| |
| |||||||
Log-Analyse und Auswertung: Sicherheitswarnung der Telekom wegen HackingWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
30.01.2013, 15:04
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Sicherheitswarnung der Telekom wegen Hacking Bitte nun Logs mit GMER (<<< klick für Anleitung) und aswMBR (Anleitung etwas weiter unten) erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur aswMBR aus. aswMBR-Download => aswMBR.exe - speichere die Datei auf deinem Desktop.
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
30.01.2013, 17:05
| #17 |
 | Sicherheitswarnung der Telekom wegen Hacking gmer hat prima funktioniert - hier das Ergebnis:
__________________Code:
ATTFilter GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-01-30 17:02:31
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD400VE-75HDT1 rev.11.07D11 37,26GB
Running: gmer_2.0.18454.exe; Driver: C:\DOKUME~1\STEFFI~1\LOKALE~1\Temp\pxtdapob.sys
---- System - GMER 2.0 ----
SSDT F8B31154 ZwClose
SSDT F8B3110E ZwCreateKey
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF82AC282]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF82AC474]
SSDT F8B3115E ZwCreateSection
SSDT F8B31104 ZwCreateThread
SSDT F8B31113 ZwDeleteKey
SSDT F8B3111D ZwDeleteValueKey
SSDT F8B3114F ZwDuplicateObject
SSDT F8B31122 ZwLoadKey
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF82BC3FA]
SSDT F8B310F0 ZwOpenProcess
SSDT F8B310F5 ZwOpenThread
SSDT F8B31177 ZwQueryValueKey
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF82BE422]
SSDT F8B3112C ZwReplaceKey
SSDT F8B31168 ZwRequestWaitReplyPort
SSDT F8B31127 ZwRestoreKey
SSDT F8B31163 ZwSetContextThread
SSDT F8B3116D ZwSetSecurityObject
SSDT F8B31118 ZwSetValueKey
SSDT F8B31172 ZwSystemDebugControl
SSDT F8B310FF ZwTerminateProcess
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwWriteVirtualMemory [0xAA3FC384]
---- Kernel code sections - GMER 2.0 ----
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 2.0 ----
.text C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe[188] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe[188] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe[188] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe[188] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe[188] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe[188] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe[188] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E10001
.text C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe[188] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe[188] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\Programme\Spyware Doctor\pctsTray.exe[208] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 044E0001
.text C:\Programme\Spyware Doctor\pctsTray.exe[208] kernel32.dll!CreateThread + 1A 7C810721 4 Bytes CALL 0044AB89 C:\Programme\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
.text C:\Programme\Spyware Doctor\pctsTray.exe[208] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Spyware Doctor\pctsTray.exe[208] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F040F5A
.text C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[276] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[276] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[276] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[276] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[276] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[276] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[276] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BF0001
.text C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[276] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[276] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\Programme\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[420] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Programme\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[420] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\Programme\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[420] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[420] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\Programme\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[420] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[420] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Programme\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[420] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BF0001
.text C:\Programme\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[420] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\Programme\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[420] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\wdfmgr.exe[508] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wdfmgr.exe[508] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\wdfmgr.exe[508] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wdfmgr.exe[508] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\wdfmgr.exe[508] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wdfmgr.exe[508] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\wdfmgr.exe[508] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00670001
.text C:\WINDOWS\system32\wdfmgr.exe[508] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\wdfmgr.exe[508] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\winlogon.exe[628] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[628] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\winlogon.exe[628] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[628] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\winlogon.exe[628] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[628] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\winlogon.exe[628] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C10001
.text C:\WINDOWS\system32\winlogon.exe[628] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\winlogon.exe[628] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\services.exe[672] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[672] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\services.exe[672] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[672] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\services.exe[672] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[672] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\services.exe[672] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FA0001
.text C:\WINDOWS\system32\services.exe[672] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\services.exe[672] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\lsass.exe[692] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B90001
.text C:\WINDOWS\system32\lsass.exe[692] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\lsass.exe[692] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[696] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[696] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[696] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[696] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[696] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[696] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[696] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D20001
.text C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[696] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[696] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[872] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[872] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[872] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[872] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[872] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[872] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E10001
.text C:\WINDOWS\system32\svchost.exe[872] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\svchost.exe[872] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F60001
.text C:\WINDOWS\system32\svchost.exe[948] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\svchost.exe[948] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\System32\svchost.exe[1044] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1044] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\svchost.exe[1044] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1044] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\svchost.exe[1044] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1044] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1044] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01EA0001
.text C:\WINDOWS\System32\svchost.exe[1044] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\System32\svchost.exe[1044] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\Programme\Spyware Doctor\pctsAuxs.exe[1096] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Spyware Doctor\pctsAuxs.exe[1096] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\Programme\Spyware Doctor\pctsAuxs.exe[1096] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Spyware Doctor\pctsAuxs.exe[1096] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\Programme\Spyware Doctor\pctsAuxs.exe[1096] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Spyware Doctor\pctsAuxs.exe[1096] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Programme\Spyware Doctor\pctsAuxs.exe[1096] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00730001
.text C:\Programme\Spyware Doctor\pctsAuxs.exe[1096] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\Programme\Spyware Doctor\pctsAuxs.exe[1096] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A60001
.text C:\WINDOWS\system32\svchost.exe[1132] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\svchost.exe[1132] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[1364] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1364] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1364] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1364] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1364] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1364] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CC0001
.text C:\WINDOWS\system32\svchost.exe[1364] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\svchost.exe[1364] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\System32\wltrysvc.exe[1472] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\wltrysvc.exe[1472] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\wltrysvc.exe[1472] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\wltrysvc.exe[1472] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\wltrysvc.exe[1472] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\wltrysvc.exe[1472] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\wltrysvc.exe[1472] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CB0001
.text C:\WINDOWS\System32\wltrysvc.exe[1472] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\System32\wltrysvc.exe[1472] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\System32\bcmwltry.exe[1552] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\bcmwltry.exe[1552] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\bcmwltry.exe[1552] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\bcmwltry.exe[1552] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\bcmwltry.exe[1552] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\bcmwltry.exe[1552] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\bcmwltry.exe[1552] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01690001
.text C:\WINDOWS\System32\bcmwltry.exe[1552] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\System32\bcmwltry.exe[1552] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\Programme\Ad-Aware\aawservice.exe[1560] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Ad-Aware\aawservice.exe[1560] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\Programme\Ad-Aware\aawservice.exe[1560] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Ad-Aware\aawservice.exe[1560] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\Programme\Ad-Aware\aawservice.exe[1560] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Ad-Aware\aawservice.exe[1560] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Programme\Ad-Aware\aawservice.exe[1560] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 04A20001
