE[1732] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\System32\svchost.exe[1760] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1760] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1760] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1760] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1760] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1760] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1760] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1760] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1760] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1760] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1760] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1760] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1760] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1760] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1760] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1760] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1760] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1836] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1836] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1836] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1836] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1836] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1836] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1836] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1836] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1836] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1836] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1836] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1836] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1836] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1836] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1836] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1836] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC

Alt 26.06.2011, 20:09   #11
Remasuri
 
Problem mit Onlinebanking Sparkasse - Trojaner? - Standard

Problem mit Onlinebanking Sparkasse - Trojaner?



Hier der zweite Teil:


.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[1964] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001401F8
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[1964] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[1964] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001403FC
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[1964] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[1964] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00381014
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[1964] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00380804
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[1964] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00380A08
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[1964] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00380C0C
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[1964] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00380E10
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[1964] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003801F8
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[1964] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003803FC
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[1964] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00380600
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[1964] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[1964] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[1964] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[1964] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[1964] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[1964] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\WINDOWS\system32\nvsvc32.exe[2028] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\nvsvc32.exe[2028] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[2028] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\nvsvc32.exe[2028] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[2028] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\nvsvc32.exe[2028] USER32.dll!UnhookWindowsHookEx 7E37D5F3 3 Bytes JMP 00380A08
.text C:\WINDOWS\system32\nvsvc32.exe[2028] USER32.dll!UnhookWindowsHookEx + 4 7E37D5F7 1 Byte [82]
.text C:\WINDOWS\system32\nvsvc32.exe[2028] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\nvsvc32.exe[2028] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\nvsvc32.exe[2028] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\nvsvc32.exe[2028] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\WINDOWS\system32\nvsvc32.exe[2028] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\WINDOWS\system32\nvsvc32.exe[2028] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\nvsvc32.exe[2028] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\nvsvc32.exe[2028] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\nvsvc32.exe[2028] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\nvsvc32.exe[2028] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\nvsvc32.exe[2028] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\nvsvc32.exe[2028] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\rundll32.exe[2044] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\rundll32.exe[2044] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\rundll32.exe[2044] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\rundll32.exe[2044] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\rundll32.exe[2044] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\rundll32.exe[2044] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\rundll32.exe[2044] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\rundll32.exe[2044] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\rundll32.exe[2044] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\rundll32.exe[2044] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\rundll32.exe[2044] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\rundll32.exe[2044] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\rundll32.exe[2044] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\rundll32.exe[2044] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\rundll32.exe[2044] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\rundll32.exe[2044] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\rundll32.exe[2044] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C0600
.text C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe[2068] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe[2068] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe[2068] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe[2068] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe[2068] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe[2068] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe[2068] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe[2068] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe[2068] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe[2068] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe[2068] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe[2068] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe[2068] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe[2068] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003A0804
.text C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe[2068] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003A0A08
.text C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe[2068] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003A0600
.text C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe[2068] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003A01F8
