| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: BKA-TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.04.2012, 13:45
| #31 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  BKA-Trojaner Ok. Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und führe CF nochmal aus
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
20.04.2012, 17:09
| #32 |
 | BKA-Trojaner also,hier ist die Datei
__________________Gruß Dani Code:
ATTFilter ComboFix 12-04-20.03 - Manuela 20.04.2012 17:46:55.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.511.267 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Manuela\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-03-20 bis 2012-04-20 ))))))))))))))))))))))))))))))
.
.
2012-04-18 09:05 . 2012-04-18 09:05 -------- d-----w- c:\programme\Microsoft
2012-04-17 18:19 . 2012-04-17 18:19 -------- d-----w- C:\_OTL
2012-04-15 15:43 . 2012-04-15 15:43 -------- d-----w- c:\programme\ESET
2012-04-12 13:50 . 2012-04-12 13:50 50477 ----a-w- c:\programme\Defogger.exe
2012-04-05 17:47 . 2012-04-05 17:47 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\GameXzone
2012-04-04 17:59 . 2012-04-04 17:59 -------- d-----w- c:\dokumente und einstellungen\Manuela\Anwendungsdaten\Twilight Games
2012-04-03 20:42 . 2012-04-03 20:42 -------- d-----w- c:\dokumente und einstellungen\Manuela\Anwendungsdaten\JaiboGames
2012-04-03 18:17 . 2012-04-03 18:17 -------- d-----w- c:\dokumente und einstellungen\Manuela\Anwendungsdaten\Mariaglorum
2012-04-03 12:18 . 2012-04-03 12:32 -------- d-----w- c:\dokumente und einstellungen\Manuela\Anwendungsdaten\QuickStoresToolbar
2012-04-03 11:39 . 2012-04-03 11:43 -------- d-----w- c:\programme\Gemeinsame Dateien\System Shared
2012-04-03 11:38 . 2011-10-26 12:12 228664 ----a-w- c:\windows\system32\wdrvtd32.dll
2012-04-03 11:38 . 2011-10-21 13:50 2250640 ----a-w- c:\windows\system32\cchservice.exe
2012-04-02 14:30 . 2012-04-02 14:31 -------- d-----w- c:\dokumente und einstellungen\Manuela\Anwendungsdaten\Kingdom of Seven Seals
2012-04-02 14:30 . 2012-04-02 14:30 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\boost_interprocess
2012-04-01 10:19 . 2012-04-01 10:19 -------- d-----w- c:\windows\system32\AGEIA
2012-04-01 10:18 . 2012-04-01 10:18 -------- d-----w- c:\programme\Gemeinsame Dateien\Wise Installation Wizard
2012-03-31 13:52 . 2008-07-30 04:20 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2012-03-31 13:52 . 2008-07-10 09:01 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2012-03-31 13:52 . 2008-07-10 09:00 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2012-03-31 13:52 . 2008-07-10 09:00 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2012-03-29 14:46 . 2012-03-29 14:46 -------- d-----w- c:\dokumente und einstellungen\Manuela\Anwendungsdaten\DieselPuppet
2012-03-26 09:47 . 2012-03-26 09:47 -------- d-----w- c:\dokumente und einstellungen\Manuela\Anwendungsdaten\LittleGamesCompany
2012-03-26 09:47 . 2012-03-26 09:47 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\LittleGamesCompany
2012-03-22 22:05 . 2012-03-22 22:05 -------- d-----w- c:\dokumente und einstellungen\Manuela\Anwendungsdaten\Boolat Games
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-19 08:04 . 2012-04-19 08:04 5691 ----a-w- C:\ComboFix.zip
2012-04-17 20:01 . 2012-04-17 20:01 3946207 ----a-w- C:\_OTL.zip
2012-04-04 13:56 . 2010-10-30 21:54 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-17 09:32 . 2011-06-16 16:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-06 23:15 . 2011-09-27 18:20 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-09-27 18:20 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-09-27 18:21 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2011-09-27 18:21 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2011-09-27 18:21 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2011-09-27 18:21 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-09-27 18:21 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-06 23:01 . 2011-09-27 18:21 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-06 23:01 . 2011-09-27 18:21 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 22:58 . 2011-09-27 18:21 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-03-01 11:00 . 2006-06-23 11:27 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:00 . 2004-05-26 14:50 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:00 . 2004-05-26 14:50 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:09 . 2004-05-26 14:51 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:09 . 2004-05-26 14:50 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 07:42 385024 ----a-w- c:\windows\system32\html.iec
2012-02-07 18:06 . 2004-05-26 17:01 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-02-07 18:06 . 2004-05-26 17:01 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-02-03 09:57 . 2009-02-12 07:32 1860224 ----a-w- c:\windows\system32\win32k.sys
2012-02-02 15:54 . 2012-02-02 15:54 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2001-08-17 . 65880045C51AA36184841CEE915A61DF . 25472 . . [5.1.2600.0] . . c:\windows\system32\drivers\AGP440.SYS
.
((((((((((((((((((((((((((((( SnapShot@2012-04-19_07.59.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-20 11:02 . 2012-04-20 11:02 16384 c:\windows\Temp\Perflib_Perfdata_128.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\programme\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-02 39408]
"Spiele Post"="c:\programme\OXXOGames\GPlayer\GameCenterNotifier.exe" [2011-10-13 479984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dit"="Dit.exe" [2002-08-28 73728]
"CHotkey"="mHotkey.exe" [2002-07-23 477184]
"avast"="c:\programme\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableClock"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 6 (0x6)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:124328d8508a
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ksupmgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 02:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FUFAXSTM]
2009-12-02 22:00 847872 ----a-w- c:\programme\Epson Software\FAX Utility\FUFAXSTM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spiele Post]
2011-10-13 08:52 479984 ----a-w- c:\programme\OXXOGames\GPlayer\GameCenterNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-09-29 20:13 61440 ----a-w- c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 12:06 254696 ----a-w- c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2012-04-02 16:06 39408 ----a-w- c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-03 07:56 204288 ------w- c:\programme\Windows Media Player\wmpnscfg.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
"UnlockerAssistant"="c:\programme\Unlocker\UnlockerAssistant.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [27.09.2011 20:21 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [27.09.2011 20:21 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27.09.2011 20:21 20696]
R2 LogWatch;Ereignisprotokoll-Überwachung;c:\programme\CA\SharedComponents\CA_LIC\LogWatNT.exe [20.09.2002 16:29 53248]
R2 Update-Service;Update-Service;c:\windows\System32\svchost.exe -k Update-Service [26.05.2004 16:51 14336]
R3 ctxc51;ctxc51;c:\windows\system32\drivers\ctxc51.sys [28.05.2004 17:20 1086853]
R3 ctxc52;ctxc52;c:\windows\system32\drivers\ctxc52.sys [28.05.2004 17:20 619369]
R3 ctxc53;ctxc53;c:\windows\system32\drivers\ctxc53.sys [28.05.2004 17:20 51493]
S2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;"c:\programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> c:\programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [02.04.2012 18:05 136176]
S3 CA_LIC_CLNT;CA-Lizenz-Client;c:\programme\CA\SharedComponents\CA_LIC\lic98rmt.exe [20.09.2002 16:27 77824]
S3 CA_LIC_SRVR;CA-Lizenzserver;c:\programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe [20.09.2002 16:41 77824]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [02.04.2012 18:05 136176]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [08.12.2010 14:52 7680]
S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [09.05.2004 20:31 24704]
S3 ute5njmx;AVZ Kernel Driver;\??\c:\windows\system32\Drivers\ute5njmx.sys --> c:\windows\system32\Drivers\ute5njmx.sys [?]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [08.12.2010 14:54 110592]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [08.12.2010 14:53 105344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service REG_MULTI_SZ Update-Service-Installer-Service
Update-Service REG_MULTI_SZ Update-Service
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2012-04-02 16:05]
.
2012-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2012-04-02 16:05]
.
2012-04-20 c:\windows\Tasks\User_Feed_Synchronization-{7C4EA040-4EEF-4B9A-95B9-B1DA16925AF5}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page =
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Easy-WebPrint Drucken - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Schnelldruck - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Vorschau - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Zu Druckliste hinzufügen - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\Manuela\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 217.68.161.141 217.68.161.171
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-04-20 17:57
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3747897397-1259788645-3456638093-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(604)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3968)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2012-04-20 18:01:22
ComboFix-quarantined-files.txt 2012-04-20 16:01
ComboFix2.txt 2012-04-19 19:22
ComboFix3.txt 2012-04-19 08:02
.
Vor Suchlauf: 15 Verzeichnis(se), 54.276.640.768 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 54.254.694.400 Bytes frei
.