.text C:\Programme\Ad-Aware\aawservice.exe[1560] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\Programme\Ad-Aware\aawservice.exe[1560] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\Explorer.EXE[1572] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1572] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\Explorer.EXE[1572] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1572] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\Explorer.EXE[1572] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1572] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\Explorer.EXE[1572] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 018E0001
.text C:\WINDOWS\Explorer.EXE[1572] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\Explorer.EXE[1572] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\spoolsv.exe[1756] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1756] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1756] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1756] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1756] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1756] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\spoolsv.exe[1756] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DE0001
.text C:\WINDOWS\system32\spoolsv.exe[1756] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\spoolsv.exe[1756] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\Programme\Spyware Doctor\pctsSvc.exe[1872] kernel32.dll!CreateThread + 1A 7C810721 4 Bytes CALL 0044AD11 C:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
.text C:\WINDOWS\system32\svchost.exe[1900] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1900] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1900] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1900] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1900] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1900] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00930001
.text C:\WINDOWS\system32\svchost.exe[1900] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\svchost.exe[1900] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2164] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2164] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2164] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2164] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2164] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2164] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2164] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003E0001
.text C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2164] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2164] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2164] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2488] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2488] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2488] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2488] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2488] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2488] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2488] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00980001
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2488] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2488] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2488] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\wscntfy.exe[2628] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[2628] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\wscntfy.exe[2628] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[2628] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\wscntfy.exe[2628] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[2628] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\wscntfy.exe[2628] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A00001
.text C:\WINDOWS\system32\wscntfy.exe[2628] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\wscntfy.exe[2628] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\wscntfy.exe[2628] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\Dokumente und Einstellungen\Steffi Dahnke\Desktop\gmer_2.0.18454.exe[2796] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Dokumente und Einstellungen\Steffi Dahnke\Desktop\gmer_2.0.18454.exe[2796] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\Dokumente und Einstellungen\Steffi Dahnke\Desktop\gmer_2.0.18454.exe[2796] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Dokumente und Einstellungen\Steffi Dahnke\Desktop\gmer_2.0.18454.exe[2796] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\Dokumente und Einstellungen\Steffi Dahnke\Desktop\gmer_2.0.18454.exe[2796] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Dokumente und Einstellungen\Steffi Dahnke\Desktop\gmer_2.0.18454.exe[2796] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Dokumente und Einstellungen\Steffi Dahnke\Desktop\gmer_2.0.18454.exe[2796] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003D0001
.text C:\Dokumente und Einstellungen\Steffi Dahnke\Desktop\gmer_2.0.18454.exe[2796] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Dokumente und Einstellungen\Steffi Dahnke\Desktop\gmer_2.0.18454.exe[2796] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\Dokumente und Einstellungen\Steffi Dahnke\Desktop\gmer_2.0.18454.exe[2796] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3112] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3112] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3112] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3112] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3112] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3112] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3112] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C20001
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3112] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3112] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3112] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[3204] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[3204] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\igfxsrvc.exe[3204] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[3204] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\igfxsrvc.exe[3204] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[3204] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\igfxsrvc.exe[3204] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AD0001
.text C:\WINDOWS\system32\igfxsrvc.exe[3204] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\igfxsrvc.exe[3204] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[3204] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\hkcmd.exe[3212] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[3212] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\hkcmd.exe[3212] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[3212] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\hkcmd.exe[3212] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[3212] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\hkcmd.exe[3212] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003D0001
.text C:\WINDOWS\system32\hkcmd.exe[3212] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\hkcmd.exe[3212] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\hkcmd.exe[3212] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\igfxpers.exe[3252] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[3252] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\igfxpers.exe[3252] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[3252] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\igfxpers.exe[3252] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[3252] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\igfxpers.exe[3252] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003C0001
.text C:\WINDOWS\system32\igfxpers.exe[3252] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\igfxpers.exe[3252] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\igfxpers.exe[3252] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe[3272] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe[3272] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe[3272] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe[3272] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe[3272] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe[3272] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe[3272] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003F0001
.text C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe[3272] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe[3272] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe[3272] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\stsystra.exe[3308] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[3308] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\stsystra.exe[3308] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[3308] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\stsystra.exe[3308] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[3308] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\stsystra.exe[3308] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009C0001
.text C:\WINDOWS\stsystra.exe[3308] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\stsystra.exe[3308] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\stsystra.exe[3308] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\WLTRAY.exe[3316] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\WLTRAY.exe[3316] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\WLTRAY.exe[3316] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\WLTRAY.exe[3316] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\WLTRAY.exe[3316] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\WLTRAY.exe[3316] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\WLTRAY.exe[3316] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BF0001
.text C:\WINDOWS\system32\WLTRAY.exe[3316] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\WLTRAY.exe[3316] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\WLTRAY.exe[3316] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\Programme\Dell\QuickSet\quickset.exe[3368] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Dell\QuickSet\quickset.exe[3368] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\Programme\Dell\QuickSet\quickset.exe[3368] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Dell\QuickSet\quickset.exe[3368] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\Programme\Dell\QuickSet\quickset.exe[3368] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Dell\QuickSet\quickset.exe[3368] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Programme\Dell\QuickSet\quickset.exe[3368] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C90001
.text C:\Programme\Dell\QuickSet\quickset.exe[3368] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Programme\Dell\QuickSet\quickset.exe[3368] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\Programme\Dell\QuickSet\quickset.exe[3368] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe[3388] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe[3388] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe[3388] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe[3388] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe[3388] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe[3388] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe[3388] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00960001
.text C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe[3388] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe[3388] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe[3388] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\Programme\Dell\Media Experience\DMXLauncher.exe[3412] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Dell\Media Experience\DMXLauncher.exe[3412] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\Programme\Dell\Media Experience\DMXLauncher.exe[3412] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Dell\Media Experience\DMXLauncher.exe[3412] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\Programme\Dell\Media Experience\DMXLauncher.exe[3412] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Dell\Media Experience\DMXLauncher.exe[3412] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Programme\Dell\Media Experience\DMXLauncher.exe[3412] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B00001
