| |
| |||||||
Log-Analyse und Auswertung: Vermutlich Problem mit Malware/ViursWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.03.2011, 19:48
| #1 |
 |  Vermutlich Problem mit Malware/Viurs Hallo Community, habe vermutlich ein Problem mit meinem Laptop. Festplattenleuchte blinkt neuerdings sekündlich und arbeitet ständig. Zudem kann ich ein Online- Game nicht mehr starten, was laut Forum dort auch auf einen Virus hindeuten könnte! Ich habe alle 6 Punkte der Checkliste durchgeführt. Beim Ausführen Eurunt-Setup.exe gab es allerdings Probleme! Hoffe ich könnt mir helfen! Gmer.txt kann ich nicht hochladen, da zu groß. deshalb auch hier! GMER Logfile: Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-03-05 19:27:12
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB3O
Running: g2m3e4r.exe; Driver: C:\Users\Klemens\AppData\Local\Temp\uxtdafoc.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x906C99CA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x906CBEAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x906CBF04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x906CC01A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x906CBE02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x906CBF54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x906CBE56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x906CBFC8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x906C99EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x906C97B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x906C9A12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x906CC412]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x906CA4AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x906CBEDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x906CBF2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x906CC044]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x906CBE2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x906CBF94]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x906CBE84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x906CBFF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x906CA370]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x906C9A36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x906C9A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x906C9812]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x906C994E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x906C992A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x906C9972]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x906C9A7E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x90F3A8DE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 10D 82EEE890 4 Bytes [CA, 99, 6C, 90] {RETF 0x6c99; NOP }
.text ntkrnlpa.exe!KeSetEvent + 1D1 82EEE954 8 Bytes [AC, BE, 6C, 90, 04, BF, 6C, ...] {LODSB ; MOV ESI, 0xbf04906c; INSB ; NOP }
.text ntkrnlpa.exe!KeSetEvent + 1DD 82EEE960 4 Bytes [1A, C0, 6C, 90] {SBB AL, AL; INSB ; NOP }
.text ntkrnlpa.exe!KeSetEvent + 1F5 82EEE978 4 Bytes [02, BE, 6C, 90]
.text ntkrnlpa.exe!KeSetEvent + 215 82EEE998 8 Bytes [54, BF, 6C, 90, 56, BE, 6C, ...] {PUSH ESP; MOV EDI, 0xbe56906c; INSB ; NOP }
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 830195C7 5 Bytes JMP 90F3629E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 830724F3 5 Bytes JMP 90F37D38 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 8307BE18 4 Bytes CALL 906CAE3B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 8307FA8C 4 Bytes CALL 906CAE51 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 830D3DAE 7 Bytes JMP 90F3A8E2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text c:\Program Files\CyberLink\PowerDVD8\000.fcl section is writeable [0xAA20F000, 0x2892, 0xE8000020]
.vmp2 c:\Program Files\CyberLink\PowerDVD8\000.fcl entry point in ".vmp2" section [0xAA232050]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\taskeng.exe[356] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Windows\system32\taskeng.exe[356] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\taskeng.exe[356] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\taskeng.exe[356] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\taskeng.exe[356] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\taskeng.exe[356] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\taskeng.exe[356] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\taskeng.exe[356] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\taskeng.exe[356] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\taskeng.exe[356] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\taskeng.exe[356] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 000800A8
.text C:\Windows\system32\taskeng.exe[356] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\taskeng.exe[356] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00080120
.text C:\Windows\system32\taskeng.exe[356] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\taskeng.exe[356] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0008006C
.text C:\Windows\system32\svchost.exe[380] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[380] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[380] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[380] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[380] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[380] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[380] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[380] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[380] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[380] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\wininit.exe[664] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00030030
.text C:\Windows\system32\wininit.exe[664] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0003006C
.text C:\Windows\system32\wininit.exe[664] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0005006C
.text C:\Windows\system32\wininit.exe[664] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000500A8
.text C:\Windows\system32\wininit.exe[664] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000501D4
.text C:\Windows\system32\wininit.exe[664] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000500E4
.text C:\Windows\system32\wininit.exe[664] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00050120
.text C:\Windows\system32\wininit.exe[664] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0005015C
.text C:\Windows\system32\wininit.exe[664] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00050198
.text C:\Windows\system32\wininit.exe[664] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00050030
.text C:\Windows\system32\wininit.exe[664] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 000600A8
.text C:\Windows\system32\wininit.exe[664] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 000600E4
.text C:\Windows\system32\wininit.exe[664] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00060120
.text C:\Windows\system32\wininit.exe[664] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00060030
.text C:\Windows\system32\wininit.exe[664] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0006006C
.text C:\Windows\system32\services.exe[708] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Windows\system32\services.exe[708] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\services.exe[708] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 000B006C
.text C:\Windows\system32\services.exe[708] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000B00A8
.text C:\Windows\system32\services.exe[708] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000B01D4
.text C:\Windows\system32\services.exe[708] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000B00E4
.text C:\Windows\system32\services.exe[708] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 000B0120
.text C:\Windows\system32\services.exe[708] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 000B015C
.text C:\Windows\system32\services.exe[708] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 000B0198
.text C:\Windows\system32\services.exe[708] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 000B0030
.text C:\Windows\system32\services.exe[708] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 000C00A8
.text C:\Windows\system32\services.exe[708] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 000C00E4
.text C:\Windows\system32\services.exe[708] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 000C0120
.text C:\Windows\system32\services.exe[708] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 000C0030
.text C:\Windows\system32\services.exe[708] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 000C006C
.text C:\Windows\system32\lsass.exe[720] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Windows\system32\lsass.exe[720] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\lsass.exe[720] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\lsass.exe[720] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\lsass.exe[720] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\lsass.exe[720] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\lsass.exe[720] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\lsass.exe[720] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\lsass.exe[720] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\lsass.exe[720] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\lsass.exe[720] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 000800A8
.text C:\Windows\system32\lsass.exe[720] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\lsass.exe[720] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00080120
.text C:\Windows\system32\lsass.exe[720] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\lsass.exe[720] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0008006C
.text C:\Windows\system32\lsm.exe[728] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Windows\system32\lsm.exe[728] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\lsm.exe[728] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\lsm.exe[728] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\lsm.exe[728] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\lsm.exe[728] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\lsm.exe[728] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\lsm.exe[728] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\lsm.exe[728] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\lsm.exe[728] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\svchost.exe[888] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[888] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\nvvsvc.exe[948] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00150030
.text C:\Windows\system32\nvvsvc.exe[948] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0015006C
.text C:\Windows\system32\nvvsvc.exe[948] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 001700A8
.text C:\Windows\system32\nvvsvc.exe[948] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 001700E4
.text C:\Windows\system32\nvvsvc.exe[948] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00170120
.text C:\Windows\system32\nvvsvc.exe[948] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00170030
.text C:\Windows\system32\nvvsvc.exe[948] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0017006C
.text C:\Windows\system32\nvvsvc.exe[948] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0018006C
.text C:\Windows\system32\nvvsvc.exe[948] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 001800A8
.text C:\Windows\system32\nvvsvc.exe[948] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 001801D4
.text C:\Windows\system32\nvvsvc.exe[948] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 001800E4
.text C:\Windows\system32\nvvsvc.exe[948] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00180120
.text C:\Windows\system32\nvvsvc.exe[948] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0018015C
.text C:\Windows\system32\nvvsvc.exe[948] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00180198
.text C:\Windows\system32\nvvsvc.exe[948] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00180030
.text C:\Windows\system32\svchost.exe[976] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[976] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\svchost.exe[976] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 000B00A8
.text C:\Windows\system32\svchost.exe[976] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 000B00E4
.text C:\Windows\system32\svchost.exe[976] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 000B0120
.text C:\Windows\system32\svchost.exe[976] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 000B0030
.text C:\Windows\system32\svchost.exe[976] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 000B006C
.text C:\Windows\System32\svchost.exe[1020] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Windows\System32\svchost.exe[1020] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Windows\System32\svchost.exe[1020] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\System32\svchost.exe[1020] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000700A8
.text C:\Windows\System32\svchost.exe[1020] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\System32\svchost.exe[1020] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\System32\svchost.exe[1020] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00070120
.text C:\Windows\System32\svchost.exe[1020] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0007015C
.text C:\Windows\System32\svchost.exe[1020] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00070198
.text C:\Windows\System32\svchost.exe[1020] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00070030
.text C:\Windows\System32\svchost.exe[1020] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 000F00A8
.text C:\Windows\System32\svchost.exe[1020] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 000F00E4
.text C:\Windows\System32\svchost.exe[1020] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 000F0120
.text C:\Windows\System32\svchost.exe[1020] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 000F0030
.text C:\Windows\System32\svchost.exe[1020] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 000F006C
.text C:\Windows\System32\svchost.exe[1068] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Windows\System32\svchost.exe[1068] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000700A8
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00070120
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0007015C
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00070198
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00070030
.text C:\Windows\System32\svchost.exe[1068] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 000C00A8
.text C:\Windows\System32\svchost.exe[1068] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 000C00E4
.text C:\Windows\System32\svchost.exe[1068] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 000C0120
.text C:\Windows\System32\svchost.exe[1068] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 000C0030
.text C:\Windows\System32\svchost.exe[1068] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 000C006C
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000700A8
.text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00070120
.text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0007015C
.text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00070198
.text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00070030
.text C:\Windows\System32\svchost.exe[1100] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 00BF00A8
.text C:\Windows\System32\svchost.exe[1100] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 00BF00E4
.text C:\Windows\System32\svchost.exe[1100] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00BF0120
.text C:\Windows\System32\svchost.exe[1100] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00BF0030
.text C:\Windows\System32\svchost.exe[1100] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 00BF006C
.text C:\Windows\system32\svchost.exe[1112] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[1112] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\svchost.exe[1112] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 001D00A8
.text C:\Windows\system32\svchost.exe[1112] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 001D00E4
.text C:\Windows\system32\svchost.exe[1112] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 001D0120
.text C:\Windows\system32\svchost.exe[1112] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 001D0030
.text C:\Windows\system32\svchost.exe[1112] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 001D006C
.text C:\Windows\system32\winlogon.exe[1160] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00030030
.text C:\Windows\system32\winlogon.exe[1160] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0003006C
.text C:\Windows\system32\winlogon.exe[1160] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0005006C
.text C:\Windows\system32\winlogon.exe[1160] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000500A8
.text C:\Windows\system32\winlogon.exe[1160] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000501D4
.text C:\Windows\system32\winlogon.exe[1160] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000500E4
.text C:\Windows\system32\winlogon.exe[1160] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00050120
.text C:\Windows\system32\winlogon.exe[1160] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0005015C
.text C:\Windows\system32\winlogon.exe[1160] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00050198
.text C:\Windows\system32\winlogon.exe[1160] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00050030
.text C:\Windows\system32\winlogon.exe[1160] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 000600A8
.text C:\Windows\system32\winlogon.exe[1160] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 000600E4
.text C:\Windows\system32\winlogon.exe[1160] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00060120
.text C:\Windows\system32\winlogon.exe[1160] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00060030