- - End Of File - - 03D63586DD1EAD628EC9F63FA1282695
|
|
20.04.2012, 20:26
| #33 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA-Trojaner Ich brauch die beiden Quarantäneordner von Combofix und OTL. Bitte folgendes machen:
__________________1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen! 2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen 3.) Ordner Quarantine in C:\Qoobox in eine Datei zippen 4.) Beide erstellten ZIP-Dateien hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html Hinweis: Die Dateien bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Dateien hier als Anhang in den Thread posten! 5.) Wenns erfolgreich war Bescheid sagen 6.) Erst dann wieder den Virenscanner einschalten
__________________ |
|
22.04.2012, 10:30
| #34 |
| | BKA-Trojaner Hallo, der letzte Vorgang war erfolgreich.Daten wurden übermittelt. Gruß Danie |
|
22.04.2012, 19:17
| #35 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA-Trojaner Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.04.2012, 11:00
| #36 |
| | BKA-Trojaner hi...hier sind die log's von gmer,osam und aswMBR Gruß Dani Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-04-23 10:44:31
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST3160812A rev.3.AAE
Running: hxjp93d3.exe; Driver: C:\DOKUME~1\Manuela\LOKALE~1\Temp\pgrdrpod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xBA4A6DF8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xBA533A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xBA4A785E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xBA4D3D5D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xBA4AC2E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xBA4AC330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xBA4AC422]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xBA4D3711]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xBA4AC252]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xBA4AC374]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xBA4AC29A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xBA4AC3DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xBA4A6E44]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xBA4D4423]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xBA4D46D9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xBA4A99A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xBA4D428E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xBA4D40F9]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xBA533B34]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xBA4A6AD6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xBA4A6E90]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xBA4A9D1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xBA4A7B02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xBA4AC30E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xBA4AC352]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xBA4AC446]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xBA4D3A6D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xBA4AC278]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xBA4A9518]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xBA4AC3AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xBA4AC2C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xBA4A974C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xBA4AC400]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xBA533CA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xBA4D3F74]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xBA4A79CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xBA4D3DC6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xBA53DB68]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xBA4D2D84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xBA4A6EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xBA4A6F28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xBA4A6B46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xBA4A6CEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xBA4D452A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xBA4A6C92]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xBA4A6D5A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0xBA533D60]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xBA4A6F74]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0xBA533BE0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xBA549D92]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
PAGE ntoskrnl.exe!ObInsertObject 8056DA64 5 Bytes JMP BA54874C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 805766FB 4 Bytes CALL BA4A819F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058B9EC 7 Bytes JMP BA549D96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805AD1E0 5 Bytes JMP BA546C8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF7669000, 0x1C5D38, 0xE8000020]
init C:\WINDOWS\System32\DRIVERS\mohfilt.sys entry point in "init" section [0xF892FA60]
.text win32k.sys!EngFreeUserMem + 674 BF8098F2 5 Bytes JMP BA4AB180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D0 BF80C84E 5 Bytes JMP BA4AB07C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF8138E6 5 Bytes JMP BA4AB036 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C550 5 Bytes JMP BA4AA724 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF8240C0 5 Bytes JMP BA4A9F84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828A2A 5 Bytes JMP BA4AB2EA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF831475 5 Bytes JMP BA4AB4F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B68E BF839EB3 5 Bytes JMP BA4AAF3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF851745 5 Bytes JMP BA4A9E66 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC6A 5 Bytes JMP BA4AA7E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E2D4 5 Bytes JMP BA4AA384 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E35F 5 Bytes JMP BA4AA562 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F5D2 5 Bytes JMP BA4A9E4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5457 BF8649A1 5 Bytes JMP BA4AB0BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4128 BF873CF0 5 Bytes JMP BA4AA51C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF890FA2 5 Bytes JMP BA4AA7FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF89454D 5 Bytes JMP BA4AB232 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF895025 5 Bytes JMP BA4AB450 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 3857 BF89C3CB 5 Bytes JMP BA4AA70C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DEC BF89D960 5 Bytes JMP BA4A9FF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9E0 BF8C1EE0 5 Bytes JMP BA4AA104 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA342 5 Bytes JMP BA4AA1AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA5C2 5 Bytes JMP BA4AA2E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC017 5 Bytes JMP BA4A9D52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + CB3D BF8F5016 5 Bytes JMP BA4AA73C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19DF BF913566 5 Bytes JMP BA4A9F22 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 25B3 BF91413A 5 Bytes JMP BA4AA0B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F2C BF916AB3 5 Bytes JMP BA4AA67C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1940 BF946632 5 Bytes JMP BA4AB3A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text C:\WINDOWS\system32\drivers\ACEDRV05.sys section is writeable [0xB828C000, 0x30A4A, 0xE8000020]
.pklstb C:\WINDOWS\system32\drivers\ACEDRV05.sys entry point in ".pklstb" section [0xB82CE000]
.relo2 C:\WINDOWS\system32\drivers\ACEDRV05.sys unknown last section [0xB82E9000, 0x8E, 0x42000040]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\System32\svchost.exe[316] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[316] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[316] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[316] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[316] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[316] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[316] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[316] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[316] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[316] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[316] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[316] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[316] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[316] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[316] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[316] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[316] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\smss.exe[448] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[552] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[552] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[608] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[608] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[608] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[608] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[608] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\winlogon.exe[608] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[608] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[608] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\winlogon.exe[608] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\winlogon.exe[608] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[608] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[608] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[608] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\winlogon.exe[608] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\winlogon.exe[608] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\winlogon.exe[608] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\winlogon.exe[608] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\services.exe[660] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[660] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[660] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[660] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[660] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[660] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[660] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[660] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[660] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\lsass.exe[672] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[672] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[672] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[672] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[672] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[672] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[672] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[672] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[672] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Dit.exe[700] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\Dit.exe[700] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\Dit.exe[700] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\Dit.exe[700] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Dit.exe[700] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00381014
.text C:\WINDOWS\Dit.exe[700] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00380804
.text C:\WINDOWS\Dit.exe[700] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00380A08
.text C:\WINDOWS\Dit.exe[700] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\Dit.exe[700] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00380E10
.text C:\WINDOWS\Dit.exe[700] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003801F8
.text C:\WINDOWS\Dit.exe[700] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\Dit.exe[700] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00380600
.text C:\WINDOWS\Dit.exe[700] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\WINDOWS\Dit.exe[700] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\Dit.exe[700] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\WINDOWS\Dit.exe[700] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\Dit.exe[700] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\WINDOWS\Dit.exe[700] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\WINDOWS\System32\svchost.exe[836] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[836] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[836] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[836] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[836] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[836] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[836] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[836] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[836] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[836] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[836] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[836] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[836] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[836] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[836] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[836] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[836] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[840] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\Ati2evxx.exe[840] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[840] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\Ati2evxx.exe[840] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[840] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\Ati2evxx.exe[840] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\Ati2evxx.exe[840] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\Ati2evxx.exe[840] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\Ati2evxx.exe[840] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\WINDOWS\system32\Ati2evxx.exe[840] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\WINDOWS\system32\Ati2evxx.exe[840] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003A1014
