| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: http://www.google-analytics.com/ga.jsI>(gzip) = Malware ?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.03.2011, 09:51
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  http://www.google-analytics.com/ga.jsI>(gzip) = Malware ? Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
17.03.2011, 10:00
| #17 |
 | http://www.google-analytics.com/ga.jsI>(gzip) = Malware ? Guten Morgen Arne!
__________________Soll ich "Avast" Virenprogramm vorher schließen? |
|
17.03.2011, 10:32
| #18 |
| | http://www.google-analytics.com/ga.jsI>(gzip) = Malware ? Ich habe Avast geschlossen un das Tool ausgeführt wobei er nichts gefunden hat. Hier der Report:
__________________2011/03/17 16:29:35.0496 4600 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/03/17 16:29:36.0448 4600 ================================================================================ 2011/03/17 16:29:36.0448 4600 SystemInfo: 2011/03/17 16:29:36.0448 4600 2011/03/17 16:29:36.0448 4600 OS Version: 6.1.7601 ServicePack: 1.0 2011/03/17 16:29:36.0448 4600 Product type: Workstation 2011/03/17 16:29:36.0448 4600 ComputerName: ACER 2011/03/17 16:29:36.0448 4600 UserName: Helmut 2011/03/17 16:29:36.0448 4600 Windows directory: C:\Windows 2011/03/17 16:29:36.0448 4600 System windows directory: C:\Windows 2011/03/17 16:29:36.0448 4600 Processor architecture: Intel x86 2011/03/17 16:29:36.0448 4600 Number of processors: 2 2011/03/17 16:29:36.0448 4600 Page size: 0x1000 2011/03/17 16:29:36.0448 4600 Boot type: Normal boot 2011/03/17 16:29:36.0448 4600 ================================================================================ 2011/03/17 16:29:36.0978 4600 Initialize success 2011/03/17 16:29:46.0432 4040 ================================================================================ 2011/03/17 16:29:46.0432 4040 Scan started 2011/03/17 16:29:46.0432 4040 Mode: Manual; 2011/03/17 16:29:46.0432 4040 ================================================================================ 2011/03/17 16:29:46.0806 4040 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys 2011/03/17 16:29:46.0884 4040 acedrv11 (a6fe70357a68ad1e279cd1012419cce6) C:\Windows\system32\drivers\acedrv11.sys 2011/03/17 16:29:46.0931 4040 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys 2011/03/17 16:29:46.0978 4040 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys 2011/03/17 16:29:47.0024 4040 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/03/17 16:29:47.0071 4040 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 2011/03/17 16:29:47.0087 4040 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 2011/03/17 16:29:47.0165 4040 AFD (1151fd4fb0216cfed887bfde29ebd516) C:\Windows\system32\drivers\afd.sys 2011/03/17 16:29:47.0212 4040 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys 2011/03/17 16:29:47.0243 4040 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys 2011/03/17 16:29:47.0290 4040 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 2011/03/17 16:29:47.0352 4040 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys 2011/03/17 16:29:47.0368 4040 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys 2011/03/17 16:29:47.0399 4040 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys 2011/03/17 16:29:47.0430 4040 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 2011/03/17 16:29:47.0446 4040 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 2011/03/17 16:29:47.0492 4040 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys 2011/03/17 16:29:47.0508 4040 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/03/17 16:29:47.0539 4040 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys 2011/03/17 16:29:47.0586 4040 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys 2011/03/17 16:29:47.0633 4040 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 2011/03/17 16:29:47.0648 4040 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 2011/03/17 16:29:47.0695 4040 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\Windows\system32\drivers\aswFsBlk.sys 2011/03/17 16:29:47.0742 4040 aswMonFlt (b0f137f664f10829cd2380b0e20e7c29) C:\Windows\system32\drivers\aswMonFlt.sys 2011/03/17 16:29:47.0789 4040 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\Windows\system32\drivers\aswRdr.sys 2011/03/17 16:29:47.0851 4040 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\Windows\system32\drivers\aswSnx.sys 2011/03/17 16:29:47.0898 4040 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\Windows\system32\drivers\aswSP.sys 2011/03/17 16:29:47.0960 4040 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\Windows\system32\drivers\aswTdi.sys 2011/03/17 16:29:47.0992 4040 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/03/17 16:29:48.0023 4040 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys 2011/03/17 16:29:48.0101 4040 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 2011/03/17 16:29:48.0132 4040 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 2011/03/17 16:29:48.0163 4040 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 2011/03/17 16:29:48.0210 4040 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/03/17 16:29:48.0226 4040 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys 2011/03/17 16:29:48.0257 4040 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/03/17 16:29:48.0272 4040 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/03/17 16:29:48.0304 4040 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 2011/03/17 16:29:48.0335 4040 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/03/17 16:29:48.0350 4040 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/03/17 16:29:48.0382 4040 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/03/17 16:29:48.0397 4040 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/03/17 16:29:48.0647 4040 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 2011/03/17 16:29:48.0694 4040 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys 2011/03/17 16:29:48.0725 4040 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 2011/03/17 16:29:48.0756 4040 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 2011/03/17 16:29:48.0818 4040 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/03/17 16:29:48.0865 4040 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys 2011/03/17 16:29:48.0896 4040 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 2011/03/17 16:29:48.0912 4040 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 2011/03/17 16:29:48.0959 4040 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys 2011/03/17 16:29:48.0990 4040 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/03/17 16:29:49.0068 4040 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys 2011/03/17 16:29:49.0146 4040 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys 2011/03/17 16:29:49.0177 4040 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 2011/03/17 16:29:49.0193 4040 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 2011/03/17 16:29:49.0255 4040 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 2011/03/17 16:29:49.0302 4040 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys 2011/03/17 16:29:49.0396 4040 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 2011/03/17 16:29:49.0489 4040 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 2011/03/17 16:29:49.0520 4040 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys 2011/03/17 16:29:49.0567 4040 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 2011/03/17 16:29:49.0583 4040 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 2011/03/17 16:29:49.0614 4040 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 2011/03/17 16:29:49.0661 4040 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 2011/03/17 16:29:49.0676 4040 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 2011/03/17 16:29:49.0708 4040 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/03/17 16:29:49.0739 4040 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 2011/03/17 16:29:49.0770 4040 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 2011/03/17 16:29:49.0801 4040 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 2011/03/17 16:29:49.0848 4040 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys 2011/03/17 16:29:49.0879 4040 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/03/17 16:29:49.0942 4040 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 2011/03/17 16:29:49.0988 4040 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys 2011/03/17 16:29:50.0051 4040 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys 2011/03/17 16:29:50.0066 4040 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/03/17 16:29:50.0082 4040 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 2011/03/17 16:29:50.0113 4040 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 2011/03/17 16:29:50.0176 4040 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys 2011/03/17 16:29:50.0254 4040 hotcore3 (86a41bab21b31f8a1b8f5fb93106b63f) C:\Windows\system32\DRIVERS\hotcore3.sys 2011/03/17 16:29:50.0300 4040 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys 2011/03/17 16:29:50.0347 4040 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys 2011/03/17 16:29:50.0394 4040 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys 2011/03/17 16:29:50.0441 4040 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys 2011/03/17 16:29:50.0488 4040 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys 2011/03/17 16:29:50.0534 4040 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 2011/03/17 16:29:50.0659 4040 IntcAzAudAddService (f6e17c275666a4402588a30e36565910) C:\Windows\system32\drivers\RTKVHDA.sys 2011/03/17 16:29:50.0722 4040 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys 2011/03/17 16:29:50.0753 4040 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 2011/03/17 16:29:50.0784 4040 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/03/17 16:29:50.0831 4040 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys 2011/03/17 16:29:50.0862 4040 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 2011/03/17 16:29:50.0956 4040 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 2011/03/17 16:29:51.0018 4040 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys 2011/03/17 16:29:51.0065 4040 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys 2011/03/17 16:29:51.0112 4040 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys 2011/03/17 16:29:51.0158 4040 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys 2011/03/17 16:29:51.0221 4040 KMWDFILTERx86 (4476fe98aaf505acdcd3ee6360aabec1) C:\Windows\system32\DRIVERS\KMWDFILTER.sys 2011/03/17 16:29:51.0252 4040 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys 2011/03/17 