.text C:\Windows\system32\winlogon.exe[1160] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[1344] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[1344] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0008006C
.text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000800A8
.text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000801D4
.text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000800E4
.text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00080120
.text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0008015C
.text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00080198
.text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00080030
.text C:\Windows\system32\svchost.exe[1384] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[1384] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0017006C
.text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 001700A8
.text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 001701D4
.text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 001700E4
.text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00170120
.text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0017015C
.text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00170198
.text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00170030
.text C:\Windows\system32\svchost.exe[1384] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 00C900A8
.text C:\Windows\system32\svchost.exe[1384] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 00C900E4
.text C:\Windows\system32\svchost.exe[1384] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00C90120
.text C:\Windows\system32\svchost.exe[1384] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00C90030
.text C:\Windows\system32\svchost.exe[1384] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 00C9006C
.text C:\Windows\system32\nvvsvc.exe[1492] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00150030
.text C:\Windows\system32\nvvsvc.exe[1492] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0015006C
.text C:\Windows\system32\nvvsvc.exe[1492] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 001700A8
.text C:\Windows\system32\nvvsvc.exe[1492] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 001700E4
.text C:\Windows\system32\nvvsvc.exe[1492] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00170120
.text C:\Windows\system32\nvvsvc.exe[1492] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00170030
.text C:\Windows\system32\nvvsvc.exe[1492] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0017006C
.text C:\Windows\system32\nvvsvc.exe[1492] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0018006C
.text C:\Windows\system32\nvvsvc.exe[1492] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 001800A8
.text C:\Windows\system32\nvvsvc.exe[1492] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 001801D4
.text C:\Windows\system32\nvvsvc.exe[1492] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 001800E4
.text C:\Windows\system32\nvvsvc.exe[1492] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00180120
.text C:\Windows\system32\nvvsvc.exe[1492] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0018015C
.text C:\Windows\system32\nvvsvc.exe[1492] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00180198
.text C:\Windows\system32\nvvsvc.exe[1492] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00180030
.text C:\Windows\system32\svchost.exe[1584] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[1584] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[1584] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[1584] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[1584] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[1584] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[1584] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[1584] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[1584] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[1584] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\svchost.exe[1584] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 001300A8
.text C:\Windows\system32\svchost.exe[1584] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 001300E4
.text C:\Windows\system32\svchost.exe[1584] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00130120
.text C:\Windows\system32\svchost.exe[1584] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00130030
.text C:\Windows\system32\svchost.exe[1584] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0013006C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1716] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00150030
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1716] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0015006C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1716] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 001700A8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1716] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 001700E4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1716] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00170120
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1716] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00170030
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1716] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0017006C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1716] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0018006C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1716] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 001800A8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1716] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 001801D4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1716] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 001800E4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1716] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00180120
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1716] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0018015C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1716] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00180198
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1716] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00180030
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1788] kernel32.dll!SetUnhandledExceptionFilter 759BA84F 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Windows\system32\Dwm.exe[1948] ntdll.dll!LdrLoadDll 770893A8 3 Bytes JMP 00090030
.text C:\Windows\system32\Dwm.exe[1948] ntdll.dll!LdrLoadDll + 4 770893AC 1 Byte [89]
.text C:\Windows\system32\Dwm.exe[1948] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0009006C
.text C:\Windows\system32\Dwm.exe[1948] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 008C006C
.text C:\Windows\system32\Dwm.exe[1948] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 008C00A8
.text C:\Windows\system32\Dwm.exe[1948] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 008C01D4
.text C:\Windows\system32\Dwm.exe[1948] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 008C00E4
.text C:\Windows\system32\Dwm.exe[1948] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 008C0120
.text C:\Windows\system32\Dwm.exe[1948] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 008C015C
.text C:\Windows\system32\Dwm.exe[1948] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 008C0198
.text C:\Windows\system32\Dwm.exe[1948] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 008C0030
.text C:\Windows\system32\Dwm.exe[1948] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 008D00A8
.text C:\Windows\system32\Dwm.exe[1948] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 008D00E4
.text C:\Windows\system32\Dwm.exe[1948] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 008D0120
.text C:\Windows\system32\Dwm.exe[1948] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 008D0030
.text C:\Windows\system32\Dwm.exe[1948] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 008D006C
.text C:\Windows\Explorer.EXE[1976] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Windows\Explorer.EXE[1976] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Windows\Explorer.EXE[1976] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\Explorer.EXE[1976] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000700A8
.text C:\Windows\Explorer.EXE[1976] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\Explorer.EXE[1976] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\Explorer.EXE[1976] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00070120
.text C:\Windows\Explorer.EXE[1976] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0007015C
.text C:\Windows\Explorer.EXE[1976] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00070198
.text C:\Windows\Explorer.EXE[1976] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00070030
.text C:\Windows\Explorer.EXE[1976] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 000800A8
.text C:\Windows\Explorer.EXE[1976] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 000800E4
.text C:\Windows\Explorer.EXE[1976] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00080120
.text C:\Windows\Explorer.EXE[1976] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00080030
.text C:\Windows\Explorer.EXE[1976] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0008006C
.text C:\Windows\System32\spoolsv.exe[2028] ntdll.dll!LdrLoadDll 770893A8 3 Bytes JMP 00090030
.text C:\Windows\System32\spoolsv.exe[2028] ntdll.dll!LdrLoadDll + 4 770893AC 1 Byte [89]
.text C:\Windows\System32\spoolsv.exe[2028] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0009006C
.text C:\Windows\System32\spoolsv.exe[2028] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 000B006C
.text C:\Windows\System32\spoolsv.exe[2028] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000B00A8
.text C:\Windows\System32\spoolsv.exe[2028] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000B01D4
.text C:\Windows\System32\spoolsv.exe[2028] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000B00E4
.text C:\Windows\System32\spoolsv.exe[2028] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 000B0120
.text C:\Windows\System32\spoolsv.exe[2028] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 000B015C
.text C:\Windows\System32\spoolsv.exe[2028] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 000B0198
.text C:\Windows\System32\spoolsv.exe[2028] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 000B0030
.text C:\Windows\System32\spoolsv.exe[2028] USER32.dll!SetWindowsHookExA 75866322 3 Bytes JMP 001200A8
.text C:\Windows\System32\spoolsv.exe[2028] USER32.dll!SetWindowsHookExA + 4 75866326 1 Byte [8A]
.text C:\Windows\System32\spoolsv.exe[2028] USER32.dll!SetWindowsHookExW 758687AD 3 Bytes JMP 001200E4
.text C:\Windows\System32\spoolsv.exe[2028] USER32.dll!SetWindowsHookExW + 4 758687B1 1 Byte [8A]
.text C:\Windows\System32\spoolsv.exe[2028] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00120120
.text C:\Windows\System32\spoolsv.exe[2028] USER32.dll!SetWinEventHook 75869F3A 3 Bytes JMP 00120030
.text C:\Windows\System32\spoolsv.exe[2028] USER32.dll!SetWinEventHook + 4 75869F3E 1 Byte [8A]
.text C:\Windows\System32\spoolsv.exe[2028] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0012006C
.text C:\Windows\system32\svchost.exe[2096] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[2096] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[2096] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[2096] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[2096] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[2096] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[2096] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[2096] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[2096] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[2096] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\svchost.exe[2096] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 000D00A8
.text C:\Windows\system32\svchost.exe[2096] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 000D00E4
.text C:\Windows\system32\svchost.exe[2096] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 000D0120
.text C:\Windows\system32\svchost.exe[2096] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 000D0030
.text C:\Windows\system32\svchost.exe[2096] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 000D006C
.text C:\Windows\system32\taskeng.exe[2152] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Windows\system32\taskeng.exe[2152] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\taskeng.exe[2152] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\taskeng.exe[2152] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\taskeng.exe[2152] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\taskeng.exe[2152] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\taskeng.exe[2152] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\taskeng.exe[2152] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\taskeng.exe[2152] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\taskeng.exe[2152] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\taskeng.exe[2152] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 001800A8
.text C:\Windows\system32\taskeng.exe[2152] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 001800E4
.text C:\Windows\system32\taskeng.exe[2152] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00180120
.text C:\Windows\system32\taskeng.exe[2152] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00180030
.text C:\Windows\system32\taskeng.exe[2152] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0018006C
.text C:\Windows\system32\wbem\wmiprvse.exe[2212] ntdll.dll!LdrLoadDll 770893A8 3 Bytes JMP 00090030
.text C:\Windows\system32\wbem\wmiprvse.exe[2212] ntdll.dll!LdrLoadDll + 4 770893AC 1 Byte [89]
.text C:\Windows\system32\wbem\wmiprvse.exe[2212] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0009006C
.text C:\Windows\system32\wbem\wmiprvse.exe[2212] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 000B006C
.text C:\Windows\system32\wbem\wmiprvse.exe[2212] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000B00A8
.text C:\Windows\system32\wbem\wmiprvse.exe[2212] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000B01D4
.text C:\Windows\system32\wbem\wmiprvse.exe[2212] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000B00E4
.text C:\Windows\system32\wbem\wmiprvse.exe[2212] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 000B0120
.text C:\Windows\system32\wbem\wmiprvse.exe[2212] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 000B015C
.text C:\Windows\system32\wbem\wmiprvse.exe[2212] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 000B0198
.text C:\Windows\system32\wbem\wmiprvse.exe[2212] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 000B0030
.text C:\Windows\system32\wbem\wmiprvse.exe[2212] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 000C00A8
.text C:\Windows\system32\wbem\wmiprvse.exe[2212] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 000C00E4
.text C:\Windows\system32\wbem\wmiprvse.exe[2212] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 000C0120
.text C:\Windows\system32\wbem\wmiprvse.exe[2212] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 000C0030
.text C:\Windows\system32\wbem\wmiprvse.exe[2212] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 000C006C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2368] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00150030
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2368] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0015006C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2368] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 002700A8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2368] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 002700E4
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2368] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00270120
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2368] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00270030
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2368] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0027006C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2368] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0028006C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2368] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 002800A8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2368] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 002801D4
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2368] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 002800E4
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2368] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00280120
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2368] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0028015C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2368] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00280198
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2368] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00280030
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe[2700] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00150030
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe[2700] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0015006C
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe[2700] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0028006C
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe[2700] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 002800A8
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe[2700] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 002801D4
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe[2700] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 002800E4
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe[2700] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00280120
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe[2700] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0028015C