.text C:\Programme\Dell\Media Experience\DMXLauncher.exe[3412] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Programme\Dell\Media Experience\DMXLauncher.exe[3412] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\Programme\Dell\Media Experience\DMXLauncher.exe[3412] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3432] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3432] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3432] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3432] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3432] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3432] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3432] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009C0001
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3432] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3432] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3432] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\Programme\Corel\Corel Photo Album 6\MediaDetect.exe[3504] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Corel\Corel Photo Album 6\MediaDetect.exe[3504] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\Programme\Corel\Corel Photo Album 6\MediaDetect.exe[3504] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Corel\Corel Photo Album 6\MediaDetect.exe[3504] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\Programme\Corel\Corel Photo Album 6\MediaDetect.exe[3504] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Corel\Corel Photo Album 6\MediaDetect.exe[3504] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Programme\Corel\Corel Photo Album 6\MediaDetect.exe[3504] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B80001
.text C:\Programme\Corel\Corel Photo Album 6\MediaDetect.exe[3504] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Programme\Corel\Corel Photo Album 6\MediaDetect.exe[3504] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\Programme\Corel\Corel Photo Album 6\MediaDetect.exe[3504] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[3684] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3684] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[3684] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3684] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[3684] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3684] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[3684] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00880001
.text C:\WINDOWS\system32\svchost.exe[3684] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\svchost.exe[3684] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\svchost.exe[3684] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3724] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3724] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3724] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3724] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3724] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3724] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3724] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DF0001
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3724] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3724] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3724] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\ctfmon.exe[3792] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[3792] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[3792] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[3792] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[3792] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[3792] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\ctfmon.exe[3792] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B10001
.text C:\WINDOWS\system32\ctfmon.exe[3792] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\ctfmon.exe[3792] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\ctfmon.exe[3792] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\Programme\NetWaiting\netwaiting.exe[3832] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Programme\NetWaiting\netwaiting.exe[3832] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\Programme\NetWaiting\netwaiting.exe[3832] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\NetWaiting\netwaiting.exe[3832] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\Programme\NetWaiting\netwaiting.exe[3832] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\NetWaiting\netwaiting.exe[3832] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Programme\NetWaiting\netwaiting.exe[3832] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C40001
.text C:\Programme\NetWaiting\netwaiting.exe[3832] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Programme\NetWaiting\netwaiting.exe[3832] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\Programme\NetWaiting\netwaiting.exe[3832] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3924] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3924] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3924] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3924] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3924] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3924] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3924] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003D0001
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3924] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3924] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3924] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
---- Files - GMER 2.0 ----
File C:\WINDOWS\A0106606.dll 77569 bytes executable
File C:\WINDOWS\A0106607.dll 2064384 bytes executable
File C:\WINDOWS\A0106608.ini 294 bytes
File C:\WINDOWS\A0106609.dll 81920 bytes executable
File C:\WINDOWS\A0106610.ini 284 bytes
File C:\WINDOWS\A0106611.dll 471040 bytes executable
File C:\WINDOWS\A0106612.ini 282 bytes
File C:\WINDOWS\A0106613.dll 1269760 bytes executable
File C:\WINDOWS\A0106614.ini 274 bytes
File C:\WINDOWS\A0106615.dll 1232896 bytes executable
File C:\WINDOWS\A0106616.ini 266 bytes
File C:\WINDOWS\A0106617.rbf 24576 bytes executable
File C:\WINDOWS\A0106618.rbf 258048 bytes executable
File C:\WINDOWS\A0106619.rbf 32768 bytes executable
File C:\WINDOWS\A0106620.rbf 81920 bytes executable
File C:\WINDOWS\A0106621.rbf 86016 bytes executable
File C:\WINDOWS\A0106622.rbf 315392 bytes executable
File C:\WINDOWS\A0106624.rbf 2142208 bytes executable
File C:\WINDOWS\A0106625.rbf 77824 bytes executable
File C:\WINDOWS\A0106626.rbf 2527232 bytes executable
File C:\WINDOWS\A0106627.rbf 1232896 bytes executable
File C:\WINDOWS\A0106628.rbf 471040 bytes executable
File C:\WINDOWS\A0106629.rbf 81920 bytes executable
File C:\WINDOWS\A0106630.rbf 2064384 bytes executable
File C:\WINDOWS\A0106631.rbf 2514944 bytes executable
File C:\WINDOWS\A0106632.rbf 1269760 bytes executable
File C:\WINDOWS\A0106633.dll 3391488 bytes executable
File C:\WINDOWS\A0106634.ini 91 bytes
File C:\WINDOWS\A0106635.dll 1966080 bytes executable
File C:\WINDOWS\A0106636.ini 90 bytes
File C:\WINDOWS\A0106637.dll 61440 bytes executable
File C:\WINDOWS\A0106638.ini 90 bytes
File C:\WINDOWS\A0106639.dll 90112 bytes executable
File C:\WINDOWS\A0106640.ini 90 bytes
File C:\WINDOWS\A0106642.ini 90 bytes
File C:\WINDOWS\A0106643.dll 2088960 bytes executable
File C:\WINDOWS\A0106644.ini 90 bytes
File C:\WINDOWS\A0106645.dll 1466368 bytes executable
File C:\WINDOWS\A0106646.ini 90 bytes
File C:\WINDOWS\A0106647.dll 843776 bytes executable
File C:\WINDOWS\A0106648.ini 90 bytes
File C:\WINDOWS\A0106649.dll 926 bytes
File C:\WINDOWS\A0106650.dll 18808 bytes executable
File C:\WINDOWS\A0106651.dll 8396 bytes
File C:\WINDOWS\A0106652.dll 1372672 bytes executable
File C:\WINDOWS\A0106653.dll 1372672 bytes executable
File C:\WINDOWS\A0106654.dll 926 bytes
File C:\WINDOWS\A0106655.dll 18808 bytes executable
File C:\WINDOWS\A0106656.dll 8398 bytes
File C:\WINDOWS\A0106657.dll 3618816 bytes executable
File C:\WINDOWS\A0106658.ini 190 bytes
File C:\WINDOWS\A0106660.ini 62 bytes
File C:\WINDOWS\A0106661.ini 62 bytes
File C:\WINDOWS\A0106662.ini 62 bytes
File C:\WINDOWS\A0106663.cfg 28952 bytes
File C:\WINDOWS\A0106664.ini 4334 bytes
File C:\WINDOWS\A0106665.ini 583 bytes
File C:\WINDOWS\A0106666.inf 0 bytes
File C:\WINDOWS\A0106667.PNF 0 bytes
File C:\WINDOWS\A0106668.INI 303 bytes
File C:\WINDOWS\A0106669.ini 139 bytes
File C:\WINDOWS\A0106670.ini 944 bytes
File C:\WINDOWS\A0106671.ini 0 bytes
File C:\WINDOWS\A0106672.ini 0 bytes
File C:\WINDOWS\A0106673.ini 1020 bytes
File C:\WINDOWS\A0106674.dll 434548 bytes executable
File C:\WINDOWS\A0106675.dll 5665144 bytes executable
File C:\WINDOWS\A0106676.dll 467323 bytes executable
File C:\WINDOWS\A0106678.dll 152576 bytes executable
File C:\WINDOWS\A0106679.dll 53619 bytes executable
File C:\WINDOWS\A0106680.dll 201079 bytes executable
File C:\WINDOWS\A0106681.dll 393587 bytes executable
File C:\WINDOWS\A0106682.dll 434548 bytes executable
File C:\WINDOWS\A0106683.dll 258423 bytes executable
File C:\WINDOWS\A0106684.dll 5665144 bytes executable
File C:\WINDOWS\A0106685.dll 201084 bytes executable
File C:\WINDOWS\A0106686.dll 819574 bytes executable
File C:\WINDOWS\A0106687.dll 643444 bytes executable
File C:\WINDOWS\A0106688.dll 131445 bytes executable
File C:\WINDOWS\A0106689.dll 467323 bytes executable
File C:\WINDOWS\A0106690.dll 102772 bytes executable
File C:\WINDOWS\A0106691.dll 606578 bytes executable
File C:\WINDOWS\A0106692.dll 188789 bytes executable
File C:\WINDOWS\A0106693.dll 77569 bytes executable
File C:\WINDOWS\A0106694.dll 300032 bytes
File C:\WINDOWS\A0106605.dll 188789 bytes executable
File C:\WINDOWS\A0106623.rbf 102400 bytes executable
File C:\WINDOWS\A0106641.dll 3035136 bytes executable
File C:\WINDOWS\A0106659.dll 3618816 bytes executable
File C:\WINDOWS\A0106677.dll 188789 bytes executable
File C:\WINDOWS\A0106695.dll 2125824 bytes executable
File C:\WINDOWS\A0106713.dll 87040 bytes
File C:\WINDOWS\A0106731.INF 256 bytes
File C:\WINDOWS\A0106749.exe 1998336 bytes executable
File C:\WINDOWS\A0106767.dll 2125824 bytes executable
File C:\WINDOWS\A0106785.dll 392192 bytes
File C:\WINDOWS\A0107665.ini 583 bytes
File C:\WINDOWS\A0108671.ini 0 bytes
File C:\WINDOWS\change.log.2 1048212 bytes
File C:\WINDOWS\A0106696.dll 610304 bytes executable
File C:\WINDOWS\A0106697.dll 177664 bytes executable
File C:\WINDOWS\A0106698.dll 28160 bytes
File C:\WINDOWS\A0106699.dll 413696 bytes executable
File C:\WINDOWS\A0106700.DLL 488960 bytes
File C:\WINDOWS\A0106701.dll 151552 bytes executable
File C:\WINDOWS\A0106702.dll 1005056 bytes
File C:\WINDOWS\A0106703.DLL 524288 bytes
File C:\WINDOWS\A0106704.dll 291840 bytes
File C:\WINDOWS\A0106705.dll 65536 bytes executable
File C:\WINDOWS\A0106706.dll 355840 bytes executable
File C:\WINDOWS\A0106707.DLL 453632 bytes
File C:\WINDOWS\A0106708.INF 256 bytes
File C:\WINDOWS\A0106709.INF 256 bytes
File C:\WINDOWS\A0106710.INF 256 bytes
File C:\WINDOWS\A0106711.EXE 394384 bytes
File C:\WINDOWS\A0106712.dll 349184 bytes
File C:\WINDOWS\A0106714.DLL 146496 bytes
File C:\WINDOWS\A0106715.DLL 10800 bytes
File C:\WINDOWS\A0106716.dll 172032 bytes executable
File C:\WINDOWS\A0106717.dll 62976 bytes executable
File C:\WINDOWS\A0106718.dll 1047040 bytes executable
File C:\WINDOWS\A0106719.DLL 516096 bytes
File C:\WINDOWS\A0106720.dll 4342088 bytes executable
File C:\WINDOWS\A0106721.dll 64336 bytes executable
File C:\WINDOWS\A0106722.dll 421200 bytes executable
File C:\WINDOWS\A0106723.dll 770384 bytes executable
File C:\WINDOWS\A0106724.dll 570880 bytes
File C:\WINDOWS\A0106725.dll 370176 bytes executable
File C:\WINDOWS\A0106726.dll 897024 bytes executable
File C:\WINDOWS\A0106727.INF 256 bytes
File C:\WINDOWS\A0106728.INF 256 bytes
File C:\WINDOWS\A0106729.INF 256 bytes
File C:\WINDOWS\A0106730.INF 256 bytes
File C:\WINDOWS\A0106732.INF 256 bytes
File C:\WINDOWS\A0106733.INF 256 bytes
File C:\WINDOWS\A0106734.INF 256 bytes
File C:\WINDOWS\A0106735.dll 224256 bytes
File C:\WINDOWS\A0106736.dll 40960 bytes executable
File C:\WINDOWS\A0106737.dll 53300 bytes executable
File C:\WINDOWS\A0106738.dll 61440 bytes executable
File C:\WINDOWS\A0106739.dll 11141120 bytes executable
File C:\WINDOWS\A0106740.dll 6627328 bytes executable
File C:\WINDOWS\A0106741.dll 488448 bytes executable
File C:\WINDOWS\A0106742.exe 91136 bytes executable
File C:\WINDOWS\A0106743.dll 666624 bytes executable
