| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner oder defekte Festplatte?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
25.04.2011, 13:59
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Trojaner oder defekte Festplatte? Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter File::
c:\dokume~1\Tesa\LOKALE~1\Temp\gsplittm.sys
Driver::
gsplittm
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
25.04.2011, 20:49
| #17 |
 | Trojaner oder defekte Festplatte? hier nun die neue Log-Datei.
__________________allerdings habe ich das Anti-Viren-Sytem nur bis zum Neustart deaktiviert und es ist eben nach diesem wieder angesprungen. Ich habe es dan gleich wieder deaktiviert, ich hoffe das hat nichts geändert. Combofix Logfile: Code:
ATTFilter ComboFix 11-04-25.01 - Tesa 25.04.2011 21:33:04.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.3199.2726 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Tesa\Desktop\cofi.exe.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Tesa\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\dokume~1\Tesa\LOKALE~1\Temp\gsplittm.sys"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GSPLITTM
-------\Service_gsplittm
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-25 bis 2011-04-25 ))))))))))))))))))))))))))))))
.
.
2011-04-23 23:39 . 2011-04-23 23:39 -------- d-----w- c:\dokumente und einstellungen\Tesa\Anwendungsdaten\The Games Company
2011-04-23 23:31 . 2011-04-23 23:31 -------- d-----w- c:\programme\The Games Company
2011-04-21 21:44 . 2011-04-21 21:44 -------- d-----w- C:\_OTL
2011-04-21 18:14 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-21 18:14 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-21 15:58 . 2011-04-21 15:58 40960 ----a-r- c:\dokumente und einstellungen\Tesa\Anwendungsdaten\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe
2011-04-21 15:58 . 2011-04-21 15:58 -------- d-----w- c:\programme\Western Digital Technologies
2011-04-21 08:17 . 2011-04-21 08:17 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-21 08:13 . 2011-04-21 08:13 -------- d-----w- c:\programme\PaintStar
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-18 17:25 . 2010-11-17 11:35 40112 ----a-w- c:\windows\avastSS.scr
2011-04-18 17:25 . 2010-01-22 16:31 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-03-07 05:33 . 2009-06-21 14:32 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:44 . 2006-02-28 12:00 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2006-02-28 12:00 1858048 ----a-w- c:\windows\system32\win32k.sys
2011-02-23 14:56 . 2011-02-23 23:23 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-23 14:56 . 2010-01-22 16:31 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 14:55 . 2010-01-22 16:32 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2010-01-22 16:31 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-23 14:55 . 2010-01-22 16:31 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-23 14:55 . 2010-01-22 16:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:54 . 2010-01-22 16:32 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-23 14:54 . 2010-01-22 16:31 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-17 13:51 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-02-17 13:51 . 2006-02-28 12:00 672768 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 13:51 . 2006-02-28 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-02-17 13:50 . 2006-02-28 12:00 371200 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2006-02-28 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2006-02-28 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:54 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2006-02-28 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2006-02-28 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2006-02-28 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2006-02-28 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58 . 2009-06-21 14:31 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-06-21 14:31 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-27 11:35 . 2009-06-24 15:44 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-24_18.11.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-25 19:41 . 2011-04-25 19:41 16384 c:\windows\Temp\Perflib_Perfdata_7ec.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ------w- c:\programme\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkinClock"="c:\programme\Free Desktop Clock\DesktopClock.exe" [2006-10-01 334848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17Helper"="P17.dll" [2005-05-03 64512]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-17 18789408]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"avast5"="c:\programme\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]
"PDFPrint"="c:\programme\PDF24\pdf24.exe" [2010-12-14 216456]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Programme\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Programme\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Programme\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Programme\\Ascaron Entertainment\\Sacred 2 - Fallen Angel\\system\\s2gs.exe"=
"c:\\Programme\\Ascaron Entertainment\\Sacred 2 - Fallen Angel\\system\\sacred2.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\Programme\\ICQ7.0\\ICQ.exe"=
"c:\\Programme\\ICQ7.0\\aolload.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [24.02.2011 01:23 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [22.01.2010 18:31 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22.01.2010 18:31 19544]
R2 NAUpdate;@c:\programme\Nero\Update\NASvc.exe,-200;c:\programme\Nero\Update\NASvc.exe [04.05.2010 13:07 503080]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [07.11.2007 21:55 332928]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [21.01.2010 22:31 1684736]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uInternet Connection Wizard,ShellNext = iexplore
FF - ProfilePath - c:\dokumente und einstellungen\Tesa\Anwendungsdaten\Mozilla\Firefox\Profiles\wq4r8qzl.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-04-25 21:43
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1844237615-1844823847-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1844237615-1844823847-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f0,a6,e6,dc,dd,11,4b,c5,0e,c8,3c,d3,31,dc,55,d8,ca,4f,39,ac,88,d0,65,
dc,54,ef,ef,3b,bd,a6,5f,5f,38,4d,03,f6,4e,c1,a6,9a,65,aa,34,00,1d,bb,4f,a0,\
"??"=hex:c2,e0,f3,a5,39,30,28,dd,54,d7,87,01,64,75,82,cd
.
