Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner schreibt sich immer neu in Registry!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.08.2011, 18:01   #16
OliB
 
Trojaner schreibt sich immer neu in Registry! - Standard

Trojaner schreibt sich immer neu in Registry!



GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-08-03 18:54:34
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-6 ST3500320AS rev.SD15
Running: q8oop642.exe; Driver: C:\DOKUME~1\Besitzer\LOKALE~1\Temp\fxliikod.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwAddBootEntry [0xB3C3A202]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                          ZwAllocateVirtualMemory [0xB3CC8D8C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwClose [0xB3C5E6C1]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwCreateEvent [0xB3C3C7F0]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwCreateEventPair [0xB3C3C848]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwCreateIoCompletion [0xB3C3C95E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwCreateKey [0xB3C5E075]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwCreateMutant [0xB3C3C746]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwCreateSection [0xB3C3C898]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwCreateSemaphore [0xB3C3C79A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwCreateTimer [0xB3C3C90C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwDeleteBootEntry [0xB3C3A226]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwDeleteKey [0xB3C5ED87]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwDeleteValueKey [0xB3C5F03D]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwDuplicateObject [0xB3C3CBE2]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwEnumerateKey [0xB3C5EBF2]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwEnumerateValueKey [0xB3C5EA5D]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                          ZwFreeVirtualMemory [0xB3CC8E3C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwLoadDriver [0xB3C39FF0]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwModifyBootEntry [0xB3C3A24A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwNotifyChangeKey [0xB3C3CD56]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwNotifyChangeMultipleKeys [0xB3C3ACDA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwOpenEvent [0xB3C3C820]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwOpenEventPair [0xB3C3C870]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwOpenIoCompletion [0xB3C3C988]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwOpenKey [0xB3C5E3D1]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwOpenMutant [0xB3C3C772]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwOpenProcess [0xB3C3CA1A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwOpenSection [0xB3C3C8D8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwOpenSemaphore [0xB3C3C7C8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwOpenThread [0xB3C3CAFE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwOpenTimer [0xB3C3C936]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                          ZwProtectVirtualMemory [0xB3CC8ED4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwQueryKey [0xB3C5E8D8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwQueryObject [0xB3C3ABA0]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwQueryValueKey [0xB3C5E72A]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                          ZwRenameKey [0xB3CD110E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwRestoreKey [0xB3C5D6E8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwSetBootEntryOrder [0xB3C3A26E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwSetBootOptions [0xB3C3A292]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwSetSystemInformation [0xB3C3A04A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwSetSystemPowerState [0xB3C3A186]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwSetValueKey [0xB3C5EE8E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwShutdownSystem [0xB3C3A162]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwSystemDebugControl [0xB3C3A1AA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwVdmControl [0xB3C3A2B6]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                          ZwCreateProcessEx [0xB3CDE398]
Code            \??\C:\DOKUME~1\Besitzer\LOKALE~1\Temp\catchme.sys                                                             pIofCallDriver
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                          ObInsertObject
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                          ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwCallbackReturn + 2D08                                                                           805045A4 4 Bytes  [5D, EA, C5, B3]
.text           ntkrnlpa.exe!ZwCallbackReturn + 2E64                                                                           80504700 4 Bytes  CALL B28EFACA 
.text           ntkrnlpa.exe!ZwCallbackReturn + 2F14                                                                           805047B0 4 Bytes  [E8, D6, C5, B3]
PAGE            ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC                                                                    805A64A8 4 Bytes  CALL B3C3B335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE            ntkrnlpa.exe!ObMakeTemporaryObject                                                                             805BC556 5 Bytes  JMP B3CD9D4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ObInsertObject                                                                                    805C2FDA 5 Bytes  JMP B3CDB7F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ZwCreateProcessEx                                                                                 805D117A 7 Bytes  JMP B3CDE39C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                       section is writeable [0xB6D923A0, 0x5CC259, 0xE8000020]
.text           win32k.sys!EngFreeUserMem + 674                                                                                BF809962 5 Bytes  JMP B3C3DCA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngDeleteSurface + 45                                                                               BF813956 5 Bytes  JMP B3C3DBAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngSetLastError + 79A8                                                                              BF824309 5 Bytes  JMP B3C3CF34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreateBitmap + F9C                                                                               BF828C73 5 Bytes  JMP B3C3DE0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngUnmapFontFileFD + 2C50                                                                           BF8316BE 5 Bytes  JMP B3C3E014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngUnmapFontFileFD + B68E                                                                           BF83A0FC 5 Bytes  JMP B3C3DB1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!FONTOBJ_pxoGetXform + 84ED                                                                          BF8519C5 5 Bytes  JMP B3C3CE70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!XLATEOBJ_iXlate + 3581                                                                              BF85E554 5 Bytes  JMP B3C3D180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!XLATEOBJ_iXlate + 360C                                                                              BF85E5DF 5 Bytes  JMP B3C3D326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreatePalette + 88                                                                               BF85F852 5 Bytes  JMP B3C3CE58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreatePalette + 5454                                                                             BF864C1E 5 Bytes  JMP B3C3DBD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngGetCurrentCodePage + 411E                                                                        BF873F63 5 Bytes  JMP B3C3D2FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngGradientFill + 26EE                                                                              BF8947C0 5 Bytes  JMP B3C3DD54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngStretchBltROP + 583                                                                              BF895298 5 Bytes  JMP B3C3DF72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCopyBits + 4DEC                                                                                  BF89DBD8 5 Bytes  JMP B3C3CFA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngEraseSurface + A9E0                                                                              BF8C2150 5 Bytes  JMP B3C3D03E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngFillPath + 1517                                                                                  BF8CA5B2 5 Bytes  JMP B3C3D0AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngFillPath + 1797                                                                                  BF8CA832 5 Bytes  JMP B3C3D0E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngDeleteSemaphore + 3B3E                                                                           BF8EC2A7 5 Bytes  JMP B3C3CD8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreateClip + 19DF                                                                                BF9133E5 5 Bytes  JMP B3C3CEF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreateClip + 25B3                                                                                BF913FB9 5 Bytes  JMP B3C3D008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreateClip + 4F12                                                                                BF916918 5 Bytes  JMP B3C3D440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngPlgBlt + 18FC                                                                                    BF94638A 5 Bytes  JMP B3C3DECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
?               C:\WINDOWS\system32\Drivers\PROCEXP113.SYS                                                                     Das System kann die angegebene Datei nicht finden. !