16:29:51.0283 4040 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys 2011/03/17 16:29:51.0346 4040 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/03/17 16:29:51.0377 4040 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/03/17 16:29:51.0392 4040 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/03/17 16:29:51.0424 4040 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/03/17 16:29:51.0455 4040 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/03/17 16:29:51.0486 4040 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 2011/03/17 16:29:51.0502 4040 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 2011/03/17 16:29:51.0533 4040 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/03/17 16:29:51.0564 4040 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 2011/03/17 16:29:51.0595 4040 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 2011/03/17 16:29:51.0642 4040 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys 2011/03/17 16:29:51.0673 4040 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 2011/03/17 16:29:51.0720 4040 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys 2011/03/17 16:29:51.0751 4040 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys 2011/03/17 16:29:51.0767 4040 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 2011/03/17 16:29:51.0814 4040 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys 2011/03/17 16:29:51.0876 4040 mrxsmb (b272b4c3e085ea860c12f2e4faf2ffa2) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/03/17 16:29:51.0892 4040 mrxsmb10 (9ac33ef26c8a3ad0f117d00eb7301d03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/03/17 16:29:51.0938 4040 mrxsmb20 (e0abdb5ed7e199e242a7d028e76c1d3a) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/03/17 16:29:51.0985 4040 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys 2011/03/17 16:29:52.0032 4040 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys 2011/03/17 16:29:52.0079 4040 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 2011/03/17 16:29:52.0094 4040 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 2011/03/17 16:29:52.0126 4040 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys 2011/03/17 16:29:52.0172 4040 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 2011/03/17 16:29:52.0188 4040 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/03/17 16:29:52.0219 4040 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 2011/03/17 16:29:52.0250 4040 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 2011/03/17 16:29:52.0282 4040 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys 2011/03/17 16:29:52.0297 4040 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 2011/03/17 16:29:52.0313 4040 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/03/17 16:29:52.0344 4040 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 2011/03/17 16:29:52.0391 4040 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 2011/03/17 16:29:52.0469 4040 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys 2011/03/17 16:29:52.0500 4040 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/03/17 16:29:52.0516 4040 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/03/17 16:29:52.0562 4040 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/03/17 16:29:52.0609 4040 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/03/17 16:29:52.0640 4040 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys 2011/03/17 16:29:52.0656 4040 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 2011/03/17 16:29:52.0703 4040 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys 2011/03/17 16:29:52.0781 4040 netr73 (76b1157ef850830c5ece61d3e591ca8b) C:\Windows\system32\DRIVERS\netr73.sys 2011/03/17 16:29:52.0828 4040 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/03/17 16:29:52.0874 4040 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 2011/03/17 16:29:52.0890 4040 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 2011/03/17 16:29:52.0952 4040 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys 2011/03/17 16:29:52.0999 4040 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 2011/03/17 16:29:53.0062 4040 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys 2011/03/17 16:29:53.0280 4040 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2011/03/17 16:29:53.0483 4040 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys 2011/03/17 16:29:53.0530 4040 nvsmu (7ec12a73067baca25a8e3e2a58ae83d8) C:\Windows\system32\DRIVERS\nvsmu.sys 2011/03/17 16:29:53.0561 4040 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys 2011/03/17 16:29:53.0608 4040 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys 2011/03/17 16:29:53.0639 4040 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys 2011/03/17 16:29:53.0686 4040 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 2011/03/17 16:29:53.0732 4040 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys 2011/03/17 16:29:53.0748 4040 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 2011/03/17 16:29:53.0779 4040 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys 2011/03/17 16:29:53.0810 4040 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys 2011/03/17 16:29:53.0842 4040 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/03/17 16:29:53.0857 4040 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 2011/03/17 16:29:53.0904 4040 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 2011/03/17 16:29:53.0998 4040 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 2011/03/17 16:29:54.0013 4040 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 2011/03/17 16:29:54.0060 4040 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 2011/03/17 16:29:54.0107 4040 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 2011/03/17 16:29:54.0138 4040 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/03/17 16:29:54.0154 4040 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 2011/03/17 16:29:54.0200 4040 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 2011/03/17 16:29:54.0247 4040 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/03/17 16:29:54.0278 4040 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/03/17 16:29:54.0310 4040 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/03/17 16:29:54.0341 4040 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 2011/03/17 16:29:54.0388 4040 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys 2011/03/17 16:29:54.0419 4040 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/03/17 16:29:54.0450 4040 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/03/17 16:29:54.0497 4040 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys 2011/03/17 16:29:54.0528 4040 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 2011/03/17 16:29:54.0559 4040 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 2011/03/17 16:29:54.0590 4040 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys 2011/03/17 16:29:54.0637 4040 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys 2011/03/17 16:29:54.0715 4040 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 2011/03/17 16:29:54.0762 4040 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys 2011/03/17 16:29:54.0778 4040 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys 2011/03/17 16:29:54.0824 4040 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys 2011/03/17 16:29:54.0871 4040 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/03/17 16:29:54.0934 4040 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 2011/03/17 16:29:54.0965 4040 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 2011/03/17 16:29:54.0996 4040 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 2011/03/17 16:29:55.0043 4040 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys 2011/03/17 16:29:55.0074 4040 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 2011/03/17 16:29:55.0090 4040 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys 2011/03/17 16:29:55.0121 4040 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/03/17 16:29:55.0168 4040 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys 2011/03/17 16:29:55.0183 4040 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/03/17 16:29:55.0214 4040 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/03/17 16:29:55.0246 4040 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 2011/03/17 16:29:55.0308 4040 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 2011/03/17 16:29:55.0370 4040 srv (112127c3b2e64d7680cc39cd0a39dd7e) C:\Windows\system32\DRIVERS\srv.sys 2011/03/17 16:29:55.0402 4040 srv2 (e5dd784a4ee5ebc72a86c677c988fcdb) C:\Windows\system32\DRIVERS\srv2.sys 2011/03/17 16:29:55.0448 4040 srvnet (cdbe627e16cc9e98f343d73f8e81d258) C:\Windows\system32\DRIVERS\srvnet.sys 2011/03/17 16:29:55.0495 4040 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 2011/03/17 16:29:55.0542 4040 StkAMini (69a926dbca12046633e3d6e6d46e7087) C:\Windows\system32\Drivers\StkAMini.sys 2011/03/17 16:29:55.0589 4040 StkScan (83406fb18cb0abfec501add986d63572) C:\Windows\system32\Drivers\StkScan.sys 2011/03/17 16:29:55.0636 4040 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys 2011/03/17 16:29:55.0651 4040 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys 2011/03/17 16:29:55.0682 4040 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys 2011/03/17 16:29:55.0760 4040 Tcpip (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\drivers\tcpip.sys 2011/03/17 16:29:55.0823 4040 TCPIP6 (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\DRIVERS\tcpip.sys 2011/03/17 16:29:55.0885 4040 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys 2011/03/17 16:29:55.0932 4040 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys 2011/03/17 16:29:55.0963 4040 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys 2011/03/17 16:29:56.0010 4040 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys 2011/03/17 16:29:56.0041 4040 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys 2011/03/17 16:29:56.0104 4040 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/03/17 16:29:56.0166 4040 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys 2011/03/17 16:29:56.0213 4040 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys 2011/03/17 16:29:56.0260 4040 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 2011/03/17 16:29:56.0306 4040 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys 2011/03/17 16:29:56.0369 4040 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys 2011/03/17 16:29:56.0400 4040 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys 2011/03/17 16:29:56.0431 4040 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 2011/03/17 16:29:56.0494 4040 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys 2011/03/17 