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe[2700] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00280198
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe[2700] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00280030
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe[2700] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 002900A8
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe[2700] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 002900E4
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe[2700] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00290120
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe[2700] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00290030
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe[2700] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0029006C
.text C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2848] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2848] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2848] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 000700A8
.text C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2848] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 000700E4
.text C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2848] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00070120
.text C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2848] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00070030
.text C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2848] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0007006C
.text C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2848] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0008006C
.text C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2848] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000800A8
.text C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2848] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000801D4
.text C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2848] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000800E4
.text C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2848] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00080120
.text C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2848] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0008015C
.text C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2848] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00080198
.text C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2848] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00080030
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe[2856] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00150030
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe[2856] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0015006C
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe[2856] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 001700A8
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe[2856] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 001700E4
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe[2856] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00170120
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe[2856] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00170030
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe[2856] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0017006C
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe[2856] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0018006C
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe[2856] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 001800A8
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe[2856] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 001801D4
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe[2856] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 001800E4
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe[2856] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00180120
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe[2856] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0018015C
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe[2856] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00180198
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe[2856] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00180030
.text C:\Windows\servicing\TrustedInstaller.exe[2892] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00080030
.text C:\Windows\servicing\TrustedInstaller.exe[2892] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0008006C
.text C:\Windows\servicing\TrustedInstaller.exe[2892] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 000A006C
.text C:\Windows\servicing\TrustedInstaller.exe[2892] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000A00A8
.text C:\Windows\servicing\TrustedInstaller.exe[2892] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000A01D4
.text C:\Windows\servicing\TrustedInstaller.exe[2892] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000A00E4
.text C:\Windows\servicing\TrustedInstaller.exe[2892] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 000A0120
.text C:\Windows\servicing\TrustedInstaller.exe[2892] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 000A015C
.text C:\Windows\servicing\TrustedInstaller.exe[2892] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 000A0198
.text C:\Windows\servicing\TrustedInstaller.exe[2892] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 000A0030
.text C:\Windows\servicing\TrustedInstaller.exe[2892] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 000B00A8
.text C:\Windows\servicing\TrustedInstaller.exe[2892] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 000B00E4
.text C:\Windows\servicing\TrustedInstaller.exe[2892] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 000B0120
.text C:\Windows\servicing\TrustedInstaller.exe[2892] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 000B0030
.text C:\Windows\servicing\TrustedInstaller.exe[2892] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 000B006C
.text C:\Program Files\Opera\Opera.exe[2944] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00060030
.text C:\Program Files\Opera\Opera.exe[2944] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0006006C
.text C:\Program Files\Opera\Opera.exe[2944] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 001700A8
.text C:\Program Files\Opera\Opera.exe[2944] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 001700E4
.text C:\Program Files\Opera\Opera.exe[2944] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00170120
.text C:\Program Files\Opera\Opera.exe[2944] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00170030
.text C:\Program Files\Opera\Opera.exe[2944] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0017006C
.text C:\Program Files\Opera\Opera.exe[2944] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0018006C
.text C:\Program Files\Opera\Opera.exe[2944] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 001800A8
.text C:\Program Files\Opera\Opera.exe[2944] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 001801D4
.text C:\Program Files\Opera\Opera.exe[2944] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 001800E4
.text C:\Program Files\Opera\Opera.exe[2944] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00180120
.text C:\Program Files\Opera\Opera.exe[2944] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0018015C
.text C:\Program Files\Opera\Opera.exe[2944] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00180198
.text C:\Program Files\Opera\Opera.exe[2944] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00180030
.text C:\Windows\system32\IoctlSvc.exe[2948] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00150030
.text C:\Windows\system32\IoctlSvc.exe[2948] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0015006C
.text C:\Windows\system32\IoctlSvc.exe[2948] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0017006C
.text C:\Windows\system32\IoctlSvc.exe[2948] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 001700A8
.text C:\Windows\system32\IoctlSvc.exe[2948] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 001701D4
.text C:\Windows\system32\IoctlSvc.exe[2948] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 001700E4
.text C:\Windows\system32\IoctlSvc.exe[2948] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00170120
.text C:\Windows\system32\IoctlSvc.exe[2948] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0017015C
.text C:\Windows\system32\IoctlSvc.exe[2948] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00170198
.text C:\Windows\system32\IoctlSvc.exe[2948] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00170030
.text C:\Windows\system32\IoctlSvc.exe[2948] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 001800A8
.text C:\Windows\system32\IoctlSvc.exe[2948] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 001800E4
.text C:\Windows\system32\IoctlSvc.exe[2948] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00180120
.text C:\Windows\system32\IoctlSvc.exe[2948] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00180030
.text C:\Windows\system32\IoctlSvc.exe[2948] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0018006C
.text C:\Windows\system32\svchost.exe[2960] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[2960] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[2960] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[2960] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[2960] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[2960] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[2960] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[2960] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[2960] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[2960] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\svchost.exe[2960] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 001800A8
.text C:\Windows\system32\svchost.exe[2960] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 001800E4
.text C:\Windows\system32\svchost.exe[2960] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00180120
.text C:\Windows\system32\svchost.exe[2960] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00180030
.text C:\Windows\system32\svchost.exe[2960] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0018006C
.text C:\Windows\system32\svchost.exe[2976] ntdll.dll!LdrLoadDll 770893A8 3 Bytes JMP 00090030
.text C:\Windows\system32\svchost.exe[2976] ntdll.dll!LdrLoadDll + 4 770893AC 1 Byte [89]
.text C:\Windows\system32\svchost.exe[2976] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0009006C
.text C:\Windows\system32\svchost.exe[2976] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 000B006C
.text C:\Windows\system32\svchost.exe[2976] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000B00A8
.text C:\Windows\system32\svchost.exe[2976] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000B01D4
.text C:\Windows\system32\svchost.exe[2976] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000B00E4
.text C:\Windows\system32\svchost.exe[2976] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 000B0120
.text C:\Windows\system32\svchost.exe[2976] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 000B015C
.text C:\Windows\system32\svchost.exe[2976] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 000B0198
.text C:\Windows\system32\svchost.exe[2976] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 000B0030
.text C:\Windows\System32\svchost.exe[3004] ntdll.dll!LdrLoadDll 770893A8 3 Bytes JMP 00090030
.text C:\Windows\System32\svchost.exe[3004] ntdll.dll!LdrLoadDll + 4 770893AC 1 Byte [89]
.text C:\Windows\System32\svchost.exe[3004] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0009006C
.text C:\Windows\System32\svchost.exe[3004] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 000B006C
.text C:\Windows\System32\svchost.exe[3004] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000B00A8
.text C:\Windows\System32\svchost.exe[3004] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000B01D4
.text C:\Windows\System32\svchost.exe[3004] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000B00E4
.text C:\Windows\System32\svchost.exe[3004] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 000B0120
.text C:\Windows\System32\svchost.exe[3004] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 000B015C
.text C:\Windows\System32\svchost.exe[3004] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 000B0198
.text C:\Windows\System32\svchost.exe[3004] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 000B0030
.text C:\Windows\system32\SearchIndexer.exe[3028] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Windows\system32\SearchIndexer.exe[3028] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\SearchIndexer.exe[3028] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\SearchIndexer.exe[3028] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\SearchIndexer.exe[3028] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\SearchIndexer.exe[3028] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\SearchIndexer.exe[3028] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\SearchIndexer.exe[3028] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\SearchIndexer.exe[3028] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\SearchIndexer.exe[3028] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\SearchIndexer.exe[3028] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 000900A8
.text C:\Windows\system32\SearchIndexer.exe[3028] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 000900E4
.text C:\Windows\system32\SearchIndexer.exe[3028] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00090120
.text C:\Windows\system32\SearchIndexer.exe[3028] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00090030
.text C:\Windows\system32\SearchIndexer.exe[3028] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0009006C
.text C:\Users\Klemens\Desktop\g2m3e4r.exe[3324] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00150030
.text C:\Users\Klemens\Desktop\g2m3e4r.exe[3324] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0015006C
.text C:\Users\Klemens\Desktop\g2m3e4r.exe[3324] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0019006C
.text C:\Users\Klemens\Desktop\g2m3e4r.exe[3324] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 001900A8
.text C:\Users\Klemens\Desktop\g2m3e4r.exe[3324] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 001901D4
.text C:\Users\Klemens\Desktop\g2m3e4r.exe[3324] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 001900E4
.text C:\Users\Klemens\Desktop\g2m3e4r.exe[3324] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00190120
.text C:\Users\Klemens\Desktop\g2m3e4r.exe[3324] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0019015C
.text C:\Users\Klemens\Desktop\g2m3e4r.exe[3324] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00190198
.text C:\Users\Klemens\Desktop\g2m3e4r.exe[3324] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00190030
.text C:\Users\Klemens\Desktop\g2m3e4r.exe[3324] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 001A00A8
.text C:\Users\Klemens\Desktop\g2m3e4r.exe[3324] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 001A00E4
.text C:\Users\Klemens\Desktop\g2m3e4r.exe[3324] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 001A0120
.text C:\Users\Klemens\Desktop\g2m3e4r.exe[3324] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 001A0030
.text C:\Users\Klemens\Desktop\g2m3e4r.exe[3324] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 001A006C
.text C:\Windows\system32\wbem\unsecapp.exe[3500] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00060030
.text C:\Windows\system32\wbem\unsecapp.exe[3500] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0006006C
.text C:\Windows\system32\wbem\unsecapp.exe[3500] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\wbem\unsecapp.exe[3500] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\wbem\unsecapp.exe[3500] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\wbem\unsecapp.exe[3500] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\wbem\unsecapp.exe[3500] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\wbem\unsecapp.exe[3500] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\wbem\unsecapp.exe[3500] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\wbem\unsecapp.exe[3500] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\wbem\unsecapp.exe[3500] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 000800A8
.text C:\Windows\system32\wbem\unsecapp.exe[3500] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\wbem\unsecapp.exe[3500] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00080120
.text C:\Windows\system32\wbem\unsecapp.exe[3500] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\wbem\unsecapp.exe[3500] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0008006C
.text C:\Program Files\Launch Manager\LManager.exe[3528] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Program Files\Launch Manager\LManager.exe[3528] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Program Files\Launch Manager\LManager.exe[3528] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0013006C
.text C:\Program Files\Launch Manager\LManager.exe[3528] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 001300A8
.text C:\Program Files\Launch Manager\LManager.exe[3528] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 001301D4
.text C:\Program Files\Launch Manager\LManager.exe[3528] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 001300E4
.text C:\Program Files\Launch Manager\LManager.exe[3528] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00130120
.text C:\Program Files\Launch Manager\LManager.exe[3528] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0013015C
.text C:\Program Files\Launch Manager\LManager.exe[3528] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00130198
.text C:\Program Files\Launch Manager\LManager.exe[3528] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00130030