?               C:\DOKUME~1\Besitzer\LOKALE~1\Temp\catchme.sys                                                                 Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text           C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[108] ntdll.dll!LdrLoadDll                      7C92632D 5 Bytes  JMP 001501F8 
.text           C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[108] ntdll.dll!RtlDosSearchPath_U + 186        7C926865 1 Byte  [62]
.text           C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[108] ntdll.dll!LdrUnloadDll                    7C9271CD 5 Bytes  JMP 001503FC 
.text           C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[108] kernel32.dll!GetBinaryTypeW + 80          7C868D8C 1 Byte  [62]
.text           C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[108] USER32.dll!SetWindowsHookExW              7E37820F 5 Bytes  JMP 00390804 
.text           C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[108] USER32.dll!UnhookWindowsHookEx            7E37D5F3 5 Bytes  JMP 00390A08 
.text           C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[108] USER32.dll!SetWindowsHookExA              7E381211 5 Bytes  JMP 00390600 
.text           C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[108] USER32.dll!SetWinEventHook                7E3817F7 5 Bytes  JMP 003901F8 
.text           C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[108] USER32.dll!UnhookWinEvent                 7E3818AC 3 Bytes  JMP 003903FC 
.text           C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[108] USER32.dll!UnhookWinEvent + 4             7E3818B0 1 Byte  [82]
.text           C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[108] ADVAPI32.dll!SetServiceObjectSecurity     77E06D81 5 Bytes  JMP 003A1014 
.text           C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[108] ADVAPI32.dll!ChangeServiceConfigA         77E06E69 5 Bytes  JMP 003A0804 
.text           C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[108] ADVAPI32.dll!ChangeServiceConfigW         77E07001 5 Bytes  JMP 003A0A08 
.text           C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[108] ADVAPI32.dll!ChangeServiceConfig2A        77E07101 5 Bytes  JMP 003A0C0C 
.text           C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[108] ADVAPI32.dll!ChangeServiceConfig2W        77E07189 5 Bytes  JMP 003A0E10 
.text           C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[108] ADVAPI32.dll!CreateServiceA               77E07211 5 Bytes  JMP 003A01F8 
.text           C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[108] ADVAPI32.dll!CreateServiceW               77E073A9 5 Bytes  JMP 003A03FC 
.text           C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[108] ADVAPI32.dll!DeleteService                77E074B1 5 Bytes  JMP 003A0600 
.text           C:\WINDOWS\system32\spoolsv.exe[212] ntdll.dll!LdrLoadDll                                                      7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\spoolsv.exe[212] ntdll.dll!RtlDosSearchPath_U + 186                                        7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\spoolsv.exe[212] ntdll.dll!LdrUnloadDll                                                    7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\spoolsv.exe[212] kernel32.dll!GetBinaryTypeW + 80                                          7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\spoolsv.exe[212] ADVAPI32.dll!SetServiceObjectSecurity                                     77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\spoolsv.exe[212] ADVAPI32.dll!ChangeServiceConfigA                                         77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\spoolsv.exe[212] ADVAPI32.dll!ChangeServiceConfigW                                         77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\spoolsv.exe[212] ADVAPI32.dll!ChangeServiceConfig2A                                        77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\spoolsv.exe[212] ADVAPI32.dll!ChangeServiceConfig2W                                        77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\spoolsv.exe[212] ADVAPI32.dll!CreateServiceA                                               77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\spoolsv.exe[212] ADVAPI32.dll!CreateServiceW                                               77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\spoolsv.exe[212] ADVAPI32.dll!DeleteService                                                77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\spoolsv.exe[212] USER32.dll!SetWindowsHookExW                                              7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\spoolsv.exe[212] USER32.dll!UnhookWindowsHookEx                                            7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\spoolsv.exe[212] USER32.dll!SetWindowsHookExA                                              7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\spoolsv.exe[212] USER32.dll!SetWinEventHook                                                7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\spoolsv.exe[212] USER32.dll!UnhookWinEvent                                                 7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\Programme\Hotspot Shield\bin\hsswd.exe[312] ntdll.dll!LdrLoadDll                                            7C92632D 5 Bytes  JMP 001501F8 
.text           C:\Programme\Hotspot Shield\bin\hsswd.exe[312] ntdll.dll!RtlDosSearchPath_U + 186                              7C926865 1 Byte  [62]
.text           C:\Programme\Hotspot Shield\bin\hsswd.exe[312] ntdll.dll!LdrUnloadDll                                          7C9271CD 5 Bytes  JMP 001503FC 
.text           C:\Programme\Hotspot Shield\bin\hsswd.exe[312] kernel32.dll!GetBinaryTypeW + 80                                7C868D8C 1 Byte  [62]
.text           C:\Programme\Hotspot Shield\bin\hsswd.exe[312] ADVAPI32.dll!SetServiceObjectSecurity                           77E06D81 3 Bytes  JMP 00391014 
.text           C:\Programme\Hotspot Shield\bin\hsswd.exe[312] ADVAPI32.dll!SetServiceObjectSecurity + 4                       77E06D85 1 Byte  [88]
.text           C:\Programme\Hotspot Shield\bin\hsswd.exe[312] ADVAPI32.dll!ChangeServiceConfigA                               77E06E69 5 Bytes  JMP 00390804 
.text           C:\Programme\Hotspot Shield\bin\hsswd.exe[312] ADVAPI32.dll!ChangeServiceConfigW                               77E07001 5 Bytes  JMP 00390A08 
.text           C:\Programme\Hotspot Shield\bin\hsswd.exe[312] ADVAPI32.dll!ChangeServiceConfig2A                              77E07101 5 Bytes  JMP 00390C0C 
.text           C:\Programme\Hotspot Shield\bin\hsswd.exe[312] ADVAPI32.dll!ChangeServiceConfig2W                              77E07189 5 Bytes  JMP 00390E10 
.text           C:\Programme\Hotspot Shield\bin\hsswd.exe[312] ADVAPI32.dll!CreateServiceA                                     77E07211 5 Bytes  JMP 003901F8 
.text           C:\Programme\Hotspot Shield\bin\hsswd.exe[312] ADVAPI32.dll!CreateServiceW                                     77E073A9 5 Bytes  JMP 003903FC 
.text           C:\Programme\Hotspot Shield\bin\hsswd.exe[312] ADVAPI32.dll!DeleteService                                      77E074B1 5 Bytes  JMP 00390600 
.text           C:\Programme\Hotspot Shield\bin\hsswd.exe[312] USER32.dll!SetWindowsHookExW                                    7E37820F 5 Bytes  JMP 003A0804 
.text           C:\Programme\Hotspot Shield\bin\hsswd.exe[312] USER32.dll!UnhookWindowsHookEx                                  7E37D5F3 5 Bytes  JMP 003A0A08 
.text           C:\Programme\Hotspot Shield\bin\hsswd.exe[312] USER32.dll!SetWindowsHookExA                                    7E381211 5 Bytes  JMP 003A0600 
.text           C:\Programme\Hotspot Shield\bin\hsswd.exe[312] USER32.dll!SetWinEventHook                                      7E3817F7 5 Bytes  JMP 003A01F8 
.text           C:\Programme\Hotspot Shield\bin\hsswd.exe[312] USER32.dll!UnhookWinEvent                                       7E3818AC 5 Bytes  JMP 003A03FC 
.text           C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[412] ntdll.dll!LdrLoadDll                               7C92632D 5 Bytes  JMP 001501F8 
.text           C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[412] ntdll.dll!RtlDosSearchPath_U + 186                 7C926865 1 Byte  [62]
.text           C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[412] ntdll.dll!LdrUnloadDll                             7C9271CD 5 Bytes  JMP 001503FC 
.text           C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[412] kernel32.dll!GetBinaryTypeW + 80                   7C868D8C 1 Byte  [62]
.text           C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[412] ADVAPI32.dll!SetServiceObjectSecurity              77E06D81 5 Bytes  JMP 003B1014 
.text           C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[412] ADVAPI32.dll!ChangeServiceConfigA                  77E06E69 5 Bytes  JMP 003B0804 
.text           C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[412] ADVAPI32.dll!ChangeServiceConfigW                  77E07001 5 Bytes  JMP 003B0A08 
.text           C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[412] ADVAPI32.dll!ChangeServiceConfig2A                 77E07101 5 Bytes  JMP 003B0C0C 
.text           C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[412] ADVAPI32.dll!ChangeServiceConfig2W                 77E07189 5 Bytes  JMP 003B0E10 
.text           C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[412] ADVAPI32.dll!CreateServiceA                        77E07211 5 Bytes  JMP 003B01F8 
.text           C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[412] ADVAPI32.dll!CreateServiceW                        77E073A9 5 Bytes  JMP 003B03FC 