.text C:\WINDOWS\system32\Ati2evxx.exe[840] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003A0804
.text C:\WINDOWS\system32\Ati2evxx.exe[840] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003A0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[840] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003A0C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[840] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003A0E10
.text C:\WINDOWS\system32\Ati2evxx.exe[840] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003A01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[840] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[840] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003A0600
.text C:\WINDOWS\system32\svchost.exe[856] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[856] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[856] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[856] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[856] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[856] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[856] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[856] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\mHotkey.exe[900] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\mHotkey.exe[900] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\mHotkey.exe[900] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\mHotkey.exe[900] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\mHotkey.exe[900] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00380804
.text C:\WINDOWS\mHotkey.exe[900] USER32.dll!UnhookWindowsHookEx 7E37D5F3 3 Bytes JMP 00380A08
.text C:\WINDOWS\mHotkey.exe[900] USER32.dll!UnhookWindowsHookEx + 4 7E37D5F7 1 Byte [82]
.text C:\WINDOWS\mHotkey.exe[900] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00380600
.text C:\WINDOWS\mHotkey.exe[900] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\mHotkey.exe[900] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\mHotkey.exe[900] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\WINDOWS\mHotkey.exe[900] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\WINDOWS\mHotkey.exe[900] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\WINDOWS\mHotkey.exe[900] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\WINDOWS\mHotkey.exe[900] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\mHotkey.exe[900] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\WINDOWS\mHotkey.exe[900] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\WINDOWS\mHotkey.exe[900] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\mHotkey.exe[900] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\Programme\AVAST Software\Avast\avastUI.exe[984] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\AVAST Software\Avast\avastUI.exe[984] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[992] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[992] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[992] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[992] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[992] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\ctfmon.exe[992] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\ctfmon.exe[992] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\ctfmon.exe[992] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\ctfmon.exe[992] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\ctfmon.exe[992] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\ctfmon.exe[992] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\ctfmon.exe[992] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\ctfmon.exe[992] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\ctfmon.exe[992] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\ctfmon.exe[992] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\ctfmon.exe[992] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\ctfmon.exe[992] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\System32\svchost.exe[1004] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1004] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1004] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1004] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1004] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1004] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1004] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1004] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1004] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1004] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1004] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1004] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1004] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[1068] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1068] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1068] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1068] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1068] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1068] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1068] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1068] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1068] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1068] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1068] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1068] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1068] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\UAService7.exe[1136] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\UAService7.exe[1136] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\UAService7.exe[1136] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\UAService7.exe[1136] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\UAService7.exe[1136] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\UAService7.exe[1136] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\UAService7.exe[1136] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\UAService7.exe[1136] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\UAService7.exe[1136] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\UAService7.exe[1136] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\UAService7.exe[1136] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\UAService7.exe[1136] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\Ati2evxx.exe[1164] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1164] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1164] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1164] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1164] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\Ati2evxx.exe[1164] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1164] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\Ati2evxx.exe[1164] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1164] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1164] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\WINDOWS\system32\Ati2evxx.exe[1164] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003A1014
.text C:\WINDOWS\system32\Ati2evxx.exe[1164] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003A0804
.text C:\WINDOWS\system32\Ati2evxx.exe[1164] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003A0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1164] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003A0C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[1164] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003A0E10
.text C:\WINDOWS\system32\Ati2evxx.exe[1164] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003A01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1164] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1164] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003A0600
.text C:\WINDOWS\system32\svchost.exe[1220] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1220] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1220] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\DitExp.exe[1400] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\DitExp.exe[1400] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\DitExp.exe[1400] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\DitExp.exe[1400] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\DitExp.exe[1400] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00380804
.text C:\WINDOWS\DitExp.exe[1400] USER32.dll!UnhookWindowsHookEx 7E37D5F3 3 Bytes JMP 00380A08
.text C:\WINDOWS\DitExp.exe[1400] USER32.dll!UnhookWindowsHookEx + 4 7E37D5F7 1 Byte [82]
.text C:\WINDOWS\DitExp.exe[1400] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00380600
.text C:\WINDOWS\DitExp.exe[1400] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\DitExp.exe[1400] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\DitExp.exe[1400] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\WINDOWS\DitExp.exe[1400] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\WINDOWS\DitExp.exe[1400] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\WINDOWS\DitExp.exe[1400] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\WINDOWS\DitExp.exe[1400] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\DitExp.exe[1400] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\WINDOWS\DitExp.exe[1400] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\WINDOWS\DitExp.exe[1400] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\DitExp.exe[1400] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\Dokumente und Einstellungen\Manuela\Desktop\hxjp93d3.exe[1452] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Dokumente und Einstellungen\Manuela\Desktop\hxjp93d3.exe[1452] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1472] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[1472] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1472] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002D0600
.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002D03FC
.text C:\Programme\AVAST Software\Avast\AvastSvc.exe[1576] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\AVAST Software\Avast\AvastSvc.exe[1576] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Programme\AVAST Software\Avast\AvastSvc.exe[1576] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1664] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[1664] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1664] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[1664] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1664] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\spoolsv.exe[1664] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[1664] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[1664] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\spoolsv.exe[1664] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\spoolsv.exe[1664] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[1664] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\spoolsv.exe[1664] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[1664] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\spoolsv.exe[1664] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\spoolsv.exe[1664] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\spoolsv.exe[1664] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\spoolsv.exe[1664] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[1728] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[1728] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[1728] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[1728] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[1728] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[1728] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[1728] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\alg.exe[1728] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[1728] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[1728] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\alg.exe[1728] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\alg.exe[1728] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\alg.exe[1728] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\alg.exe[1728] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\alg.exe[1728] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[1728] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[1728] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C0600