.text C:\Program Files\Launch Manager\LManager.exe[3528] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 001400A8
.text C:\Program Files\Launch Manager\LManager.exe[3528] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 001400E4
.text C:\Program Files\Launch Manager\LManager.exe[3528] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00140120
.text C:\Program Files\Launch Manager\LManager.exe[3528] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00140030
.text C:\Program Files\Launch Manager\LManager.exe[3528] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0014006C
.text C:\Windows\system32\wbem\wmiprvse.exe[3640] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Windows\system32\wbem\wmiprvse.exe[3640] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\wbem\wmiprvse.exe[3640] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\wbem\wmiprvse.exe[3640] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\wbem\wmiprvse.exe[3640] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\wbem\wmiprvse.exe[3640] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\wbem\wmiprvse.exe[3640] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\wbem\wmiprvse.exe[3640] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\wbem\wmiprvse.exe[3640] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\wbem\wmiprvse.exe[3640] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\wbem\wmiprvse.exe[3640] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 000800A8
.text C:\Windows\system32\wbem\wmiprvse.exe[3640] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\wbem\wmiprvse.exe[3640] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00080120
.text C:\Windows\system32\wbem\wmiprvse.exe[3640] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\wbem\wmiprvse.exe[3640] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0008006C
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe[3652] ntdll.dll!LdrLoadDll 770893A8 3 Bytes JMP 00090030
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe[3652] ntdll.dll!LdrLoadDll + 4 770893AC 1 Byte [89]
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe[3652] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0009006C
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe[3652] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 000C006C
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe[3652] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000C00A8
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe[3652] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000C01D4
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe[3652] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000C00E4
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe[3652] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 000C0120
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe[3652] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 000C015C
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe[3652] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 000C0198
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe[3652] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 000C0030
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe[3652] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 000D00A8
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe[3652] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 000D00E4
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe[3652] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 000D0120
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe[3652] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 000D0030
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe[3652] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 000D006C
.text C:\Program Files\CyberLink\Shared files\brs.exe[3664] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00140030
.text C:\Program Files\CyberLink\Shared files\brs.exe[3664] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0014006C
.text C:\Program Files\CyberLink\Shared files\brs.exe[3664] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 001700A8
.text C:\Program Files\CyberLink\Shared files\brs.exe[3664] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 001700E4
.text C:\Program Files\CyberLink\Shared files\brs.exe[3664] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00170120
.text C:\Program Files\CyberLink\Shared files\brs.exe[3664] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00170030
.text C:\Program Files\CyberLink\Shared files\brs.exe[3664] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0017006C
.text C:\Program Files\CyberLink\Shared files\brs.exe[3664] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0018006C
.text C:\Program Files\CyberLink\Shared files\brs.exe[3664] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 001800A8
.text C:\Program Files\CyberLink\Shared files\brs.exe[3664] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 001801D4
.text C:\Program Files\CyberLink\Shared files\brs.exe[3664] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 001800E4
.text C:\Program Files\CyberLink\Shared files\brs.exe[3664] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00180120
.text C:\Program Files\CyberLink\Shared files\brs.exe[3664] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0018015C
.text C:\Program Files\CyberLink\Shared files\brs.exe[3664] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00180198
.text C:\Program Files\CyberLink\Shared files\brs.exe[3664] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00180030
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3696] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00160030
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3696] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0016006C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3696] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0017006C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3696] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 001700A8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3696] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 001701D4
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3696] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 001700E4
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3696] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00170120
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3696] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0017015C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3696] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00170198
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3696] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00170030
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3696] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 001800A8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3696] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 001800E4
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3696] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00180120
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3696] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00180030
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3696] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0018006C
.text C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe[3712] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00150030
.text C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe[3712] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0015006C
.text C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe[3712] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 001700A8
.text C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe[3712] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 001700E4
.text C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe[3712] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00170120
.text C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe[3712] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00170030
.text C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe[3712] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0017006C
.text C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe[3712] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0018006C
.text C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe[3712] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 001800A8
.text C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe[3712] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 001801D4
.text C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe[3712] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 001800E4
.text C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe[3712] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00180120
.text C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe[3712] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0018015C
.text C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe[3712] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00180198
.text C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe[3712] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00180030
.text C:\Windows\ehome\ehtray.exe[3724] ntdll.dll!LdrLoadDll 770893A8 3 Bytes JMP 00090030
.text C:\Windows\ehome\ehtray.exe[3724] ntdll.dll!LdrLoadDll + 4 770893AC 1 Byte [89]
.text C:\Windows\ehome\ehtray.exe[3724] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0009006C
.text C:\Windows\ehome\ehtray.exe[3724] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 000B006C
.text C:\Windows\ehome\ehtray.exe[3724] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000B00A8
.text C:\Windows\ehome\ehtray.exe[3724] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000B01D4
.text C:\Windows\ehome\ehtray.exe[3724] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000B00E4
.text C:\Windows\ehome\ehtray.exe[3724] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 000B0120
.text C:\Windows\ehome\ehtray.exe[3724] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 000B015C
.text C:\Windows\ehome\ehtray.exe[3724] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 000B0198
.text C:\Windows\ehome\ehtray.exe[3724] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 000B0030
.text C:\Windows\ehome\ehtray.exe[3724] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 000C00A8
.text C:\Windows\ehome\ehtray.exe[3724] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 000C00E4
.text C:\Windows\ehome\ehtray.exe[3724] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 000C0120
.text C:\Windows\ehome\ehtray.exe[3724] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 000C0030
.text C:\Windows\ehome\ehtray.exe[3724] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 000C006C
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3732] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3732] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3732] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0007006C
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3732] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000700A8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3732] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000701D4
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3732] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000700E4
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3732] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00070120
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3732] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0007015C
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3732] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00070198
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3732] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00070030
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3732] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 000800A8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3732] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 000800E4
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3732] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00080120
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3732] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00080030
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3732] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0008006C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3848] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00040030
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3848] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0004006C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3848] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0006006C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3848] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000600A8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3848] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000601D4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3848] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000600E4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3848] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00060120
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3848] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0006015C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3848] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00060198
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3848] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00060030
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3848] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 000700A8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3848] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 000700E4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3848] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00070120
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3848] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00070030
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3848] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0007006C
.text C:\Windows\ehome\ehmsas.exe[3860] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00040030
.text C:\Windows\ehome\ehmsas.exe[3860] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0004006C
.text C:\Windows\ehome\ehmsas.exe[3860] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\ehome\ehmsas.exe[3860] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000700A8
.text C:\Windows\ehome\ehmsas.exe[3860] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\ehome\ehmsas.exe[3860] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\ehome\ehmsas.exe[3860] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00070120
.text C:\Windows\ehome\ehmsas.exe[3860] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0007015C
.text C:\Windows\ehome\ehmsas.exe[3860] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00070198
.text C:\Windows\ehome\ehmsas.exe[3860] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00070030
.text C:\Windows\ehome\ehmsas.exe[3860] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 000800A8
.text C:\Windows\ehome\ehmsas.exe[3860] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 000800E4
.text C:\Windows\ehome\ehmsas.exe[3860] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00080120
.text C:\Windows\ehome\ehmsas.exe[3860] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00080030
.text C:\Windows\ehome\ehmsas.exe[3860] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0008006C
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe[3920] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00160030
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe[3920] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0016006C
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe[3920] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 002C00A8
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe[3920] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 002C00E4
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe[3920] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 002C0120
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe[3920] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 002C0030
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe[3920] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 002C006C
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe[3920] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 002E006C
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe[3920] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 002E00A8
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe[3920] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 002E01D4
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe[3920] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 002E00E4
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe[3920] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 002E0120
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe[3920] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 002E015C
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe[3920] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 002E0198
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe[3920] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 002E0030
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \FileSystem\fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Defogger log: defogger_disable by jpshortstuff (23.02.10.1) Log created at 18:25 on 05/03/2011 (Klemens) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Malware hatte nichts gefunden |
|
07.03.2011, 11:36
| #2 |
| /// Malware-holic   | Vermutlich Problem mit Malware/Viurs hi,
__________________es fehlt otl.txt
__________________ |
|
07.03.2011, 13:18
| #3 |
| | Vermutlich Problem mit Malware/Viurs stimmt, hatte ich irgendwie vergessen!