.text C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe[2068] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\System32\svchost.exe[2120] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[2120] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2120] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[2120] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2120] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[2120] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[2120] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[2120] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[2120] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[2120] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[2120] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[2120] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[2120] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[2120] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[2120] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[2120] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[2120] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\TpKmpSVC.exe[2168] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\TpKmpSVC.exe[2168] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\TpKmpSVC.exe[2168] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\TpKmpSVC.exe[2168] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\TpKmpSVC.exe[2168] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\TpKmpSVC.exe[2168] USER32.dll!UnhookWindowsHookEx 7E37D5F3 3 Bytes JMP 00380A08
.text C:\WINDOWS\system32\TpKmpSVC.exe[2168] USER32.dll!UnhookWindowsHookEx + 4 7E37D5F7 1 Byte [82]
.text C:\WINDOWS\system32\TpKmpSVC.exe[2168] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\TpKmpSVC.exe[2168] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\TpKmpSVC.exe[2168] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\TpKmpSVC.exe[2168] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\WINDOWS\system32\TpKmpSVC.exe[2168] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\WINDOWS\system32\TpKmpSVC.exe[2168] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\TpKmpSVC.exe[2168] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\TpKmpSVC.exe[2168] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\TpKmpSVC.exe[2168] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\TpKmpSVC.exe[2168] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\TpKmpSVC.exe[2168] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\TpKmpSVC.exe[2168] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe[2220] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe[2220] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe[2220] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe[2220] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe[2220] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe[2220] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe[2220] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe[2220] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe[2220] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe[2220] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe[2220] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe[2220] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe[2220] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe[2220] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003A0804
.text C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe[2220] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003A0A08
.text C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe[2220] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003A0600
.text C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe[2220] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003A01F8
.text C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe[2220] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\wuauclt.exe[2324] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\wuauclt.exe[2324] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[2324] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\wuauclt.exe[2324] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[2324] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\wuauclt.exe[2324] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\wuauclt.exe[2324] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\wuauclt.exe[2324] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\wuauclt.exe[2324] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\wuauclt.exe[2324] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wuauclt.exe[2324] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\wuauclt.exe[2324] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wuauclt.exe[2324] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\wuauclt.exe[2324] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\wuauclt.exe[2324] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\wuauclt.exe[2324] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\wuauclt.exe[2324] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002D03FC
.text C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe[2336] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe[2336] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe[2336] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe[2336] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe[2336] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003A1014
.text C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe[2336] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003A0804
.text C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe[2336] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003A0A08
.text C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe[2336] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003A0C0C
.text C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe[2336] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003A0E10
.text C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe[2336] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003A01F8
.text C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe[2336] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003A03FC
.text C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe[2336] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003A0600
.text C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe[2336] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003B0804
.text C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe[2336] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003B0A08
.text C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe[2336] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003B0600
.text C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe[2336] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003B01F8
.text C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe[2336] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003B03FC
.text C:\Programme\LENOVO\HOTKEY\tposdsvc.exe[2544] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Programme\LENOVO\HOTKEY\tposdsvc.exe[2544] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\LENOVO\HOTKEY\tposdsvc.exe[2544] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Programme\LENOVO\HOTKEY\tposdsvc.exe[2544] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\LENOVO\HOTKEY\tposdsvc.exe[2544] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\Programme\LENOVO\HOTKEY\tposdsvc.exe[2544] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\Programme\LENOVO\HOTKEY\tposdsvc.exe[2544] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\Programme\LENOVO\HOTKEY\tposdsvc.exe[2544] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\Programme\LENOVO\HOTKEY\tposdsvc.exe[2544] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\Programme\LENOVO\HOTKEY\tposdsvc.exe[2544] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\Programme\LENOVO\HOTKEY\tposdsvc.exe[2544] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\Programme\LENOVO\HOTKEY\tposdsvc.exe[2544] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\Programme\LENOVO\HOTKEY\tposdsvc.exe[2544] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\Programme\LENOVO\HOTKEY\tposdsvc.exe[2544] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003A0804
.text C:\Programme\LENOVO\HOTKEY\tposdsvc.exe[2544] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003A0A08
.text C:\Programme\LENOVO\HOTKEY\tposdsvc.exe[2544] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003A0600
.text C:\Programme\LENOVO\HOTKEY\tposdsvc.exe[2544] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003A01F8
.text C:\Programme\LENOVO\HOTKEY\tposdsvc.exe[2544] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2640] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2640] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2640] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2640] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2640] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00371014