File C:\WINDOWS\A0106744.exe 742400 bytes
File C:\WINDOWS\A0106745.dll 416256 bytes
File C:\WINDOWS\A0106746.dll 392192 bytes
File C:\WINDOWS\A0106747.dll 4967424 bytes executable
File C:\WINDOWS\A0106748.dll 249856 bytes executable
File C:\WINDOWS\A0106750.dll 1199616 bytes executable
File C:\WINDOWS\A0106751.dll 1354240 bytes
File C:\WINDOWS\A0106752.dll 38400 bytes executable
File C:\WINDOWS\A0106753.dll 133120 bytes
File C:\WINDOWS\A0106754.exe 244736 bytes executable
File C:\WINDOWS\A0106755.dll 105472 bytes
File C:\WINDOWS\A0106756.dll 65536 bytes executable
File C:\WINDOWS\A0106757.exe 1136640 bytes
File C:\WINDOWS\A0106758.dll 17408 bytes executable
File C:\WINDOWS\A0106759.dll 941568 bytes executable
File C:\WINDOWS\A0106760.dll 49152 bytes executable
File C:\WINDOWS\A0106761.INF 256 bytes
File C:\WINDOWS\A0106762.INF 256 bytes
File C:\WINDOWS\A0106763.INF 256 bytes
File C:\WINDOWS\A0106764.INF 256 bytes
File C:\WINDOWS\A0106765.dll 57344 bytes executable
File C:\WINDOWS\A0106766.dll 300032 bytes
File C:\WINDOWS\A0106768.dll 610304 bytes executable
File C:\WINDOWS\A0106769.dll 177664 bytes executable
File C:\WINDOWS\A0106770.dll 28160 bytes
File C:\WINDOWS\A0106771.dll 1005056 bytes
File C:\WINDOWS\A0106772.dll 291840 bytes
File C:\WINDOWS\A0106773.dll 355840 bytes executable
File C:\WINDOWS\A0106774.dll 62976 bytes executable
File C:\WINDOWS\A0106775.dll 1047040 bytes executable
File C:\WINDOWS\A0106776.dll 516096 bytes
File C:\WINDOWS\A0106777.dll 570880 bytes
File C:\WINDOWS\A0106778.dll 370176 bytes executable
File C:\WINDOWS\A0106779.dll 224256 bytes
File C:\WINDOWS\A0106780.dll 53300 bytes executable
File C:\WINDOWS\A0106781.dll 6627328 bytes executable
File C:\WINDOWS\A0106782.dll 487424 bytes executable
File C:\WINDOWS\A0106783.dll 666624 bytes executable
File C:\WINDOWS\A0106784.dll 416256 bytes
File C:\WINDOWS\A0106786.dll 4967424 bytes executable
File C:\WINDOWS\A0106787.exe 1998336 bytes executable
File C:\WINDOWS\A0106788.dll 1199616 bytes executable
File C:\WINDOWS\A0106789.dll 1354240 bytes
File C:\WINDOWS\A0106790.dll 38400 bytes executable
File C:\WINDOWS\A0106791.dll 133120 bytes
File C:\WINDOWS\A0106792.dll 105472 bytes
File C:\WINDOWS\A0106793.dll 65536 bytes executable
File C:\WINDOWS\A0106794.exe 1136640 bytes
File C:\WINDOWS\A0106795.dll 17408 bytes executable
File C:\WINDOWS\A0106796.dll 941568 bytes executable
File C:\WINDOWS\A0107659.ini 62 bytes
File C:\WINDOWS\A0107660.ini 62 bytes
File C:\WINDOWS\A0107661.ini 62 bytes
File C:\WINDOWS\A0107662.sys 142152 bytes executable
File C:\WINDOWS\A0107663.cfg 28952 bytes
File C:\WINDOWS\A0107664.ini 4334 bytes
File C:\WINDOWS\A0107666.sys 35144 bytes executable
File C:\WINDOWS\A0107667.INI 303 bytes
File C:\WINDOWS\A0107668.ini 139 bytes
File C:\WINDOWS\A0107669.ini 944 bytes
File C:\WINDOWS\A0107670.ref 6935827 bytes
File C:\WINDOWS\A0108659.ini 62 bytes
File C:\WINDOWS\A0108660.ini 62 bytes
File C:\WINDOWS\A0108661.ini 62 bytes
File C:\WINDOWS\A0108662.sys 142152 bytes executable
File C:\WINDOWS\A0108663.cfg 28952 bytes
File C:\WINDOWS\A0108664.ini 4334 bytes
File C:\WINDOWS\A0108665.ini 583 bytes
File C:\WINDOWS\A0108666.sys 35144 bytes executable
File C:\WINDOWS\A0108667.INI 303 bytes
File C:\WINDOWS\A0108668.ini 139 bytes
File C:\WINDOWS\A0108669.ini 944 bytes
File C:\WINDOWS\A0108670.ini 0 bytes
File C:\WINDOWS\A0108672.lnk 504 bytes
File C:\WINDOWS\A0108673.ini 190 bytes
File C:\WINDOWS\A0108674.ini 62 bytes
File C:\WINDOWS\A0108675.ini 62 bytes
File C:\WINDOWS\A0108676.ini 62 bytes
File C:\WINDOWS\A0108677.cfg 28952 bytes
File C:\WINDOWS\A0108678.ini 4334 bytes
File C:\WINDOWS\A0108679.ini 190 bytes
File C:\WINDOWS\A0108680.ini 583 bytes
File C:\WINDOWS\A0108681.ini 62 bytes
File C:\WINDOWS\A0108682.ini 62 bytes
File C:\WINDOWS\A0108683.ini 62 bytes
File C:\WINDOWS\A0108684.cfg 28952 bytes
File C:\WINDOWS\A0108685.ini 583 bytes
File C:\WINDOWS\A0109681.ini 62 bytes
File C:\WINDOWS\A0109682.ini 62 bytes
File C:\WINDOWS\A0109683.ini 62 bytes
File C:\WINDOWS\A0109684.cfg 28952 bytes
File C:\WINDOWS\A0109685.ini 4334 bytes
File C:\WINDOWS\A0109686.ini 583 bytes
File C:\WINDOWS\A0109687.INI 303 bytes
File C:\WINDOWS\A0109688.ini 139 bytes
File C:\WINDOWS\A0109689.ini 944 bytes
File C:\WINDOWS\change.log 25842 bytes
File C:\WINDOWS\change.log.1 1048412 bytes
File C:\WINDOWS\change.log.3 763020 bytes
File C:\WINDOWS\change.log.4 168548 bytes
File C:\WINDOWS\change.log.5 90206 bytes
File C:\WINDOWS\change.log.6 22238 bytes
File C:\WINDOWS\change.log.7 7872 bytes
File C:\WINDOWS\change.log.8 5420 bytes
File C:\WINDOWS\RestorePointSize 8 bytes
File C:\WINDOWS\rp.log 536 bytes
File C:\WINDOWS\snapshot 0 bytes
---- EOF - GMER 2.0 ----
Das Ergebnis der awMBR.exe: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-30 17:06:36
-----------------------------
17:06:36.796 OS Version: Windows 5.1.2600 Service Pack 3
17:06:36.796 Number of processors: 1 586 0xD08
17:06:36.796 ComputerName: PQ1 UserName:
17:06:38.281 Initialize success
17:11:44.937 AVAST engine defs: 13013000
17:12:34.562 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
17:12:34.609 Disk 0 Vendor: WDC_WD400VE-75HDT1 11.07D11 Size: 38154MB BusType: 3
17:12:34.750 Disk 0 MBR read successfully
17:12:34.750 Disk 0 MBR scan
17:12:52.640 Disk 0 unknown MBR code
17:12:52.687 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
17:12:58.875 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 34993 MB offset 160650
17:12:59.734 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3074 MB offset 71826615
17:13:00.296 Disk 0 scanning sectors +78124095
17:13:01.078 Disk 0 scanning C:\WINDOWS\system32\drivers
17:14:35.468 Service scanning
17:15:15.359 Modules scanning
17:16:08.171 Disk 0 trace - called modules:
17:16:08.843 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
17:16:08.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82b805e0]
17:16:08.843 3 CLASSPNP.SYS[f84b2fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x82b80b58]
17:16:10.562 AVAST engine scan C:\WINDOWS
17:17:39.546 AVAST engine scan C:\WINDOWS\system32
17:27:45.937 AVAST engine scan C:\WINDOWS\system32\drivers
17:29:12.609 AVAST engine scan C:\Dokumente und Einstellungen\Steffi Dahnke
17:35:17.765 AVAST engine scan C:\Dokumente und Einstellungen\All Users
17:39:07.703 Scan finished successfully
18:14:13.078 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Steffi Dahnke\Desktop\MBR.dat"
18:14:13.234 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Steffi Dahnke\Desktop\aswMBR.txt"
|
|
31.01.2013, 10:24
| #18 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Sicherheitswarnung der Telekom wegen Hacking Nein, im Nachhinein ändern wir keine Logs! Wenn viel Zeit über ist, macht unser Admin das.
__________________Vgl. http://www.trojaner-board.de/108422-...tml#post758384 Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
31.01.2013, 14:18
| #19 |
| | Sicherheitswarnung der Telekom wegen Hacking ok - dann die Bitte an den Admin, wenn er mal viel Zeit über hat, kann er gern meinen Namen unkenntlich machen  Hier die CF-Logdatei: Code:
ATTFilter ComboFix 13-01-30.04 - Steffi *** 31.01.2013 13:53:33.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.503.204 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Steffi ***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP\DFC5A2B2.TMP
c:\dokumente und einstellungen\Steffi ***\WINDOWS
c:\windows\IsUn0407.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-28 bis 2013-01-31 ))))))))))))))))))))))))))))))
.
.
2013-01-30 13:50 . 2013-01-30 13:50 142152 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-01-30 13:50 . 2013-01-30 13:50 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-01-30 12:31 . 2013-01-30 12:31 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2004-08-18 13:05 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-11 14:16 . 2012-10-29 08:39 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-12-11 14:16 . 2012-10-29 08:39 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-11-26 07:28 . 2012-10-29 08:39 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-11-13 11:55 . 2004-08-18 13:05 1866496 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:01 . 2008-09-16 10:57 1371648 ------w- c:\windows\system32\msxml6.dll
2012-05-19 14:21 . 2012-05-19 14:21 97208 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\programme\NetWaiting\netwaiting.exe" [2003-09-10 20480]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-14 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2005-06-24 729178]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"SunJavaUpdateSched"="c:\programme\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"SigmatelSysTrayApp"="stsystra.exe" [2005-09-09 393216]
"Dell QuickSet"="c:\programme\Dell\QuickSet\quickset.exe" [2005-09-01 684032]
"DVDLauncher"="c:\programme\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"DMXLauncher"="c:\programme\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"Corel Photo Downloader"="c:\programme\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"ISTray"="c:\programme\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SMB50StarMoneyRunEntry"="c:\programme\StarMoney Business 5.0\app\oflagent.exe" [2012-10-11 56528]
"Google Updater"="c:\programme\Google\Google Updater\GoogleUpdater.exe" [2011-10-04 161336]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
VR-NetWorld Auftragsprüfung.lnk - c:\programme\VR-NetWorld\vrtoolcheckorder.exe [2011-6-22 1136640]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\StarMoney 7.0\\ouservice\\StarMoneyOnlineUpdate.exe"=
"c:\\Programme\\StarMoney 7.0\\app\\StarMoney.exe"=
"c:\\Programme\\StarMoney 8.0\\ouservice\\StarMoneyOnlineUpdate.exe"=
"c:\\Programme\\StarMoney 8.0\\app\\StarMoney.exe"=
"c:\\Programme\\StarMoney Business 5.0\\ouservice\\StarMoneyOnlineUpdate.exe"=
"c:\\Programme\\StarMoney Business 5.0\\app\\StarMoney.exe"=
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [09.08.2009 15:07 130936]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [29.10.2012 09:39 36552]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [29.10.2012 09:39 85280]
R2 sdAuxService;PC Tools Auxiliary Service;c:\programme\Spyware Doctor\pctsAuxs.exe [24.10.2008 07:31 348752]
R2 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;c:\programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [14.11.2011 11:11 554160]
R2 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;c:\programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [19.08.2012 11:10 692432]
R2 StarMoney Business 5.0 OnlineUpdate;StarMoney Business 5.0 OnlineUpdate;c:\programme\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe [19.08.2012 11:10 692432]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [30.01.2013 14:50 35144]
S3 mbamswissarmy;mbamswissarmy;c:\windows\system32\drivers\mbamswissarmy.sys [30.01.2013 14:50 142152]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - PXTDAPOB
*Deregistered* - aswMBR
*Deregistered* - mchInjDrv
*Deregistered* - pxtdapob
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-02 c:\windows\Tasks\Google Software Updater.job
- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-14 10:28]
.
2006-01-20 c:\windows\Tasks\ISP-Anmeldungserinnerung 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-18 02:22]
.
2011-05-16 c:\windows\Tasks\Norton Security Scan for Steffi ***.job
- c:\programme\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2010-10-08 14:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://signin.ebay.de/ws/eBayISAPI.dll?SignIn&UsingSSL=1&pUserId=&co_partnerId=2&siteid=77&ru=http%3A%2F%2Fmy.ebay.de%3A80%2Fws%2FeBayISAPI.dll%3FMyeBay&pageType=1883
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\dokumente und einstellungen\Steffi ***\Anwendungsdaten\Mozilla\Firefox\Profiles\oj78bfws.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.ebay.de/ws/eBayISAPI.dll?MyEbayBeta&CurrentPage=MyeBayNextSummary&rand=11622531
FF - ExtSQL: !HIDDEN! 2009-12-07 08:20; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\dokumente und einstellungen\All Users\Anwendungsdaten\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-mbamchameleon
AddRemove-Catan - c:\windows\IsUn0407.exe
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-01-31 14:07
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(628)
c:\windows\System32\BCMLogon.dll
c:\windows\system32\igfxdev.dll
.
Zeit der Fertigstellung: 2013-01-31 14:11:34
ComboFix-quarantined-files.txt 2013-01-31 13:11
.