16:29:56.0525 4040 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\drivers\usbccgp.sys 2011/03/17 16:29:56.0540 4040 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys 2011/03/17 16:29:56.0572 4040 usbehci (ff32d4f3ec3c68b2ca61782c7964f54e) C:\Windows\system32\DRIVERS\usbehci.sys 2011/03/17 16:29:56.0603 4040 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys 2011/03/17 16:29:56.0650 4040 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys 2011/03/17 16:29:56.0696 4040 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 2011/03/17 16:29:56.0728 4040 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys 2011/03/17 16:29:56.0759 4040 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\drivers\USBSTOR.SYS 2011/03/17 16:29:56.0790 4040 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/03/17 16:29:56.0837 4040 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys 2011/03/17 16:29:56.0884 4040 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys 2011/03/17 16:29:56.0930 4040 uxpatch (628c632710ab55747cb5bcc68716be21) C:\Windows\system32\drivers\uxpatch.sys 2011/03/17 16:29:56.0977 4040 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys 2011/03/17 16:29:57.0008 4040 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/03/17 16:29:57.0040 4040 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 2011/03/17 16:29:57.0055 4040 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys 2011/03/17 16:29:57.0118 4040 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys 2011/03/17 16:29:57.0149 4040 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 2011/03/17 16:29:57.0164 4040 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys 2011/03/17 16:29:57.0211 4040 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys 2011/03/17 16:29:57.0242 4040 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys 2011/03/17 16:29:57.0289 4040 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys 2011/03/17 16:29:57.0320 4040 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 2011/03/17 16:29:57.0367 4040 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys 2011/03/17 16:29:57.0398 4040 vpcbus (b26536add1d748cda104d856c979ae79) C:\Windows\system32\DRIVERS\vpchbus.sys 2011/03/17 16:29:57.0445 4040 vpcnfltr (a0f7e923a6261760130f22b85df9040e) C:\Windows\system32\DRIVERS\vpcnfltr.sys 2011/03/17 16:29:57.0461 4040 vpcusb (5f4b55e91ce7e2523c9e1e0ece858869) C:\Windows\system32\DRIVERS\vpcusb.sys 2011/03/17 16:29:57.0508 4040 vpcvmm (b487191fe18d6863381a1ac55482469a) C:\Windows\system32\drivers\vpcvmm.sys 2011/03/17 16:29:57.0539 4040 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/03/17 16:29:57.0586 4040 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys 2011/03/17 16:29:57.0617 4040 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 2011/03/17 16:29:57.0648 4040 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 2011/03/17 16:29:57.0695 4040 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 2011/03/17 16:29:57.0710 4040 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 2011/03/17 16:29:57.0773 4040 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 2011/03/17 16:29:57.0804 4040 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 2011/03/17 16:29:57.0866 4040 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/03/17 16:29:57.0898 4040 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 2011/03/17 16:29:58.0007 4040 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys 2011/03/17 16:29:58.0054 4040 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/03/17 16:29:58.0116 4040 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys 2011/03/17 16:29:58.0163 4040 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/03/17 16:29:58.0272 4040 ================================================================================ 2011/03/17 16:29:58.0272 4040 Scan finished 2011/03/17 16:29:58.0272 4040 ================================================================================ |
|
17.03.2011, 11:37
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | http://www.google-analytics.com/ga.jsI>(gzip) = Malware ? Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.03.2011, 12:37
| #20 |
| | http://www.google-analytics.com/ga.jsI>(gzip) = Malware ? Hallo Arne! Hier mal der 1.Report: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-03-17 18:35:04
Windows 6.1.7601 Service Pack 1 Harddisk1\DR1 -> \Device\00000066 ST332041 rev.CC34
Running: 54208gqe.exe; Driver: C:\Users\Helmut\AppData\Local\Temp\pgldrpob.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8B0E69CA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x9049CA68]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8B0E8EAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8B0E8F04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8B0E901A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8B0E8E02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8B0E8F54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8B0E8E56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8B0E8FC8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8B0E69EE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x9049CB18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8B0E67B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8B0E6A12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8B0E9412]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8B0E74AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8B0E8EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8B0E8F2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8B0E9044]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8B0E8E2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8B0E8F94]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8B0E8E84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8B0E8FF2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x9049CBB0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8B0E7370]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8B0E6A36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8B0E6A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8B0E6812]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8B0E694E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8B0E692A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8B0E6972]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8B0E6A7E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x904B18DE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKey + 13C1 82C45339 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C7ED52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82C85DC0 4 Bytes [CA, 69, 0E, 8B]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82C85DE8 4 Bytes [68, CA, 49, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82C85E9C 8 Bytes [AC, 8E, 0E, 8B, 04, 8F, 0E, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82C85EA8 4 Bytes [1A, 90, 0E, 8B]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82C85EC4 4 Bytes [02, 8E, 0E, 8B]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82E13B6C 5 Bytes JMP 904AD29E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 82E2C16E 5 Bytes JMP 904AED50 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82E4126D 4 Bytes CALL 8B0E7E3B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82E5B02C 4 Bytes CALL 8B0E7E51 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82EE4E44 7 Bytes JMP 904B18E2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.reloc C:\Windows\system32\drivers\acedrv11.sys section is executable [0x9C9C9300, 0x25D4C, 0xE0000060]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[132] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0016006C
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[132] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00160030
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[132] USER32.dll!UnhookWindowsHookEx 774CADF9 5 Bytes JMP 001F0120
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[132] USER32.dll!UnhookWinEvent 774CB750 5 Bytes JMP 001F006C
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[132] USER32.dll!SetWindowsHookExW 774CE30C 5 Bytes JMP 001F00E4
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[132] USER32.dll!SetWinEventHook 774D24DC 5 Bytes JMP 001F0030
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[132] USER32.dll!SetWindowsHookExA 774F6D0C 5 Bytes JMP 001F00A8
.text C:\Windows\system32\svchost.exe[328] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[328] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00060030
.text C:\Windows\system32\svchost.exe[328] USER32.dll!UnhookWindowsHookEx 774CADF9 5 Bytes JMP 00670120
.text C:\Windows\system32\svchost.exe[328] USER32.dll!UnhookWinEvent 774CB750 5 Bytes JMP 0067006C
.text C:\Windows\system32\svchost.exe[328] USER32.dll!SetWindowsHookExW 774CE30C 5 Bytes JMP 006700E4
.text C:\Windows\system32\svchost.exe[328] USER32.dll!SetWinEventHook 774D24DC 5 Bytes JMP 00670030
.text C:\Windows\system32\svchost.exe[328] USER32.dll!SetWindowsHookExA 774F6D0C 5 Bytes JMP 006700A8
.text C:\Windows\system32\wininit.exe[532] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0003006C
.text C:\Windows\system32\wininit.exe[532] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00030030
.text C:\Windows\system32\wininit.exe[532] USER32.dll!UnhookWindowsHookEx 774CADF9 5 Bytes JMP 00050120
.text C:\Windows\system32\wininit.exe[532] USER32.dll!UnhookWinEvent 774CB750 5 Bytes JMP 0005006C
.text C:\Windows\system32\wininit.exe[532] USER32.dll!SetWindowsHookExW 774CE30C 5 Bytes JMP 000500E4
.text C:\Windows\system32\wininit.exe[532] USER32.dll!SetWinEventHook 774D24DC 5 Bytes JMP 00050030
.text C:\Windows\system32\wininit.exe[532] USER32.dll!SetWindowsHookExA 774F6D0C 5 Bytes JMP 000500A8
.text C:\Windows\system32\services.exe[592] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0006006C
.text C:\Windows\system32\services.exe[592] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00060030
.text C:\Windows\system32\lsass.exe[604] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 000A006C
.text C:\Windows\system32\lsass.exe[604] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 000A0030
.text C:\Windows\system32\lsass.exe[604] USER32.dll!UnhookWindowsHookEx 774CADF9 5 Bytes JMP 00050120
.text C:\Windows\system32\lsass.exe[604] USER32.dll!UnhookWinEvent 774CB750 5 Bytes JMP 0005006C
.text C:\Windows\system32\lsass.exe[604] USER32.dll!SetWindowsHookExW 774CE30C 5 Bytes JMP 000500E4
.text C:\Windows\system32\lsass.exe[604] USER32.dll!SetWinEventHook 774D24DC 5 Bytes JMP 00050030
.text C:\Windows\system32\lsass.exe[604] USER32.dll!SetWindowsHookExA 774F6D0C 5 Bytes JMP 000500A8