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2640] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00370804
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2640] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00370A08
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2640] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00370C0C
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2640] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00370E10
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2640] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003701F8
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2640] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003703FC
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2640] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00370600
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2640] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00380804
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2640] USER32.dll!UnhookWindowsHookEx 7E37D5F3 3 Bytes JMP 00380A08
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2640] USER32.dll!UnhookWindowsHookEx + 4 7E37D5F7 1 Byte [82]
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2640] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00380600
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2640] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2640] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2848] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2848] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2848] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2848] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2848] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2848] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2848] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2848] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2848] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2848] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2848] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2848] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2848] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2848] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2848] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2848] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2848] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\Programme\Logitech\Video\FxSvr2.exe[3004] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001401F8
.text C:\Programme\Logitech\Video\FxSvr2.exe[3004] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Logitech\Video\FxSvr2.exe[3004] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001403FC
.text C:\Programme\Logitech\Video\FxSvr2.exe[3004] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Logitech\Video\FxSvr2.exe[3004] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00381014
.text C:\Programme\Logitech\Video\FxSvr2.exe[3004] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00380804
.text C:\Programme\Logitech\Video\FxSvr2.exe[3004] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00380A08
.text C:\Programme\Logitech\Video\FxSvr2.exe[3004] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00380C0C
.text C:\Programme\Logitech\Video\FxSvr2.exe[3004] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00380E10
.text C:\Programme\Logitech\Video\FxSvr2.exe[3004] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003801F8
.text C:\Programme\Logitech\Video\FxSvr2.exe[3004] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003803FC
.text C:\Programme\Logitech\Video\FxSvr2.exe[3004] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00380600
.text C:\Programme\Logitech\Video\FxSvr2.exe[3004] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\Programme\Logitech\Video\FxSvr2.exe[3004] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\Programme\Logitech\Video\FxSvr2.exe[3004] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\Programme\Logitech\Video\FxSvr2.exe[3004] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\Programme\Logitech\Video\FxSvr2.exe[3004] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\Programme\Logitech\Video\FxSvr2.exe[3004] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe[3072] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe[3072] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe[3072] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe[3072] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe[3072] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe[3072] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe[3072] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe[3072] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe[3072] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe[3072] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe[3072] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003A1014
.text C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe[3072] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003A0804
.text C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe[3072] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003A0A08
.text C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe[3072] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003A0C0C
.text C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe[3072] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003A0E10
.text C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe[3072] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003A01F8
.text C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe[3072] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003A03FC
.text C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe[3072] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003A0600
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3180] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3180] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3180] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3180] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3180] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3180] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3180] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3180] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3180] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3180] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3180] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003A1014
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3180] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003A0804
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3180] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003A0A08
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3180] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003A0C0C
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3180] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003A0E10
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3180] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003A01F8
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3180] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003A03FC
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3180] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003A0600
.text C:\Programme\Lenovo\HOTKEY\TPONSCR.exe[3316] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Programme\Lenovo\HOTKEY\TPONSCR.exe[3316] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Lenovo\HOTKEY\TPONSCR.exe[3316] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Programme\Lenovo\HOTKEY\TPONSCR.exe[3316] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Lenovo\HOTKEY\TPONSCR.exe[3316] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\Programme\Lenovo\HOTKEY\TPONSCR.exe[3316] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\Programme\Lenovo\HOTKEY\TPONSCR.exe[3316] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\Programme\Lenovo\HOTKEY\TPONSCR.exe[3316] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\Programme\Lenovo\HOTKEY\TPONSCR.exe[3316] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\Programme\Lenovo\HOTKEY\TPONSCR.exe[3316] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\Programme\Lenovo\HOTKEY\TPONSCR.exe[3316] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\Programme\Lenovo\HOTKEY\TPONSCR.exe[3316] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\Programme\Lenovo\HOTKEY\TPONSCR.exe[3316] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\Programme\Lenovo\HOTKEY\TPONSCR.exe[3316] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003A0804