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 05.03.2011 19:28:21 - Run 1 OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Klemens\Desktop\MFTools Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 151,49 Gb Total Space | 96,51 Gb Free Space | 63,71% Space Free | Partition Type: NTFS Drive E: | 136,83 Gb Total Space | 94,46 Gb Free Space | 69,03% Space Free | Partition Type: NTFS Computer Name: KLEMENS-PC | User Name: Klemens | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.03.05 18:06:07 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Klemens\Desktop\MFTools\OTL.exe PRC - [2011.02.23 16:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2011.02.23 16:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2011.01.27 18:02:17 | 000,943,472 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2009.06.23 16:19:14 | 000,711,200 | ---- | M] (Acer Incorporated) -- C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe PRC - [2009.06.23 16:19:14 | 000,707,104 | ---- | M] (Acer Incorporated) -- C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe PRC - [2009.06.23 16:19:12 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe PRC - [2009.05.26 14:26:20 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.03.18 09:46:30 | 001,160,736 | ---- | M] (Acer Incorporated) -- C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe PRC - [2009.03.06 23:48:52 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared files\brs.exe PRC - [2009.02.19 04:42:50 | 000,866,824 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe PRC - [2008.11.06 04:53:58 | 000,474,168 | ---- | M] (Conexant Systems, Inc.) -- C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe ========== Modules (SafeList) ========== MOD - [2011.03.05 18:06:07 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Klemens\Desktop\MFTools\OTL.exe MOD - [2011.02.23 16:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll MOD - [2011.02.23 16:04:11 | 000,122,512 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\ashShell.dll MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll MOD - [2010.05.04 20:13:07 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll MOD - [2009.06.23 16:19:38 | 000,215,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\SysHook.dll MOD - [2008.01.21 03:25:01 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll ========== Win32 Services (SafeList) ========== SRV - [2011.02.23 16:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2010.11.10 16:34:32 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.09.29 17:47:00 | 004,032,992 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2009.06.23 16:19:14 | 000,707,104 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe -- (ePowerSvc) SRV - [2009.05.26 14:26:20 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0) ========== Driver Services (SafeList) ========== DRV - [2011.02.23 15:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011.02.23 15:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011.02.23 15:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011.02.23 15:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011.02.23 15:55:03 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2011.02.23 15:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2009.06.22 14:50:00 | 009,753,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.05.01 06:43:34 | 000,064,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2009.03.17 19:28:50 | 000,452,096 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2009.03.06 13:48:38 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/07/31 17:24:47] [Kernel | Auto | Running] -- c:\Program Files\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) DRV - [2008.12.29 18:51:14 | 003,715,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008.09.04 05:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM) DRV - [2008.04.01 15:48:14 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2007.05.02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm) DRV - [2007.05.02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl) DRV - [2007.05.02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {22e03916-85c5-44b0-8dc9-1830c11238d9} - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.2.0 FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.52 FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:2.0 FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.5.8.6 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.03 18:59:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.03 18:59:21 | 000,000,000 | ---D | M] [2010.06.30 14:40:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Klemens\AppData\Roaming\mozilla\Extensions [2011.03.02 20:21:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Klemens\AppData\Roaming\mozilla\Firefox\Profiles\j25cexvw.default\extensions [2010.07.08 15:25:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Klemens\AppData\Roaming\mozilla\Firefox\Profiles\j25cexvw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.02.27 23:43:00 | 000,000,000 | ---D | M] (Winload Toolbar) -- C:\Users\Klemens\AppData\Roaming\mozilla\Firefox\Profiles\j25cexvw.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} [2010.11.25 19:28:35 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Klemens\AppData\Roaming\mozilla\Firefox\Profiles\j25cexvw.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.11.25 18:49:10 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Klemens\AppData\Roaming\mozilla\Firefox\Profiles\j25cexvw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.02.27 21:32:19 | 000,000,000 | ---D | M] ("BitDefender QuickScan") -- C:\Users\Klemens\AppData\Roaming\mozilla\Firefox\Profiles\j25cexvw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2011.02.27 23:42:57 | 000,000,000 | ---D | M] (Mein Gutscheincode Finder) -- C:\Users\Klemens\AppData\Roaming\mozilla\Firefox\Profiles\j25cexvw.default\extensions\finder@meingutscheincode.de [2011.03.02 00:25:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.02.16 15:23:43 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.12.31 16:18:21 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de [2010.12.09 11:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll [2010.11.17 14:37:24 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.11.17 14:37:24 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.11.17 14:37:24 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.11.17 14:37:24 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.11.17 14:37:24 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - No CLSID value found. O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {22E03916-85C5-44B0-8DC9-1830C11238D9} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.) O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe (Acer Incorporated) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [BDRegion] c:\Program Files\CyberLink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files\CyberLink\PowerDVD8\Language\Language.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe (Acer Incorporated) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Klemens\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: BackupManagerTray - hkey= - key= - C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.) MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - File not found MsConfig - StartUpReg: RemoteControl8 - hkey= - key= - c:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) MsConfig - StartUpReg: swg - hkey= - key= - File not found MsConfig - StartUpReg: VideoWebCamera - hkey= - key= - C:\Program Files\VideoWebCamera\VideoWebCamera.exe (Suyin) MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.03.05 18:27:07 | 000,000,000 | R--D | C] -- C:\Users\Klemens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8 [2011.03.05 18:04:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.03.05 18:04:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.03.05 18:04:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.03.05 17:29:02 | 000,000,000 | ---D | C] -- C:\Users\Klemens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ShotOnline [2011.03.05 17:28:40 | 000,000,000 | ---D | C] -- C:\Program Files\ShotOnline [2011.03.05 15:32:46 | 000,000,000 | ---D | C] -- C:\Users\Klemens\AppData\Local\PMB Files [2011.03.05 15:32:42 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2011.02.28 17:59:14 | 000,000,000 | ---D | C] -- C:\Users\Klemens\AppData\Roaming\Malwarebytes [2011.02.28 17:57:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.02.28 17:57:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.02.28 17:55:23 | 000,000,000 | ---D | C] -- C:\Users\Klemens\Desktop\MFTools [2011.02.27 23:53:47 | 000,114,176 | ---- | C] (CPUID) -- C:\Windows\System32\PCWizard.cpl [2011.02.27 23:53:47 | 000,000,000 | ---D | C] -- C:\Windows\Java [2011.02.27 23:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID [2011.02.27 23:53:45 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID [2011.02.27 23:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\Winload [2011.02.27 22:17:10 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2011.02.27 21:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\GeCAD [2011.02.27 21:32:24 | 000,000,000 | ---D | C] -- C:\Users\Klemens\AppData\Roaming\QuickScan [2011.02.27 20:56:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AntiSpyInfo [2011.02.27 20:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI [2011.02.27 20:22:16 | 000,000,000 | ---D | C] -- C:\Users\Klemens\AppData\Roaming\Uniblue [2011.02.27 20:21:03 | 000,000,000 | ---D | C] -- C:\Users\Klemens\AppData\Local\PackageAware [2011.02.27 19:17:51 | 000,371,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2011.02.27 12:10:02 | 000,000,000 | R--D | C] -- C:\Users\Klemens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8(34) [2011.02.22 23:07:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2011.02.22 