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003A0804
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003A0A08
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003A0600
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003A01F8
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\wuauclt.exe[2020] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\wuauclt.exe[2020] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[2020] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\wuauclt.exe[2020] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[2020] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\wuauclt.exe[2020] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\wuauclt.exe[2020] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\wuauclt.exe[2020] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\wuauclt.exe[2020] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\wuauclt.exe[2020] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wuauclt.exe[2020] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\wuauclt.exe[2020] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wuauclt.exe[2020] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\wuauclt.exe[2020] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\wuauclt.exe[2020] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\wuauclt.exe[2020] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\wuauclt.exe[2020] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002D03FC
.text C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe[2032] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001401F8
.text C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe[2032] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe[2032] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001403FC
.text C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe[2032] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe[2032] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00381014
.text C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe[2032] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00380804
.text C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe[2032] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00380A08
.text C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe[2032] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00380C0C
.text C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe[2032] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00380E10
.text C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe[2032] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003801F8
.text C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe[2032] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003803FC
.text C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe[2032] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00380600
.text C:\Programme\Microsoft Office\Office10\WINWORD.EXE[2896] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001401F8
.text C:\Programme\Microsoft Office\Office10\WINWORD.EXE[2896] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Microsoft Office\Office10\WINWORD.EXE[2896] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001403FC
.text C:\Programme\Microsoft Office\Office10\WINWORD.EXE[2896] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Microsoft Office\Office10\WINWORD.EXE[2896] ADVAPI32.DLL!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00381014
.text C:\Programme\Microsoft Office\Office10\WINWORD.EXE[2896] ADVAPI32.DLL!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00380804
.text C:\Programme\Microsoft Office\Office10\WINWORD.EXE[2896] ADVAPI32.DLL!ChangeServiceConfigW 77E07001 5 Bytes JMP 00380A08
.text C:\Programme\Microsoft Office\Office10\WINWORD.EXE[2896] ADVAPI32.DLL!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00380C0C
.text C:\Programme\Microsoft Office\Office10\WINWORD.EXE[2896] ADVAPI32.DLL!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00380E10
.text C:\Programme\Microsoft Office\Office10\WINWORD.EXE[2896] ADVAPI32.DLL!CreateServiceA 77E07211 5 Bytes JMP 003801F8
.text C:\Programme\Microsoft Office\Office10\WINWORD.EXE[2896] ADVAPI32.DLL!CreateServiceW 77E073A9 5 Bytes JMP 003803FC
.text C:\Programme\Microsoft Office\Office10\WINWORD.EXE[2896] ADVAPI32.DLL!DeleteService 77E074B1 5 Bytes JMP 00380600
.text C:\Programme\Microsoft Office\Office10\WINWORD.EXE[2896] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\Programme\Microsoft Office\Office10\WINWORD.EXE[2896] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\Programme\Microsoft Office\Office10\WINWORD.EXE[2896] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\Programme\Microsoft Office\Office10\WINWORD.EXE[2896] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\Programme\Microsoft Office\Office10\WINWORD.EXE[2896] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\Programme\Microsoft Office\Office10\WINWORD.EXE[2896] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\Programme\Microsoft Works\WkDStore.exe[3348] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001401F8
.text C:\Programme\Microsoft Works\WkDStore.exe[3348] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Microsoft Works\WkDStore.exe[3348] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001403FC
.text C:\Programme\Microsoft Works\WkDStore.exe[3348] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Microsoft Works\WkDStore.exe[3348] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00381014
.text C:\Programme\Microsoft Works\WkDStore.exe[3348] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00380804
.text C:\Programme\Microsoft Works\WkDStore.exe[3348] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00380A08
.text C:\Programme\Microsoft Works\WkDStore.exe[3348] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00380C0C
.text C:\Programme\Microsoft Works\WkDStore.exe[3348] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00380E10
.text C:\Programme\Microsoft Works\WkDStore.exe[3348] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003801F8
.text C:\Programme\Microsoft Works\WkDStore.exe[3348] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003803FC
.text C:\Programme\Microsoft Works\WkDStore.exe[3348] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00380600
.text C:\Programme\Microsoft Works\WkDStore.exe[3348] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\Programme\Microsoft Works\WkDStore.exe[3348] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\Programme\Microsoft Works\WkDStore.exe[3348] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\Programme\Microsoft Works\WkDStore.exe[3348] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\Programme\Microsoft Works\WkDStore.exe[3348] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\Programme\Microsoft Works\WkDStore.exe[3348] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[660] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005E0002
IAT C:\WINDOWS\system32\services.exe[660] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005E0000
IAT C:\Programme\AVAST Software\Avast\avastUI.exe[984] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Programme\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Programme\AVAST Software\Avast\AvastSvc.exe[1576] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Programme\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
Device \FileSystem\Cdfs \Cdfs B77E2400
---- EOF - GMER 1.0.15 ----
|
|
23.04.2012, 11:01
| #37 |
| | BKA-TrojanerCode:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-04-23 10:44:31
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST3160812A rev.3.AAE
Running: hxjp93d3.exe; Driver: C:\DOKUME~1\Manuela\LOKALE~1\Temp\pgrdrpod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xBA4A6DF8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xBA533A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xBA4A785E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xBA4D3D5D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xBA4AC2E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xBA4AC330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xBA4AC422]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xBA4D3711]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xBA4AC252]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xBA4AC374]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xBA4AC29A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xBA4AC3DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xBA4A6E44]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xBA4D4423]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xBA4D46D9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xBA4A99A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xBA4D428E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xBA4D40F9]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xBA533B34]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xBA4A6AD6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xBA4A6E90]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xBA4A9D1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xBA4A7B02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xBA4AC30E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xBA4AC352]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xBA4AC446]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xBA4D3A6D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xBA4AC278]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xBA4A9518]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xBA4AC3AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xBA4AC2C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xBA4A974C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xBA4AC400]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xBA533CA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xBA4D3F74]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xBA4A79CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xBA4D3DC6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xBA53DB68]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xBA4D2D84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xBA4A6EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xBA4A6F28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xBA4A6B46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xBA4A6CEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xBA4D452A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xBA4A6C92]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xBA4A6D5A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0xBA533D60]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xBA4A6F74]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0xBA533BE0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xBA549D92]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
PAGE ntoskrnl.exe!ObInsertObject 8056DA64 5 Bytes JMP BA54874C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 805766FB 4 Bytes CALL BA4A819F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058B9EC 7 Bytes JMP BA549D96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805AD1E0 5 Bytes JMP BA546C8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF7669000, 0x1C5D38, 0xE8000020]
init C:\WINDOWS\System32\DRIVERS\mohfilt.sys entry point in "init" section [0xF892FA60]
.text win32k.sys!EngFreeUserMem + 674 BF8098F2 5 Bytes JMP BA4AB180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D0 BF80C84E 5 Bytes JMP BA4AB07C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF8138E6 5 Bytes JMP BA4AB036 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C550 5 Bytes JMP BA4AA724 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF8240C0 5 Bytes JMP BA4A9F84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828A2A 5 Bytes JMP BA4AB2EA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF831475 5 Bytes JMP BA4AB4F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B68E BF839EB3 5 Bytes JMP BA4AAF3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF851745 5 Bytes JMP BA4A9E66 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC6A 5 Bytes JMP BA4AA7E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E2D4 5 Bytes JMP BA4AA384 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E35F 5 Bytes JMP BA4AA562 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F5D2 5 Bytes JMP BA4A9E4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5457 BF8649A1 5 Bytes JMP BA4AB0BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4128 BF873CF0 5 Bytes JMP BA4AA51C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF890FA2 5 Bytes JMP BA4AA7FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF89454D 5 Bytes JMP BA4AB232 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF895025 5 Bytes JMP BA4AB450 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 3857 BF89C3CB 5 Bytes JMP BA4AA70C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DEC BF89D960 5 Bytes JMP BA4A9FF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9E0 BF8C1EE0 5 Bytes JMP BA4AA104 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA342 5 Bytes JMP BA4AA1AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA5C2 5 Bytes JMP BA4AA2E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC017 5 Bytes JMP BA4A9D52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + CB3D BF8F5016 5 Bytes JMP BA4AA73C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19DF BF913566 5 Bytes JMP BA4A9F22 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 25B3 BF91413A 5 Bytes JMP BA4AA0B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F2C BF916AB3 5 Bytes JMP BA4AA67C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1940 BF946632 5 Bytes JMP BA4AB3A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text C:\WINDOWS\system32\drivers\ACEDRV05.sys section is writeable [0xB828C000, 0x30A4A, 0xE8000020]