Vor Suchlauf: 13 Verzeichnis(se), 21.366.173.696 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 21.656.940.544 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 908CF58A0B7E007CF6D6089AF8346E2E
|
|
31.01.2013, 14:20
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Sicherheitswarnung der Telekom wegen Hacking Ok, probier Malwarebytes Anti-Rootkit nochmal bitte aus.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.01.2013, 14:33
| #21 |
| | Sicherheitswarnung der Telekom wegen Hacking Wieder Blue-Screen.  |
|
31.01.2013, 14:39
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Sicherheitswarnung der Telekom wegen Hacking Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.01.2013, 15:14
| #23 |
| | Sicherheitswarnung der Telekom wegen Hacking Der Computer startet jetzt immer mit der Konsole, die ich erst schließen muss - sonst passiert nix weiter ... Hier das Log: Code:
ATTFilter 15:08:19.0687 0284 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:08:20.0625 0284 ============================================================
15:08:20.0625 0284 Current date / time: 2013/01/31 15:08:20.0625
15:08:20.0625 0284 SystemInfo:
15:08:20.0625 0284
15:08:20.0625 0284 OS Version: 5.1.2600 ServicePack: 3.0
15:08:20.0625 0284 Product type: Workstation
15:08:20.0625 0284 ComputerName: PQ1
15:08:20.0625 0284 UserName: Steffi ***
15:08:20.0625 0284 Windows directory: C:\WINDOWS
15:08:20.0625 0284 System windows directory: C:\WINDOWS
15:08:20.0625 0284 Processor architecture: Intel x86
15:08:20.0625 0284 Number of processors: 1
15:08:20.0625 0284 Page size: 0x1000
15:08:20.0625 0284 Boot type: Normal boot
15:08:20.0625 0284 ============================================================
15:08:23.0125 0284 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:08:23.0171 0284 ============================================================
15:08:23.0171 0284 \Device\Harddisk0\DR0:
15:08:23.0171 0284 MBR partitions:
15:08:23.0171 0284 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2738A, BlocksNum 0x445892D
15:08:23.0171 0284 ============================================================
15:08:23.0234 0284 C: <-> \Device\Harddisk0\DR0\Partition1
15:08:23.0234 0284 ============================================================
15:08:23.0234 0284 Initialize success
15:08:23.0234 0284 ============================================================
15:08:45.0859 1400 ============================================================
15:08:45.0859 1400 Scan started
15:08:45.0859 1400 Mode: Manual; SigCheck; TDLFS;
15:08:45.0859 1400 ============================================================
15:08:46.0718 1400 ================ Scan system memory ========================
15:08:46.0734 1400 System memory - ok
15:08:46.0734 1400 ================ Scan services =============================
15:08:46.0921 1400 [ 17067069B9A7865028C1F2E6971D0CCC ] aawservice C:\Programme\Ad-Aware\aawservice.exe
15:08:47.0218 1400 aawservice - ok
15:08:47.0421 1400 Abiosdsk - ok
15:08:47.0468 1400 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:08:52.0437 1400 abp480n5 - ok
15:08:52.0500 1400 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:08:52.0765 1400 ACPI - ok
15:08:52.0781 1400 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
15:08:53.0000 1400 ACPIEC - ok
15:08:53.0062 1400 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:08:53.0250 1400 adpu160m - ok
15:08:53.0312 1400 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
15:08:53.0500 1400 aec - ok
15:08:53.0562 1400 [ 2C5C22990156A1063E19AD162191DC1D ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
15:08:53.0578 1400 AegisP ( UnsignedFile.Multi.Generic ) - warning
15:08:53.0578 1400 AegisP - detected UnsignedFile.Multi.Generic (1)
15:08:53.0656 1400 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
15:08:53.0750 1400 AFD - ok
15:08:53.0796 1400 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
15:08:53.0968 1400 agp440 - ok
15:08:53.0984 1400 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:08:54.0203 1400 agpCPQ - ok
15:08:54.0218 1400 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:08:54.0343 1400 Aha154x - ok
15:08:54.0359 1400 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:08:54.0546 1400 aic78u2 - ok
15:08:54.0578 1400 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:08:54.0796 1400 aic78xx - ok
15:08:54.0812 1400 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
15:08:55.0015 1400 Alerter - ok
15:08:55.0046 1400 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
15:08:55.0218 1400 ALG - ok
15:08:55.0234 1400 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
15:08:55.0437 1400 AliIde - ok
15:08:55.0484 1400 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:08:55.0687 1400 alim1541 - ok
15:08:55.0734 1400 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:08:55.0937 1400 amdagp - ok
15:08:55.0953 1400 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
15:08:56.0062 1400 amsint - ok
15:08:56.0203 1400 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
15:08:56.0296 1400 AntiVirSchedulerService - ok
15:08:56.0359 1400 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
15:08:56.0390 1400 AntiVirService - ok
15:08:56.0406 1400 [ EC94E05B76D033B74394E7B2175103CF ] APPDRV C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
15:08:56.0421 1400 APPDRV ( UnsignedFile.Multi.Generic ) - warning
15:08:56.0421 1400 APPDRV - detected UnsignedFile.Multi.Generic (1)
15:08:56.0437 1400 AppMgmt - ok
15:08:56.0500 1400 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
15:08:56.0703 1400 asc - ok
15:08:56.0718 1400 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:08:56.0828 1400 asc3350p - ok
15:08:56.0859 1400 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:08:57.0078 1400 asc3550 - ok
15:08:57.0203 1400 [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
15:08:57.0218 1400 aspnet_state ( UnsignedFile.Multi.Generic ) - warning
15:08:57.0218 1400 aspnet_state - detected UnsignedFile.Multi.Generic (1)
15:08:57.0281 1400 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:08:57.0453 1400 AsyncMac - ok
15:08:57.0500 1400 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
15:08:57.0671 1400 atapi - ok
15:08:57.0687 1400 Atdisk - ok
15:08:57.0734 1400 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:08:57.0906 1400 Atmarpc - ok
15:08:57.0953 1400 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
15:08:58.0156 1400 AudioSrv - ok
15:08:58.0203 1400 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
15:08:58.0421 1400 audstub - ok
15:08:58.0484 1400 [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
15:08:58.0546 1400 avgntflt - ok
15:08:58.0562 1400 [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
15:08:58.0593 1400 avipbb - ok
15:08:58.0609 1400 [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
15:08:58.0640 1400 avkmgr - ok
15:08:58.0718 1400 [ C3AB2D6954C7B5103770832A3A6A591B ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
15:08:58.0890 1400 BCM43XX - ok
15:08:58.0968 1400 [ C768C8A463D32C219CE291645A0621A4 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
15:08:59.0015 1400 bcm4sbxp - ok
15:08:59.0031 1400 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
15:08:59.0250 1400 Beep - ok
15:08:59.0312 1400 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
15:08:59.0609 1400 BITS - ok
15:08:59.0656 1400 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
15:08:59.0734 1400 Browser - ok
15:08:59.0906 1400 catchme - ok
15:08:59.0937 1400 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:09:00.0125 1400 cbidf - ok
15:09:00.0140 1400 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
15:09:00.0343 1400 cbidf2k - ok
15:09:00.0375 1400 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:09:00.0515 1400 cd20xrnt - ok
15:09:00.0578 1400 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
15:09:00.0781 1400 Cdaudio - ok
15:09:00.0859 1400 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
15:09:01.0046 1400 Cdfs - ok
15:09:01.0078 1400 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:09:01.0281 1400 Cdrom - ok
15:09:01.0281 1400 Changer - ok
15:09:01.0328 1400 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
15:09:01.0531 1400 CiSvc - ok
15:09:01.0593 1400 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
15:09:01.0796 1400 ClipSrv - ok
15:09:01.0875 1400 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:09:02.0046 1400 CmBatt - ok
15:09:02.0093 1400 [ C687F81290303D90099B027A6474F99F ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:09:02.0312 1400 CmdIde - ok
15:09:02.0359 1400 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:09:02.0546 1400 Compbatt - ok
15:09:02.0546 1400 COMSysApp - ok
15:09:02.0593 1400 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:09:02.0812 1400 Cpqarray - ok
15:09:02.0875 1400 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
15:09:03.0078 1400 CryptSvc - ok
15:09:03.0125 1400 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:09:03.0328 1400 dac2w2k - ok
15:09:03.0343 1400 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:09:03.0546 1400 dac960nt - ok
15:09:03.0609 1400 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
15:09:03.0750 1400 DcomLaunch - ok
15:09:03.0812 1400 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
15:09:04.0000 1400 Dhcp - ok
15:09:04.0000 1400 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
15:09:04.0187 1400 Disk - ok
15:09:04.0187 1400 dmadmin - ok
15:09:04.0265 1400 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
15:09:04.0562 1400 dmboot - ok
15:09:04.0609 1400 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
15:09:04.0812 1400 dmio - ok
15:09:04.0859 1400 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
15:09:05.0078 1400 dmload - ok
15:09:05.0156 1400 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
15:09:05.0343 1400 dmserver - ok
15:09:05.0390 1400 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
15:09:05.0578 1400 DMusic - ok
15:09:05.0640 1400 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
15:09:05.0765 1400 Dnscache - ok
15:09:05.0812 1400 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
15:09:06.0000 1400 Dot3svc - ok
15:09:06.0031 1400 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:09:06.0250 1400 dpti2o - ok
15:09:06.0281 1400 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
15:09:06.0484 1400 drmkaud - ok
15:09:06.0531 1400 [ E814854E6B246CCF498874839AB64D77 ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys
15:09:06.0562 1400 drvmcdb ( UnsignedFile.Multi.Generic ) - warning
15:09:06.0562 1400 drvmcdb - detected UnsignedFile.Multi.Generic (1)
15:09:06.0578 1400 [ EE83A4EBAE70BC93CF14879D062F548B ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys
15:09:06.0593 1400 drvnddm ( UnsignedFile.Multi.Generic ) - warning
15:09:06.0593 1400 drvnddm - detected UnsignedFile.Multi.Generic (1)
15:09:06.0625 1400 [ A6DE5342417FEC3C0AA8EFEBB899C431 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:09:06.0859 1400 E100B - ok