.text C:\Programme\Lenovo\HOTKEY\TPONSCR.exe[3316] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003A0A08
.text C:\Programme\Lenovo\HOTKEY\TPONSCR.exe[3316] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003A0600
.text C:\Programme\Lenovo\HOTKEY\TPONSCR.exe[3316] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003A01F8
.text C:\Programme\Lenovo\HOTKEY\TPONSCR.exe[3316] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003A03FC
.text C:\Programme\Lenovo\Zoom\TpScrex.exe[3324] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Programme\Lenovo\Zoom\TpScrex.exe[3324] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Lenovo\Zoom\TpScrex.exe[3324] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Programme\Lenovo\Zoom\TpScrex.exe[3324] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Lenovo\Zoom\TpScrex.exe[3324] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\Programme\Lenovo\Zoom\TpScrex.exe[3324] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\Programme\Lenovo\Zoom\TpScrex.exe[3324] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\Programme\Lenovo\Zoom\TpScrex.exe[3324] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\Programme\Lenovo\Zoom\TpScrex.exe[3324] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\Programme\Lenovo\Zoom\TpScrex.exe[3324] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\Programme\Lenovo\Zoom\TpScrex.exe[3324] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\Programme\Lenovo\Zoom\TpScrex.exe[3324] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\Programme\Lenovo\Zoom\TpScrex.exe[3324] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\Programme\Lenovo\Zoom\TpScrex.exe[3324] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003A0804
.text C:\Programme\Lenovo\Zoom\TpScrex.exe[3324] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003A0A08
.text C:\Programme\Lenovo\Zoom\TpScrex.exe[3324] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003A0600
.text C:\Programme\Lenovo\Zoom\TpScrex.exe[3324] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003A01F8
.text C:\Programme\Lenovo\Zoom\TpScrex.exe[3324] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\System32\alg.exe[3332] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[3332] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3332] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[3332] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3332] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[3332] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[3332] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\alg.exe[3332] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[3332] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[3332] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\alg.exe[3332] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\alg.exe[3332] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\alg.exe[3332] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\alg.exe[3332] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\alg.exe[3332] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[3332] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[3332] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3420] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3420] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3420] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3420] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3420] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3420] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3420] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3420] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3420] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3420] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3420] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3420] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3420] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3420] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3420] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3420] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3420] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\Programme\AVAST Software\Avast\avastUI.exe[3436] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\AVAST Software\Avast\avastUI.exe[3436] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\PC Connectivity Solution\ServiceLayer.exe[3512] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Programme\PC Connectivity Solution\ServiceLayer.exe[3512] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\PC Connectivity Solution\ServiceLayer.exe[3512] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Programme\PC Connectivity Solution\ServiceLayer.exe[3512] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\PC Connectivity Solution\ServiceLayer.exe[3512] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003A1014
.text C:\Programme\PC Connectivity Solution\ServiceLayer.exe[3512] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003A0804
.text C:\Programme\PC Connectivity Solution\ServiceLayer.exe[3512] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003A0A08
.text C:\Programme\PC Connectivity Solution\ServiceLayer.exe[3512] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003A0C0C
.text C:\Programme\PC Connectivity Solution\ServiceLayer.exe[3512] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003A0E10
.text C:\Programme\PC Connectivity Solution\ServiceLayer.exe[3512] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003A01F8
.text C:\Programme\PC Connectivity Solution\ServiceLayer.exe[3512] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003A03FC
.text C:\Programme\PC Connectivity Solution\ServiceLayer.exe[3512] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003A0600
.text C:\Programme\PC Connectivity Solution\ServiceLayer.exe[3512] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003B0804
.text C:\Programme\PC Connectivity Solution\ServiceLayer.exe[3512] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003B0A08
.text C:\Programme\PC Connectivity Solution\ServiceLayer.exe[3512] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003B0600
.text C:\Programme\PC Connectivity Solution\ServiceLayer.exe[3512] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003B01F8
.text C:\Programme\PC Connectivity Solution\ServiceLayer.exe[3512] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003B03FC
.text C:\WINDOWS\system32\TpShocks.exe[3552] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\TpShocks.exe[3552] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\TpShocks.exe[3552] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\TpShocks.exe[3552] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\TpShocks.exe[3552] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\WINDOWS\system32\TpShocks.exe[3552] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\WINDOWS\system32\TpShocks.exe[3552] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\TpShocks.exe[3552] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\TpShocks.exe[3552] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\TpShocks.exe[3552] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\TpShocks.exe[3552] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\TpShocks.exe[3552] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\TpShocks.exe[3552] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\TpShocks.exe[3552] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003A0804
.text C:\WINDOWS\system32\TpShocks.exe[3552] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003A0A08
.text C:\WINDOWS\system32\TpShocks.exe[3552] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003A0600
.text C:\WINDOWS\system32\TpShocks.exe[3552] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003A01F8
.text C:\WINDOWS\system32\TpShocks.exe[3552] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003A03FC