.text C:\Windows\system32\lsm.exe[616] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0006006C
.text C:\Windows\system32\lsm.exe[616] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00060030
.text C:\Windows\system32\winlogon.exe[676] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0003006C
.text C:\Windows\system32\winlogon.exe[676] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00030030
.text C:\Windows\system32\winlogon.exe[676] USER32.dll!UnhookWindowsHookEx 774CADF9 5 Bytes JMP 000C0120
.text C:\Windows\system32\winlogon.exe[676] USER32.dll!UnhookWinEvent 774CB750 5 Bytes JMP 000C006C
.text C:\Windows\system32\winlogon.exe[676] USER32.dll!SetWindowsHookExW 774CE30C 5 Bytes JMP 000C00E4
.text C:\Windows\system32\winlogon.exe[676] USER32.dll!SetWinEventHook 774D24DC 5 Bytes JMP 000C0030
.text C:\Windows\system32\winlogon.exe[676] USER32.dll!SetWindowsHookExA 774F6D0C 5 Bytes JMP 000C00A8
.text E:\WINDOWS7\Programme\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe[744] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0015006C
.text E:\WINDOWS7\Programme\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe[744] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00150030
.text E:\WINDOWS7\Programme\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe[744] USER32.dll!UnhookWindowsHookEx 774CADF9 5 Bytes JMP 001F0120
.text E:\WINDOWS7\Programme\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe[744] USER32.dll!UnhookWinEvent 774CB750 5 Bytes JMP 001F006C
.text E:\WINDOWS7\Programme\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe[744] USER32.dll!SetWindowsHookExW 774CE30C 5 Bytes JMP 001F00E4
.text E:\WINDOWS7\Programme\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe[744] USER32.dll!SetWinEventHook 774D24DC 5 Bytes JMP 001F0030
.text E:\WINDOWS7\Programme\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe[744] USER32.dll!SetWindowsHookExA 774F6D0C 5 Bytes JMP 001F00A8
.text C:\Windows\system32\svchost.exe[772] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[772] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00060030
.text C:\Windows\system32\nvvsvc.exe[864] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0016006C
.text C:\Windows\system32\nvvsvc.exe[864] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00160030
.text C:\Windows\system32\nvvsvc.exe[864] USER32.dll!UnhookWindowsHookEx 774CADF9 5 Bytes JMP 001F0120
.text C:\Windows\system32\nvvsvc.exe[864] USER32.dll!UnhookWinEvent 774CB750 5 Bytes JMP 001F006C
.text C:\Windows\system32\nvvsvc.exe[864] USER32.dll!SetWindowsHookExW 774CE30C 5 Bytes JMP 001F00E4
.text C:\Windows\system32\nvvsvc.exe[864] USER32.dll!SetWinEventHook 774D24DC 5 Bytes JMP 001F0030
.text C:\Windows\system32\nvvsvc.exe[864] USER32.dll!SetWindowsHookExA 774F6D0C 5 Bytes JMP 001F00A8
.text C:\Windows\system32\svchost.exe[904] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[904] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00060030
.text C:\Windows\System32\svchost.exe[968] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0006006C
.text C:\Windows\System32\svchost.exe[968] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00060030
.text C:\Windows\System32\svchost.exe[968] USER32.dll!UnhookWindowsHookEx 774CADF9 5 Bytes JMP 00150120
.text C:\Windows\System32\svchost.exe[968] USER32.dll!UnhookWinEvent 774CB750 5 Bytes JMP 0015006C
.text C:\Windows\System32\svchost.exe[968] USER32.dll!SetWindowsHookExW 774CE30C 5 Bytes JMP 001500E4
.text C:\Windows\System32\svchost.exe[968] USER32.dll!SetWinEventHook 774D24DC 5 Bytes JMP 00150030
.text C:\Windows\System32\svchost.exe[968] USER32.dll!SetWindowsHookExA 774F6D0C 5 Bytes JMP 001500A8
.text C:\Windows\System32\svchost.exe[1044] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0006006C
.text C:\Windows\System32\svchost.exe[1044] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00060030
.text C:\Windows\System32\svchost.exe[1044] USER32.dll!UnhookWindowsHookEx 774CADF9 5 Bytes JMP 00500120
.text C:\Windows\System32\svchost.exe[1044] USER32.dll!UnhookWinEvent 774CB750 5 Bytes JMP 0050006C
.text C:\Windows\System32\svchost.exe[1044] USER32.dll!SetWindowsHookExW 774CE30C 5 Bytes JMP 005000E4
.text C:\Windows\System32\svchost.exe[1044] USER32.dll!SetWinEventHook 774D24DC 5 Bytes JMP 00500030
.text C:\Windows\System32\svchost.exe[1044] USER32.dll!SetWindowsHookExA 774F6D0C 5 Bytes JMP 005000A8
.text C:\Windows\system32\svchost.exe[1080] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[1080] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00060030
.text C:\Windows\system32\svchost.exe[1080] USER32.dll!UnhookWindowsHookEx 774CADF9 5 Bytes JMP 00C10120
.text C:\Windows\system32\svchost.exe[1080] USER32.dll!UnhookWinEvent 774CB750 5 Bytes JMP 00C1006C
.text C:\Windows\system32\svchost.exe[1080] USER32.dll!SetWindowsHookExW 774CE30C 5 Bytes JMP 00C100E4
.text C:\Windows\system32\svchost.exe[1080] USER32.dll!SetWinEventHook 774D24DC 5 Bytes JMP 00C10030
.text C:\Windows\system32\svchost.exe[1080] USER32.dll!SetWindowsHookExA 774F6D0C 5 Bytes JMP 00C100A8
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1096] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0015006C
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1096] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00150030
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1096] USER32.dll!UnhookWindowsHookEx 774CADF9 5 Bytes JMP 001E0120
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1096] USER32.dll!UnhookWinEvent 774CB750 5 Bytes JMP 001E006C
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1096] USER32.dll!SetWindowsHookExW 774CE30C 5 Bytes JMP 001E00E4
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1096] USER32.dll!SetWinEventHook 774D24DC 5 Bytes JMP 001E0030
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1096] USER32.dll!SetWindowsHookExA 774F6D0C 5 Bytes JMP 001E00A8
.text C:\Windows\UnsignedThemesSvc.exe[1116] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0016006C
.text C:\Windows\UnsignedThemesSvc.exe[1116] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00160030
.text C:\Windows\system32\svchost.exe[1252] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[1252] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00060030
.text C:\Windows\system32\svchost.exe[1252] USER32.dll!UnhookWindowsHookEx 774CADF9 5 Bytes JMP 00330120
.text C:\Windows\system32\svchost.exe[1252] USER32.dll!UnhookWinEvent 774CB750 5 Bytes JMP 0033006C
.text C:\Windows\system32\svchost.exe[1252] USER32.dll!SetWindowsHookExW 774CE30C 5 Bytes JMP 003300E4
.text C:\Windows\system32\svchost.exe[1252] USER32.dll!SetWinEventHook 774D24DC 5 Bytes JMP 00330030
.text C:\Windows\system32\svchost.exe[1252] USER32.dll!SetWindowsHookExA 774F6D0C 5 Bytes JMP 003300A8
.text C:\Windows\system32\nvvsvc.exe[1300] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0016006C
.text C:\Windows\system32\nvvsvc.exe[1300] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00160030
.text C:\Windows\system32\nvvsvc.exe[1300] USER32.dll!UnhookWindowsHookEx 774CADF9 5 Bytes JMP 001F0120
.text C:\Windows\system32\nvvsvc.exe[1300] USER32.dll!UnhookWinEvent 774CB750 5 Bytes JMP 001F006C
.text C:\Windows\system32\nvvsvc.exe[1300] USER32.dll!SetWindowsHookExW 774CE30C 5 Bytes JMP 001F00E4
.text C:\Windows\system32\nvvsvc.exe[1300] USER32.dll!SetWinEventHook 774D24DC 5 Bytes JMP 001F0030
.text C:\Windows\system32\nvvsvc.exe[1300] USER32.dll!SetWindowsHookExA 774F6D0C 5 Bytes JMP 001F00A8
.text C:\Windows\system32\svchost.exe[1424] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[1424] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00060030
.text C:\Windows\system32\svchost.exe[1464] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[1464] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00060030
.text C:\Windows\system32\svchost.exe[1464] USER32.dll!UnhookWindowsHookEx 774CADF9 5 Bytes JMP 00330120
.text C:\Windows\system32\svchost.exe[1464] USER32.dll!UnhookWinEvent 774CB750 5 Bytes JMP 0033006C
.text C:\Windows\system32\svchost.exe[1464] USER32.dll!SetWindowsHookExW 774CE30C 5 Bytes JMP 003300E4
.text C:\Windows\system32\svchost.exe[1464] USER32.dll!SetWinEventHook 774D24DC 5 Bytes JMP 00330030
.text C:\Windows\system32\svchost.exe[1464] USER32.dll!SetWindowsHookExA 774F6D0C 5 Bytes JMP 003300A8
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1540] kernel32.dll!SetUnhandledExceptionFilter 77393D01 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Windows\system32\WLANExt.exe[1548] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0006006C
.text C:\Windows\system32\WLANExt.exe[1548] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00060030
.text C:\Windows\system32\WLANExt.exe[1548] USER32.dll!UnhookWindowsHookEx 774CADF9 5 Bytes JMP 00110120
.text C:\Windows\system32\WLANExt.exe[1548] USER32.dll!UnhookWinEvent 774CB750 5 Bytes JMP 0011006C
.text C:\Windows\system32\WLANExt.exe[1548] USER32.dll!SetWindowsHookExW 774CE30C 5 Bytes JMP 001100E4
.text C:\Windows\system32\WLANExt.exe[1548] USER32.dll!SetWinEventHook 774D24DC 5 Bytes JMP 00110030
.text C:\Windows\system32\WLANExt.exe[1548] USER32.dll!SetWindowsHookExA 774F6D0C 5 Bytes JMP 001100A8
.text C:\Windows\system32\conhost.exe[1560] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0003006C
.text C:\Windows\system32\conhost.exe[1560] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00030030
.text C:\Windows\system32\conhost.exe[1560] USER32.dll!UnhookWindowsHookEx 774CADF9 5 Bytes JMP 000C0120
.text C:\Windows\system32\conhost.exe[1560] USER32.dll!UnhookWinEvent 774CB750 5 Bytes JMP 000C006C
.text C:\Windows\system32\conhost.exe[1560] USER32.dll!SetWindowsHookExW 774CE30C 5 Bytes JMP 000C00E4
.text C:\Windows\system32\conhost.exe[1560] USER32.dll!SetWinEventHook 774D24DC 5 Bytes JMP 000C0030
.text C:\Windows\system32\conhost.exe[1560] USER32.dll!SetWindowsHookExA 774F6D0C 5 Bytes JMP 000C00A8
.text C:\Windows\System32\StkASv2K.exe[1672] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0015006C
.text C:\Windows\System32\StkASv2K.exe[1672] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00150030
.text C:\Windows\System32\StkASv2K.exe[1672] USER32.dll!UnhookWindowsHookEx 774CADF9 5 Bytes JMP 00170120
.text C:\Windows\System32\StkASv2K.exe[1672] USER32.dll!UnhookWinEvent 774CB750 5 Bytes JMP 0017006C
.text C:\Windows\System32\StkASv2K.exe[1672] USER32.dll!SetWindowsHookExW 774CE30C 5 Bytes JMP 001700E4
.text C:\Windows\System32\StkASv2K.exe[1672] USER32.dll!SetWinEventHook 774D24DC 5 Bytes JMP 00170030
.text C:\Windows\System32\StkASv2K.exe[1672] USER32.dll!SetWindowsHookExA 774F6D0C 5 Bytes JMP 001700A8