15:09:06.0906 1400 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
15:09:07.0093 1400 EapHost - ok
15:09:07.0156 1400 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
15:09:07.0359 1400 ERSvc - ok
15:09:07.0406 1400 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
15:09:07.0437 1400 Eventlog - ok
15:09:07.0531 1400 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
15:09:07.0593 1400 EventSystem - ok
15:09:07.0656 1400 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
15:09:07.0859 1400 Fastfat - ok
15:09:07.0937 1400 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:09:08.0046 1400 FastUserSwitchingCompatibility - ok
15:09:08.0125 1400 [ 08B8B302AF0D1B3B8543429BBAC8F21F ] Fax C:\WINDOWS\system32\fxssvc.exe
15:09:08.0328 1400 Fax - ok
15:09:08.0375 1400 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
15:09:08.0546 1400 Fdc - ok
15:09:08.0562 1400 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
15:09:08.0750 1400 Fips - ok
15:09:08.0796 1400 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:09:09.0000 1400 Flpydisk - ok
15:09:09.0062 1400 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
15:09:09.0250 1400 FltMgr - ok
15:09:09.0296 1400 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:09:09.0500 1400 Fs_Rec - ok
15:09:09.0578 1400 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:09:09.0765 1400 Ftdisk - ok
15:09:09.0828 1400 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:09:10.0015 1400 Gpc - ok
15:09:10.0093 1400 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
15:09:10.0125 1400 gusvc - ok
15:09:10.0203 1400 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:09:10.0375 1400 HDAudBus - ok
15:09:10.0500 1400 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:09:10.0703 1400 helpsvc - ok
15:09:10.0703 1400 HidServ - ok
15:09:10.0781 1400 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:09:10.0968 1400 HidUsb - ok
15:09:11.0031 1400 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
15:09:11.0203 1400 hkmsvc - ok
15:09:11.0250 1400 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
15:09:11.0437 1400 hpn - ok
15:09:11.0515 1400 [ 1C8CAA80E91FB71864E9426F9EED048D ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
15:09:11.0609 1400 HSFHWAZL - ok
15:09:11.0687 1400 [ 698204D9C2832E53633E53A30A53FC3D ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
15:09:11.0859 1400 HSF_DPV - ok
15:09:11.0921 1400 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
15:09:12.0015 1400 HTTP - ok
15:09:12.0062 1400 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
15:09:12.0250 1400 HTTPFilter - ok
15:09:12.0281 1400 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
15:09:12.0484 1400 i2omgmt - ok
15:09:12.0546 1400 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:09:12.0734 1400 i2omp - ok
15:09:12.0750 1400 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:09:12.0937 1400 i8042prt - ok
15:09:13.0062 1400 [ 240D0F5D7CAAFD87BD8D801A97BBE041 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
15:09:13.0328 1400 ialm - ok
15:09:13.0390 1400 [ FF9F262494FC23D77A6148D49D87D2DE ] IKFileSec C:\WINDOWS\system32\drivers\ikfilesec.sys
15:09:13.0406 1400 IKFileSec - ok
15:09:13.0468 1400 [ 7E359671FD9595ECB1B0A33FB4184B19 ] IKSysFlt C:\WINDOWS\system32\drivers\iksysflt.sys
15:09:13.0484 1400 IKSysFlt - ok
15:09:13.0500 1400 [ A44CB3CF3AF266665261A6E6C9CAC27C ] IKSysSec C:\WINDOWS\system32\drivers\iksyssec.sys
15:09:13.0515 1400 IKSysSec - ok
15:09:13.0515 1400 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
15:09:13.0734 1400 Imapi - ok
15:09:13.0781 1400 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
15:09:13.0984 1400 ImapiService - ok
15:09:14.0015 1400 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:09:14.0234 1400 ini910u - ok
15:09:14.0281 1400 [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
15:09:14.0484 1400 IntelIde - ok
15:09:14.0546 1400 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:09:14.0734 1400 intelppm - ok
15:09:14.0796 1400 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
15:09:14.0984 1400 Ip6Fw - ok
15:09:15.0046 1400 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:09:15.0265 1400 IpFilterDriver - ok
15:09:15.0296 1400 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:09:15.0468 1400 IpInIp - ok
15:09:15.0500 1400 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:09:15.0703 1400 IpNat - ok
15:09:15.0703 1400 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:09:15.0890 1400 IPSec - ok
15:09:15.0937 1400 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
15:09:16.0140 1400 IRENUM - ok
15:09:16.0156 1400 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:09:16.0359 1400 isapnp - ok
15:09:16.0421 1400 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:09:16.0625 1400 Kbdclass - ok
15:09:16.0656 1400 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
15:09:16.0843 1400 kmixer - ok
15:09:16.0859 1400 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
15:09:17.0000 1400 KSecDD - ok
15:09:17.0031 1400 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
15:09:17.0093 1400 lanmanserver - ok
15:09:17.0171 1400 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:09:17.0218 1400 lanmanworkstation - ok
15:09:17.0218 1400 lbrtfdc - ok
15:09:17.0312 1400 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
15:09:17.0484 1400 LmHosts - ok
15:09:17.0500 1400 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
15:09:17.0531 1400 mdmxsdk - ok
15:09:17.0562 1400 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
15:09:17.0750 1400 Messenger - ok
15:09:17.0765 1400 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
15:09:17.0968 1400 mnmdd - ok
15:09:18.0000 1400 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
15:09:18.0203 1400 mnmsrvc - ok
15:09:18.0265 1400 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
15:09:18.0437 1400 Modem - ok
15:09:18.0468 1400 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:09:18.0671 1400 Mouclass - ok
15:09:18.0734 1400 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:09:18.0937 1400 mouhid - ok
15:09:18.0953 1400 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
15:09:19.0156 1400 MountMgr - ok
15:09:19.0156 1400 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:09:19.0390 1400 mraid35x - ok
15:09:19.0453 1400 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:09:19.0640 1400 MRxDAV - ok
15:09:19.0734 1400 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:09:19.0890 1400 MRxSmb - ok
15:09:19.0953 1400 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
15:09:20.0140 1400 MSDTC - ok
15:09:20.0171 1400 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
15:09:20.0375 1400 Msfs - ok
15:09:20.0390 1400 MSIServer - ok
15:09:20.0437 1400 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:09:20.0609 1400 MSKSSRV - ok
15:09:20.0640 1400 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:09:20.0828 1400 MSPCLOCK - ok
15:09:20.0843 1400 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
15:09:21.0046 1400 MSPQM - ok
15:09:21.0078 1400 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:09:21.0265 1400 mssmbios - ok
15:09:21.0328 1400 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
15:09:21.0375 1400 Mup - ok
15:09:21.0421 1400 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
15:09:21.0640 1400 napagent - ok
15:09:21.0671 1400 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
15:09:21.0859 1400 NDIS - ok
15:09:21.0906 1400 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:09:21.0968 1400 NdisTapi - ok
15:09:22.0031 1400 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:09:22.0203 1400 Ndisuio - ok
15:09:22.0250 1400 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:09:22.0453 1400 NdisWan - ok
15:09:22.0515 1400 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
15:09:22.0625 1400 NDProxy - ok
15:09:22.0656 1400 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
15:09:22.0859 1400 NetBIOS - ok
15:09:22.0890 1400 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
15:09:23.0078 1400 NetBT - ok
15:09:23.0156 1400 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
15:09:23.0359 1400 NetDDE - ok
15:09:23.0359 1400 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
15:09:23.0546 1400 NetDDEdsdm - ok
15:09:23.0609 1400 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
15:09:23.0796 1400 Netlogon - ok
15:09:23.0875 1400 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
15:09:24.0078 1400 Netman - ok
15:09:24.0171 1400 [ 23EEB337BF684589D261F2359E19C72C ] NICCONFIGSVC C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
15:09:24.0203 1400 NICCONFIGSVC ( UnsignedFile.Multi.Generic ) - warning
15:09:24.0203 1400 NICCONFIGSVC - detected UnsignedFile.Multi.Generic (1)
15:09:24.0281 1400 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
15:09:24.0328 1400 Nla - ok
15:09:24.0406 1400 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
15:09:24.0578 1400 Npfs - ok
15:09:24.0656 1400 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
15:09:24.0953 1400 Ntfs - ok
15:09:24.0968 1400 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
15:09:25.0140 1400 NtLmSsp - ok
15:09:25.0203 1400 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
15:09:25.0453 1400 NtmsSvc - ok
15:09:25.0484 1400 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
15:09:25.0687 1400 Null - ok
15:09:25.0796 1400 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:09:26.0140 1400 nv - ok
15:09:26.0187 1400 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:09:26.0406 1400 NwlnkFlt - ok
15:09:26.0421 1400 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:09:26.0625 1400 NwlnkFwd - ok
15:09:26.0640 1400 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
15:09:26.0828 1400 Parport - ok
15:09:26.0875 1400 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
15:09:27.0062 1400 PartMgr - ok
15:09:27.0125 1400 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
15:09:27.0312 1400 ParVdm - ok
15:09:27.0328 1400 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
15:09:27.0531 1400 PCI - ok
15:09:27.0546 1400 PCIDump - ok
15:09:27.0609 1400 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
15:09:27.0812 1400 PCIIde - ok
15:09:27.0843 1400 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
15:09:28.0015 1400 Pcmcia - ok
15:09:28.0062 1400 [ AA9CFA67850893FBB168B9C4E4C86952 ] PCTCore C:\WINDOWS\system32\drivers\PCTCore.sys
15:09:28.0078 1400 PCTCore - ok
15:09:28.0093 1400 PDCOMP - ok
15:09:28.0093 1400 PDFRAME - ok
15:09:28.0109 1400 PDRELI - ok
15:09:28.0125 1400 PDRFRAME - ok
15:09:28.0140 1400 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
15:09:28.0390 1400 perc2 - ok
15:09:28.0421 1400 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:09:28.0640 1400 perc2hib - ok
15:09:28.0687 1400 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