.text C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe[3628] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe[3628] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe[3628] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe[3628] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe[3628] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe[3628] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe[3628] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe[3628] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe[3628] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe[3628] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe[3628] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe[3628] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe[3628] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe[3628] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003A0804
.text C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe[3628] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003A0A08
.text C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe[3628] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003A0600
.text C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe[3628] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003A01F8
.text C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe[3628] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003A03FC
.text C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe[3660] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe[3660] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe[3660] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe[3660] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe[3660] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe[3660] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe[3660] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe[3660] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe[3660] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe[3660] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe[3660] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003A1014
.text C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe[3660] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003A0804
.text C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe[3660] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003A0A08
.text C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe[3660] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003A0C0C
.text C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe[3660] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003A0E10
.text C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe[3660] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003A01F8
.text C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe[3660] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003A03FC
.text C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe[3660] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003A0600
.text C:\WINDOWS\system32\RUNDLL32.EXE[3896] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\RUNDLL32.EXE[3896] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\RUNDLL32.EXE[3896] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\RUNDLL32.EXE[3896] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\RUNDLL32.EXE[3896] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\RUNDLL32.EXE[3896] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\RUNDLL32.EXE[3896] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\RUNDLL32.EXE[3896] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\RUNDLL32.EXE[3896] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\RUNDLL32.EXE[3896] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\RUNDLL32.EXE[3896] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\RUNDLL32.EXE[3896] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\RUNDLL32.EXE[3896] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\RUNDLL32.EXE[3896] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\RUNDLL32.EXE[3896] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\RUNDLL32.EXE[3896] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\RUNDLL32.EXE[3896] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C0600
.text C:\Dokumente und Einstellungen\Frank\Desktop\lyy0gg6w.exe[3908] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Dokumente und Einstellungen\Frank\Desktop\lyy0gg6w.exe[3908] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Dokumente und Einstellungen\Frank\Desktop\lyy0gg6w.exe[3908] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Dokumente und Einstellungen\Frank\Desktop\lyy0gg6w.exe[3908] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Dokumente und Einstellungen\Frank\Desktop\lyy0gg6w.exe[3908] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003E1014
.text C:\Dokumente und Einstellungen\Frank\Desktop\lyy0gg6w.exe[3908] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003E0804
.text C:\Dokumente und Einstellungen\Frank\Desktop\lyy0gg6w.exe[3908] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003E0A08
.text C:\Dokumente und Einstellungen\Frank\Desktop\lyy0gg6w.exe[3908] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003E0C0C
.text C:\Dokumente und Einstellungen\Frank\Desktop\lyy0gg6w.exe[3908] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003E0E10
.text C:\Dokumente und Einstellungen\Frank\Desktop\lyy0gg6w.exe[3908] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003E01F8
.text C:\Dokumente und Einstellungen\Frank\Desktop\lyy0gg6w.exe[3908] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003E03FC
.text C:\Dokumente und Einstellungen\Frank\Desktop\lyy0gg6w.exe[3908] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003E0600
.text C:\Dokumente und Einstellungen\Frank\Desktop\lyy0gg6w.exe[3908] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\Dokumente und Einstellungen\Frank\Desktop\lyy0gg6w.exe[3908] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\Dokumente und Einstellungen\Frank\Desktop\lyy0gg6w.exe[3908] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\Dokumente und Einstellungen\Frank\Desktop\lyy0gg6w.exe[3908] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\Dokumente und Einstellungen\Frank\Desktop\lyy0gg6w.exe[3908] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[4064] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[4064] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[4064] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[4064] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[4064] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[4064] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[4064] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[4064] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[4064] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[4064] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[4064] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[4064] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[4064] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[4064] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003A0804
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[4064] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003A0A08
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[4064] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003A0600
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[4064] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003A01F8
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[4064] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\rundll32.exe[4072] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\rundll32.exe[4072] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\rundll32.exe[4072] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\rundll32.exe[4072] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\rundll32.exe[4072] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\rundll32.exe[4072] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\rundll32.exe[4072] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\rundll32.exe[4072] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\rundll32.exe[4072] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\rundll32.exe[4072] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\rundll32.exe[4072] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\rundll32.exe[4072] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\rundll32.exe[4072] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\rundll32.exe[4072] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\rundll32.exe[4072] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\rundll32.exe[4072] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\rundll32.exe[4072] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C0600