.text           C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[412] ADVAPI32.dll!DeleteService                         77E074B1 5 Bytes  JMP 003B0600 
.text           C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[412] USER32.dll!SetWindowsHookExW                       7E37820F 5 Bytes  JMP 003C0804 
.text           C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[412] USER32.dll!UnhookWindowsHookEx                     7E37D5F3 5 Bytes  JMP 003C0A08 
.text           C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[412] USER32.dll!SetWindowsHookExA                       7E381211 5 Bytes  JMP 003C0600 
.text           C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[412] USER32.dll!SetWinEventHook                         7E3817F7 5 Bytes  JMP 003C01F8 
.text           C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[412] USER32.dll!UnhookWinEvent                          7E3818AC 5 Bytes  JMP 003C03FC 
.text           C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[444] ntdll.dll!LdrLoadDll                              7C92632D 5 Bytes  JMP 001401F8 
.text           C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[444] ntdll.dll!RtlDosSearchPath_U + 186                7C926865 1 Byte  [62]
.text           C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[444] ntdll.dll!LdrUnloadDll                            7C9271CD 5 Bytes  JMP 001403FC 
.text           C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[444] kernel32.dll!GetBinaryTypeW + 80                  7C868D8C 1 Byte  [62]
.text           C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[444] ADVAPI32.dll!SetServiceObjectSecurity             77E06D81 5 Bytes  JMP 00381014 
.text           C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[444] ADVAPI32.dll!ChangeServiceConfigA                 77E06E69 5 Bytes  JMP 00380804 
.text           C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[444] ADVAPI32.dll!ChangeServiceConfigW                 77E07001 5 Bytes  JMP 00380A08 
.text           C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[444] ADVAPI32.dll!ChangeServiceConfig2A                77E07101 5 Bytes  JMP 00380C0C 
.text           C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[444] ADVAPI32.dll!ChangeServiceConfig2W                77E07189 5 Bytes  JMP 00380E10 
.text           C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[444] ADVAPI32.dll!CreateServiceA                       77E07211 5 Bytes  JMP 003801F8 
.text           C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[444] ADVAPI32.dll!CreateServiceW                       77E073A9 5 Bytes  JMP 003803FC 
.text           C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[444] ADVAPI32.dll!DeleteService                        77E074B1 5 Bytes  JMP 00380600 
.text           C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[444] USER32.dll!SetWindowsHookExW                      7E37820F 5 Bytes  JMP 00390804 
.text           C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[444] USER32.dll!UnhookWindowsHookEx                    7E37D5F3 5 Bytes  JMP 00390A08 
.text           C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[444] USER32.dll!SetWindowsHookExA                      7E381211 5 Bytes  JMP 00390600 
.text           C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[444] USER32.dll!SetWinEventHook                        7E3817F7 5 Bytes  JMP 003901F8 
.text           C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[444] USER32.dll!UnhookWinEvent                         7E3818AC 3 Bytes  JMP 003903FC 
.text           C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[444] USER32.dll!UnhookWinEvent + 4                     7E3818B0 1 Byte  [82]
.text           C:\WINDOWS\System32\svchost.exe[464] ntdll.dll!LdrLoadDll                                                      7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\System32\svchost.exe[464] ntdll.dll!RtlDosSearchPath_U + 186                                        7C926865 1 Byte  [62]
.text           C:\WINDOWS\System32\svchost.exe[464] ntdll.dll!LdrUnloadDll                                                    7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\System32\svchost.exe[464] kernel32.dll!GetBinaryTypeW + 80                                          7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\System32\svchost.exe[464] ADVAPI32.dll!SetServiceObjectSecurity                                     77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\System32\svchost.exe[464] ADVAPI32.dll!ChangeServiceConfigA                                         77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\System32\svchost.exe[464] ADVAPI32.dll!ChangeServiceConfigW                                         77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\System32\svchost.exe[464] ADVAPI32.dll!ChangeServiceConfig2A                                        77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\System32\svchost.exe[464] ADVAPI32.dll!ChangeServiceConfig2W                                        77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\System32\svchost.exe[464] ADVAPI32.dll!CreateServiceA                                               77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\System32\svchost.exe[464] ADVAPI32.dll!CreateServiceW                                               77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\System32\svchost.exe[464] ADVAPI32.dll!DeleteService                                                77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\System32\svchost.exe[464] USER32.dll!SetWindowsHookExW                                              7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\System32\svchost.exe[464] USER32.dll!UnhookWindowsHookEx                                            7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\System32\svchost.exe[464] USER32.dll!SetWindowsHookExA                                              7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\System32\svchost.exe[464] USER32.dll!SetWinEventHook                                                7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\System32\svchost.exe[464] USER32.dll!UnhookWinEvent                                                 7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\System32\svchost.exe[480] ntdll.dll!LdrLoadDll                                                      7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\System32\svchost.exe[480] ntdll.dll!RtlDosSearchPath_U + 186                                        7C926865 1 Byte  [62]
.text           C:\WINDOWS\System32\svchost.exe[480] ntdll.dll!LdrUnloadDll                                                    7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\System32\svchost.exe[480] kernel32.dll!GetBinaryTypeW + 80                                          7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\System32\svchost.exe[480] ADVAPI32.dll!SetServiceObjectSecurity                                     77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\System32\svchost.exe[480] ADVAPI32.dll!ChangeServiceConfigA                                         77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\System32\svchost.exe[480] ADVAPI32.dll!ChangeServiceConfigW                                         77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\System32\svchost.exe[480] ADVAPI32.dll!ChangeServiceConfig2A                                        77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\System32\svchost.exe[480] ADVAPI32.dll!ChangeServiceConfig2W                                        77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\System32\svchost.exe[480] ADVAPI32.dll!CreateServiceA                                               77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\System32\svchost.exe[480] ADVAPI32.dll!CreateServiceW                                               77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\System32\svchost.exe[480] ADVAPI32.dll!DeleteService                                                77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\System32\svchost.exe[480] USER32.dll!SetWindowsHookExW                                              7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\System32\svchost.exe[480] USER32.dll!UnhookWindowsHookEx                                            7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\System32\svchost.exe[480] USER32.dll!SetWindowsHookExA                                              7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\System32\svchost.exe[480] USER32.dll!SetWinEventHook                                                7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\System32\svchost.exe[480] USER32.dll!UnhookWinEvent                                                 7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\explorer.exe[548] ntdll.dll!RtlDosSearchPath_U + 186                                                7C926865 1 Byte  [62]
.text           C:\WINDOWS\explorer.exe[548] kernel32.dll!GetBinaryTypeW + 80                                                  7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\PnkBstrA.exe[612] ntdll.dll!LdrLoadDll                                                     7C92632D 5 Bytes  JMP 001401F8 
.text           C:\WINDOWS\system32\PnkBstrA.exe[612] ntdll.dll!RtlDosSearchPath_U + 186                                       7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\PnkBstrA.exe[612] ntdll.dll!LdrUnloadDll                                                   7C9271CD 5 Bytes  JMP 001403FC 