.text C:\Windows\System32\spoolsv.exe[1924] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0006006C
.text C:\Windows\System32\spoolsv.exe[1924] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00060030
.text C:\Windows\System32\spoolsv.exe[1924] USER32.dll!UnhookWindowsHookEx 774CADF9 5 Bytes JMP 00100120
.text C:\Windows\System32\spoolsv.exe[1924] USER32.dll!UnhookWinEvent 774CB750 5 Bytes JMP 0010006C
.text C:\Windows\System32\spoolsv.exe[1924] USER32.dll!SetWindowsHookExW 774CE30C 5 Bytes JMP 001000E4
.text C:\Windows\System32\spoolsv.exe[1924] USER32.dll!SetWinEventHook 774D24DC 5 Bytes JMP 00100030
.text C:\Windows\System32\spoolsv.exe[1924] USER32.dll!SetWindowsHookExA 774F6D0C 5 Bytes JMP 001000A8
.text C:\Windows\system32\svchost.exe[1952] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[1952] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00060030
.text C:\Windows\system32\svchost.exe[1952] USER32.dll!UnhookWindowsHookEx 774CADF9 5 Bytes JMP 001E0120
.text C:\Windows\system32\svchost.exe[1952] USER32.dll!UnhookWinEvent 774CB750 5 Bytes JMP 001E006C
.text C:\Windows\system32\svchost.exe[1952] USER32.dll!SetWindowsHookExW 774CE30C 5 Bytes JMP 001E00E4
.text C:\Windows\system32\svchost.exe[1952] USER32.dll!SetWinEventHook 774D24DC 5 Bytes JMP 001E0030
.text C:\Windows\system32\svchost.exe[1952] USER32.dll!SetWindowsHookExA 774F6D0C 5 Bytes JMP 001E00A8
.text C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe[2040] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0017006C
.text C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe[2040] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00170030
.text C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe[2040] USER32.dll!UnhookWindowsHookEx 774CADF9 5 Bytes JMP 00300120
.text C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe[2040] USER32.dll!UnhookWinEvent 774CB750 5 Bytes JMP 0030006C
.text C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe[2040] USER32.dll!SetWindowsHookExW 774CE30C 5 Bytes JMP 003000E4
.text C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe[2040] USER32.dll!SetWinEventHook 774D24DC 5 Bytes JMP 00300030
.text C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe[2040] USER32.dll!SetWindowsHookExA 774F6D0C 5 Bytes JMP 003000A8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2056] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0005006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2056] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00050030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2056] USER32.dll!UnhookWindowsHookEx 774CADF9 5 Bytes JMP 00130120
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2056] USER32.dll!UnhookWinEvent 774CB750 5 Bytes JMP 0013006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2056] USER32.dll!SetWindowsHookExW 774CE30C 5 Bytes JMP 001300E4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2056] USER32.dll!SetWinEventHook 774D24DC 5 Bytes JMP 00130030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2056] USER32.dll!SetWindowsHookExA 774F6D0C 5 Bytes JMP 001300A8
.text C:\Windows\system32\SearchIndexer.exe[2320] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 000A006C
.text C:\Windows\system32\SearchIndexer.exe[2320] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 000A0030
.text C:\Windows\system32\SearchIndexer.exe[2320] USER32.dll!UnhookWindowsHookEx 774CADF9 5 Bytes JMP 00150120
.text C:\Windows\system32\SearchIndexer.exe[2320] USER32.dll!UnhookWinEvent 774CB750 5 Bytes JMP 0015006C
.text C:\Windows\system32\SearchIndexer.exe[2320] USER32.dll!SetWindowsHookExW 774CE30C 5 Bytes JMP 001500E4
.text C:\Windows\system32\SearchIndexer.exe[2320] USER32.dll!SetWinEventHook 774D24DC 5 Bytes JMP 00150030
.text C:\Windows\system32\SearchIndexer.exe[2320] USER32.dll!SetWindowsHookExA 774F6D0C 5 Bytes JMP 001500A8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2580] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0005006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2580] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00050030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2580] USER32.dll!UnhookWindowsHookEx 774CADF9 5 Bytes JMP 000C0120
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2580] USER32.dll!UnhookWinEvent 774CB750 5 Bytes JMP 000C006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2580] USER32.dll!SetWindowsHookExW 774CE30C 5 Bytes JMP 000C00E4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2580] USER32.dll!SetWinEventHook 774D24DC 5 Bytes JMP 000C0030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2580] USER32.dll!SetWindowsHookExA 774F6D0C 5 Bytes JMP 000C00A8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2704] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0006006C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2704] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00060030
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2704] USER32.dll!UnhookWindowsHookEx 774CADF9 5 Bytes JMP 00100120
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2704] USER32.dll!UnhookWinEvent 774CB750 5 Bytes JMP 0010006C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2704] USER32.dll!SetWindowsHookExW 774CE30C 5 Bytes JMP 001000E4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2704] USER32.dll!SetWinEventHook 774D24DC 5 Bytes JMP 00100030
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2704] USER32.dll!SetWindowsHookExA 774F6D0C 5 Bytes JMP 001000A8
.text C:\Windows\System32\rundll32.exe[2832] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0007006C
.text C:\Windows\System32\rundll32.exe[2832] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00070030
.text C:\Windows\System32\rundll32.exe[2832] USER32.dll!UnhookWindowsHookEx 774CADF9 5 Bytes JMP 00090120
.text C:\Windows\System32\rundll32.exe[2832] USER32.dll!UnhookWinEvent 774CB750 5 Bytes JMP 0009006C
.text C:\Windows\System32\rundll32.exe[2832] USER32.dll!SetWindowsHookExW 774CE30C 5 Bytes JMP 000900E4
.text C:\Windows\System32\rundll32.exe[2832] USER32.dll!SetWinEventHook 774D24DC 5 Bytes JMP 00090030
.text C:\Windows\System32\rundll32.exe[2832] USER32.dll!SetWindowsHookExA 774F6D0C 5 Bytes JMP 000900A8
.text C:\Windows\system32\taskhost.exe[2876] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0005006C
.text C:\Windows\system32\taskhost.exe[2876] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00050030
.text C:\Windows\system32\taskhost.exe[2876] USER32.dll!UnhookWindowsHookEx 774CADF9 5 Bytes JMP 000E0120
.text C:\Windows\system32\taskhost.exe[2876] USER32.dll!UnhookWinEvent 774CB750 5 Bytes JMP 000E006C
.text C:\Windows\system32\taskhost.exe[2876] USER32.dll!SetWindowsHookExW 774CE30C 5 Bytes JMP 000E00E4
.text C:\Windows\system32\taskhost.exe[2876] USER32.dll!SetWinEventHook 774D24DC 5 Bytes JMP 000E0030
.text C:\Windows\system32\taskhost.exe[2876] USER32.dll!SetWindowsHookExA 774F6D0C 5 Bytes JMP 000E00A8
.text C:\Windows\System32\svchost.exe[2884] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0006006C
.text C:\Windows\System32\svchost.exe[2884] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00060030
.text C:\Windows\System32\svchost.exe[2884] user32.dll!UnhookWindowsHookEx 774CADF9 5 Bytes JMP 002C0120
.text C:\Windows\System32\svchost.exe[2884] user32.dll!UnhookWinEvent 774CB750 5 Bytes JMP 002C006C
.text C:\Windows\System32\svchost.exe[2884] user32.dll!SetWindowsHookExW 774CE30C 5 Bytes JMP 002C00E4
.text C:\Windows\System32\svchost.exe[2884] user32.dll!SetWinEventHook 774D24DC 5 Bytes JMP 002C0030
.text C:\Windows\System32\svchost.exe[2884] user32.dll!SetWindowsHookExA 774F6D0C 5 Bytes JMP 002C00A8
.text C:\Windows\system32\Dwm.exe[3224] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0006006C
.text C:\Windows\system32\Dwm.exe[3224] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00060030
.text C:\Windows\system32\Dwm.exe[3224] USER32.dll!UnhookWindowsHookEx 774CADF9 5 Bytes JMP 00180120
.text C:\Windows\system32\Dwm.exe[3224] USER32.dll!UnhookWinEvent 774CB750 5 Bytes JMP 0018006C
.text C:\Windows\system32\Dwm.exe[3224] USER32.dll!SetWindowsHookExW 774CE30C 5 Bytes JMP 001800E4
.text C:\Windows\system32\Dwm.exe[3224] USER32.dll!SetWinEventHook 774D24DC 5 Bytes JMP 00180030
.text C:\Windows\system32\Dwm.exe[3224] USER32.dll!SetWindowsHookExA 774F6D0C 5 Bytes JMP 001800A8
.text C:\Windows\Explorer.EXE[3248] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0006006C
.text C:\Windows\Explorer.EXE[3248] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00060030
.text C:\Windows\Explorer.EXE[3248] USER32.dll!UnhookWindowsHookEx 774CADF9 5 Bytes JMP 000A0120
.text C:\Windows\Explorer.EXE[3248] USER32.dll!UnhookWinEvent 774CB750 5 Bytes JMP 000A006C
.text C:\Windows\Explorer.EXE[3248] USER32.dll!SetWindowsHookExW 774CE30C 5 Bytes JMP 000A00E4
.text C:\Windows\Explorer.EXE[3248] USER32.dll!SetWinEventHook 774D24DC 5 Bytes JMP 000A0030
.text C:\Windows\Explorer.EXE[3248] USER32.dll!SetWindowsHookExA 774F6D0C 5 Bytes JMP 000A00A8
.text C:\Windows\RtHDVCpl.exe[3348] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0016006C
.text C:\Windows\RtHDVCpl.exe[3348] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00160030
.text C:\Windows\RtHDVCpl.exe[3348] USER32.dll!UnhookWindowsHookEx 774CADF9 5 Bytes JMP 00200120
.text C:\Windows\RtHDVCpl.exe[3348] USER32.dll!UnhookWinEvent 774CB750 5 Bytes JMP 0020006C
.text C:\Windows\RtHDVCpl.exe[3348] USER32.dll!SetWindowsHookExW 774CE30C 5 Bytes JMP 002000E4
.text C:\Windows\RtHDVCpl.exe[3348] USER32.dll!SetWinEventHook 774D24DC 5 Bytes JMP 00200030
.text C:\Windows\RtHDVCpl.exe[3348] USER32.dll!SetWindowsHookExA 774F6D0C 5 Bytes JMP 002000A8
.text E:\WINDOWS7\Programme\PowerDVD\PDVDServ.exe[3408] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0016006C
.text E:\WINDOWS7\Programme\PowerDVD\PDVDServ.exe[3408] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00160030
.text E:\WINDOWS7\Programme\PowerDVD\PDVDServ.exe[3408] USER32.dll!UnhookWindowsHookEx 774CADF9 5 Bytes JMP 001F0120
.text E:\WINDOWS7\Programme\PowerDVD\PDVDServ.exe[3408] USER32.dll!UnhookWinEvent 774CB750 5 Bytes JMP 001F006C
.text E:\WINDOWS7\Programme\PowerDVD\PDVDServ.exe[3408] USER32.dll!SetWindowsHookExW 774CE30C 5 Bytes JMP 001F00E4
.text E:\WINDOWS7\Programme\PowerDVD\PDVDServ.exe[3408] USER32.dll!SetWinEventHook 774D24DC 5 Bytes JMP 001F0030
.text E:\WINDOWS7\Programme\PowerDVD\PDVDServ.exe[3408] USER32.dll!SetWindowsHookExA 774F6D0C 5 Bytes JMP 001F00A8
.text E:\WINDOWS7\Programme\Tastatur\Ikeymain.exe[3536] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0015006C
.text E:\WINDOWS7\Programme\Tastatur\Ikeymain.exe[3536] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00150030