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[972] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005E0002
IAT C:\WINDOWS\system32\services.exe[972] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005E0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

Alt 27.06.2011, 09:58   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Problem mit Onlinebanking Sparkasse - Trojaner? - Standard

Problem mit Onlinebanking Sparkasse - Trojaner?



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 28.06.2011, 00:00   #13
Remasuri
 
Problem mit Onlinebanking Sparkasse - Trojaner? - Standard

Problem mit Onlinebanking Sparkasse - Trojaner?



Hallo Arne,

Malwarebytes und Eset liefen ohne Beanstandung durch, SASW werde ich morgen machen.

Ich habe heute früh bei meiner Bank mit einem "von der IT" telefoniert. Er sagte, dass mein Onlinezugang wahrscheinlich aufgrund einer fehlerhaften Datenbankbereinigung gelöscht worden sei und daher weder der PIN noch die TANs erkannt wurden.

Daher denke ich, dass wir den Beitrag schließen können.

Vielen Dank für deine Mühen. Es ist schön für mich zu wissen, dass der Rechner sauber ist und ich habe ja auch mal wieder ein paar neue Tools kennengelernt.

Grüße frank

Antwort

Themen zu Problem mit Onlinebanking Sparkasse - Trojaner?
advanced, anhang, dateien, durchgeführt, e-banking, ebanking, eingefangen, ergebnis, experten, explorer, folge, folgendes, forum, gen, microsoft, minute, online-banking, onlinebanking, problem, scan, service, software, sparkasse, start, trojaner, trojaner eingefangen, trojaner?, version




Ähnliche Themen: Problem mit Onlinebanking Sparkasse - Trojaner?


  1. Onlinebanking Torjaner -> dank Schrauber kein Problem
    Lob, Kritik und Wünsche - 31.08.2015 (1)
  2. Sparkasse Allgäu Trojaner - Onlinebanking gesperrt
    Plagegeister aller Art und deren Bekämpfung - 26.06.2014 (19)
  3. Windows 7 - Onlinebanking durch Sparkasse gesperrt (Trojaner)
    Log-Analyse und Auswertung - 03.06.2014 (3)
  4. Onlinebanking-Trojaner Zeus2 / ZBot obwohl KEIN Onlinebanking genutzt wird
    Plagegeister aller Art und deren Bekämpfung - 21.05.2013 (4)
  5. Sparkasse Trojaner?
    Log-Analyse und Auswertung - 11.07.2012 (3)
  6. Sparkasse Onlinebanking "warten sie bis ihrer Computer identifiziert wird" - Trojaner?
    Log-Analyse und Auswertung - 20.03.2012 (27)
  7. Auch - Sparkasse Onlinebanking "warten sie bis ihrer Computer identifiziert wird
    Log-Analyse und Auswertung - 05.02.2012 (6)
  8. Sparkasse Allgäu Trojaner mit TAN Abfrage + auch Problem bei Deutsche Bank
    Log-Analyse und Auswertung - 05.12.2011 (6)
  9. Sparkasse TAN Trojaner - Sparkasse Allgäu - Abfrage von 25 TAN
    Plagegeister aller Art und deren Bekämpfung - 27.11.2011 (45)
  10. 20-TAN-Trojaner beim Onlinebanking (Sparkasse) entdeckt
    Log-Analyse und Auswertung - 19.05.2011 (1)
  11. Sparkasse 20 TAN Trojaner
    Plagegeister aller Art und deren Bekämpfung - 20.02.2011 (12)
  12. 20 TAN Problem Sparkasse - Malwarebytes ohne Befund
    Plagegeister aller Art und deren Bekämpfung - 06.02.2011 (17)
  13. Trojaner? Sparkasse Onlinebanking 20 TAN Abfrage
    Plagegeister aller Art und deren Bekämpfung - 25.01.2011 (17)
  14. Onlinebanking Problem und Antivir Meldung
    Plagegeister aller Art und deren Bekämpfung - 20.10.2010 (9)
  15. Bekanntes Problem mit Onlinebanking-Trojaner auch bei mir | Bitte um Hilfe
    Plagegeister aller Art und deren Bekämpfung - 15.08.2010 (23)
  16. Sparkasse Onlinebanking (TAN Abfrage)
    Plagegeister aller Art und deren Bekämpfung - 02.08.2010 (1)
  17. Aufforderung 10 TANs einzugeben auf Online-Banking Sparkasse - Problem auf meinem PC?
    Log-Analyse und Auswertung - 24.10.2008 (1)

Zum Thema Problem mit Onlinebanking Sparkasse - Trojaner? - Hallo liebe Experten, ich hatte gestern Abend ein Problem beim Online-Banking meiner Sparkasse und habe Grund zur Annahme, dass ich mir einen Trojaner eingefangen habe. Der Malewarebytes Anti-Maleware Scan hatte - Problem mit Onlinebanking Sparkasse - Trojaner?...
Archiv
Du betrachtest: Problem mit Onlinebanking Sparkasse - Trojaner? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.