.pklstb C:\WINDOWS\system32\drivers\ACEDRV05.sys entry point in ".pklstb" section [0xB82CE000]
.relo2 C:\WINDOWS\system32\drivers\ACEDRV05.sys unknown last section [0xB82E9000, 0x8E, 0x42000040]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\System32\svchost.exe[316] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[316] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[316] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[316] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[316] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[316] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[316] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[316] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[316] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[316] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[316] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[316] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[316] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[316] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[316] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[316] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[316] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\smss.exe[448] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[552] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[552] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[608] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[608] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[608] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[608] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[608] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\winlogon.exe[608] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[608] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[608] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\winlogon.exe[608] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\winlogon.exe[608] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[608] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[608] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[608] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\winlogon.exe[608] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\winlogon.exe[608] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\winlogon.exe[608] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\winlogon.exe[608] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\services.exe[660] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[660] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[660] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[660] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[660] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[660] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[660] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[660] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[660] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\lsass.exe[672] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[672] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[672] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[672] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[672] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[672] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[672] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[672] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[672] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Dit.exe[700] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\Dit.exe[700] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\Dit.exe[700] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\Dit.exe[700] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Dit.exe[700] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00381014
.text C:\WINDOWS\Dit.exe[700] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00380804
.text C:\WINDOWS\Dit.exe[700] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00380A08
.text C:\WINDOWS\Dit.exe[700] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\Dit.exe[700] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00380E10
.text C:\WINDOWS\Dit.exe[700] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003801F8
.text C:\WINDOWS\Dit.exe[700] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\Dit.exe[700] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00380600
.text C:\WINDOWS\Dit.exe[700] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\WINDOWS\Dit.exe[700] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\Dit.exe[700] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\WINDOWS\Dit.exe[700] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\Dit.exe[700] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\WINDOWS\Dit.exe[700] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\WINDOWS\System32\svchost.exe[836] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[836] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[836] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[836] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[836] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[836] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[836] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[836] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[836] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[836] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[836] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[836] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[836] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[836] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[836] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[836] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[836] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[840] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\Ati2evxx.exe[840] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[840] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\Ati2evxx.exe[840] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[840] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\Ati2evxx.exe[840] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\Ati2evxx.exe[840] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\Ati2evxx.exe[840] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\Ati2evxx.exe[840] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\WINDOWS\system32\Ati2evxx.exe[840] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\WINDOWS\system32\Ati2evxx.exe[840] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003A1014
.text C:\WINDOWS\system32\Ati2evxx.exe[840] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003A0804
.text C:\WINDOWS\system32\Ati2evxx.exe[840] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003A0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[840] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003A0C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[840] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003A0E10
.text C:\WINDOWS\system32\Ati2evxx.exe[840] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003A01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[840] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[840] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003A0600
.text C:\WINDOWS\system32\svchost.exe[856] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[856] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[856] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[856] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[856] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[856] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[856] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[856] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\mHotkey.exe[900] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\mHotkey.exe[900] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\mHotkey.exe[900] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\mHotkey.exe[900] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\mHotkey.exe[900] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00380804
.text C:\WINDOWS\mHotkey.exe[900] USER32.dll!UnhookWindowsHookEx 7E37D5F3 3 Bytes JMP 00380A08
.text C:\WINDOWS\mHotkey.exe[900] USER32.dll!UnhookWindowsHookEx + 4 7E37D5F7 1 Byte [82]
.text C:\WINDOWS\mHotkey.exe[900] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00380600
.text C:\WINDOWS\mHotkey.exe[900] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\mHotkey.exe[900] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\mHotkey.exe[900] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\WINDOWS\mHotkey.exe[900] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\WINDOWS\mHotkey.exe[900] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\WINDOWS\mHotkey.exe[900] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\WINDOWS\mHotkey.exe[900] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\mHotkey.exe[900] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\WINDOWS\mHotkey.exe[900] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\WINDOWS\mHotkey.exe[900] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\mHotkey.exe[900] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\Programme\AVAST Software\Avast\avastUI.exe[984] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\AVAST Software\Avast\avastUI.exe[984] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[992] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[992] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[992] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[992] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[992] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\ctfmon.exe[992] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\ctfmon.exe[992] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\ctfmon.exe[992] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\ctfmon.exe[992] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\ctfmon.exe[992] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\ctfmon.exe[992] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\ctfmon.exe[992] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\ctfmon.exe[992] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\ctfmon.exe[992] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\ctfmon.exe[992] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\ctfmon.exe[992] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\ctfmon.exe[992] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\System32\svchost.exe[1004] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1004] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1004] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1004] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1004] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1004] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1004] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1004] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1004] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1004] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1004] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1004] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1004] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[1068] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1068] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1068] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1068] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1068] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1068] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1068] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1068] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1068] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1068] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1068] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1068] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1068] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\UAService7.exe[1136] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\UAService7.exe[1136] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\UAService7.exe[1136] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\UAService7.exe[1136] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\UAService7.exe[1136] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\UAService7.exe[1136] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\UAService7.exe[1136] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\UAService7.exe[1136] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\UAService7.exe[1136] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\UAService7.exe[1136] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\UAService7.exe[1136] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\UAService7.exe[1136] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\Ati2evxx.exe[1164] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1164] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1164] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1164] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1164] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\Ati2evxx.exe[1164] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1164] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\Ati2evxx.exe[1164] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1164] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1164] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\WINDOWS\system32\Ati2evxx.exe[1164] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003A1014
.text C:\WINDOWS\system32\Ati2evxx.exe[1164] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003A0804
.text C:\WINDOWS\system32\Ati2evxx.exe[1164] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003A0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1164] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003A0C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[1164] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003A0E10
.text C:\WINDOWS\system32\Ati2evxx.exe[1164] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003A01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1164] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1164] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003A0600
.text C:\WINDOWS\system32\svchost.exe[1220] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1220] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1220] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\DitExp.exe[1400] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\DitExp.exe[1400] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\DitExp.exe[1400] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\DitExp.exe[1400] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\DitExp.exe[1400] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00380804
.text C:\WINDOWS\DitExp.exe[1400] USER32.dll!UnhookWindowsHookEx 7E37D5F3 3 Bytes JMP 00380A08
.text C:\WINDOWS\DitExp.exe[1400] USER32.dll!UnhookWindowsHookEx + 4 7E37D5F7 1 Byte [82]
.text C:\WINDOWS\DitExp.exe[1400] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00380600
.text C:\WINDOWS\DitExp.exe[1400] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\DitExp.exe[1400] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\DitExp.exe[1400] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\WINDOWS\DitExp.exe[1400] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\WINDOWS\DitExp.exe[1400] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\WINDOWS\DitExp.exe[1400] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\WINDOWS\DitExp.exe[1400] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\DitExp.exe[1400] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\WINDOWS\DitExp.exe[1400] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\WINDOWS\DitExp.exe[1400] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\DitExp.exe[1400] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\Dokumente und Einstellungen\Manuela\Desktop\hxjp93d3.exe[1452] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Dokumente und Einstellungen\Manuela\Desktop\hxjp93d3.exe[1452] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1472] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[1472] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1472] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002D0600
.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002D03FC
.text C:\Programme\AVAST Software\Avast\AvastSvc.exe[1576] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\AVAST Software\Avast\AvastSvc.exe[1576] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Programme\AVAST Software\Avast\AvastSvc.exe[1576] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1664] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[1664] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1664] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[1664] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1664] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\spoolsv.exe[1664] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[1664] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[1664] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\spoolsv.exe[1664] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\spoolsv.exe[1664] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[1664] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\spoolsv.exe[1664] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[1664] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\spoolsv.exe[1664] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\spoolsv.exe[1664] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\spoolsv.exe[1664] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\spoolsv.exe[1664] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[1728] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[1728] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[1728] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[1728] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[1728] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[1728] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[1728] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\alg.exe[1728] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[1728] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[1728] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\alg.exe[1728] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\alg.exe[1728] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\alg.exe[1728] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\alg.exe[1728] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\alg.exe[1728] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[1728] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[1728] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C0600
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003A0804
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003A0A08
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003A0600
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003A01F8
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\wuauclt.exe[2020] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\wuauclt.exe[2020] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[2020] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\wuauclt.exe[2020] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[2020] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\wuauclt.exe[2020] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\wuauclt.exe[2020] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\wuauclt.exe[2020] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\wuauclt.exe[2020] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\wuauclt.exe[2020] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wuauclt.exe[2020] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\wuauclt.exe[2020] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wuauclt.exe[2020] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\wuauclt.exe[2020] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\wuauclt.exe[2020] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\wuauclt.exe[2020] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\wuauclt.exe[2020] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002D03FC
.text C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe[2032] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001401F8
.text C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe[2032] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe[2032] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001403FC
.text C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe[2032] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe[2032] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00381014
.text C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe[2032] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00380804
.text C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe[2032] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00380A08
.text C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe[2032] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00380C0C
.text C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe[2032] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00380E10
.text C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe[2032] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003801F8
.text C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe[2032] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003803FC
.text C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe[2032] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00380600
.text C:\Programme\Microsoft Office\Office10\WINWORD.EXE[2896] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001401F8
.text C:\Programme\Microsoft Office\Office10\WINWORD.EXE[2896] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Microsoft Office\Office10\WINWORD.EXE[2896] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001403FC
.text C:\Programme\Microsoft Office\Office10\WINWORD.EXE[2896] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Microsoft Office\Office10\WINWORD.EXE[2896] ADVAPI32.DLL!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00381014
.text C:\Programme\Microsoft Office\Office10\WINWORD.EXE[2896] ADVAPI32.DLL!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00380804
.text C:\Programme\Microsoft Office\Office10\WINWORD.EXE[2896] ADVAPI32.DLL!ChangeServiceConfigW 77E07001 5 Bytes JMP 00380A08
.text C:\Programme\Microsoft Office\Office10\WINWORD.EXE[2896] ADVAPI32.DLL!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00380C0C
.text C:\Programme\Microsoft Office\Office10\WINWORD.EXE[2896] ADVAPI32.DLL!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00380E10
.text C:\Programme\Microsoft Office\Office10\WINWORD.EXE[2896] ADVAPI32.DLL!CreateServiceA 77E07211 5 Bytes JMP 003801F8
.text C:\Programme\Microsoft Office\Office10\WINWORD.EXE[2896] ADVAPI32.DLL!CreateServiceW 77E073A9 5 Bytes JMP 003803FC
.text C:\Programme\Microsoft Office\Office10\WINWORD.EXE[2896] ADVAPI32.DLL!DeleteService 77E074B1 5 Bytes JMP 00380600
.text C:\Programme\Microsoft Office\Office10\WINWORD.EXE[2896] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\Programme\Microsoft Office\Office10\WINWORD.EXE[2896] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\Programme\Microsoft Office\Office10\WINWORD.EXE[2896] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\Programme\Microsoft Office\Office10\WINWORD.EXE[2896] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\Programme\Microsoft Office\Office10\WINWORD.EXE[2896] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\Programme\Microsoft Office\Office10\WINWORD.EXE[2896] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\Programme\Microsoft Works\WkDStore.exe[3348] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001401F8
.text C:\Programme\Microsoft Works\WkDStore.exe[3348] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Microsoft Works\WkDStore.exe[3348] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001403FC
.text C:\Programme\Microsoft Works\WkDStore.exe[3348] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Microsoft Works\WkDStore.exe[3348] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00381014
.text C:\Programme\Microsoft Works\WkDStore.exe[3348] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00380804
.text C:\Programme\Microsoft Works\WkDStore.exe[3348] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00380A08