.text           C:\WINDOWS\system32\PnkBstrA.exe[612] kernel32.dll!GetBinaryTypeW + 80                                         7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\PnkBstrA.exe[612] USER32.dll!SetWindowsHookExW                                             7E37820F 5 Bytes  JMP 00380804 
.text           C:\WINDOWS\system32\PnkBstrA.exe[612] USER32.dll!UnhookWindowsHookEx                                           7E37D5F3 3 Bytes  JMP 00380A08 
.text           C:\WINDOWS\system32\PnkBstrA.exe[612] USER32.dll!UnhookWindowsHookEx + 4                                       7E37D5F7 1 Byte  [82]
.text           C:\WINDOWS\system32\PnkBstrA.exe[612] USER32.dll!SetWindowsHookExA                                             7E381211 5 Bytes  JMP 00380600 
.text           C:\WINDOWS\system32\PnkBstrA.exe[612] USER32.dll!SetWinEventHook                                               7E3817F7 5 Bytes  JMP 003801F8 
.text           C:\WINDOWS\system32\PnkBstrA.exe[612] USER32.dll!UnhookWinEvent                                                7E3818AC 5 Bytes  JMP 003803FC 
.text           C:\WINDOWS\system32\PnkBstrA.exe[612] ADVAPI32.dll!SetServiceObjectSecurity                                    77E06D81 3 Bytes  JMP 00391014 
.text           C:\WINDOWS\system32\PnkBstrA.exe[612] ADVAPI32.dll!SetServiceObjectSecurity + 4                                77E06D85 1 Byte  [88]
.text           C:\WINDOWS\system32\PnkBstrA.exe[612] ADVAPI32.dll!ChangeServiceConfigA                                        77E06E69 5 Bytes  JMP 00390804 
.text           C:\WINDOWS\system32\PnkBstrA.exe[612] ADVAPI32.dll!ChangeServiceConfigW                                        77E07001 5 Bytes  JMP 00390A08 
.text           C:\WINDOWS\system32\PnkBstrA.exe[612] ADVAPI32.dll!ChangeServiceConfig2A                                       77E07101 5 Bytes  JMP 00390C0C 
.text           C:\WINDOWS\system32\PnkBstrA.exe[612] ADVAPI32.dll!ChangeServiceConfig2W                                       77E07189 5 Bytes  JMP 00390E10 
.text           C:\WINDOWS\system32\PnkBstrA.exe[612] ADVAPI32.dll!CreateServiceA                                              77E07211 5 Bytes  JMP 003901F8 
.text           C:\WINDOWS\system32\PnkBstrA.exe[612] ADVAPI32.dll!CreateServiceW                                              77E073A9 5 Bytes  JMP 003903FC 
.text           C:\WINDOWS\system32\PnkBstrA.exe[612] ADVAPI32.dll!DeleteService                                               77E074B1 5 Bytes  JMP 00390600 
.text           C:\WINDOWS\System32\smss.exe[656] ntdll.dll!RtlDosSearchPath_U + 186                                           7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[684] ntdll.dll!LdrLoadDll                                                      7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\svchost.exe[684] ntdll.dll!RtlDosSearchPath_U + 186                                        7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[684] ntdll.dll!LdrUnloadDll                                                    7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\svchost.exe[684] kernel32.dll!GetBinaryTypeW + 80                                          7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[684] ADVAPI32.dll!SetServiceObjectSecurity                                     77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\svchost.exe[684] ADVAPI32.dll!ChangeServiceConfigA                                         77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\svchost.exe[684] ADVAPI32.dll!ChangeServiceConfigW                                         77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\svchost.exe[684] ADVAPI32.dll!ChangeServiceConfig2A                                        77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\svchost.exe[684] ADVAPI32.dll!ChangeServiceConfig2W                                        77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\svchost.exe[684] ADVAPI32.dll!CreateServiceA                                               77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\svchost.exe[684] ADVAPI32.dll!CreateServiceW                                               77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\svchost.exe[684] ADVAPI32.dll!DeleteService                                                77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\svchost.exe[684] USER32.dll!SetWindowsHookExW                                              7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\svchost.exe[684] USER32.dll!UnhookWindowsHookEx                                            7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\svchost.exe[684] USER32.dll!SetWindowsHookExA                                              7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\svchost.exe[684] USER32.dll!SetWinEventHook                                                7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\svchost.exe[684] USER32.dll!UnhookWinEvent                                                 7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\system32\csrss.exe[704] ntdll.dll!RtlDosSearchPath_U + 186                                          7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\csrss.exe[704] KERNEL32.dll!GetBinaryTypeW + 80                                            7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\wdfmgr.exe[740] ntdll.dll!LdrLoadDll                                                       7C92632D 5 Bytes  JMP 000801F8 
.text           C:\WINDOWS\system32\wdfmgr.exe[740] ntdll.dll!RtlDosSearchPath_U + 186                                         7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\wdfmgr.exe[740] ntdll.dll!LdrUnloadDll                                                     7C9271CD 5 Bytes  JMP 000803FC 
.text           C:\WINDOWS\system32\wdfmgr.exe[740] kernel32.dll!GetBinaryTypeW + 80                                           7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\wdfmgr.exe[740] ADVAPI32.dll!SetServiceObjectSecurity                                      77E06D81 5 Bytes  JMP 002C1014 
.text           C:\WINDOWS\system32\wdfmgr.exe[740] ADVAPI32.dll!ChangeServiceConfigA                                          77E06E69 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\wdfmgr.exe[740] ADVAPI32.dll!ChangeServiceConfigW                                          77E07001 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\wdfmgr.exe[740] ADVAPI32.dll!ChangeServiceConfig2A                                         77E07101 5 Bytes  JMP 002C0C0C 
.text           C:\WINDOWS\system32\wdfmgr.exe[740] ADVAPI32.dll!ChangeServiceConfig2W                                         77E07189 5 Bytes  JMP 002C0E10 
.text           C:\WINDOWS\system32\wdfmgr.exe[740] ADVAPI32.dll!CreateServiceA                                                77E07211 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\wdfmgr.exe[740] ADVAPI32.dll!CreateServiceW                                                77E073A9 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\system32\wdfmgr.exe[740] ADVAPI32.dll!DeleteService                                                 77E074B1 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\wdfmgr.exe[740] USER32.dll!SetWindowsHookExW                                               7E37820F 5 Bytes  JMP 002D0804 
.text           C:\WINDOWS\system32\wdfmgr.exe[740] USER32.dll!UnhookWindowsHookEx                                             7E37D5F3 5 Bytes  JMP 002D0A08 
.text           C:\WINDOWS\system32\wdfmgr.exe[740] USER32.dll!SetWindowsHookExA                                               7E381211 5 Bytes  JMP 002D0600 
.text           C:\WINDOWS\system32\wdfmgr.exe[740] USER32.dll!SetWinEventHook                                                 7E3817F7 5 Bytes  JMP 002D01F8 
.text           C:\WINDOWS\system32\wdfmgr.exe[740] USER32.dll!UnhookWinEvent                                                  7E3818AC 5 Bytes  JMP 002D03FC 
.text           C:\WINDOWS\system32\winlogon.exe[972] ntdll.dll!LdrLoadDll                                                     7C92632D 5 Bytes  JMP 000701F8 
.text           C:\WINDOWS\system32\winlogon.exe[972] ntdll.dll!RtlDosSearchPath_U + 186                                       7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\winlogon.exe[972] ntdll.dll!LdrUnloadDll                                                   7C9271CD 5 Bytes  JMP 000703FC 