20:42:23 | 000,000,000 | ---D | C] -- C:\Users\Klemens\AppData\Roaming\Zyywgo [2011.02.17 23:30:17 | 000,000,000 | ---D | C] -- C:\Users\Klemens\Desktop\Minimal, Electro, Dub [2011.02.16 15:23:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011.02.16 15:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2011.02.14 00:06:19 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices [2011.02.13 23:48:52 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011.02.13 23:01:32 | 000,000,000 | R--D | C] -- C:\Users\Klemens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8(17) [2011.02.13 22:39:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN [2011.02.13 22:39:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES [2011.02.13 22:39:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES [2011.02.13 22:19:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders [2011.02.12 16:59:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.02.12 16:59:29 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.02.12 16:17:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2011.02.12 16:17:48 | 000,301,528 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2011.02.12 16:17:48 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2011.02.12 16:17:48 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2011.02.12 16:17:47 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2011.02.12 16:17:46 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2011.02.12 16:16:08 | 000,040,648 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2011.02.12 16:16:07 | 000,190,016 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2011.02.12 16:15:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software [2011.02.12 16:15:56 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software [2011.02.12 13:44:10 | 000,000,000 | R--D | C] -- C:\Users\Klemens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8(24) [2011.02.11 10:16:56 | 000,000,000 | R--D | C] -- C:\Users\Klemens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8(29) [2011.02.10 11:48:39 | 000,000,000 | -H-D | C] -- C:\Recycle.Bin [2009.06.16 13:03:56 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll ========== Files - Modified Within 30 Days ========== [2011.03.05 19:03:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.03.05 18:28:43 | 000,130,351 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.03.05 18:28:43 | 000,130,351 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.03.05 18:27:07 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.03.05 18:27:04 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.03.05 18:27:03 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.03.05 18:26:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.03.05 18:26:05 | 3215,818,752 | -HS- | M] () -- C:\hiberfil.sys [2011.03.05 18:23:46 | 000,000,000 | ---- | M] () -- C:\Users\Klemens\defogger_reenable [2011.03.05 18:20:35 | 000,001,726 | ---- | M] () -- C:\Users\Klemens\Documents\cc_20110305_182026.reg [2011.03.05 18:06:55 | 000,296,448 | ---- | M] () -- C:\Users\Klemens\Desktop\g2m3e4r.exe [2011.03.05 18:06:52 | 000,050,477 | ---- | M] () -- C:\Users\Klemens\Desktop\defogger.exe [2011.03.05 18:04:17 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.05 17:33:50 | 000,000,788 | ---- | M] () -- C:\Users\Klemens\Desktop\ShotOnline.lnk [2011.03.05 17:12:49 | 713,940,194 | ---- | M] () -- C:\Users\Klemens\Desktop\ShotOnlineClient_GER_COM_1231.exe [2011.03.05 15:31:30 | 002,023,792 | ---- | M] () -- C:\Users\Klemens\Desktop\ShotOnline_GER_COM_1231_Downloader.exe [2011.03.04 12:26:31 | 000,002,591 | ---- | M] () -- C:\Users\Klemens\Desktop\Microsoft Office Word 2007.lnk [2011.03.04 12:02:59 | 000,001,746 | ---- | M] () -- C:\Users\Klemens\Desktop\Trillian.lnk [2011.03.03 19:01:31 | 000,000,036 | ---- | M] () -- C:\Users\Klemens\AppData\Local\housecall.guid.cache [2011.03.02 19:21:26 | 000,015,689 | ---- | M] () -- C:\Users\Klemens\Desktop\show.account.turnovers.pdf.pdf [2011.03.01 12:47:28 | 000,019,456 | ---- | M] () -- C:\Users\Klemens\AppData\Local\WebpageIcons.db [2011.02.28 17:55:04 | 000,472,080 | ---- | M] () -- C:\Users\Klemens\Desktop\Load.exe [2011.02.28 11:20:58 | 000,001,278 | ---- | M] () -- C:\Users\Klemens\Documents\cc_20110228_112055.reg [2011.02.28 00:04:51 | 000,004,096 | ---- | M] () -- C:\Windows\d3dx.dat [2011.02.27 23:53:47 | 000,000,837 | ---- | M] () -- C:\Users\Klemens\Desktop\PC Wizard 2010.lnk [2011.02.27 22:22:43 | 000,132,597 | ---- | M] () -- C:\Users\Klemens\Desktop\Flash_Disinfector.exe [2011.02.27 21:30:21 | 000,000,460 | ---- | M] () -- C:\Users\Klemens\Documents\cc_20110227_213018.reg [2011.02.27 19:17:51 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2011.02.27 19:16:10 | 000,004,184 | ---- | M] () -- C:\Users\Klemens\Documents\cc_20110227_191607.reg [2011.02.27 12:41:11 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2011.02.25 17:08:34 | 006,992,790 | ---- | M] () -- C:\Users\Klemens\Desktop\Anleitung_ArcGIS.pdf [2011.02.23 16:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2011.02.23 16:04:17 | 000,190,016 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2011.02.23 15:56:55 | 000,371,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2011.02.23 15:56:45 | 000,301,528 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2011.02.23 15:55:49 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2011.02.23 15:55:10 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2011.02.23 15:55:03 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2011.02.23 15:54:55 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2011.02.16 15:23:23 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2011.02.14 13:04:40 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.02.14 13:04:39 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.02.14 13:04:39 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.02.14 13:04:39 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.02.14 11:09:24 | 000,000,736 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk [2011.02.14 00:06:09 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2011.02.14 00:06:01 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2011.02.13 22:43:23 | 000,359,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.02.13 03:03:31 | 000,000,127 | ---- | M] () -- C:\Windows\System32\MRT.INI [2011.02.12 17:23:22 | 000,003,208 | ---- | M] () -- C:\Users\Klemens\Documents\cc_20110212_172318.reg [2011.02.12 17:06:44 | 000,000,316 | ---- | M] () -- C:\Users\Klemens\Documents\cc_20110212_170642.reg [2011.02.12 17:06:12 | 000,002,566 | ---- | M] () -- C:\Users\Klemens\Documents\cc_20110212_170609.reg [2011.02.12 17:05:21 | 000,168,426 | ---- | M] () -- C:\Users\Klemens\Documents\cc_20110212_170501.reg [2011.02.12 16:59:31 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.02.03 20:25:36 | 001,559,980 | ---- | M] () -- C:\Users\Klemens\Desktop\Final.pdf ========== Files Created - No Company Name ========== [2011.03.05 18:23:46 | 000,000,000 | ---- | C] () -- C:\Users\Klemens\defogger_reenable [2011.03.05 18:20:32 | 000,001,726 | ---- | C] () -- C:\Users\Klemens\Documents\cc_20110305_182026.reg [2011.03.05 18:04:17 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.05 18:02:52 | 000,296,448 | ---- | C] () -- C:\Users\Klemens\Desktop\g2m3e4r.exe [2011.03.05 18:02:51 | 000,050,477 | ---- | C] () -- C:\Users\Klemens\Desktop\defogger.exe [2011.03.05 17:33:50 | 000,000,788 | ---- | C] () -- C:\Users\Klemens\Desktop\ShotOnline.lnk [2011.03.05 17:21:49 | 713,940,194 | ---- | C] () -- C:\Users\Klemens\Desktop\ShotOnlineClient_GER_COM_1231.exe [2011.03.05 15:31:12 | 002,023,792 | ---- | C] () -- C:\Users\Klemens\Desktop\ShotOnline_GER_COM_1231_Downloader.exe [2011.03.03 19:01:31 | 000,000,036 | ---- | C] () -- C:\Users\Klemens\AppData\Local\housecall.guid.cache [2011.03.02 19:21:26 | 000,015,689 | ---- | C] () -- C:\Users\Klemens\Desktop\show.account.turnovers.pdf.pdf [2011.02.28 17:55:04 | 000,472,080 | ---- | C] () -- C:\Users\Klemens\Desktop\Load.exe [2011.02.28 11:20:57 | 000,001,278 | ---- | C] () -- C:\Users\Klemens\Documents\cc_20110228_112055.reg [2011.02.28 00:04:51 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2011.02.27 23:53:47 | 000,000,837 | ---- | C] () -- C:\Users\Klemens\Desktop\PC Wizard 2010.lnk [2011.02.27 22:17:49 | 000,132,597 | ---- | C] () -- C:\Users\Klemens\Desktop\Flash_Disinfector.exe [2011.02.27 21:30:20 | 000,000,460 | ---- | C] () -- C:\Users\Klemens\Documents\cc_20110227_213018.reg [2011.02.27 19:16:08 | 000,004,184 | ---- | C] () -- C:\Users\Klemens\Documents\cc_20110227_191607.reg [2011.02.25 17:08:34 | 006,992,790 | ---- | C] () -- C:\Users\Klemens\Desktop\Anleitung_ArcGIS.pdf [2011.02.22 23:03:59 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2011.02.22 23:03:58 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2011.02.22 23:03:58 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2011.02.14 00:06:09 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2011.02.14 00:06:01 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2011.02.13 03:03:31 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI [2011.02.12 17:23:20 | 000,003,208 | ---- | C] () -- C:\Users\Klemens\Documents\cc_20110212_172318.reg [2011.02.12 17:06:43 | 000,000,316 | ---- | C] () -- C:\Users\Klemens\Documents\cc_20110212_170642.reg [2011.02.12 17:06:10 | 000,002,566 | ---- | C] () -- C:\Users\Klemens\Documents\cc_20110212_170609.reg [2011.02.12 17:05:06 | 000,168,426 | ---- | C] () -- C:\Users\Klemens\Documents\cc_20110212_170501.reg [2011.02.12 16:59:31 | 000,000,764 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.02.12 16:17:49 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2011.02.03 20:25:36 | 001,559,980 | ---- | C] () -- C:\Users\Klemens\Desktop\Final.pdf [2011.01.14 20:35:33 | 000,019,456 | ---- | C] () -- C:\Users\Klemens\AppData\Local\WebpageIcons.db [2010.04.15 12:46:59 | 000,000,680 | ---- | C] () -- C:\Users\Klemens\AppData\Local\d3d9caps.dat [2010.03.16 08:04:44 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2010.03.16 08:03:03 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2009.11.23 17:33:57 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2009.11.23 17:33:57 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2009.11.11 21:19:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.09.23 11:53:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.23 11:53:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.09.15 15:26:37 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.09.02 01:17:12 | 000,042,496 | ---- | C] () -- C:\Users\Klemens\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.09.01 17:36:22 | 000,002,138 | ---- | C] () -- C:\Users\Klemens\AppData\Roaming\wklnhst.dat [2009.08.01 00:47:01 | 000,004,184 | ---- | C] () -- C:\Windows\System32\drivers\CDConfig.bin [2009.07.31 16:32:21 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini [2009.07.31 16:11:20 | 000,130,351 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.07.31 16:09:40 | 000,130,351 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.06.16 13:03:58 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dossec.dll [2009.03.26 02:15:57 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.03.26 02:15:57 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.03.26 02:15:57 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.03.26 02:15:57 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.03.25 18:50:36 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2009.03.25 17:38:23 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.03.04 20:35:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll [2009.03.04 20:35:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll [2009.03.04 20:35:53 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini [2009.03.04 20:35:53 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini [2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,359,048 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2010.06.24 22:43:41 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\DVDVideoSoftIEHelpers [2011.02.13 03:20:51 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Emfin [2010.11.10 17:00:19 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\ESRI [2011.01.25 20:03:02 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Ikre [2010.10.18 20:14:20 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\JAM Software [2010.03.01 01:24:24 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Opera [2009.09.01 19:11:19 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Packard Bell [2010.12.02 15:48:04 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\PhotoScape [2010.02.15 14:58:16 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\pokerth [2011.03.03 18:59:53 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\QuickScan [2011.01.07 16:08:57 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\QuickStoresToolbar [2011.02.12 17:10:24 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Samsung [2010.03.19 12:41:43 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Template [2011.02.27 20:22:16 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Uniblue [2011.02.22 22:37:39 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Zyywgo [2011.03.05 18:25:25 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009.09.01 19:01:42 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2009.10.05 13:18:50 | 000,000,000 | -HSD | M] -- C:\.uuid [2009.09.01 15:08:06 | 000,000,000 | -H-D | M] -- C:\Acer [2011.02.13 22:46:12 | 000,000,000 | -HSD | M] -- C:\Boot [2009.09.01 18:54:12 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.09.01 17:13:38 | 000,000,000 | RH-D | M] -- C:\MSOCache [2010.12.02 15:47:58 | 000,000,000 | ---D | M] -- C:\output [2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.03.05 17:28:40 | 000,000,000 | ---D | M] -- C:\Program Files [2011.03.05 15:32:42 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.09.01 18:54:12 | 000,000,000 | -HSD | M] -- C:\Programme [2010.11.10 16:21:07 | 000,000,000 | ---D | M] -- C:\Python26 [2011.02.27 17:55:56 | 000,000,000 | -H-D | M] -- C:\Recycle.Bin [2011.03.05 19:29:38 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.11.10 17:25:25 | 000,000,000 | ---D | M] -- C:\Temp [2009.09.01 18:54:30 | 000,000,000 | R--D | M] -- C:\Users [2011.03.05 12:30:42 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-05 14:32:21 ========== Alternate Data Streams ========== @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:D1B5B4F1 < End of report > |
|
07.03.2011, 13:33
| #4 |
| /// Malware-holic | Vermutlich Problem mit Malware/Viurs bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.03.2011, 14:01
| #5 |
| | Vermutlich Problem mit Malware/Viurs Hier der ComoboFix.log Vielen Dank im Voraus! Combofix Logfile: Code:
ATTFilter ComboFix 11-03-06.05 - Klemens 07.03.2011 13:48:37.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.1821 [GMT 1:00]
ausgeführt von:: c:\users\Klemens\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
C:\Recycle.Bin
c:\recycle.bin\config.bin
c:\recycle.bin\Recycle.Bin.exe
c:\windows\system32\LogFiles\Firewall\pfirewall.log
c:\windows\system32\LogFiles\Firewall\pfirewall.log.old
c:\windows\system32\LogFiles\HTTPERR\httperr1.log
c:\windows\system32\LogFiles\Scm\SCM.EVM
c:\windows\system32\LogFiles\Scm\SCM.EVM.1
c:\windows\system32\LogFiles\Scm\SCM.EVM.2
c:\windows\system32\LogFiles\Scm\SCM.EVM.3
c:\windows\system32\LogFiles\Scm\SCM.EVM.4
c:\windows\system32\LogFiles\Scm\SCM.EVM.5
c:\windows\system32\LogFiles\Srt\SrtTrail.txt
c:\windows\system32\LogFiles\WMI\tscore1.etl
c:\windows\system32\LogFiles\WMI\tscore2.etl
c:\windows\system32\LogFiles\WUDF\WUDFTrace.etl
c:\windows\system32\ui
c:\windows\system32\ui\BANNER\LOADINGEVENT1.SOR
c:\windows\system32\ui\BANNER\LOADINGEVENT2.SOR
c:\windows\system32\ui\BANNER\LOADINGEVENT3.SOR
c:\windows\system32\ui\BANNER\LOADINGEVENT4.SOR
c:\windows\system32\ui\BANNER\LOADINGEVENT5.SOR
c:\windows\system32\ui\BANNER\LOADINGIMGOPT.SOR
c:\windows\system32\ui\BANNER\NOTICE_BANNER1.SOR
c:\windows\system32\ui\BANNER\NOTICE_BANNER2.SOR
c:\windows\system32\ui\BANNER\NOTICE_BANNER3.SOR
c:\windows\system32\ui\BANNER\NOTICE_BANNER4.SOR
c:\windows\system32\ui\BANNER\NOTICE_BANNER5.SOR
.
----- BITS: Eventuell infizierte Webseiten -----
.
hxxp://ads1.msads.net
.
((((((((((((((((((((((( Dateien erstellt von 2011-02-07 bis 2011-03-07 ))))))))))))))))))))))))))))))
.
.
2011-03-07 12:57 . 2011-03-07 12:57 -------- d-----w- c:\users\Klemens\AppData\Local\temp
2011-03-07 12:57 . 2011-03-07 12:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-07 12:22 . 2011-03-07 12:22 -------- d-----w- c:\program files\Common Files\Java
2011-03-05 21:26 . 2011-02-02 20:40 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-03-05 21:26 . 2011-02-02 20:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-05 21:13 . 2011-03-05 21:13 -------- d-----w- c:\program files\Microsoft Silverlight
2011-03-05 17:04 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-05 17:04 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-05 16:28 . 2011-03-06 10:18 -------- d-----w- c:\program files\ShotOnline
2011-03-05 14:32 . 2011-03-05 14:41 -------- d-----w- c:\users\Klemens\AppData\Local\PMB Files
2011-03-05 14:32 . 2011-03-05 14:34 -------- d-----w- c:\programdata\PMB Files
2011-03-05 14:32 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{36B51978-321C-426F-8190-E0BE373805A7}\mpengine.dll
2011-02-28 16:59 . 2011-02-28 16:59 -------- d-----w- c:\users\Klemens\AppData\Roaming\Malwarebytes
2011-02-28 16:57 . 2011-02-28 16:57 -------- d-----w- c:\programdata\Malwarebytes
2011-02-28 16:57 . 2011-03-05 17:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-27 22:53 . 2011-02-27 22:53 -------- d-----w- c:\windows\Java
2011-02-27 22:53 . 2010-08-22 13:48 114176 ----a-w- c:\windows\system32\PCWizard.cpl
2011-02-27 22:53 . 2011-02-27 22:53 -------- d-----w- c:\program files\CPUID
2011-02-27 22:43 . 2011-02-27 22:43 -------- d-----w- c:\program files\Winload
2011-02-27 21:17 . 2011-02-27 21:17 -------- d-----w- c:\programdata\WindowsSearch
2011-02-27 20:56 . 2011-02-27 20:56 -------- d-----w- c:\program files\GeCAD
2011-02-27 20:32 . 2011-03-03 17:59 -------- d-----w- c:\users\Klemens\AppData\Roaming\QuickScan
2011-02-27 19:56 . 2011-02-27 21:50 -------- d-----w- c:\programdata\AntiSpyInfo
2011-02-27 19:53 . 2011-02-27 19:55 -------- d-----w- c:\programdata\PrevxCSI
2011-02-27 19:22 . 2011-02-27 19:22 -------- d-----w- c:\users\Klemens\AppData\Roaming\Uniblue
2011-02-27 19:21 . 2011-02-27 19:21 -------- d-----w- c:\users\Klemens\AppData\Local\PackageAware
2011-02-27 18:17 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-22 22:04 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-02-22 22:04 . 2009-10-09 21:56 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-02-22 22:04 . 2009-10-09 21:56 20480 ----a-w- c:\windows\system32\winrshost.exe
2011-02-22 22:04 . 2009-10-09 21:56 40448 ----a-w- c:\windows\system32\winrs.exe
2011-02-22 22:04 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-02-22 22:04 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\winrssrv.dll
2011-02-22 22:04 . 2009-10-09 21:56 41472 ----a-w- c:\windows\system32\pwrshplugin.dll
2011-02-22 22:04 . 2009-10-09 21:55 79872 ----a-w- c:\windows\system32\wecutil.exe
2011-02-22 22:04 . 2009-10-09 21:55 54272 ----a-w- c:\windows\system32\WsmRes.dll
2011-02-22 22:04 . 2009-10-09 21:55 146944 ----a-w- c:\windows\system32\wecsvc.dll
2011-02-22 22:04 . 2009-10-09 21:55 81408 ----a-w- c:\windows\system32\wevtfwd.dll
2011-02-22 22:04 . 2009-10-09 21:55 56320 ----a-w- c:\windows\system32\wecapi.dll
2011-02-22 22:03 . 2009-10-09 21:56 145408 ----a-w- c:\windows\system32\WsmAuto.dll
2011-02-22 22:03 . 2009-08-01 06:27 201184 ----a-w- c:\windows\system32\winrm.vbs