.text C:\Programme\Microsoft Works\WkDStore.exe[3348] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00380C0C
.text C:\Programme\Microsoft Works\WkDStore.exe[3348] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00380E10
.text C:\Programme\Microsoft Works\WkDStore.exe[3348] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003801F8
.text C:\Programme\Microsoft Works\WkDStore.exe[3348] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003803FC
.text C:\Programme\Microsoft Works\WkDStore.exe[3348] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00380600
.text C:\Programme\Microsoft Works\WkDStore.exe[3348] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\Programme\Microsoft Works\WkDStore.exe[3348] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\Programme\Microsoft Works\WkDStore.exe[3348] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\Programme\Microsoft Works\WkDStore.exe[3348] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\Programme\Microsoft Works\WkDStore.exe[3348] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\Programme\Microsoft Works\WkDStore.exe[3348] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[660] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005E0002
IAT C:\WINDOWS\system32\services.exe[660] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005E0000
IAT C:\Programme\AVAST Software\Avast\avastUI.exe[984] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Programme\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Programme\AVAST Software\Avast\AvastSvc.exe[1576] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Programme\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
Device \FileSystem\Cdfs \Cdfs B77E2400
---- EOF - GMER 1.0.15 ----
|
|
23.04.2012, 11:02
| #38 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA-Trojaner Warum 2x GMER?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.04.2012, 11:05
| #39 |
| | BKA-TrojanerCode:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-23 11:02:32
-----------------------------
11:02:32.578 OS Version: Windows 5.1.2600 Service Pack 3
11:02:32.578 Number of processors: 1 586 0x303
11:02:32.578 ComputerName: ANDIUNDDANI UserName: Manuela
11:02:34.093 Initialize success
11:02:35.000 AVAST engine defs: 12042201
11:04:22.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
11:04:22.984 Disk 0 Vendor: ST3160812A 3.AAE Size: 152627MB BusType: 3
11:04:23.015 Disk 0 MBR read successfully
11:04:23.015 Disk 0 MBR scan
11:04:23.078 Disk 0 unknown MBR code
11:04:23.078 Disk 0 Partition - 00 0F Extended LBA 77014 MB offset 154850535
11:04:23.093 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 75610 MB offset 63
11:04:23.156 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 70088 MB offset 154850598
11:04:23.156 Disk 0 Partition - 00 05 Extended 6926 MB offset 298391310
11:04:23.187 Disk 0 Partition 3 00 0B FAT32 MSWIN4.1 6926 MB offset 298391373
11:04:23.218 Disk 0 scanning sectors +312576705
11:04:23.468 Disk 0 scanning C:\WINDOWS\system32\drivers
11:05:04.859 Service scanning
11:05:18.921 Modules scanning
11:05:56.203 Disk 0 trace - called modules:
11:05:56.234 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
11:05:56.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82fd6ab8]
11:05:56.234 3 CLASSPNP.SYS[f8605fd7] -> nt!IofCallDriver -> \Device\0000005a[0x82fe01a8]
11:05:56.250 5 ACPI.sys[f856b620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x82f82d98]
11:05:56.546 AVAST engine scan C:\WINDOWS
11:06:22.390 AVAST engine scan C:\WINDOWS\system32
11:10:43.140 AVAST engine scan C:\WINDOWS\system32\drivers
11:11:01.031 AVAST engine scan C:\Dokumente und Einstellungen\Manuela
11:18:39.187 AVAST engine scan C:\Dokumente und Einstellungen\All Users
11:21:11.421 Scan finished successfully
11:25:43.734 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Manuela\Desktop\MBR.dat"
11:25:43.734 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Manuela\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-23 11:30:20
-----------------------------
11:30:20.093 OS Version: Windows 5.1.2600 Service Pack 3
11:30:20.093 Number of processors: 1 586 0x303
11:30:20.093 ComputerName: ANDIUNDDANI UserName: Manuela
11:30:20.812 Initialize success
11:30:21.421 AVAST engine defs: 12042201
11:30:25.343 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
11:30:25.343 Disk 0 Vendor: ST3160812A 3.AAE Size: 152627MB BusType: 3
11:30:25.390 Disk 0 MBR read successfully
11:30:25.390 Disk 0 MBR scan
11:30:25.390 Disk 0 unknown MBR code
11:30:25.390 Disk 0 Partition - 00 0F Extended LBA 77014 MB offset 154850535
11:30:25.437 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 75610 MB offset 63
11:30:25.468 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 70088 MB offset 154850598
11:30:25.484 Disk 0 Partition - 00 05 Extended 6926 MB offset 298391310
11:30:25.515 Disk 0 Partition 3 00 0B FAT32 MSWIN4.1 6926 MB offset 298391373
11:30:25.531 Disk 0 scanning sectors +312576705
11:30:25.656 Disk 0 scanning C:\WINDOWS\system32\drivers
11:30:43.046 Service scanning
11:30:57.828 Modules scanning
11:31:07.875 Disk 0 trace - called modules:
11:31:07.890 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
11:31:07.890 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82fd6ab8]
11:31:07.906 3 CLASSPNP.SYS[f8605fd7] -> nt!IofCallDriver -> \Device\0000005a[0x82fe01a8]
11:31:07.906 5 ACPI.sys[f856b620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x82f82d98]
11:31:08.187 AVAST engine scan C:\WINDOWS
11:31:18.625 AVAST engine scan C:\WINDOWS\system32
11:34:33.671 AVAST engine scan C:\WINDOWS\system32\drivers
11:34:49.843 AVAST engine scan C:\Dokumente und Einstellungen\Manuela
11:39:55.953 AVAST engine scan C:\Dokumente und Einstellungen\All Users
11:41:21.687 Scan finished successfully
11:43:32.734 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Manuela\Desktop\MBR.dat"
11:43:32.750 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Manuela\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-23 11:30:20
-----------------------------
11:30:20.093 OS Version: Windows 5.1.2600 Service Pack 3
11:30:20.093 Number of processors: 1 586 0x303
11:30:20.093 ComputerName: ANDIUNDDANI UserName: Manuela
11:30:20.812 Initialize success
11:30:21.421 AVAST engine defs: 12042201
11:30:25.343 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
11:30:25.343 Disk 0 Vendor: ST3160812A 3.AAE Size: 152627MB BusType: 3
11:30:25.390 Disk 0 MBR read successfully
11:30:25.390 Disk 0 MBR scan
11:30:25.390 Disk 0 unknown MBR code
11:30:25.390 Disk 0 Partition - 00 0F Extended LBA 77014 MB offset 154850535
11:30:25.437 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 75610 MB offset 63
11:30:25.468 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 70088 MB offset 154850598
11:30:25.484 Disk 0 Partition - 00 05 Extended 6926 MB offset 298391310
11:30:25.515 Disk 0 Partition 3 00 0B FAT32 MSWIN4.1 6926 MB offset 298391373
11:30:25.531 Disk 0 scanning sectors +312576705
11:30:25.656 Disk 0 scanning C:\WINDOWS\system32\drivers
11:30:43.046 Service scanning
11:30:57.828 Modules scanning
11:31:07.875 Disk 0 trace - called modules:
11:31:07.890 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
11:31:07.890 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82fd6ab8]
11:31:07.906 3 CLASSPNP.SYS[f8605fd7] -> nt!IofCallDriver -> \Device\0000005a[0x82fe01a8]
11:31:07.906 5 ACPI.sys[f856b620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x82f82d98]
11:31:08.187 AVAST engine scan C:\WINDOWS
11:31:18.625 AVAST engine scan C:\WINDOWS\system32
11:34:33.671 AVAST engine scan C:\WINDOWS\system32\drivers
11:34:49.843 AVAST engine scan C:\Dokumente und Einstellungen\Manuela
11:39:55.953 AVAST engine scan C:\Dokumente und Einstellungen\All Users
11:41:21.687 Scan finished successfully
11:43:32.734 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Manuela\Desktop\MBR.dat"
11:43:32.750 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Manuela\Desktop\aswMBR.txt"
11:43:57.140 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Manuela\Desktop\MBR.dat"
11:43:57.140 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Manuela\Desktop\aswMBR.txt"
 |
|
23.04.2012, 11:09
| #41 |
| | BKA-Trojaner entschuldige...habe ich verwechselt hier ist osam Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 10:58:07 on 23.04.2012 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - "AVAST Software" - C:\WINDOWS\system32\aswBoot.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "ImageDrive.cpl" - "Nero AG" - C:\WINDOWS\system32\ImageDrive.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl "QTW32.CPL" - "Apple Computer, Inc." - C:\WINDOWS\system32\QTW32.CPL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir PersonalEdition Classic " - ? - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl (File not found) [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ACEDRV05" (ACEDRV05) - "Protect Software GmbH" - C:\WINDOWS\system32\drivers\ACEDRV05.sys "aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswFsBlk.sys "aswRdr" (aswRdr) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswRdr.sys "aswSnx" (aswSnx) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswSnx.sys "aswSP" (aswSP) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswSP.sys "avast! Asynchronous Virus Monitor" (Aavmker4) - "AVAST Software" - C:\WINDOWS\system32\drivers\Aavmker4.sys "avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswTdi.sys "avast! Standard Shield Support" (aswMon2) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswMon2.sys "AVZ Kernel Driver" (ute5njmx) - ? - C:\WINDOWS\system32\Drivers\ute5njmx.sys (File not found) "catchme" (catchme) - ? - C:\DOKUME~1\Manuela\LOKALE~1\Temp\catchme.sys (File not found) "CdaD10BA" (CdaD10BA) - "Macrovision Europe Ltd" - C:\WINDOWS\system32\drivers\CdaD10BA.SYS "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "imagedrv" (imagedrv) - ? - C:\WINDOWS\System32\Drivers\imagedrv.sys (File not found) "imagesrv" (imagesrv) - ? - C:\WINDOWS\System32\DRIVERS\imagesrv.sys (File not found) "Intel AGP-Bus-Filter" (agp440) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\agp440.sys "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "Logitech SetPoint Keyboard Driver" (L8042Kbd) - "Logitech, Inc." - C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys "MxlW2k" (MxlW2k) - "MusicMatch, Inc." - C:\WINDOWS\system32\drivers\MxlW2k.sys "Padus ASPI Shell" (pfc) - "Padus, Inc." - C:\WINDOWS\System32\drivers\pfc.sys "PCI-Bus-Treiber" (PCI) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\pci.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "pgrdrpod" (pgrdrpod) - ? - C:\DOKUME~1\Manuela\LOKALE~1\Temp\pgrdrpod.sys (Hidden registry entry, rootkit activity | File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "SetPoint Mouse Filter Driver" (LMouKE) - "Logitech, Inc." - C:\WINDOWS\System32\DRIVERS\LMouKE.Sys "SetPoint PS/2 Mouse Filter Driver" (L8042mou) - "Logitech, Inc." - C:\WINDOWS\System32\DRIVERS\L8042mou.Sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys (File not found) "WAN Miniport (ATW)" (wanatw) - ? - C:\WINDOWS\System32\DRIVERS\wanatw4.sys (File not found) "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll {7D4D6379-F301-4311-BEBA-E26EB0561882} "{7D4D6379-F301-4311-BEBA-E26EB0561882}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll {8E2D00A0-82C6-4821-90BC-07F290841BB6} "XEB Navigation Filter" - ? - C:\Programme\Gemeinsame Dateien\fluxDVD\Lib\XEB\xebnavigation.ax -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - D:\7-Zip\7-zip.dll {472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Programme\AVAST Software\Avast\ashShell.dll {87D62D94-71B3-4b9a-9489-5FE6850DC73E} "Avi Properties Handler" - ? - (File not found | COM-object registry key not found) {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found) {88895560-9AA2-1069-930E-00AA0030EBC8} "Erweiterung für HyperTerminal-Icons" - ? - (File not found | COM-object registry key not found) {C9CF278C-460E-4917-BC43-3F75E6E47D3D} "fluxDVD Shell Information Extractor" - "ACE GmbH" - C:\PROGRA~1\GEMEIN~1\fluxDVD\Lib\XEB\XEBShell.dll {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {DCED20BE-3645-11D4-BC95-00C04F0E0588} "InoShell" - ? - (File not found | COM-object registry key not found) {CA5FEE26-14C1-4B5A-86E9-233FC0EE2682} "IZArc DragDrop Menu" - ? - C:\Programme\IZArc\IZArcCM.dll (File found, but it contains no detailed information) {8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5} "IZArc Shell Context Menu" - ? - C:\Programme\IZArc\IZArcCM.dll (File found, but it contains no detailed information) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {D9872D13-7651-4471-9EEE-F0A00218BEBB} "Multiscan" - ? - (File not found | COM-object registry key not found) {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler" - ? - (File not found | COM-object registry key not found) {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {e57ce731-33e8-4c51-8354-bb4de9d215d1} "Universelle Plug & Play-Geräte" - ? - (File not found | COM-object registry key not found) {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? - (File not found | COM-object registry key not found) -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "MedionShop" - ? - hxxp://www.medionshop.de/ (HTTP value) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" - ? - (File not found | COM-object registry key not found) <binary data> "{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" - ? - (File not found | COM-object registry key not found) <binary data> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- DirectAnimation Java Classes "DirectAnimation Java Classes" - ? - (File not found | COM-object registry key not found) / file://C:\WINDOWS\Java\classes\dajava.