15:09:28.0703 1400 PlugPlay - ok
15:09:28.0718 1400 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
15:09:28.0890 1400 PolicyAgent - ok
15:09:28.0968 1400 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:09:29.0140 1400 PptpMiniport - ok
15:09:29.0156 1400 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:09:29.0328 1400 ProtectedStorage - ok
15:09:29.0375 1400 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
15:09:29.0562 1400 PSched - ok
15:09:29.0578 1400 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:09:29.0781 1400 Ptilink - ok
15:09:29.0828 1400 [ 86724469CD077901706854974CD13C3E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:09:29.0859 1400 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
15:09:29.0859 1400 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
15:09:29.0906 1400 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:09:30.0109 1400 ql1080 - ok
15:09:30.0140 1400 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:09:30.0359 1400 Ql10wnt - ok
15:09:30.0390 1400 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:09:30.0609 1400 ql12160 - ok
15:09:30.0640 1400 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:09:30.0843 1400 ql1240 - ok
15:09:30.0859 1400 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:09:31.0078 1400 ql1280 - ok
15:09:31.0125 1400 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:09:31.0328 1400 RasAcd - ok
15:09:31.0375 1400 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
15:09:31.0578 1400 RasAuto - ok
15:09:31.0609 1400 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:09:31.0781 1400 Rasl2tp - ok
15:09:31.0843 1400 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
15:09:32.0046 1400 RasMan - ok
15:09:32.0046 1400 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:09:32.0250 1400 RasPppoe - ok
15:09:32.0281 1400 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
15:09:32.0484 1400 Raspti - ok
15:09:32.0562 1400 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:09:32.0750 1400 Rdbss - ok
15:09:32.0781 1400 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:09:32.0968 1400 RDPCDD - ok
15:09:33.0000 1400 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:09:33.0187 1400 rdpdr - ok
15:09:33.0250 1400 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
15:09:33.0312 1400 RDPWD - ok
15:09:33.0375 1400 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
15:09:33.0562 1400 RDSessMgr - ok
15:09:33.0640 1400 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
15:09:33.0828 1400 redbook - ok
15:09:33.0906 1400 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
15:09:34.0078 1400 RemoteAccess - ok
15:09:34.0140 1400 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
15:09:34.0328 1400 RpcLocator - ok
15:09:34.0390 1400 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\System32\rpcss.dll
15:09:34.0453 1400 RpcSs - ok
15:09:34.0515 1400 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
15:09:34.0718 1400 RSVP - ok
15:09:34.0734 1400 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
15:09:34.0921 1400 SamSs - ok
15:09:34.0937 1400 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
15:09:35.0140 1400 SCardSvr - ok
15:09:35.0203 1400 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
15:09:35.0390 1400 Schedule - ok
15:09:35.0531 1400 [ 2881D5C135D076BCF52B0F5AD3D8DC0B ] sdAuxService C:\Programme\Spyware Doctor\pctsAuxs.exe
15:09:35.0578 1400 sdAuxService - ok
15:09:35.0671 1400 [ 9CACA3FAD05C4B0D7967592E65B338F1 ] sdCoreService C:\Programme\Spyware Doctor\pctsSvc.exe
15:09:35.0765 1400 sdCoreService - ok
15:09:35.0812 1400 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:09:35.0984 1400 Secdrv - ok
15:09:36.0031 1400 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
15:09:36.0218 1400 seclogon - ok
15:09:36.0281 1400 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
15:09:36.0468 1400 SENS - ok
15:09:36.0531 1400 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
15:09:36.0703 1400 serenum - ok
15:09:36.0734 1400 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
15:09:36.0921 1400 Serial - ok
15:09:36.0953 1400 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
15:09:37.0156 1400 Sfloppy - ok
15:09:37.0218 1400 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
15:09:37.0421 1400 SharedAccess - ok
15:09:37.0468 1400 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:09:37.0500 1400 ShellHWDetection - ok
15:09:37.0500 1400 Simbad - ok
15:09:37.0578 1400 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:09:37.0750 1400 sisagp - ok
15:09:37.0796 1400 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:09:37.0906 1400 Sparrow - ok
15:09:37.0953 1400 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
15:09:38.0156 1400 splitter - ok
15:09:38.0218 1400 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
15:09:38.0296 1400 Spooler - ok
15:09:38.0312 1400 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
15:09:38.0500 1400 sr - ok
15:09:38.0562 1400 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
15:09:38.0765 1400 srservice - ok
15:09:38.0843 1400 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
15:09:39.0000 1400 Srv - ok
15:09:39.0062 1400 [ D7968049BE0ADBB6A57CEE3960320911 ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys
15:09:39.0093 1400 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning
15:09:39.0093 1400 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)
15:09:39.0156 1400 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
15:09:39.0359 1400 SSDPSRV - ok
15:09:39.0406 1400 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
15:09:39.0421 1400 ssmdrv - ok
15:09:39.0437 1400 [ C3FFD65ABFB6441E7606CF74F1155273 ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys
15:09:39.0468 1400 ssrtln ( UnsignedFile.Multi.Generic ) - warning
15:09:39.0468 1400 ssrtln - detected UnsignedFile.Multi.Generic (1)
15:09:39.0656 1400 [ E8606BF6BE3B7481D95F1DD2E4F3FCBA ] StarMoney 7.0 OnlineUpdate C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
15:09:39.0750 1400 StarMoney 7.0 OnlineUpdate - ok
15:09:39.0890 1400 [ E4AEA6FC64A979375149B86882CA2100 ] StarMoney 8.0 OnlineUpdate C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
15:09:39.0968 1400 StarMoney 8.0 OnlineUpdate - ok
15:09:40.0109 1400 [ E4AEA6FC64A979375149B86882CA2100 ] StarMoney Business 5.0 OnlineUpdate C:\Programme\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe
15:09:40.0203 1400 StarMoney Business 5.0 OnlineUpdate - ok
15:09:40.0328 1400 [ 0467A93B1E7FDA167E01FDEC79783154 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
15:09:40.0515 1400 STHDA - ok
15:09:40.0609 1400 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
15:09:40.0875 1400 stisvc - ok
15:09:40.0906 1400 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
15:09:41.0109 1400 swenum - ok
15:09:41.0156 1400 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
15:09:41.0343 1400 swmidi - ok
15:09:41.0359 1400 SwPrv - ok
15:09:41.0390 1400 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
15:09:41.0609 1400 symc810 - ok
15:09:41.0640 1400 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:09:41.0859 1400 symc8xx - ok
15:09:41.0890 1400 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:09:42.0109 1400 sym_hi - ok
15:09:42.0140 1400 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:09:42.0343 1400 sym_u3 - ok
15:09:42.0375 1400 [ 643B3E821A00B2B6A35CC099CB9653A1 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
15:09:42.0453 1400 SynTP - ok
15:09:42.0468 1400 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
15:09:42.0640 1400 sysaudio - ok
15:09:42.0703 1400 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
15:09:42.0906 1400 SysmonLog - ok
15:09:42.0968 1400 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
15:09:43.0171 1400 TapiSrv - ok
15:09:43.0250 1400 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:09:43.0312 1400 Tcpip - ok
15:09:43.0343 1400 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
15:09:43.0515 1400 TDPIPE - ok
15:09:43.0562 1400 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
15:09:43.0750 1400 TDTCP - ok
15:09:43.0781 1400 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
15:09:43.0953 1400 TermDD - ok
15:09:44.0046 1400 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
15:09:44.0265 1400 TermService - ok
15:09:44.0312 1400 [ 30698355067D07DA5F9EB81132C9FDD6 ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys
15:09:44.0343 1400 tfsnboio ( UnsignedFile.Multi.Generic ) - warning
15:09:44.0343 1400 tfsnboio - detected UnsignedFile.Multi.Generic (1)
15:09:44.0359 1400 [ FB9D825BB4A2ABDF24600F7505050E2B ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys
15:09:44.0359 1400 tfsncofs ( UnsignedFile.Multi.Generic ) - warning
15:09:44.0359 1400 tfsncofs - detected UnsignedFile.Multi.Generic (1)
15:09:44.0390 1400 [ CAFD8CCA11AA1E8B6D2EA1BA8F70EC33 ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys
15:09:44.0390 1400 tfsndrct ( UnsignedFile.Multi.Generic ) - warning
15:09:44.0390 1400 tfsndrct - detected UnsignedFile.Multi.Generic (1)
15:09:44.0406 1400 [ D4400188782AA797598958969C9657D4 ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys
15:09:44.0421 1400 tfsndres ( UnsignedFile.Multi.Generic ) - warning
15:09:44.0421 1400 tfsndres - detected UnsignedFile.Multi.Generic (1)
15:09:44.0437 1400 [ B92F67A71CC8176F331B8AA8D9F555AD ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys
15:09:44.0468 1400 tfsnifs ( UnsignedFile.Multi.Generic ) - warning
15:09:44.0468 1400 tfsnifs - detected UnsignedFile.Multi.Generic (1)
15:09:44.0484 1400 [ 85985FAA9A71E2358FCC2EDEFC2A3C5C ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys
15:09:44.0515 1400 tfsnopio ( UnsignedFile.Multi.Generic ) - warning
15:09:44.0515 1400 tfsnopio - detected UnsignedFile.Multi.Generic (1)
15:09:44.0531 1400 [ BBA22094F0F7C210567EFDAF11F64495 ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys
15:09:44.0546 1400 tfsnpool ( UnsignedFile.Multi.Generic ) - warning
15:09:44.0546 1400 tfsnpool - detected UnsignedFile.Multi.Generic (1)
15:09:44.0562 1400 [ 81340BEF80B9811E98CE64611E67E3FF ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys
15:09:44.0593 1400 tfsnudf ( UnsignedFile.Multi.Generic ) - warning
15:09:44.0593 1400 tfsnudf - detected UnsignedFile.Multi.Generic (1)
15:09:44.0625 1400 [ C035FD116224CCC8325F384776B6A8BB ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys
15:09:44.0656 1400 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning
15:09:44.0656 1400 tfsnudfa - detected UnsignedFile.Multi.Generic (1)
15:09:44.0671 1400 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
15:09:44.0703 1400 Themes - ok
15:09:44.0718 1400 [ D213A9247DC347F305A2D4CC9B951487 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
15:09:44.0906 1400 TosIde - ok
15:09:44.0984 1400 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
15:09:45.0156 1400 TrkWks - ok