2011-02-22 22:03 . 2009-10-09 21:56 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2011-02-22 22:03 . 2009-10-09 21:56 241152 ----a-w- c:\windows\system32\winrscmd.dll
2011-02-22 22:03 . 2009-10-09 21:56 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2011-02-22 22:03 . 2009-10-09 21:55 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2011-02-22 22:03 . 2009-10-09 21:56 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2011-02-22 19:42 . 2011-02-22 21:37 -------- d-----w- c:\users\Klemens\AppData\Roaming\Zyywgo
2011-02-16 14:23 . 2011-02-16 14:23 -------- d-----w- c:\program files\Common Files\Skype
2011-02-13 23:06 . 2011-02-13 23:06 -------- d-----w- c:\program files\Windows Portable Devices
2011-02-13 23:03 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-02-13 23:03 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2011-02-13 23:03 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-02-13 21:39 . 2011-02-13 21:40 -------- d-----w- c:\windows\system32\ca-ES
2011-02-13 21:39 . 2011-02-13 21:40 -------- d-----w- c:\windows\system32\eu-ES
2011-02-13 21:39 . 2011-02-13 21:40 -------- d-----w- c:\windows\system32\vi-VN
2011-02-13 21:19 . 2011-02-13 21:19 -------- d-----w- c:\windows\system32\EventProviders
2011-02-12 15:59 . 2011-02-12 15:59 -------- d-----w- c:\program files\CCleaner
2011-02-12 15:17 . 2011-02-23 14:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-12 15:17 . 2011-02-23 14:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-12 15:17 . 2011-02-23 14:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-12 15:17 . 2011-02-23 14:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-12 15:17 . 2011-02-23 14:55 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-02-12 15:16 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr
2011-02-12 15:16 . 2011-02-23 15:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-12 15:15 . 2011-02-12 15:15 -------- d-----w- c:\programdata\Alwil Software
2011-02-12 15:15 . 2011-02-12 15:15 -------- d-----w- c:\program files\Alwil Software
2011-02-12 15:00 . 2011-01-08 06:28 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-02-12 15:00 . 2011-01-08 08:47 34304 ----a-w- c:\windows\system32\atmlib.dll
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 16:11 . 2009-10-03 10:00 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-28 15:55 . 2011-01-12 19:06 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-24 11:13 . 2010-12-24 11:13 1222408 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-12-14 14:49 . 2011-01-12 19:06 1169408 ----a-w- c:\windows\system32\sdclt.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2010-03-17 14:45 2355224 ----a-w- c:\program files\Winload\tbWinl.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{40C3CC16-7269-4B32-9531-17F2950FB06F}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2009-03-18 1160736]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-22 13785632]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-19 866824]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2008-11-06 474168]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-03-06 75048]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe" [2009-06-23 440864]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 01:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupManagerTray]
2009-05-26 13:26 254720 ----a-w- c:\program files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2008-10-17 08:44 91432 ------w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoWebCamera]
2009-04-02 06:31 1552497 ----a-w- c:\program files\VideoWebCamera\VideoWebCamera.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-12-09 10:45 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4159498174-1952915503-1396403433-1000]
"EnableNotificationsRef"=dword:00000002
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-16 133104]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-09-29 4032992]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2009/07/31 17:24];c:\program files\CyberLink\PowerDVD8\000.fcl [2009-03-06 12:48 87536]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe [2009-06-23 707104]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2009-05-26 62208]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-12-29 3715072]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-05-01 64032]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-16 18:33]
.
2011-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-16 18:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.de/
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0709&m=easynote_tj65
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Free YouTube to Mp3 Converter - c:\users\Klemens\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Klemens\AppData\Roaming\Mozilla\Firefox\Profiles\j25cexvw.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: QuickStores-Toolbar: quickstores@quickstores.de - c:\program files\Mozilla Firefox\extensions\quickstores@quickstores.de
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: Mein Gutscheincode Finder: finder@meingutscheincode.de - %profile%\extensions\finder@meingutscheincode.de
FF - Ext: Winload Toolbar: {40c3cc16-7269-4b32-9531-17f2950fb06f} - %profile%\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{22e03916-85c5-44b0-8dc9-1830c11238d9} - (no file)
BHO-{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{22E03916-85C5-44B0-8DC9-1830C11238D9} - (no file)
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-03-07 13:57
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-03-07 14:00:00
ComboFix-quarantined-files.txt 2011-03-07 12:59
.
Vor Suchlauf: 8 Verzeichnis(se), 97.610.436.608 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 97.520.021.504 Bytes frei
.
Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11
- - End Of File - - 5F8393A7E3D8C62319EDF83C726B6F32
|
|
07.03.2011, 14:06
| #6 |
| /// Malware-holic | Vermutlich Problem mit Malware/Viurs öffne computer öffne c: öffne qoobox. rechtsklick auf quarantain ordner, mit winrar oder zip packen und dann hochladen. http://www.trojaner-board.de/54791-a...ner-board.html falls zu groß: File-Upload.net - Ihr kostenloser File Hoster! dort hochladen und link als private nachicht an mich
__________________ --> Vermutlich Problem mit Malware/Viurs |
|
07.03.2011, 17:50
| #7 |
| | Vermutlich Problem mit Malware/Viurs Habe die Datei hochgeladen, allerdings Benutzername vergessen! Falls nichts angekommen ist, bitte nochmal melden! Vielen Dank |
|
07.03.2011, 17:58
| #8 |
| /// Malware-holic | Vermutlich Problem mit Malware/Viurs kannst es noch mal versuchen bitte? hat wohl net geklappt
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.03.2011, 18:01
| #9 |
| | Vermutlich Problem mit Malware/Viurs So, nochmal versucht! |
|
07.03.2011, 18:04
| #10 |
| /// Malware-holic | Vermutlich Problem mit Malware/Viurs geklappt danke. machst du onlinebanking einkäufe oder sonst was wichtiges mit diesem pc?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.03.2011, 18:09
| #11 |
| | Vermutlich Problem mit Malware/Viurs Ja, online banking mache ich mit diesem Laptop. Auch bei ebay bin ich ab und an aktiv. Also definitiv wichtige Sachen. Auch mit meinen Uni Account bin ich online! |
|
07.03.2011, 18:17
| #12 |
| /// Malware-holic | Vermutlich Problem mit Malware/Viurs rufe sofort!! die bank an, du hast den spyeye trojaner auf dem pc. notfall nummer ist: 116 116 lasse das onlinebanking sperren. danach musst du deine daten sichern und das gerät formatieren und neu aufsetzen. ich erkläre dir wie du ihn absicherst. bei einem solchen befall können wir nicht garantieren das wir das system sauber bekommen, was logischer weise nötig ist, wenn du nicht eines tages nen leeres konto willst :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.03.2011, 18:35
| #13 |
| | Vermutlich Problem mit Malware/Viurs Wow, hört sich ja gar nicht gut an. Online Banking ist gesperrt. Bin im Moment nicht zu hause diese Woche. Deswegen kann ich frühestens am Samstag formatieren, da ich die Vista CD nicht zur Hand habe im Moment. Kann ich den Laptop denn solange benutzen oder ist das auch das riskant? Habe bisher noch nie formatiert. Kann ich die Daten auf eine Externe Festplatte machen? Oder besteht die Gefahr den Virus so auszubreiten? Wenn ja, wie kann ich die Daten denn sonst sichern? Hast du eine Idee, wo in Virus her haben könnte? Vielen Dank für die schnelle Hilfe! Gruß Klemens |
|
07.03.2011, 18:51
| #14 |
| /// Malware-holic | Vermutlich Problem mit Malware/Viurs seiten wie kino.to streaning seiten, sonstige illegalen quellen. an dem laptop sollte dann aber kein passwort mehr eingegeben werden. daten sichern ist kein problem. für weitere anweisungen kannst dich ja melden, zwecks neu aufsetzen und absichern.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.03.2011, 18:58
| #15 |
| | Vermutlich Problem mit Malware/Viurs Okay, ja. Bundesliga Streams, dass kann gut sein. Vielen Dank für die Info, dann werde ich das lassen! Also alle Daten die wichtig sind auf die Externe Festplatte? Wenn ich Vista neu aufsetze, muss ich dann noch irgendwas absichern, wenn ich alle Dateien auf der Externen habe oder kann ich dann "normal" formatieren? Vielen Dank für die schnelle Hilfe! Habe allerdings Firewall immer an und avast(freeware version nur) auf dem Rechner. Habe mehrere Programme den Laptop scannen lassen und keiner hat etwas gefunden. Besteht also keine Möglichkeit, sich vor sowas zu schützen außer besagte Quellen nicht mehr zu nutzen? Gruß |
|
| Themen zu Vermutlich Problem mit Malware/Viurs |
| arbeitet, avast, avast!, blinkt, c:\windows\system32\services.exe, checkliste, desktop, dwm.exe, explorer.exe, festplatte, harddisk, ics, launch, lsass.exe, ntdll.dll, opera, opera.exe, packard bell, problem, scan, security, services.exe, software, starten, svchost.exe, system, tcp, temp, udp, virus, windows media player, winlogon.exe, wmp |
Linear-Darstellung