.text           C:\WINDOWS\system32\winlogon.exe[972] kernel32.dll!GetBinaryTypeW + 80                                         7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\winlogon.exe[972] ADVAPI32.dll!SetServiceObjectSecurity                                    77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\winlogon.exe[972] ADVAPI32.dll!ChangeServiceConfigA                                        77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\winlogon.exe[972] ADVAPI32.dll!ChangeServiceConfigW                                        77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\winlogon.exe[972] ADVAPI32.dll!ChangeServiceConfig2A                                       77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\winlogon.exe[972] ADVAPI32.dll!ChangeServiceConfig2W                                       77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\winlogon.exe[972] ADVAPI32.dll!CreateServiceA                                              77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\winlogon.exe[972] ADVAPI32.dll!CreateServiceW                                              77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\winlogon.exe[972] ADVAPI32.dll!DeleteService                                               77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\winlogon.exe[972] USER32.dll!SetWindowsHookExW                                             7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\winlogon.exe[972] USER32.dll!UnhookWindowsHookEx                                           7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\winlogon.exe[972] USER32.dll!SetWindowsHookExA                                             7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\winlogon.exe[972] USER32.dll!SetWinEventHook                                               7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\winlogon.exe[972] USER32.dll!UnhookWinEvent                                                7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\system32\services.exe[1040] ntdll.dll!LdrLoadDll                                                    7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\services.exe[1040] ntdll.dll!RtlDosSearchPath_U + 186                                      7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\services.exe[1040] ntdll.dll!LdrUnloadDll                                                  7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\services.exe[1040] kernel32.dll!GetBinaryTypeW + 80                                        7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\services.exe[1040] ADVAPI32.dll!SetServiceObjectSecurity                                   77E06D81 5 Bytes  JMP 002C1014 
.text           C:\WINDOWS\system32\services.exe[1040] ADVAPI32.dll!ChangeServiceConfigA                                       77E06E69 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\services.exe[1040] ADVAPI32.dll!ChangeServiceConfigW                                       77E07001 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\services.exe[1040] ADVAPI32.dll!ChangeServiceConfig2A                                      77E07101 5 Bytes  JMP 002C0C0C 
.text           C:\WINDOWS\system32\services.exe[1040] ADVAPI32.dll!ChangeServiceConfig2W                                      77E07189 5 Bytes  JMP 002C0E10 
.text           C:\WINDOWS\system32\services.exe[1040] ADVAPI32.dll!CreateServiceA                                             77E07211 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\services.exe[1040] ADVAPI32.dll!CreateServiceW                                             77E073A9 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\system32\services.exe[1040] ADVAPI32.dll!DeleteService                                              77E074B1 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\services.exe[1040] USER32.dll!SetWindowsHookExW                                            7E37820F 5 Bytes  JMP 002D0804 
.text           C:\WINDOWS\system32\services.exe[1040] USER32.dll!UnhookWindowsHookEx                                          7E37D5F3 5 Bytes  JMP 002D0A08 
.text           C:\WINDOWS\system32\services.exe[1040] USER32.dll!SetWindowsHookExA                                            7E381211 5 Bytes  JMP 002D0600 
.text           C:\WINDOWS\system32\services.exe[1040] USER32.dll!SetWinEventHook                                              7E3817F7 5 Bytes  JMP 002D01F8 
.text           C:\WINDOWS\system32\services.exe[1040] USER32.dll!UnhookWinEvent                                               7E3818AC 5 Bytes  JMP 002D03FC 
.text           C:\WINDOWS\system32\lsass.exe[1052] ntdll.dll!LdrLoadDll                                                       7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\lsass.exe[1052] ntdll.dll!RtlDosSearchPath_U + 186                                         7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\lsass.exe[1052] ntdll.dll!LdrUnloadDll                                                     7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\lsass.exe[1052] kernel32.dll!GetBinaryTypeW + 80                                           7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\lsass.exe[1052] ADVAPI32.dll!SetServiceObjectSecurity                                      77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\lsass.exe[1052] ADVAPI32.dll!ChangeServiceConfigA                                          77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\lsass.exe[1052] ADVAPI32.dll!ChangeServiceConfigW                                          77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\lsass.exe[1052] ADVAPI32.dll!ChangeServiceConfig2A                                         77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\lsass.exe[1052] ADVAPI32.dll!ChangeServiceConfig2W                                         77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\lsass.exe[1052] ADVAPI32.dll!CreateServiceA                                                77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\lsass.exe[1052] ADVAPI32.dll!CreateServiceW                                                77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\lsass.exe[1052] ADVAPI32.dll!DeleteService                                                 77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\lsass.exe[1052] USER32.dll!SetWindowsHookExW                                               7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\lsass.exe[1052] USER32.dll!UnhookWindowsHookEx                                             7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\lsass.exe[1052] USER32.dll!SetWindowsHookExA                                               7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\lsass.exe[1052] USER32.dll!SetWinEventHook                                                 7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\lsass.exe[1052] USER32.dll!UnhookWinEvent                                                  7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\system32\nvsvc32.exe[1240] ntdll.dll!LdrLoadDll                                                     7C92632D 5 Bytes  JMP 001501F8 
.text           C:\WINDOWS\system32\nvsvc32.exe[1240] ntdll.dll!RtlDosSearchPath_U + 186                                       7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\nvsvc32.exe[1240] ntdll.dll!LdrUnloadDll                                                   7C9271CD 5 Bytes  JMP 001503FC 
.text           C:\WINDOWS\system32\nvsvc32.exe[1240] kernel32.dll!GetBinaryTypeW + 80                                         7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\nvsvc32.exe[1240] ADVAPI32.dll!SetServiceObjectSecurity                                    77E06D81 3 Bytes  JMP 00391014 
.text           C:\WINDOWS\system32\nvsvc32.exe[1240] ADVAPI32.dll!SetServiceObjectSecurity + 4                                77E06D85 1 Byte  [88]
.text           C:\WINDOWS\system32\nvsvc32.exe[1240] ADVAPI32.dll!ChangeServiceConfigA                                        77E06E69 5 Bytes  JMP 00390804 
.text           C:\WINDOWS\system32\nvsvc32.exe[1240] ADVAPI32.dll!ChangeServiceConfigW                                        77E07001 5 Bytes  JMP 00390A08 
.text           C:\WINDOWS\system32\nvsvc32.exe[1240] ADVAPI32.dll!ChangeServiceConfig2A                                       77E07101 5 Bytes  JMP 00390C0C 
.text           C:\WINDOWS\system32\nvsvc32.exe[1240] ADVAPI32.dll!ChangeServiceConfig2W                                       77E07189 5 Bytes  JMP 00390E10 
.text           C:\WINDOWS\system32\nvsvc32.exe[1240] ADVAPI32.dll!CreateServiceA                                              77E07211 5 Bytes  JMP 003901F8 
.text           C:\WINDOWS\system32\nvsvc32.exe[1240] ADVAPI32.dll!CreateServiceW                                              77E073A9 5 Bytes  JMP 003903FC 
.text           C:\WINDOWS\system32\nvsvc32.exe[1240] ADVAPI32.dll!DeleteService                                               77E074B1 5 Bytes  JMP 00390600 
.text           C:\WINDOWS\system32\nvsvc32.exe[1240] USER32.dll!SetWindowsHookExW                                             7E37820F 5 Bytes  JMP 003A0804 
.text           C:\WINDOWS\system32\nvsvc32.exe[1240] USER32.dll!UnhookWindowsHookEx                                           7E37D5F3 5 Bytes  JMP 003A0A08 
.text           C:\WINDOWS\system32\nvsvc32.exe[1240] USER32.dll!SetWindowsHookExA                                             7E381211 5 Bytes  JMP 003A0600 
.text           C:\WINDOWS\system32\nvsvc32.exe[1240] USER32.dll!SetWinEventHook                                               7E3817F7 5 Bytes  JMP 003A01F8 
.text           C:\WINDOWS\system32\nvsvc32.exe[1240] USER32.dll!UnhookWinEvent                                                7E3818AC 5 Bytes  JMP 003A03FC 
.text           C:\WINDOWS\System32\alg.exe[1276] ntdll.dll!LdrLoadDll                                                         7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\System32\alg.exe[1276] ntdll.dll!RtlDosSearchPath_U + 186                                           7C926865 1 Byte  [62]
.text           C:\WINDOWS\System32\alg.exe[1276] ntdll.dll!LdrUnloadDll                                                       7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\System32\alg.exe[1276] kernel32.dll!GetBinaryTypeW + 80                                             7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\System32\alg.exe[1276] USER32.dll!SetWindowsHookExW                                                 7E37820F 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\System32\alg.exe[1276] USER32.dll!UnhookWindowsHookEx                                               7E37D5F3 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\System32\alg.exe[1276] USER32.dll!SetWindowsHookExA                                                 7E381211 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\System32\alg.exe[1276] USER32.dll!SetWinEventHook                                                   7E3817F7 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\System32\alg.exe[1276] USER32.dll!UnhookWinEvent                                                    7E3818AC 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\System32\alg.exe[1276] ADVAPI32.dll!SetServiceObjectSecurity                                        77E06D81 5 Bytes  JMP 002C1014 