15:09:45.0203 1400 [ F32CA4E68A075476F661DD85234CBDB5 ] U3sHlpDr C:\WINDOWS\System32\Drivers\U3sHlpDr.sys
15:09:45.0218 1400 U3sHlpDr ( UnsignedFile.Multi.Generic ) - warning
15:09:45.0218 1400 U3sHlpDr - detected UnsignedFile.Multi.Generic (1)
15:09:45.0281 1400 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
15:09:45.0468 1400 Udfs - ok
15:09:45.0484 1400 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
15:09:45.0593 1400 ultra - ok
15:09:45.0671 1400 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
15:09:45.0750 1400 UMWdf - ok
15:09:45.0828 1400 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
15:09:46.0093 1400 Update - ok
15:09:46.0171 1400 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
15:09:46.0375 1400 upnphost - ok
15:09:46.0406 1400 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
15:09:46.0593 1400 UPS - ok
15:09:46.0625 1400 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:09:46.0796 1400 usbehci - ok
15:09:46.0875 1400 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:09:47.0046 1400 usbhub - ok
15:09:47.0093 1400 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:09:47.0296 1400 usbprint - ok
15:09:47.0343 1400 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:09:47.0531 1400 USBSTOR - ok
15:09:47.0546 1400 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:09:47.0718 1400 usbuhci - ok
15:09:47.0734 1400 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
15:09:47.0921 1400 VgaSave - ok
15:09:47.0984 1400 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:09:48.0171 1400 viaagp - ok
15:09:48.0218 1400 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
15:09:48.0390 1400 ViaIde - ok
15:09:48.0421 1400 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
15:09:48.0609 1400 VolSnap - ok
15:09:48.0687 1400 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
15:09:48.0890 1400 VSS - ok
15:09:48.0968 1400 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] w32time C:\WINDOWS\system32\w32time.dll
15:09:49.0171 1400 w32time - ok
15:09:49.0203 1400 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:09:49.0390 1400 Wanarp - ok
15:09:49.0406 1400 WDICA - ok
15:09:49.0421 1400 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
15:09:49.0593 1400 wdmaud - ok
15:09:49.0656 1400 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
15:09:49.0843 1400 WebClient - ok
15:09:49.0906 1400 [ 74CF3F2E4E40C4A2E18D39D6300A5C24 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
15:09:50.0062 1400 winachsf - ok
15:09:50.0203 1400 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
15:09:50.0406 1400 winmgmt - ok
15:09:50.0421 1400 wltrysvc - ok
15:09:50.0484 1400 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
15:09:50.0531 1400 WmdmPmSN - ok
15:09:50.0562 1400 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:09:50.0750 1400 WmiApSrv - ok
15:09:50.0781 1400 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:09:51.0000 1400 WS2IFSL - ok
15:09:51.0078 1400 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
15:09:51.0265 1400 wscsvc - ok
15:09:51.0312 1400 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
15:09:51.0484 1400 wuauserv - ok
15:09:51.0578 1400 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
15:09:51.0812 1400 WZCSVC - ok
15:09:51.0890 1400 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
15:09:52.0109 1400 xmlprov - ok
15:09:52.0125 1400 ================ Scan global ===============================
15:09:52.0171 1400 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
15:09:52.0250 1400 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
15:09:52.0281 1400 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
15:09:52.0296 1400 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
15:09:52.0312 1400 [Global] - ok
15:09:52.0312 1400 ================ Scan MBR ==================================
15:09:52.0343 1400 [ 5CB90281D1A59B251F6603134774EEC3 ] \Device\Harddisk0\DR0
15:09:52.0750 1400 \Device\Harddisk0\DR0 - ok
15:09:52.0750 1400 ================ Scan VBR ==================================
15:09:52.0765 1400 [ C78FC05AF4B384F4BA85D8A68A63BA63 ] \Device\Harddisk0\DR0\Partition1
15:09:52.0765 1400 \Device\Harddisk0\DR0\Partition1 - ok
15:09:52.0765 1400 ============================================================
15:09:52.0765 1400 Scan finished
15:09:52.0765 1400 ============================================================
15:09:52.0906 3084 Detected object count: 19
15:09:52.0906 3084 Actual detected object count: 19
15:10:49.0828 3084 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
15:10:49.0828 3084 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:10:49.0828 3084 APPDRV ( UnsignedFile.Multi.Generic ) - skipped by user
15:10:49.0828 3084 APPDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:10:49.0828 3084 aspnet_state ( UnsignedFile.Multi.Generic ) - skipped by user
15:10:49.0828 3084 aspnet_state ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:10:49.0828 3084 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user
15:10:49.0828 3084 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:10:49.0843 3084 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user
15:10:49.0843 3084 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:10:49.0843 3084 NICCONFIGSVC ( UnsignedFile.Multi.Generic ) - skipped by user
15:10:49.0843 3084 NICCONFIGSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:10:49.0843 3084 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
15:10:49.0843 3084 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:10:49.0843 3084 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user
15:10:49.0843 3084 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:10:49.0843 3084 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user
15:10:49.0843 3084 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:10:49.0859 3084 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user
15:10:49.0859 3084 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:10:49.0859 3084 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user
15:10:49.0859 3084 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:10:49.0859 3084 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user
15:10:49.0859 3084 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:10:49.0859 3084 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user
15:10:49.0859 3084 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:10:49.0859 3084 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user
15:10:49.0875 3084 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:10:49.0875 3084 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user
15:10:49.0875 3084 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:10:49.0875 3084 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user
15:10:49.0875 3084 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:10:49.0875 3084 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user
15:10:49.0875 3084 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:10:49.0875 3084 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user
15:10:49.0875 3084 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:10:49.0890 3084 U3sHlpDr ( UnsignedFile.Multi.Generic ) - skipped by user
15:10:49.0890 3084 U3sHlpDr ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
31.01.2013, 15:17
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Sicherheitswarnung der Telekom wegen Hacking Was für ne Konsole meinst du?  Etwa die Eingabeaufforderung? Übrigens glaube ich, dass CF Reste vom ZeroAccess gekillt hat. Naja, eigentlich ist ab jetzt ne Neuinstallation anzuraten oder hast du jetzt was anderes vor und willst weitermachen?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.01.2013, 15:21
| #25 |
| | Sicherheitswarnung der Telekom wegen Hacking Ja - die Eingabeaufforderung meine ich (cmd.exe) Reste vom ZeroAccess? Muss ich mal googeln, was das ist. Aber Telekom schrieb ja was vom Conficker. Hast du denn den Logs was entnehmen können, ob dieser Rechner der Schuldige ist? |
|
31.01.2013, 15:23
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Sicherheitswarnung der Telekom wegen Hacking Das hier => c:\windows\system32\URTTemp hat CF gelöscht. AFAIK sieht man diesen Ordner immer bei ZAccess-Infektionen, aber naja, kann auch ein anderes Rootkit benutzt haben, wer weiß Was hast du denn jetzt vor?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.01.2013, 15:26
| #27 |
| | Sicherheitswarnung der Telekom wegen Hacking Naja - mir war wichtig zu wissen, ob dieser Laptop die Ursache für das Telekom-Schreiben ist. Kannst du das sagen? Denn wenn er es nicht ist, muss es ja ein anderer sein ... Neu aufsetzen werde ich ihn wohl so oder so - es sei denn, du sagst, der ist sauber und es ist nicht nötig ... |
|
31.01.2013, 15:32
| #28 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Sicherheitswarnung der Telekom wegen HackingZitat:
  Was bitte willst du denn noch hören?? Die Wahrscheinlichkeit ZAccess oder einem anderem Rootkit wurde doch erwähnt! Zudem ist es das einzige System was diese Konfig hat => XP mit IE7!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.01.2013, 19:55
| #29 |
| | Sicherheitswarnung der Telekom wegen Hacking Tut mir leid ... ich bin da nicht so versiert. Ich dachte, es müsste dann dieser Conficker drauf sein, von dem die Telekom geschrieben hat. Außerdem gab es ja wie erwähnt noch die 6 anderen Rechner, die auch XP haben (IE-Version weiß ich nicht) - die auch Schuld sein könnten. Wenn das so wäre, würde ich dem Besitzer dieser Computer gerne Bescheid sagen, dass er die auch lieber neu aufsetzen sollte ... Aber wenn es mit hoher Wahrscheinlichkeit meiner hier ist, dann muss er das ja nicht tun. Auf jeden Fall ein ganz dickes  für deine Geduld mit mir!Ach ja - ich habe in dem Thread mit der Anleitung zum Neuaufsetzen gelesen, dass selbst eine Formatierung der Festplatte keine 100%ige Sicherheit bringt, alle Viren zu entfernen?? Wie kann denn noch was übrig bleiben, wenn man formatiert hat? |
|
01.02.2013, 11:18
| #30 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Sicherheitswarnung der Telekom wegen HackingZitat:
Fakt ist doch, es wurde etwas gefunden und CF hat es gelöscht, nur diesen genannten Pfad hatte ich bisher immer nur mit ZeroAccess gesehen! Das eine schließt zudem auch das andere nicht aus! Zitat:
Du musst aber auch schon die gesamte Platte löschen, alle Partitionen auflösen und neu erstellen Das Windows-Setup schreibt auch idR einen neuen MBR Du kannst wenn du Windows neu installiert hast diesen aber prüfen lassen zB mit aswMBR
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Sicherheitswarnung der Telekom wegen Hacking |
| adobe, antivirus, autorun, avast, behandlung, bho, bingbar, converter, defender, email, explorer, feedback, firefox, flash player, google, home, ideapad, install.exe, logfile, monitor, mp3, object, pdf, plug-in, realtek, recycle.bin, registry, scan, security, senden, sinkhole, software, taskhost.exe, windows |
Linear-Darstellung