.text E:\WINDOWS7\Programme\Tastatur\Ikeymain.exe[3536] USER32.dll!UnhookWindowsHookEx 774CADF9 5 Bytes JMP 00170120
.text E:\WINDOWS7\Programme\Tastatur\Ikeymain.exe[3536] USER32.dll!UnhookWinEvent 774CB750 5 Bytes JMP 0017006C
.text E:\WINDOWS7\Programme\Tastatur\Ikeymain.exe[3536] USER32.dll!SetWindowsHookExW 774CE30C 5 Bytes JMP 001700E4
.text E:\WINDOWS7\Programme\Tastatur\Ikeymain.exe[3536] USER32.dll!SetWinEventHook 774D24DC 5 Bytes JMP 00170030
.text E:\WINDOWS7\Programme\Tastatur\Ikeymain.exe[3536] USER32.dll!SetWindowsHookExA 774F6D0C 5 Bytes JMP 001700A8
.text C:\Windows\WindowsMobile\wmdc.exe[3580] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0006006C
.text C:\Windows\WindowsMobile\wmdc.exe[3580] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00060030
.text C:\Windows\WindowsMobile\wmdc.exe[3580] USER32.dll!UnhookWindowsHookEx 774CADF9 5 Bytes JMP 00110120
.text C:\Windows\WindowsMobile\wmdc.exe[3580] USER32.dll!UnhookWinEvent 774CB750 5 Bytes JMP 0011006C
.text C:\Windows\WindowsMobile\wmdc.exe[3580] USER32.dll!SetWindowsHookExW 774CE30C 5 Bytes JMP 001100E4
.text C:\Windows\WindowsMobile\wmdc.exe[3580] USER32.dll!SetWinEventHook 774D24DC 5 Bytes JMP 00110030
.text C:\Windows\WindowsMobile\wmdc.exe[3580] USER32.dll!SetWindowsHookExA 774F6D0C 5 Bytes JMP 001100A8
.text E:\WINDOWS7\Programme\Real\Update\realsched.exe[3644] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0015006C
.text E:\WINDOWS7\Programme\Real\Update\realsched.exe[3644] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00150030
.text E:\WINDOWS7\Programme\Real\Update\realsched.exe[3644] kernel32.dll!SetUnhandledExceptionFilter 77393D01 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text E:\WINDOWS7\Programme\Real\Update\realsched.exe[3644] USER32.dll!UnhookWindowsHookEx 774CADF9 5 Bytes JMP 002F0120
.text E:\WINDOWS7\Programme\Real\Update\realsched.exe[3644] USER32.dll!UnhookWinEvent 774CB750 5 Bytes JMP 002F006C
.text E:\WINDOWS7\Programme\Real\Update\realsched.exe[3644] USER32.dll!SetWindowsHookExW 774CE30C 5 Bytes JMP 002F00E4
.text E:\WINDOWS7\Programme\Real\Update\realsched.exe[3644] USER32.dll!SetWinEventHook 774D24DC 5 Bytes JMP 002F0030
.text E:\WINDOWS7\Programme\Real\Update\realsched.exe[3644] USER32.dll!SetWindowsHookExA 774F6D0C 5 Bytes JMP 002F00A8
.text C:\Windows\system32\svchost.exe[3660] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[3660] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00060030
.text E:\WINDOWS7\Programme\Desktop Sidebar\dsidebar.exe[3784] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0016006C
.text E:\WINDOWS7\Programme\Desktop Sidebar\dsidebar.exe[3784] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00160030
.text E:\WINDOWS7\Programme\Desktop Sidebar\dsidebar.exe[3784] USER32.dll!UnhookWindowsHookEx 774CADF9 5 Bytes JMP 00190120
.text E:\WINDOWS7\Programme\Desktop Sidebar\dsidebar.exe[3784] USER32.dll!UnhookWinEvent 774CB750 5 Bytes JMP 0019006C
.text E:\WINDOWS7\Programme\Desktop Sidebar\dsidebar.exe[3784] USER32.dll!SetWindowsHookExW 774CE30C 5 Bytes JMP 001900E4
.text E:\WINDOWS7\Programme\Desktop Sidebar\dsidebar.exe[3784] USER32.dll!SetWinEventHook 774D24DC 5 Bytes JMP 00190030
.text E:\WINDOWS7\Programme\Desktop Sidebar\dsidebar.exe[3784] USER32.dll!SetWindowsHookExA 774F6D0C 5 Bytes JMP 001900A8
.text E:\WINDOWS7\Programme\Kalenderchen\Kalenderchen.exe[3912] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0016006C
.text E:\WINDOWS7\Programme\Kalenderchen\Kalenderchen.exe[3912] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00160030
.text E:\WINDOWS7\Programme\Kalenderchen\Kalenderchen.exe[3912] USER32.dll!UnhookWindowsHookEx 774CADF9 5 Bytes JMP 001F0120
.text E:\WINDOWS7\Programme\Kalenderchen\Kalenderchen.exe[3912] USER32.dll!UnhookWinEvent 774CB750 5 Bytes JMP 001F006C
.text E:\WINDOWS7\Programme\Kalenderchen\Kalenderchen.exe[3912] USER32.dll!SetWindowsHookExW 774CE30C 5 Bytes JMP 001F00E4
.text E:\WINDOWS7\Programme\Kalenderchen\Kalenderchen.exe[3912] USER32.dll!SetWinEventHook 774D24DC 5 Bytes JMP 001F0030
.text E:\WINDOWS7\Programme\Kalenderchen\Kalenderchen.exe[3912] USER32.dll!SetWindowsHookExA 774F6D0C 5 Bytes JMP 001F00A8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3920] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0016006C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3920] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00160030
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3920] USER32.dll!UnhookWindowsHookEx 774CADF9 5 Bytes JMP 00570120
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3920] USER32.dll!UnhookWinEvent 774CB750 5 Bytes JMP 0057006C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3920] USER32.dll!SetWindowsHookExW 774CE30C 5 Bytes JMP 005700E4
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3920] USER32.dll!SetWinEventHook 774D24DC 5 Bytes JMP 00570030
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3920] USER32.dll!SetWindowsHookExA 774F6D0C 5 Bytes JMP 005700A8
.text E:\WINDOWS7\Programme\IncrediMail\Bin\IncMail.exe[3936] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0016006C
.text E:\WINDOWS7\Programme\IncrediMail\Bin\IncMail.exe[3936] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00160030
.text E:\WINDOWS7\Programme\IncrediMail\Bin\IncMail.exe[3936] USER32.dll!UnhookWindowsHookEx 774CADF9 5 Bytes JMP 00500120
.text E:\WINDOWS7\Programme\IncrediMail\Bin\IncMail.exe[3936] USER32.dll!UnhookWinEvent 774CB750 5 Bytes JMP 0050006C
.text E:\WINDOWS7\Programme\IncrediMail\Bin\IncMail.exe[3936] USER32.dll!SetWindowsHookExW 774CE30C 5 Bytes JMP 005000E4
.text E:\WINDOWS7\Programme\IncrediMail\Bin\IncMail.exe[3936] USER32.dll!SetWinEventHook 774D24DC 5 Bytes JMP 00500030
.text E:\WINDOWS7\Programme\IncrediMail\Bin\IncMail.exe[3936] USER32.dll!SetWindowsHookExA 774F6D0C 5 Bytes JMP 005000A8
.text E:\WINDOWS7\Programme\TP-LINK\TL-WN321G\COMMON\TWCU.exe[4000] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0016006C
.text E:\WINDOWS7\Programme\TP-LINK\TL-WN321G\COMMON\TWCU.exe[4000] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00160030
.text E:\WINDOWS7\Programme\TP-LINK\TL-WN321G\COMMON\TWCU.exe[4000] USER32.dll!UnhookWindowsHookEx 774CADF9 5 Bytes JMP 001F0120
.text E:\WINDOWS7\Programme\TP-LINK\TL-WN321G\COMMON\TWCU.exe[4000] USER32.dll!UnhookWinEvent 774CB750 5 Bytes JMP 001F006C
.text E:\WINDOWS7\Programme\TP-LINK\TL-WN321G\COMMON\TWCU.exe[4000] USER32.dll!SetWindowsHookExW 774CE30C 5 Bytes JMP 001F00E4
.text E:\WINDOWS7\Programme\TP-LINK\TL-WN321G\COMMON\TWCU.exe[4000] USER32.dll!SetWinEventHook 774D24DC 5 Bytes JMP 001F0030
.text E:\WINDOWS7\Programme\TP-LINK\TL-WN321G\COMMON\TWCU.exe[4000] USER32.dll!SetWindowsHookExA 774F6D0C 5 Bytes JMP 001F00A8
.text E:\WINDOWS7\Programme\Dexxa Optical Mouse\1.0\LwbWheel.exe[4012] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0015006C
.text E:\WINDOWS7\Programme\Dexxa Optical Mouse\1.0\LwbWheel.exe[4012] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00150030
.text E:\WINDOWS7\Programme\Dexxa Optical Mouse\1.0\LwbWheel.exe[4012] user32.dll!UnhookWindowsHookEx 774CADF9 5 Bytes JMP 001E0120
.text E:\WINDOWS7\Programme\Dexxa Optical Mouse\1.0\LwbWheel.exe[4012] user32.dll!UnhookWinEvent 774CB750 5 Bytes JMP 001E006C
.text E:\WINDOWS7\Programme\Dexxa Optical Mouse\1.0\LwbWheel.exe[4012] user32.dll!SetWindowsHookExW 774CE30C 5 Bytes JMP 001E00E4
.text E:\WINDOWS7\Programme\Dexxa Optical Mouse\1.0\LwbWheel.exe[4012] user32.dll!SetWinEventHook 774D24DC 5 Bytes JMP 001E0030
.text E:\WINDOWS7\Programme\Dexxa Optical Mouse\1.0\LwbWheel.exe[4012] user32.dll!SetWindowsHookExA 774F6D0C 5 Bytes JMP 001E00A8
.text C:\Windows\System32\svchost.exe[5808] ntdll.dll!LdrUnloadDll 776BC8DE 5 Bytes JMP 0006006C
.text C:\Windows\System32\svchost.exe[5808] ntdll.dll!LdrLoadDll 776C22B8 5 Bytes JMP 00060030
.text C:\Windows\System32\svchost.exe[5808] USER32.dll!UnhookWindowsHookEx 774CADF9 5 Bytes JMP 00400120
.text C:\Windows\System32\svchost.exe[5808] USER32.dll!UnhookWinEvent 774CB750 5 Bytes JMP 0040006C
.text C:\Windows\System32\svchost.exe[5808] USER32.dll!SetWindowsHookExW 774CE30C 5 Bytes JMP 004000E4
.text C:\Windows\System32\svchost.exe[5808] USER32.dll!SetWinEventHook 774D24DC 5 Bytes JMP 00400030
.text C:\Windows\System32\svchost.exe[5808] USER32.dll!SetWindowsHookExA 774F6D0C 5 Bytes JMP 004000A8
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\System32\rundll32.exe[2832] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [756FFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2832] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [756FFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [756FFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2832] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [756FFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
Device \Driver\ACPI_HAL \Device\0000004d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume10 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume10 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
---- EOF - GMER 1.0.15 ----
|
|
17.03.2011, 12:58
| #21 |