.text           C:\WINDOWS\System32\alg.exe[1276] ADVAPI32.dll!ChangeServiceConfigA                                            77E06E69 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\System32\alg.exe[1276] ADVAPI32.dll!ChangeServiceConfigW                                            77E07001 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\System32\alg.exe[1276] ADVAPI32.dll!ChangeServiceConfig2A                                           77E07101 5 Bytes  JMP 002C0C0C 
.text           C:\WINDOWS\System32\alg.exe[1276] ADVAPI32.dll!ChangeServiceConfig2W                                           77E07189 5 Bytes  JMP 002C0E10 
.text           C:\WINDOWS\System32\alg.exe[1276] ADVAPI32.dll!CreateServiceA                                                  77E07211 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\System32\alg.exe[1276] ADVAPI32.dll!CreateServiceW                                                  77E073A9 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\System32\alg.exe[1276] ADVAPI32.dll!DeleteService                                                   77E074B1 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!LdrLoadDll                                                     7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!RtlDosSearchPath_U + 186                                       7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!LdrUnloadDll                                                   7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!GetBinaryTypeW + 80                                         7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!SetServiceObjectSecurity                                    77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfigA                                        77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfigW                                        77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfig2A                                       77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfig2W                                       77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!CreateServiceA                                              77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!CreateServiceW                                              77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!DeleteService                                               77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\svchost.exe[1312] USER32.dll!SetWindowsHookExW                                             7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\svchost.exe[1312] USER32.dll!UnhookWindowsHookEx                                           7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\svchost.exe[1312] USER32.dll!SetWindowsHookExA                                             7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\svchost.exe[1312] USER32.dll!SetWinEventHook                                               7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\svchost.exe[1312] USER32.dll!UnhookWinEvent                                                7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\system32\wbem\unsecapp.exe[1352] ntdll.dll!RtlDosSearchPath_U + 186                                 7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\wbem\unsecapp.exe[1352] kernel32.dll!GetBinaryTypeW + 80                                   7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1440] ntdll.dll!LdrLoadDll                                                     7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\svchost.exe[1440] ntdll.dll!RtlDosSearchPath_U + 186                                       7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1440] ntdll.dll!LdrUnloadDll                                                   7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!GetBinaryTypeW + 80                                         7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!SetServiceObjectSecurity                                    77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!ChangeServiceConfigA                                        77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!ChangeServiceConfigW                                        77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!ChangeServiceConfig2A                                       77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!ChangeServiceConfig2W                                       77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!CreateServiceA                                              77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!CreateServiceW                                              77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!DeleteService                                               77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\svchost.exe[1440] USER32.dll!SetWindowsHookExW                                             7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\svchost.exe[1440] USER32.dll!UnhookWindowsHookEx                                           7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\svchost.exe[1440] USER32.dll!SetWindowsHookExA                                             7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\svchost.exe[1440] USER32.dll!SetWinEventHook                                               7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\svchost.exe[1440] USER32.dll!UnhookWinEvent                                                7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!LdrLoadDll                                                     7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!RtlDosSearchPath_U + 186                                       7C926865 1 Byte  [62]
.text           C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!LdrUnloadDll                                                   7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!GetBinaryTypeW + 80                                         7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\System32\svchost.exe[1480] ADVAPI32.dll!SetServiceObjectSecurity                                    77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\System32\svchost.exe[1480] ADVAPI32.dll!ChangeServiceConfigA                                        77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\System32\svchost.exe[1480] ADVAPI32.dll!ChangeServiceConfigW                                        77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\System32\svchost.exe[1480] ADVAPI32.dll!ChangeServiceConfig2A                                       77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\System32\svchost.exe[1480] ADVAPI32.dll!ChangeServiceConfig2W                                       77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\System32\svchost.exe[1480] ADVAPI32.dll!CreateServiceA                                              77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\System32\svchost.exe[1480] ADVAPI32.dll!CreateServiceW                                              77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\System32\svchost.exe[1480] ADVAPI32.dll!DeleteService                                               77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\System32\svchost.exe[1480] USER32.dll!SetWindowsHookExW                                             7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\System32\svchost.exe[1480] USER32.dll!UnhookWindowsHookEx                                           7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\System32\svchost.exe[1480] USER32.dll!SetWindowsHookExA                                             7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\System32\svchost.exe[1480] USER32.dll!SetWinEventHook                                               7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\System32\svchost.exe[1480] USER32.dll!UnhookWinEvent                                                7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[1588] ntdll.dll!RtlDosSearchPath_U + 186                                 7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[1588] kernel32.dll!GetBinaryTypeW + 80                                   7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!LdrLoadDll                                                     7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!RtlDosSearchPath_U + 186                                       7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!LdrUnloadDll                                                   7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!GetBinaryTypeW + 80                                         7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!SetServiceObjectSecurity                                    77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!ChangeServiceConfigA                                        77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!ChangeServiceConfigW                                        77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!ChangeServiceConfig2A                                       77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!ChangeServiceConfig2W                                       