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_30.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_30.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_30.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab Microsoft XML Parser for Java "Microsoft XML Parser for Java" - ? - (File not found | COM-object registry key not found) / file://C:\WINDOWS\Java\classes\xmldso.cab {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "avast! WebRep" - "AVAST Software" - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll {9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} "QuickStores-Toolbar" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! WebRep" - "AVAST Software" - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll {9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} "QuickStores-Toolbar" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll [Logon] -----( %UserProfile%\Startmenü\Programme\Autostart )----- "Desktop.ini" - ? - C:\Dokumente und Einstellungen\Manuela\Startmenü\Programme\Autostart\Desktop.ini -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avast" - "AVAST Software" - "C:\Programme\AVAST Software\Avast\avastUI.exe" /nogui "CHotkey" - "Chicony" - mHotkey.exe "Dit" - ? - Dit.exe (File found, but it contains no detailed information) [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Canon BJ Language Monitor i560" - "CANON INC." - C:\WINDOWS\system32\CNMLM58.DLL "Canon BJ Language Monitor MP510" - "CANON INC." - C:\WINDOWS\system32\CNMLM85.DLL "EPSON Stylus DX4400 Series 32MonitorBE" - "SEIKO EPSON CORPORATION" - C:\WINDOWS\system32\E_FLBCAE.DLL "PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "ArcSoft Connect Daemon" (ACDaemon) - ? - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (File not found) "ATI Smart" (ATI Smart) - ? - C:\WINDOWS\system32\ati2sgag.exe "Automatisches LiveUpdate - Scheduler" (Automatisches LiveUpdate - Scheduler) - ? - "C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe" (File not found) "avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Programme\AVAST Software\Avast\AvastSvc.exe "CA-Lizenz-Client" (CA_LIC_CLNT) - "Computer Associates" - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe "CA-Lizenzserver" (CA_LIC_SRVR) - "Computer Associates" - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe "Ereignisprotokoll-Überwachung" (LogWatch) - "Computer Associates" - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "License Management Service ESD" (License Management Service ESD) - ? - "C:\Programme\Gemeinsame Dateien\element5 Shared\Service\Licence Manager ESD.exe" (File not found) "LiveUpdate" (LiveUpdate) - ? - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" (File not found) "NMIndexingService" (NMIndexingService) - ? - "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe" (File not found) "SecuROM User Access Service (V7)" (UserAccess7) - ? - C:\WINDOWS\system32\UAService7.exe (File found, but it contains no detailed information) "Symantec Core LC" (Symantec Core LC) - ? - "C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe" (File not found) "Update-Service" (Update-Service) - "Joosoft.com GmbH" - C:\WINDOWS\System32\UpdSvc.dll "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru  |
|
23.04.2012, 11:46
| #42 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA-Trojaner Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.04.2012, 13:30
| #43 |
| | BKA-TrojanerCode:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-23 14:04:06
-----------------------------
14:04:06.203 OS Version: Windows 5.1.2600 Service Pack 3
14:04:06.203 Number of processors: 1 586 0x303
14:04:06.203 ComputerName: ANDIUNDDANI UserName: Manuela
14:04:07.343 Initialize success
14:04:07.468 AVAST engine defs: 12042300
14:04:12.046 Verifying
14:04:22.046 Disk 0 Windows 501 MBR fixed successfully
14:05:39.562 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Manuela\Desktop\MBR.dat"
14:05:39.562 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Manuela\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-23 14:11:35
-----------------------------
14:11:35.531 OS Version: Windows 5.1.2600 Service Pack 3
14:11:35.531 Number of processors: 1 586 0x303
14:11:35.531 ComputerName: ANDIUNDDANI UserName: Manuela
14:11:35.875 Initialize success
14:11:36.218 AVAST engine defs: 12042300
14:11:39.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
14:11:39.500 Disk 0 Vendor: ST3160812A 3.AAE Size: 152627MB BusType: 3
14:11:39.515 Disk 0 MBR read successfully
14:11:39.531 Disk 0 MBR scan
14:11:39.531 Disk 0 Windows XP default MBR code
14:11:39.531 Disk 0 Partition - 00 0F Extended LBA 77014 MB offset 154850535
14:11:39.531 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 75610 MB offset 63
14:11:39.562 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 70088 MB offset 154850598
14:11:39.578 Disk 0 Partition - 00 05 Extended 6926 MB offset 298391310
14:11:39.750 Disk 0 Partition 3 00 0B FAT32 MSWIN4.1 6926 MB offset 298391373
14:11:39.796 Disk 0 scanning sectors +312576705
14:11:39.906 Disk 0 scanning C:\WINDOWS\system32\drivers
14:11:54.312 Service scanning
14:12:07.500 Modules scanning
14:12:12.609 Disk 0 trace - called modules:
14:12:12.609 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
14:12:12.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82fd6ab8]
14:12:12.625 3 CLASSPNP.SYS[f8605fd7] -> nt!IofCallDriver -> \Device\0000005a[0x82fe01a8]
14:12:12.625 5 ACPI.sys[f856b620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x82f82d98]
14:12:12.906 AVAST engine scan C:\WINDOWS
14:12:20.218 AVAST engine scan C:\WINDOWS\system32
14:15:00.968 AVAST engine scan C:\WINDOWS\system32\drivers
14:15:14.265 AVAST engine scan C:\Dokumente und Einstellungen\Manuela
14:22:57.031 AVAST engine scan C:\Dokumente und Einstellungen\All Users
14:26:40.921 Scan finished successfully
14:27:23.078 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Manuela\Desktop\MBR.dat"
14:27:23.109 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Manuela\Desktop\aswMBR.txt"
|
|
23.04.2012, 13:46
| #44 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA-Trojaner Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.04.2012, 16:37
| #45 |
| | BKA-Trojaner anbei die zwei log's Grüße Dani Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.04.23.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Manuela :: ANDIUNDDANI [Administrator] 23.04.2012 15:14:16 mbam-log-2012-04-23 (15-14-16).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 288914 Laufzeit: 49 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 04/23/2012 at 05:20 PM
Application Version : 5.0.1146
Core Rules Database Version : 8493
Trace Rules Database Version: 6305
Scan type : Complete Scan
Total Scan Time : 00:52:33
Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 472
Memory threats detected : 0
Registry items scanned : 35199
Registry threats detected : 0
File items scanned : 36486
File threats detected : 59
Adware.Tracking Cookie
C:\Dokumente und Einstellungen\Manuela\Cookies\96XY10FL.txt [ /ad3.adfarm1.adition.com ]
C:\Dokumente und Einstellungen\Manuela\Cookies\5WA9EYS2.txt [ /apmebf.com ]
C:\Dokumente und Einstellungen\Manuela\Cookies\SEZ86CUY.txt [ /webmasterplan.com ]
C:\Dokumente und Einstellungen\Manuela\Cookies\82OIH541.txt [ /traffictrack.de ]
C:\Dokumente und Einstellungen\Manuela\Cookies\Y4PSWFR5.txt [ /www.etracker.de ]
C:\Dokumente und Einstellungen\Manuela\Cookies\VYEJP109.txt [ /microsoftinternetexplorer.112.2o7.net ]
C:\Dokumente und Einstellungen\Manuela\Cookies\T31MYM6V.txt [ /fastclick.net ]
C:\Dokumente und Einstellungen\Manuela\Cookies\4879OUKS.txt [ /tradedoubler.com ]
C:\Dokumente und Einstellungen\Manuela\Cookies\QC5M832P.txt [ /www.googleadservices.com ]
C:\Dokumente und Einstellungen\Manuela\Cookies\R6B00EFK.txt [ /ad.ad-srv.net ]
C:\Dokumente und Einstellungen\Manuela\Cookies\CTGTN0OG.txt [ /adtech.de ]
C:\Dokumente und Einstellungen\Manuela\Cookies\WL0YL2FH.txt [ /adx2.chip.de ]
C:\Dokumente und Einstellungen\Manuela\Cookies\FI2OUZL5.txt [ /adinterax.com ]
C:\Dokumente und Einstellungen\Manuela\Cookies\7TMBW5VI.txt [ /adform.net ]
C:\Dokumente und Einstellungen\Manuela\Cookies\SBQ98UKF.txt [ /server.cpmstar.com ]
C:\Dokumente und Einstellungen\Manuela\Cookies\SN2UL24P.txt [ /revsci.net ]
C:\Dokumente und Einstellungen\Manuela\Cookies\F8JNFAHZ.txt [ /www.googleadservices.com ]
C:\Dokumente und Einstellungen\Manuela\Cookies\AKKBR31C.txt [ /track.adform.net ]
C:\Dokumente und Einstellungen\Manuela\Cookies\45HG63NR.txt [ /bs.serving-sys.com ]
C:\Dokumente und Einstellungen\Manuela\Cookies\NM7CBW8N.txt [ /tribalfusion.com ]
C:\Dokumente und Einstellungen\Manuela\Cookies\8Q3C45A0.txt [ /adserver.adtechus.com ]
C:\Dokumente und Einstellungen\Manuela\Cookies\RAHJYJBS.txt [ /ad2.adfarm1.adition.com ]
C:\Dokumente und Einstellungen\Manuela\Cookies\53ZR52V1.txt [ /doubleclick.net ]
C:\Dokumente und Einstellungen\Manuela\Cookies\YNT1IVYY.txt [ /ads.saymedia.com ]
C:\Dokumente und Einstellungen\Manuela\Cookies\R6K1ZL7C.txt [ /www.zanox-affiliate.de ]
C:\Dokumente und Einstellungen\Manuela\Cookies\LFHXC0BU.txt [ /ads.intergi.com ]
C:\Dokumente und Einstellungen\Manuela\Cookies\BLJISCJ6.txt [ /unitymedia.de ]
C:\Dokumente und Einstellungen\Manuela\Cookies\E1G07A9A.txt [ /ad.zanox.com ]
C:\Dokumente und Einstellungen\Manuela\Cookies\I7RNEPYU.txt [ /adx.chip.de ]
C:\Dokumente und Einstellungen\Manuela\Cookies\L45K3FG8.txt [ /ad.360yield.com ]
C:\Dokumente und Einstellungen\Manuela\Cookies\YE21JZ44.txt [ /zanox.com ]
C:\Dokumente und Einstellungen\Manuela\Cookies\9RIE8DLD.txt [ /ad.yieldmanager.com ]
C:\Dokumente und Einstellungen\Manuela\Cookies\GVHN8P5M.txt [ /mediaplex.com ]
C:\Dokumente und Einstellungen\Manuela\Cookies\29D48YNP.txt [ /imrworldwide.com ]
C:\Dokumente und Einstellungen\Manuela\Cookies\RFVTOQF3.txt [ /serving-sys.com ]
C:\Dokumente und Einstellungen\Manuela\Cookies\5N5FXITU.txt [ /atdmt.com ]
C:\Dokumente und Einstellungen\Manuela\Cookies\9R183W0M.txt [ /tracking.quisma.com ]
C:\Dokumente und Einstellungen\Manuela\Cookies\TWUV1VHC.txt [ /invitemedia.com ]
C:\Dokumente und Einstellungen\Manuela\Cookies\9KYP02Z9.txt [ /tracking.mlsat02.de ]
C:\Dokumente und Einstellungen\Manuela\Cookies\WKTEC395.txt [ /ads.creative-serving.com ]
C:\Dokumente und Einstellungen\Manuela\Cookies\37YWRBJ9.txt [ /zanox-affiliate.de ]
C:\Dokumente und Einstellungen\Manuela\Cookies\3M3LYF3L.txt [ /statcounter.com ]
C:\Dokumente und Einstellungen\Manuela\Cookies\DT4LPMS3.txt [ /eas.apm.emediate.eu ]
C:\Dokumente und Einstellungen\Manuela\Cookies\MHR5OD31.txt [ /adfarm1.adition.com ]
C:\Dokumente und Einstellungen\Manuela\Cookies\75D01ONF.txt [ /a.revenuemax.de ]
C:\Dokumente und Einstellungen\Manuela\Cookies\U8M70FT1.txt [ /ad1.adfarm1.adition.com ]
C:\DOKUMENTE UND EINSTELLUNGEN\MANUELA\Cookies\58FZ7Q59.txt [ Cookie:manuela@www.geld-per-bierdeckel.com/counter/ ]
delivery.ibanner.de [ C:\DOKUMENTE UND EINSTELLUNGEN\MANUELA\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AMMT3NSY ]
statse.webtrendslive.com [ C:\DOKUMENTE UND EINSTELLUNGEN\MANUELA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\K1024F68.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOKUMENTE UND EINSTELLUNGEN\MANUELA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\K1024F68.DEFAULT\COOKIES.SQLITE ]
ad.jdtracker.com [ C:\DOKUMENTE UND EINSTELLUNGEN\MANUELA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\K1024F68.DEFAULT\COOKIES.SQLITE ]
Trojan.Agent/Gen-Nullo[Short]
D:\SYSTEM VOLUME INFORMATION\_RESTORE{21560525-99BE-41FA-AE6A-0F053CABA928}\RP2052\A0345187.EXE
D:\SYSTEM VOLUME INFORMATION\_RESTORE{21560525-99BE-41FA-AE6A-0F053CABA928}\RP2052\A0345188.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{21560525-99BE-41FA-AE6A-0F053CABA928}\RP2052\A0345186.EXE
Trojan.Agent/Gen
ZIP ARCHIVE( C:\_OTL.ZIP )/_OTL/MOVEDFILES/04172012_201909/C_WINDOWS/SYSTEM32/DRIVERS/UTE5NJMX.SYS
C:\_OTL.ZIP
C:\SYSTEM VOLUME INFORMATION\_RESTORE{21560525-99BE-41FA-AE6A-0F053CABA928}\RP2064\A0347142.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{21560525-99BE-41FA-AE6A-0F053CABA928}\RP2068\A0349080.LNK
C:\_OTL\MOVEDFILES\04172012_201909\C_WINDOWS\SYSTEM32\DRIVERS\UTE5NJMX.SYS
|
|
| Themen zu BKA-Trojaner |
| abgesicherte, abgesicherten, abgesicherten modus, bka-trojaner, dateien, fehlerhafte, folge, folgende, gefunde, großes, helft, malewarebytes, modus, neustart, nicht mehr, problem, schritte, spinn |
Linear-Darstellung