| | http://www.google-analytics.com/ga.jsI>(gzip) = Malware ? Hallo Arne! Hier die 2. Log Datei OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 18:56:05 on 17.03.2011 OS: Windows 7 Service Pack 1 (Build 7601), 32-bit Default Browser: Microsoft Corporation Internet Explorer 8.00.7600.16385 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights" - "Nero AG" - E:\WINDOWS7\Programme\Nero 7\Nero Toolkit\NeroBurnRights.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys "aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\Windows\system32\drivers\aswFsBlk.sys "aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys "aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\system32\drivers\aswRdr.sys "aswSnx" (aswSnx) - "AVAST Software" - C:\Windows\system32\drivers\aswSnx.sys "aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys "avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\Windows\system32\drivers\aswTdi.sys "catchme" (catchme) - ? - C:\Users\Helmut\AppData\Local\Temp\catchme.sys (File not found) "hc3ServiceName" (hotcore3) - "Paragon Software Group" - C:\Windows\System32\DRIVERS\hotcore3.sys "pgldrpob" (pgldrpob) - ? - C:\Users\Helmut\AppData\Local\Temp\pgldrpob.sys (Hidden registry entry, rootkit activity | File not found) "Syntek STK1150" (StkAMini) - "Syntek America Inc." - C:\Windows\System32\Drivers\StkAMini.sys "Syntek STK1150 Filter Driver" (StkScan) - "Syntek America Inc." - C:\Windows\System32\Drivers\StkScan.sys "uxpatch" (uxpatch) - ? - C:\Windows\system32\drivers\uxpatch.sys (File found, but it contains no detailed information) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - E:\WINDOWS7\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\ashShell.dll {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {2BB59FC0-31E8-42DA-9D3C-E9A52953853B} "ImageResizer Shell Extension" - "VSO Software SARL" - E:\WINDOWS7\PROGRA~1\VSOIMA~1\RSZShell.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - E:\Windows7\Programme\Microsoft Office\Office10\msohev.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - E:\WINDOWS7\Programme\Nero 7\Nero CoverDesigner\CoverEdExtension.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - e:\windows7\programme\real\rpshell.dll {F2185E5D-720E-4956-90D9-75F6AC141575} "SidebarIconHandler Class" - "Idea2" - E:\Windows7\Programme\Desktop Sidebar\sbhelp.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10n.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - E:\WINDOWS7\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {45AD732C-2CE2-4666-B366-B2214AD57A49} "Subscribe in Desktop Sidebar" - "Idea2" - E:\Windows7\Programme\Desktop Sidebar\sbhelp.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll {45AD732C-2CE2-4666-B366-B2214AD57A49} "Idea2 SidebarBrowserMonitor Class" - "Idea2" - E:\Windows7\Programme\Desktop Sidebar\sbhelp.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - E:\WINDOWS7\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corporation" - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Helmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Mouse.lnk" - ? - E:\WINDOWS7\Programme\Dexxa Optical Mouse\1.0\LwbWheel.exe (Shortcut exists | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Microsoft Office.lnk" - "Microsoft Corporation" - E:\WINDOWS7\Programme\Microsoft Office\Office10\OSA.EXE (Shortcut exists | File exists) "TL-WN321G Wireless Utility.lnk" - ? - E:\WINDOWS7\Programme\TP-LINK\TL-WN321G\COMMON\TWCU.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "DMS-Kalenderchen" - "Daniel Manger Software" - "E:\WINDOWS7\Programme\Kalenderchen\Kalenderchen.exe" /autorun "IncrediMail" - "IncrediMail, Ltd." - E:\WINDOWS7\Programme\IncrediMail\bin\IncMail.exe /c "SIDEBAR" - "Idea2" - "E:\WINDOWS7\Programme\Desktop Sidebar\dsidebar.exe" "Skype" - "Skype Technologies S.A." - "E:\WINDOWS7\Programme\Skype\Phone\Skype.exe" /nosplash /minimized "swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "avast5" - "AVAST Software" - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui "iKeyWorks" - "A4Tech Co.,Ltd." - e:\WINDOWS7\PROGRA~1\Tastatur\Ikeymain.exe "LanguageShortcut" - ? - E:\WINDOWS7\Programme\PowerDVD\Language\Language.exe "NeroFilterCheck" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe "RemoteControl" - "Cyberlink Corp." - E:\WINDOWS7\Programme\PowerDVD\PDVDServ.exe "TkBellExe" - "RealNetworks, Inc." - "E:\WINDOWS7\Programme\Real\update\realsched.exe" -osboot [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "EPSON TX111 Series 32MonitorBI" - "SEIKO EPSON CORPORATION" - C:\Windows\system32\E_FLBFBI.DLL [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe "DATA BECKER Update Service" (DBService) - "DATA BECKER GmbH & Co KG" - C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - E:\Windows7\Programme\MAGIX\Common\Database\bin\fbserver.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "NBService" (NBService) - "Nero AG" - E:\WINDOWS7\Programme\Nero 7\Nero BackItUp\NBService.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "PIXMA Extended Survey Program" (IJPLMSVC) - ? - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE "Ralink Registry Writer" (RalinkRegistryWriter) - ? - E:\WINDOWS7\Programme\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe "Syntek STK1150 Service" (StkASSrv) - "Syntek America Inc." - C:\Windows\System32\StkASv2K.exe "Unsigned Themes" (UnsignedThemes) - "The Within Network, LLC" - C:\Windows\UnsignedThemesSvc.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "WindowsLive Local NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit Online Solutions :: Index |
|
17.03.2011, 13:02
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | http://www.google-analytics.com/ga.jsI>(gzip) = Malware ? Und das von MBRCHeck?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.03.2011, 13:05
| #23 |
| | http://www.google-analytics.com/ga.jsI>(gzip) = Malware ? So und hier der MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows 7 Professional Windows Information: Service Pack 1 (build 7601), 32-bit Base Board Manufacturer: ACER BIOS Manufacturer: American Megatrends Inc. System Manufacturer: ACER System Product Name: Aspire M1641 Logical Drives Mask: 0x009878fc Kernel Drivers (total 212): 0x82C1E000 \SystemRoot\system32\ntkrnlpa.exe 0x83030000 \SystemRoot\system32\halmacpi.dll 0x80BC0000 \SystemRoot\system32\kdcom.dll 0x83228000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x832AD000 \SystemRoot\system32\PSHED.dll 0x832BE000 \SystemRoot\system32\BOOTVID.dll 0x832C6000 \SystemRoot\system32\CLFS.SYS 0x83308000 \SystemRoot\system32\CI.dll 0x8A804000 \SystemRoot\system32\drivers\Wdf01000.sys 0x8A875000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8A883000 \SystemRoot\system32\drivers\ACPI.sys 0x8A8CB000 \SystemRoot\system32\drivers\WMILIB.SYS 0x8A8D4000 \SystemRoot\system32\drivers\msisadrv.sys 0x8A8DC000 \SystemRoot\system32\drivers\pci.sys 0x8A906000 \SystemRoot\system32\drivers\vdrvroot.sys 0x8A911000 \SystemRoot\System32\drivers\partmgr.sys 0x8A922000 \SystemRoot\system32\drivers\volmgr.sys 0x8A932000 \SystemRoot\System32\drivers\volmgrx.sys 0x8A97D000 \SystemRoot\system32\drivers\nvraid.sys 0x8A99C000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x8A9C1000 \SystemRoot\system32\drivers\pciide.sys 0x8A9C8000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x8A9D6000 \SystemRoot\System32\drivers\mountmgr.sys 0x833B3000 \SystemRoot\system32\drivers\vmbus.sys 0x8A9EC000 \SystemRoot\system32\drivers\winhv.sys 0x833DD000 \SystemRoot\system32\drivers\atapi.sys 0x83200000 \SystemRoot\system32\drivers\ataport.SYS 0x8AA11000 \SystemRoot\system32\drivers\nvstor.sys 0x8AA36000 \SystemRoot\system32\drivers\storport.sys 0x8AA7E000 \SystemRoot\system32\drivers\amdxata.sys 0x8AA87000 \SystemRoot\system32\drivers\fltmgr.sys 0x8AABB000 \SystemRoot\system32\drivers\fileinfo.sys 0x8AACC000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8AC2B000 \SystemRoot\System32\Drivers\msrpc.sys 0x8AC56000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8AC69000 \SystemRoot\System32\Drivers\cng.sys 0x8ACC6000 \SystemRoot\System32\drivers\pcw.sys 0x8ACD4000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x8ACDD000 \SystemRoot\system32\drivers\ndis.sys 0x8AD94000 \SystemRoot\system32\drivers\NETIO.SYS 0x8ADD2000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x8AE18000 \SystemRoot\System32\drivers\tcpip.sys 0x8AF62000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8AF93000 \SystemRoot\system32\drivers\vmstorfl.sys 0x8AF9C000 \SystemRoot\system32\drivers\volsnap.sys 0x8AFDB000 \SystemRoot\System32\Drivers\spldr.sys 0x8B017000 \SystemRoot\System32\drivers\rdyboost.sys 0x8B044000 \SystemRoot\System32\Drivers\mup.sys 0x8B054000 \SystemRoot\System32\drivers\hwpolicy.sys 0x8B05C000 \SystemRoot\system32\DRIVERS\hotcore3.sys 0x8B061000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x8B093000 \SystemRoot\system32\DRIVERS\disk.sys 0x8B0F1000 \SystemRoot\system32\drivers\cdrom.sys 0x8B110000 \SystemRoot\System32\Drivers\aswSnx.SYS 0x8B16E000 \SystemRoot\System32\Drivers\Null.SYS 0x8B175000 \SystemRoot\System32\Drivers\Beep.SYS 0x8B17C000 \SystemRoot\System32\drivers\vga.sys 0x8B188000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8B1A9000 \SystemRoot\System32\drivers\watchdog.sys 0x8B1B6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x8B1BE000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8B1C6000 \SystemRoot\system32\drivers\rdprefmp.sys 0x8B1CE000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8B1D9000 \SystemRoot\System32\Drivers\Npfs.SYS 0x8B1E7000 \SystemRoot\system32\DRIVERS\tdx.sys 0x8B000000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8B00C000 \SystemRoot\System32\Drivers\aswTdi.SYS 0x90602000 \SystemRoot\system32\drivers\afd.sys 0x9065C000 \SystemRoot\System32\Drivers\aswRdr.SYS 0x90661000 \SystemRoot\System32\DRIVERS\netbt.sys 0x90693000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x9069A000 \SystemRoot\system32\DRIVERS\pacer.sys 0x906B9000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys 0x906C9000 \SystemRoot\system32\DRIVERS\vwififlt.sys 0x906DA000 \SystemRoot\system32\DRIVERS\netbios.sys 0x906E8000 \SystemRoot\system32\DRIVERS\serial.sys 0x90702000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x90715000 \SystemRoot\system32\drivers\vpcvmm.sys 0x9075C000 \SystemRoot\system32\drivers\termdd.sys 0x9076D000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x907AE000 \SystemRoot\system32\drivers\nsiproxy.sys 0x907B8000 \SystemRoot\system32\drivers\mssmbios.sys 0x907C2000 \SystemRoot\System32\drivers\discache.sys 0x90835000 \SystemRoot\system32\drivers\csc.sys 0x90899000 \SystemRoot\System32\Drivers\dfsc.sys 0x908B1000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x908BF000 \SystemRoot\System32\Drivers\aswSP.SYS 0x90907000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x90928000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x9093A000 \SystemRoot\system32\DRIVERS\serenum.sys 0x90944000 \SystemRoot\system32\drivers\i8042prt.sys 0x9095C000 \SystemRoot\system32\drivers\kbdclass.sys 0x90969000 \SystemRoot\system32\drivers\mouclass.sys 0x90976000 \SystemRoot\system32\DRIVERS\nvsmu.sys 0x90979000 \SystemRoot\system32\DRIVERS\usbohci.sys 0x90983000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x909CE000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x909DD000 \SystemRoot\system32\drivers\HDAudBus.sys 0x9142C000 \SystemRoot\system32\DRIVERS\AGRSM.sys 0x91532000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x91534000 \SystemRoot\system32\drivers\modem.sys 0x91541000 \SystemRoot\system32\drivers\1394ohci.sys 0x9156E000 \SystemRoot\system32\DRIVERS\nvm62x32.sys 0x91E0D000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x9288B000 \SystemRoot\system32\DRIVERS\nvBridge.kmd 0x9288D000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x92944000 \SystemRoot\System32\drivers\dxgmms1.sys 0x9297D000 \SystemRoot\system32\drivers\wmiacpi.sys 0x92986000 \SystemRoot\system32\drivers\CompositeBus.sys 0x92993000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x929A5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x929BD000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x929C8000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x915C3000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x915DB000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x91400000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x929EA000 \SystemRoot\system32\DRIVERS\rdpbus.sys 0x929F4000 \SystemRoot\system32\drivers\swenum.sys 0x90800000 \SystemRoot\system32\drivers\ks.sys 0x91417000 \SystemRoot\system32\drivers\umbus.sys 0x907CE000 \SystemRoot\system32\DRIVERS\vpcusb.sys 0x91E00000 \SystemRoot\system32\DRIVERS\usbrpm.sys 0x92E13000 \SystemRoot\system32\DRIVERS\vpchbus.sys 0x92E49000 \SystemRoot\system32\drivers\usbhub.sys 0x92E8D000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x81E1F000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x92E9E000 \SystemRoot\system32\drivers\portcls.sys 0x81E00000 \SystemRoot\system32\drivers\drmk.sys 0x82490000 \SystemRoot\System32\win32k.sys 0x92ECD000 \SystemRoot\System32\drivers\Dxapi.sys 0x92ED7000 \SystemRoot\System32\Drivers\crashdmp.sys 0x92EE4000 \SystemRoot\System32\Drivers\dump_diskdump.sys 0x92EEE000 \SystemRoot\System32\Drivers\dump_nvstor.sys 0x92F13000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x92F24000 \SystemRoot\system32\drivers\USBSTOR.SYS 0x92F3B000 \SystemRoot\system32\drivers\usbccgp.sys 0x92F52000 \SystemRoot\system32\DRIVERS\monitor.sys 0x92F5D000 \SystemRoot\System32\Drivers\StkAMini.sys 0x92F98000 \SystemRoot\System32\Drivers\STREAM.SYS 0x92FA6000 \SystemRoot\System32\Drivers\StkACamd.sys 0x8D62E000 \SystemRoot\System32\Drivers\StkAPin.sys 0x9AA00000 \SystemRoot\System32\Drivers\StkAPipe.sys 0x8D6A9000 \SystemRoot\System32\Drivers\StkASam.sys 0x8D6AE000 \SystemRoot\System32\Drivers\StkScan.sys 0x8D6B0000 \SystemRoot\system32\drivers\usbaudio.sys 0x826F0000 \SystemRoot\System32\TSDDD.dll 0x8D6C4000 \SystemRoot\System32\Drivers\usbvideo.sys 0x82720000 \SystemRoot\System32\cdd.dll 0x8D6E8000 \SystemRoot\system32\DRIVERS\netr73.sys 0x8D776000 \SystemRoot\system32\DRIVERS\vwifibus.sys 0x8D780000 \SystemRoot\system32\drivers\luafv.sys 0x8D79B000 \??\C:\Windows\system32\drivers\aswMonFlt.sys 0x8D7D3000 \SystemRoot\System32\Drivers\aswFsBlk.SYS 0x8D7D6000 \SystemRoot\system32\drivers\WudfPf.sys 0x8D7F0000 \??\C:\Windows\system32\drivers\uxpatch.sys 0x8D600000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x92FAF000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x8D610000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x92E00000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x9DC03000 \SystemRoot\system32\drivers\HTTP.sys 0x9DC88000 \SystemRoot\system32\DRIVERS\bowser.sys 0x9DCA1000 \SystemRoot\System32\drivers\mpsdrv.sys 0x9DCB3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x9DCD6000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x9DD11000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x9DD44000 \??\C:\Windows\system32\drivers\acedrv11.sys 0xA0E1A000 \SystemRoot\system32\drivers\peauth.sys 0xA0EB1000 \SystemRoot\System32\Drivers\secdrv.SYS 0xA0EBB000 \SystemRoot\System32\DRIVERS\srvnet.sys 0xA0EDC000 \SystemRoot\System32\drivers\tcpipreg.sys 0xA0EE9000 \SystemRoot\System32\DRIVERS\srv2.sys 0xA0F38000 \SystemRoot\System32\DRIVERS\srv.sys 0xA0F89000 \??\C:\Users\Helmut\AppData\Local\Temp\pgldrpob.sys 0x77C90000 \Windows\System32\ntdll.dll 0x476D0000 \Windows\System32\smss.exe 0x77ED0000 \Windows\System32\apisetschema.dll 0x00960000 \Windows\System32\autochk.exe 0x77EA0000 \Windows\System32\sechost.dll 0x77DD0000 \Windows\System32\user32.dll 0x77B90000 \Windows\System32\wininet.dll 0x779F0000 \Windows\System32\setupapi.dll 0x779B0000 \Windows\System32\ws2_32.dll 0x77990000 \Windows\System32\imm32.dll 0x77900000 \Windows\System32\clbcatq.dll 0x778F0000 \Windows\System32\lpk.dll 0x76CA0000 \Windows\System32\shell32.dll 0x76C10000 \Windows\System32\oleaut32.dll 0x76BC0000 \Windows\System32\gdi32.dll 0x76B90000 \Windows\System32\imagehlp.dll 0x76AE0000 \Windows\System32\rpcrt4.dll 0x76A40000 \Windows\System32\advapi32.dll 0x76A30000 \Windows\System32\nsi.dll 0x76990000 \Windows\System32\usp10.dll 0x76790000 \Windows\System32\iertutil.dll 0x76780000 \Windows\System32\normaliz.dll 0x76620000 \Windows\System32\ole32.dll 0x765D0000 \Windows\System32\Wldap32.dll 0x764F0000 \Windows\System32\kernel32.dll 0x76420000 \Windows\System32\msctf.dll 0x763A0000 \Windows\System32\comdlg32.dll 0x762F0000 \Windows\System32\msvcrt.dll 0x762E0000 \Windows\System32\psapi.dll 0x76280000 \Windows\System32\shlwapi.dll 0x76220000 \Windows\System32\difxapi.dll 0x760E0000 \Windows\System32\urlmon.dll 0x760B0000 \Windows\System32\cfgmgr32.dll 0x76060000 \Windows\System32\KernelBase.dll 0x76030000 \Windows\System32\wintrust.dll 0x75F10000 \Windows\System32\crypt32.dll 0x75E80000 \Windows\System32\comctl32.dll 0x75E60000 \Windows\System32\devobj.dll 0x75E50000 \Windows\System32\msasn1.dll Processes (total 63): 0 System Idle Process 4 System 312 C:\Windows\System32\smss.exe 476 csrss.exe 528 C:\Windows\System32\wininit.exe 536 csrss.exe 588 C:\Windows\System32\services.exe 600 C:\Windows\System32\lsass.exe 612 C:\Windows\System32\lsm.exe 676 C:\Windows\System32\winlogon.exe 756 C:\Windows\System32\svchost.exe 856 C:\Windows\System32\nvvsvc.exe 896 C:\Windows\System32\svchost.exe 956 C:\Windows\System32\svchost.exe 1036 C:\Windows\System32\svchost.exe 1064 C:\Windows\System32\svchost.exe 1108 C:\Windows\UnsignedThemesSvc.exe 1244 C:\Windows\System32\svchost.exe 1416 C:\Windows\System32\nvvsvc.exe 1432 C:\Windows\System32\svchost.exe 1556 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe 1564 C:\Windows\System32\wlanext.exe 1572 C:\Windows\System32\conhost.exe 1932 C:\Windows\System32\spoolsv.exe 1960 C:\Windows\System32\svchost.exe 112 C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe 336 C:\Windows\System32\svchost.exe 376 C:\Program Files\Canon\IJPLM\ijplmsvc.exe 688 E:\WINDOWS7\Programme\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe 980 C:\Program Files\CyberLink\Shared Files\RichVideo.exe 1320 C:\Windows\System32\svchost.exe 1372 C:\Windows\System32\StkASv2K.exe 2044 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE 2356 C:\Windows\System32\SearchIndexer.exe 2468 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE 2776 C:\Windows\System32\taskhost.exe 3100 C:\Windows\System32\dwm.exe 3124 C:\Windows\explorer.exe 3224 C:\Windows\RtHDVCpl.exe 3276 E:\WINDOWS7\Programme\PowerDVD\PDVDServ.exe 3420 E:\WINDOWS7\Programme\Tastatur\Ikeymain.exe 3428 C:\Program Files\Alwil Software\Avast5\AvastUI.exe 3436 C:\Windows\WindowsMobile\wmdc.exe 3512 E:\WINDOWS7\Programme\Real\Update\realsched.exe 3548 C:\Windows\System32\svchost.exe 3604 E:\WINDOWS7\Programme\Desktop Sidebar\dsidebar.exe 3792 E:\WINDOWS7\Programme\Kalenderchen\Kalenderchen.exe 3800 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 3884 E:\WINDOWS7\Programme\TP-LINK\TL-WN321G\COMMON\TWCU.exe 3896 E:\WINDOWS7\Programme\Dexxa Optical Mouse\1.0\LwbWheel.exe 1472 C:\Program Files\Windows Media Player\wmpnetwk.exe 2880 C:\Windows\System32\svchost.exe 5052 C:\Windows\System32\ctfmon.exe 5340 C:\Windows\System32\svchost.exe 4344 E:\WINDOWS7\Programme\wincmd\TOTALCMD.EXE 3852 C:\Windows\System32\notepad.exe 2496 C:\Windows\System32\SearchProtocolHost.exe 6100 C:\Windows\System32\SearchFilterHost.exe 6072 C:\Windows\System32\audiodg.exe 1384 C:\Windows\System32\SearchProtocolHost.exe 4192 C:\Users\Helmut\Desktop\MBRCheck.exe 4076 C:\Windows\System32\conhost.exe 4056 C:\Windows\System32\dllhost.exe \\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\E: --> \\.\PhysicalDrive0 at offset 0x00000019`c96b3000 (NTFS) \\.\H: --> \\.\PhysicalDrive0 at offset 0x0000000c`34f2cc00 (NTFS) \\.\T: --> \\.\PhysicalDrive1 at offset 0x00000019`c96b3000 (NTFS) \\.\U: --> \\.\PhysicalDrive1 at offset 0x0000000e`a6094200 (NTFS) PhysicalDrive1 Model Number: ST3320418AS, Rev: CC34 PhysicalDrive0 Model Number: HitachiHDT721032SLA, Rev: ST2O Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive1 MBR Code Faked! SHA1: 68C8C0C1F59FD889308063DD988B627F09D7FC53 298 GB \\.\PhysicalDrive0 MBR Code Faked! SHA1: DE42B38757D6CB4D1DD813AD80BD373EE99BA5B9 Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Done! |
|
17.03.2011, 13:23
| #24 |
| | http://www.google-analytics.com/ga.jsI>(gzip) = Malware ? Hallo Arne! ast du schon mal dieses hier gelesen? Ein bisschen Datenschutz für Google Analytics [Update] | heise Security Vielleicht kannst du damit was anfangen. Ich versteh das ned so ganz! |
|
17.03.2011, 13:28
| #25 |
| | http://www.google-analytics.com/ga.jsI>(gzip) = Malware ? Ein bisschen Datenschutz für Google Analytics [Update] | heise Security |
|
17.03.2011, 13:30
| #26 |
| | http://www.google-analytics.com/ga.jsI>(gzip) = Malware ? Sorry jetzt müßte es passen: Ein bisschen Datenschutz für Google Analytics [Update] | heise Security |
|
17.03.2011, 14:23
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | http://www.google-analytics.com/ga.jsI>(gzip) = Malware ? Hast du die Umleitungen noch? MBRCheck findet einen Fake-MBR, der TDSS-Killer von Kaspersky sagt es wäre alles ok. Notfalls müssen wir den MBR neu schreiben. Dazu brauchst du eine Win7-DVD.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.03.2011, 14:28
| #28 |
| | http://www.google-analytics.com/ga.jsI>(gzip) = Malware ? Was meinst du mit Umleitungen? Win7 DVD habe ich! |
|
17.03.2011, 14:49
| #29 |
| | http://www.google-analytics.com/ga.jsI>(gzip) = Malware ? Arne folgendes zur Erklärung: Ich habe auf meinem Rechner 2 Festplatten drauf mit je 3 Partitionen. Das Primäre System war Win XP Home (dzt D und danach installierte ich die W7 Prof (32 Bit) in die 2. HD (dzt c und W7 Prof (64 Bit) (dzt u Auf der alten Partition von XP befindet sich auch der Bootmanager von W7 der sowohl XP als auch W7 (32 od. 64 Bit) auswählen lässt. Ich verwende ausschließlich W7 32 Bit und die anderen Systeme habe ich schon Monate nicht mehr aufgerufen. Auf den anderen 3 Partitionen habe ich nur Daten wie Bilder etc. Ich sage es dir nur damit du dir ein Bild machen kannst. |
|
17.03.2011, 15:13
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | http://www.google-analytics.com/ga.jsI>(gzip) = Malware ? Sry Umleitung war der falsche begriff  Hast du überhaupt noch Probleme? Wird Google-Analytics bei dir immer noch von Avast angezeigt? Wenn ja, könnte man mal Code:
ATTFilter 127.0.0.1 www.google-analytics.com
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu http://www.google-analytics.com/ga.jsI>(gzip) = Malware ? |
| andere, anderen, anti-malware, antwort, aufruf, avast, befallen, computer, eingefangen, fehler, folge, folgende, gefangen, hoffe, interne, internet, jahre, kurzem, malware, malwarebytes, meldung, nicht gefunden, reinigen, schutz, verwendet, virus |
Linear-Darstellung