77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!CreateServiceA                                              77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!CreateServiceW                                              77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!DeleteService                                               77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\svchost.exe[1608] USER32.dll!SetWindowsHookExW                                             7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\svchost.exe[1608] USER32.dll!UnhookWindowsHookEx                                           7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\svchost.exe[1608] USER32.dll!SetWindowsHookExA                                             7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\svchost.exe[1608] USER32.dll!SetWinEventHook                                               7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\svchost.exe[1608] USER32.dll!UnhookWinEvent                                                7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\system32\svchost.exe[1672] ntdll.dll!LdrLoadDll                                                     7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\svchost.exe[1672] ntdll.dll!RtlDosSearchPath_U + 186                                       7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1672] ntdll.dll!LdrUnloadDll                                                   7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!GetBinaryTypeW + 80                                         7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!SetServiceObjectSecurity                                    77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!ChangeServiceConfigA                                        77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!ChangeServiceConfigW                                        77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!ChangeServiceConfig2A                                       77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!ChangeServiceConfig2W                                       77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!CreateServiceA                                              77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!CreateServiceW                                              77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!DeleteService                                               77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\svchost.exe[1672] USER32.dll!SetWindowsHookExW                                             7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\svchost.exe[1672] USER32.dll!UnhookWindowsHookEx                                           7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\svchost.exe[1672] USER32.dll!SetWindowsHookExA                                             7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\svchost.exe[1672] USER32.dll!SetWinEventHook                                               7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\svchost.exe[1672] USER32.dll!UnhookWinEvent                                                7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\Programme\Alwil Software\Avast5\AvastSvc.exe[1784] ntdll.dll!RtlDosSearchPath_U + 186                       7C926865 1 Byte  [62]
.text           C:\Programme\Alwil Software\Avast5\AvastSvc.exe[1784] kernel32.dll!SetUnhandledExceptionFilter                 7C84495D 4 Bytes  [C2, 04, 00, 90] {RET 0x4; NOP }
.text           C:\Programme\Alwil Software\Avast5\AvastSvc.exe[1784] kernel32.dll!GetBinaryTypeW + 80                         7C868D8C 1 Byte  [62]
.text           C:\Dokumente und Einstellungen\Besitzer\Desktop\q8oop642.exe[2020] ntdll.dll!RtlDosSearchPath_U + 186          7C926865 1 Byte  [62]
.text           C:\Dokumente und Einstellungen\Besitzer\Desktop\q8oop642.exe[2020] kernel32.dll!GetBinaryTypeW + 80            7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\ctfmon.exe[2320] ntdll.dll!LdrLoadDll                                                      7C92632D 5 Bytes  JMP 000A01F8 
.text           C:\WINDOWS\system32\ctfmon.exe[2320] ntdll.dll!RtlDosSearchPath_U + 186                                        7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\ctfmon.exe[2320] ntdll.dll!LdrUnloadDll                                                    7C9271CD 5 Bytes  JMP 000A03FC 
.text           C:\WINDOWS\system32\ctfmon.exe[2320] kernel32.dll!GetBinaryTypeW + 80                                          7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\ctfmon.exe[2320] ADVAPI32.dll!SetServiceObjectSecurity                                     77E06D81 5 Bytes  JMP 002C1014 
.text           C:\WINDOWS\system32\ctfmon.exe[2320] ADVAPI32.dll!ChangeServiceConfigA                                         77E06E69 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\ctfmon.exe[2320] ADVAPI32.dll!ChangeServiceConfigW                                         77E07001 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\ctfmon.exe[2320] ADVAPI32.dll!ChangeServiceConfig2A                                        77E07101 5 Bytes  JMP 002C0C0C 
.text           C:\WINDOWS\system32\ctfmon.exe[2320] ADVAPI32.dll!ChangeServiceConfig2W                                        77E07189 5 Bytes  JMP 002C0E10 
.text           C:\WINDOWS\system32\ctfmon.exe[2320] ADVAPI32.dll!CreateServiceA                                               77E07211 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\ctfmon.exe[2320] ADVAPI32.dll!CreateServiceW                                               77E073A9 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\system32\ctfmon.exe[2320] ADVAPI32.dll!DeleteService                                                77E074B1 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\ctfmon.exe[2320] USER32.dll!SetWindowsHookExW                                              7E37820F 5 Bytes  JMP 002D0804 
.text           C:\WINDOWS\system32\ctfmon.exe[2320] USER32.dll!UnhookWindowsHookEx                                            7E37D5F3 5 Bytes  JMP 002D0A08 
.text           C:\WINDOWS\system32\ctfmon.exe[2320] USER32.dll!SetWindowsHookExA                                              7E381211 5 Bytes  JMP 002D0600 
.text           C:\WINDOWS\system32\ctfmon.exe[2320] USER32.dll!SetWinEventHook                                                7E3817F7 5 Bytes  JMP 002D01F8 
.text           C:\WINDOWS\system32\ctfmon.exe[2320] USER32.dll!UnhookWinEvent                                                 7E3818AC 5 Bytes  JMP 002D03FC 
.text           C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2544] ntdll.dll!LdrLoadDll                         7C92632D 5 Bytes  JMP 001501F8 
.text           C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2544] ntdll.dll!RtlDosSearchPath_U + 186           7C926865 1 Byte  [62]
.text           C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2544] ntdll.dll!LdrUnloadDll                       7C9271CD 5 Bytes  JMP 001503FC 
.text           C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2544] kernel32.dll!GetBinaryTypeW + 80             7C868D8C 1 Byte  [62]
.text           C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2544] USER32.dll!SetWindowsHookExW                 7E37820F 5 Bytes  JMP 00390804 
.text           C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2544] USER32.dll!UnhookWindowsHookEx               7E37D5F3 5 Bytes  JMP 00390A08 
.text           C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2544] USER32.dll!SetWindowsHookExA                 7E381211 5 Bytes  JMP 00390600 
.text           C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2544] USER32.dll!SetWinEventHook                   7E3817F7 5 Bytes  JMP 003901F8 
.text           C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2544] USER32.dll!UnhookWinEvent                    7E3818AC 3 Bytes  JMP 003903FC 
.text           C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2544] USER32.dll!UnhookWinEvent + 4                7E3818B0 1 Byte  [82]
.text           C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2544] ADVAPI32.dll!SetServiceObjectSecurity        77E06D81 5 Bytes  JMP 003A1014 
.text           C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2544] ADVAPI32.dll!ChangeServiceConfigA            77E06E69 5 Bytes  JMP 003A0804 
.text           C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2544] ADVAPI32.dll!ChangeServiceConfigW            77E07001 5 Bytes  JMP 003A0A08 
.text           C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2544] ADVAPI32.dll!ChangeServiceConfig2A           77E07101 5 Bytes  JMP 003A0C0C 
.text           C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2544] ADVAPI32.dll!ChangeServiceConfig2W           77E07189 5 Bytes  JMP 003A0E10 
.text           C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2544] ADVAPI32.dll!CreateServiceA                  77E07211 5 Bytes  JMP 003A01F8 
.text           C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2544] ADVAPI32.dll!CreateServiceW                  77E073A9 5 Bytes  JMP 003A03FC 
.text           C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2544] ADVAPI32.dll!DeleteService                   77E074B1 5 Bytes  JMP 003A0600 
.text           C:\WINDOWS\system32\LVCOMSX.EXE[2876] ntdll.dll!LdrLoadDll                                                     7C92632D 5 Bytes  JMP 001401F8 
.text           C:\WINDOWS\system32\LVCOMSX.EXE[2876] ntdll.dll!RtlDosSearchPath_U + 186                                       7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\LVCOMSX.EXE[2876] ntdll.dll!LdrUnloadDll                                                   7C9271CD 5 Bytes  JMP 001403FC 
