Koobface + services.exe absturz pp11.exe ld12.exe etc

--------------------------------------------------------------------------------
Welcome to SanityCheck 1.02
--------------------------------------------------------------------------------

This program does a thorough check on your system to look for irregularities which are typically the work of rootkits, viruses and other malware. This software goes to great lengths to check your system for hidden processes, hidden drivers, hidden threads and detects many different types of hooks, hacks and hijacks. 

Note that certain irregularities may be the work of antivirus or another security product that you have installed. This is because security software itself often makes use of the same controversial techniques which are normally associated with malware. This is why it is recommended to first disable all antivirus, antispyware, firewall and other security software which may be running on your system. 

In case any irregularities are found the report will attempt to find a responsbile process or module and offer suggestions on how to proceed in the investigation. 

Note that although this software creates a comprehensible report it is not intended for absolute novice users who do not have not any type of idea about the software that is installed and running on their systems. 


SanityCheck will do great efforts to detect: 


Hidden processes

Processes with spoofed names

Processes attempting to appear as standard Windows processes

Processes with obviously deceptive names

Processes without product, company and description information

Valid signatures in processes and kernel modules

Intercepted system services and the modules reponsible

Intercepted kernel routines and the modules reponsible

Intercepted kernel object callout routines and the modules reponsible

Hidden drivers

Drivers with intercepted dispatch entry points





--------------------------------------------------------------------------------
Home Edition notice
--------------------------------------------------------------------------------

This version of SanityCheck is free for use at home only. If you would like to use this software at work or in a commercial environment you should get the professional edition. The professional edition of SanityCheck does a more thorough and detailed analysis than the home edition. 

To find out more information about the operations of SanityCheck, visit www.resplendence.com/sanity

To obtain technical support visit www.resplendence.com/support

To check if a newer version of SanityCheck is available, click here.


Click the Analyze button to start analyzing your system...




--------------------------------------------------------------------------------
Analysis
--------------------------------------------------------------------------------

Analyzing your system ...

Processes are running without company, product and description information

One or more processes have been detected which have not registered any company, product and description information. This is not necessarily the work of a virus or malware but does raise a flag of suspicion. It is suggested you find out what this process belongs to and why it is running on your system. 


The process wmagent.exe does not have any product, company or description information.

Information about the responsible process wmagent.exe:

file path: C:\programme\webmoney agent\wmagent.exe
Click here to do a Google search on wmagent.exe


--------------------------------------------------------------------------------


System routines are being intercepted

One or more system services are being intercepted on your system. This could be initiated by a rootkit or malware but there is also the possibility a security product is responsible for this. With the indications given you should find out if this is the work of a product that you have installed deliberately or not. Note that these SSDT hooks are very notorious because they rely on undocumented techniques and are incredibly difficult to implement right for a programmer. Even if they are installed by a legitimate product, these hooks very often are the cause of sudden unexpected reboots, blue screens, hangups and other misery. If you have more than one product installed which makes use of these techniques then your system is almost sure to be messed up. 


The module 48826291.sys is hooking the kernel to intercept base system services.

Information about the responsible module 48826291.sys:

file path: C:\WINDOWS\system32\drivers\48826291.sys
Click here to do a Google search on 48826291.sys


--------------------------------------------------------------------------------


Some driver entry points are being hijacked by other modules



Module 48826291.sys is overwriting one or more dispatch entry points of other drivers running in the system. This controversial technique could be the work of malware running in the system but it could also be the work of legitimate software. 

Information about the responsible module 48826291.sys:

file path: C:\WINDOWS\system32\drivers\48826291.sys
Click here to do a Google search on 48826291.sys


--------------------------------------------------------------------------------


Object type callout routines are hijacked

Hijacking object type callouts is a very controversial technique which is typically the work of a rootkit or other malware. There is no reason for normal software to make use of this technique. It can give the reponsbile module complete control over any type of kernel object which include files, registry keys, processes and threads. 


Object type callouts have been hijacked for the following objects: Key.


Information about the responsible module 48826291.sys:

file path: C:\WINDOWS\system32\drivers\48826291.sys
Click here to do a Google search on 48826291.sys






--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------

Irregularites have been detected which are typically the work of malware. We suggest that you locate the above mentioned files and do a search on them with Google for finding solutions to the detected problems. Possibly a virus scanner may be able to remove these problems but you can be only completely sure about a clean system if you format your harddrive and reinstall Windows from the original CD. 

As always, we suggest you use a good antivirus scanner which does not make use of any controversial techniques and always practice caution when downloading files and opening email attachments. 

Note that is is not always possible to make a clear distinction between malware and legitimate products. This is because certain legitimate products resort to agressive controversial techniques as an anti-piracy measure, to avoid debugging or for anti-competetive purposes. Antivirus or other security software may be making use of rootkit-like techniques in an attempt to hide itself from malware. Worse, such products may be involved in a controversial race along the lines of "defeat evil with its own weapons". 


About your system:

Windows version: Windows XP Service Pack 2, 5.1, build: 2600
Windows dir: C:\WINDOWS
CPU: AuthenticAMD AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ AMD586, level: 15
2 logical processors, active mask: 3
RAM: 2011607040 total

Report generated on 26.08.2009 17:44:34