.text           C:\WINDOWS\system32\LVCOMSX.EXE[2876] kernel32.dll!GetBinaryTypeW + 80                                         7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\LVCOMSX.EXE[2876] ADVAPI32.dll!SetServiceObjectSecurity                                    77E06D81 5 Bytes  JMP 00381014 
.text           C:\WINDOWS\system32\LVCOMSX.EXE[2876] ADVAPI32.dll!ChangeServiceConfigA                                        77E06E69 5 Bytes  JMP 00380804 
.text           C:\WINDOWS\system32\LVCOMSX.EXE[2876] ADVAPI32.dll!ChangeServiceConfigW                                        77E07001 5 Bytes  JMP 00380A08 
.text           C:\WINDOWS\system32\LVCOMSX.EXE[2876] ADVAPI32.dll!ChangeServiceConfig2A                                       77E07101 5 Bytes  JMP 00380C0C 
.text           C:\WINDOWS\system32\LVCOMSX.EXE[2876] ADVAPI32.dll!ChangeServiceConfig2W                                       77E07189 5 Bytes  JMP 00380E10 
.text           C:\WINDOWS\system32\LVCOMSX.EXE[2876] ADVAPI32.dll!CreateServiceA                                              77E07211 5 Bytes  JMP 003801F8 
.text           C:\WINDOWS\system32\LVCOMSX.EXE[2876] ADVAPI32.dll!CreateServiceW                                              77E073A9 5 Bytes  JMP 003803FC 
.text           C:\WINDOWS\system32\LVCOMSX.EXE[2876] ADVAPI32.dll!DeleteService                                               77E074B1 5 Bytes  JMP 00380600 
.text           C:\WINDOWS\system32\LVCOMSX.EXE[2876] USER32.dll!SetWindowsHookExW                                             7E37820F 5 Bytes  JMP 00390804 
.text           C:\WINDOWS\system32\LVCOMSX.EXE[2876] USER32.dll!UnhookWindowsHookEx                                           7E37D5F3 5 Bytes  JMP 00390A08 
.text           C:\WINDOWS\system32\LVCOMSX.EXE[2876] USER32.dll!SetWindowsHookExA                                             7E381211 5 Bytes  JMP 00390600 
.text           C:\WINDOWS\system32\LVCOMSX.EXE[2876] USER32.dll!SetWinEventHook                                               7E3817F7 5 Bytes  JMP 003901F8 
.text           C:\WINDOWS\system32\LVCOMSX.EXE[2876] USER32.dll!UnhookWinEvent                                                7E3818AC 3 Bytes  JMP 003903FC 
.text           C:\WINDOWS\system32\LVCOMSX.EXE[2876] USER32.dll!UnhookWinEvent + 4                                            7E3818B0 1 Byte  [82]
.text           C:\Programme\Alwil Software\Avast5\avastUI.exe[2908] ntdll.dll!RtlDosSearchPath_U + 186                        7C926865 1 Byte  [62]
.text           C:\Programme\Alwil Software\Avast5\avastUI.exe[2908] kernel32.dll!GetBinaryTypeW + 80                          7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!LdrLoadDll                                                              7C92632D 5 Bytes  JMP 001401F8 
.text           C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!RtlDosSearchPath_U + 186                                                7C926865 1 Byte  [62]
.text           C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!LdrUnloadDll                                                            7C9271CD 5 Bytes  JMP 001403FC 
.text           C:\WINDOWS\RTHDCPL.EXE[3224] kernel32.dll!GetBinaryTypeW + 80                                                  7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\RTHDCPL.EXE[3224] ADVAPI32.dll!SetServiceObjectSecurity                                             77E06D81 5 Bytes  JMP 00381014 
.text           C:\WINDOWS\RTHDCPL.EXE[3224] ADVAPI32.dll!ChangeServiceConfigA                                                 77E06E69 5 Bytes  JMP 00380804 
.text           C:\WINDOWS\RTHDCPL.EXE[3224] ADVAPI32.dll!ChangeServiceConfigW                                                 77E07001 5 Bytes  JMP 00380A08 
.text           C:\WINDOWS\RTHDCPL.EXE[3224] ADVAPI32.dll!ChangeServiceConfig2A                                                77E07101 5 Bytes  JMP 00380C0C 
.text           C:\WINDOWS\RTHDCPL.EXE[3224] ADVAPI32.dll!ChangeServiceConfig2W                                                77E07189 5 Bytes  JMP 00380E10 
.text           C:\WINDOWS\RTHDCPL.EXE[3224] ADVAPI32.dll!CreateServiceA                                                       77E07211 5 Bytes  JMP 003801F8 
.text           C:\WINDOWS\RTHDCPL.EXE[3224] ADVAPI32.dll!CreateServiceW                                                       77E073A9 5 Bytes  JMP 003803FC 
.text           C:\WINDOWS\RTHDCPL.EXE[3224] ADVAPI32.dll!DeleteService                                                        77E074B1 5 Bytes  JMP 00380600 
.text           C:\WINDOWS\RTHDCPL.EXE[3224] USER32.dll!SetWindowsHookExW                                                      7E37820F 5 Bytes  JMP 00390804 
.text           C:\WINDOWS\RTHDCPL.EXE[3224] USER32.dll!UnhookWindowsHookEx                                                    7E37D5F3 5 Bytes  JMP 00390A08 
.text           C:\WINDOWS\RTHDCPL.EXE[3224] USER32.dll!SetWindowsHookExA                                                      7E381211 5 Bytes  JMP 00390600 
.text           C:\WINDOWS\RTHDCPL.EXE[3224] USER32.dll!SetWinEventHook                                                        7E3817F7 5 Bytes  JMP 003901F8 
.text           C:\WINDOWS\RTHDCPL.EXE[3224] USER32.dll!UnhookWinEvent                                                         7E3818AC 3 Bytes  JMP 003903FC 
.text           C:\WINDOWS\RTHDCPL.EXE[3224] USER32.dll!UnhookWinEvent + 4                                                     7E3818B0 1 Byte  [82]
.text           C:\WINDOWS\system32\notepad.exe[3696] ntdll.dll!RtlDosSearchPath_U + 186                                       7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\notepad.exe[3696] kernel32.dll!GetBinaryTypeW + 80                                         7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\wscntfy.exe[4020] ntdll.dll!RtlDosSearchPath_U + 186                                       7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\wscntfy.exe[4020] kernel32.dll!GetBinaryTypeW + 80                                         7C868D8C 1 Byte  [62]

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\WINDOWS\system32\services.exe[1040] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW]  005E0002
IAT             C:\WINDOWS\system32\services.exe[1040] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW]        005E0000

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                         aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                         aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                       aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                      aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                      aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                    aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----
         
--- --- ---

Antwort

Themen zu Trojaner schreibt sich immer neu in Registry!
anti-malware, bli, dateien, einfach, explorer, folge, folgende, guten, internet, jahre, langsamer, log, minuten, msn, neu, probleme, registry, seite, service, software, startseite, trojaner, ungefragt, version, öffnet




Ähnliche Themen: Trojaner schreibt sich immer neu in Registry!


  1. l+f: Brasilianischer Student schreibt 100 Banking-Trojaner in drei Jahren
    Nachrichten - 10.07.2015 (0)
  2. Tastatur macht sich selbstständig und schreibt wwwww und großes h nicht möglich
    Log-Analyse und Auswertung - 25.09.2014 (15)
  3. Trojaner, der Wörter grün schreibt und sie doppelt unterstreicht
    Plagegeister aller Art und deren Bekämpfung - 20.09.2014 (10)
  4. Habe einen Trojaner, der Wörter grün schreibt und sie doppelt unterstreicht, außerdem öffnen sich ständig Pop-ups.
    Plagegeister aller Art und deren Bekämpfung - 24.08.2014 (9)
  5. Registry Cleaner Akku vom laptop wird immer leergezogen
    Log-Analyse und Auswertung - 27.06.2014 (9)
  6. Meine Festplatte schreibt sich von selbst voll.
    Log-Analyse und Auswertung - 05.03.2014 (18)
  7. Malware.Trace in Reg.-Schlüssel schreibt sich immer wieder neu
    Log-Analyse und Auswertung - 22.01.2014 (17)
  8. Trojaner/ Telekom schreibt Brief mit verdacht auf Hacking
    Log-Analyse und Auswertung - 16.06.2013 (19)
  9. PC schreibt sich selbstständig WOW Mitteilungen - auch außerhalb Game
    Log-Analyse und Auswertung - 09.11.2010 (8)
  10. Backdoor.Bot -> immer wieder in Registry eintrag zu finden.
    Log-Analyse und Auswertung - 15.08.2010 (19)
  11. Trojaner schreibt sich bei jedem Booten in den Quelltext meiner Webseiten
    Plagegeister aller Art und deren Bekämpfung - 17.02.2010 (12)
  12. Trojaner der Run Registry Eintrag immer wieder neu erstellt?
    Log-Analyse und Auswertung - 30.10.2008 (1)
  13. Hilfe!!Registry-Editor und Taskmanager immer abgeschaltet
    Plagegeister aller Art und deren Bekämpfung - 07.10.2008 (2)
  14. iframe Virus schreibt sich in index.html Seiten
    Plagegeister aller Art und deren Bekämpfung - 09.08.2007 (2)
  15. iframe Virus schreibt sich in index.html Seiten
    Plagegeister aller Art und deren Bekämpfung - 05.05.2007 (12)
  16. Registry Trace installiert sich bei Systemstart immer wieder neu
    Plagegeister aller Art und deren Bekämpfung - 07.05.2006 (8)
  17. wer schreibt 'bestweblinks' in die registry ??
    Plagegeister aller Art und deren Bekämpfung - 22.08.2005 (14)

Zum Thema Trojaner schreibt sich immer neu in Registry! - GMER Logfile: Code: Alles auswählen Aufklappen ATTFilter GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover Rootkit scan 2011-08-03 18:54:34 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-6 ST3500320AS rev.SD15 - Trojaner schreibt sich immer neu in Registry!...
Archiv
Du betrachtest: Trojaner schreibt sich immer neu in Registry! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.