[HKEY_USERS\S-1-5-21-1844237615-1844823847-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:3b,76,47,2b,a9,99,db,21,ce,2a,ab,d0,97,70,20,5a,8a,dd,ca,d7,eb,
10,06,5a,75,b3,9a,7e,58,c1,4f,17,1a,90,70,7e,cf,33,21,2f,d0,af,b2,d0,5a,fb,\
"rkeysecu"=hex:41,a1,86,bc,96,01,87,95,c0,ab,4f,26,8d,07,39,b4
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1124)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3600)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programme\Alwil Software\Avast5\AvastSvc.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\windows\system32\Rundll32.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-04-25 21:46:01 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-04-25 19:45
ComboFix2.txt 2011-04-24 18:14
.
Vor Suchlauf: 10 Verzeichnis(se), 209.750.728.704 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 209.546.641.408 Bytes frei
.
Current=7 Default=7 Failed=6 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
- - End Of File - - 564FD4C4A50C0B15E834C4851D871B5C
|
|
25.04.2011, 20:54
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner oder defekte Festplatte? Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
__________________GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ |
|
25.04.2011, 23:55
| #19 |
| | Trojaner oder defekte Festplatte? GMER Logfile: Code:
ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-26 00:35:41
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-a ST3750640AS rev.3.AAE
Running: jhjde4i2.exe; Driver: C:\DOKUME~1\Tesa\LOKALE~1\Temp\pxloypow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xAC9A99CA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xACA26A68]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xAC9C9AF5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xAC9ABEAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xAC9ABF04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xAC9AC01A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xAC9C94A9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xAC9ABE02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xAC9ABF54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xAC9ABE56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xAC9ABFC8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xAC9A99EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xAC9CA1BB]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xAC9CA471]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xAC9AC29E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xAC9CA026]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xAC9C9E91]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xACA26B18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xAC9A97B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xAC9A9A12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xAC9AC412]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xAC9AA4AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xAC9ABEDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xAC9ABF2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xAC9AC044]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xAC9C9805]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xAC9ABE2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xAC9AC0D6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xAC9ABF94]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xAC9ABE84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xAC9AC1BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xAC9ABFF2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xACA26BB0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xAC9C9D0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xAC9AA370]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xAC9C9B5E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xACA2EE26]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xAC9C8B1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xAC9A9A36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xAC9A9A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xAC9A9812]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xAC9A994E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xAC9CA2C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xAC9A992A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xAC9A9972]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xAC9A9A7E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xACA3B8DE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
PAGE ntoskrnl.exe!ObInsertObject 8056DA64 5 Bytes JMP ACA38D38 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 805766FB 4 Bytes CALL AC9AAE25 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058B9EC 7 Bytes JMP ACA3B8E2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805AD1E0 5 Bytes JMP ACA3729E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.sfrelocÿÿÿÿsfsync04unknown last section [0xF74F5000, 0xBC6, 0x40000040] C:\WINDOWS\system32\drivers\sfsync04.sys unknown last section [0xF74F5000, 0xBC6, 0x40000040]
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB95A6000, 0x238E77, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA94F8300, 0x3ACC8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA34B300, 0x1B7E, 0xE8000020]
? C:\cofi.exe\catchme.sys Das System kann den angegebenen Pfad nicht finden. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
.text C:\Programme\Nero\Update\NASvc.exe[216] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00150030
.text C:\Programme\Nero\Update\NASvc.exe[216] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0015006C
.text C:\Programme\Nero\Update\NASvc.exe[216] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003900E4
.text C:\Programme\Nero\Update\NASvc.exe[216] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390120
.text C:\Programme\Nero\Update\NASvc.exe[216] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003900A8
.text C:\Programme\Nero\Update\NASvc.exe[216] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00390030
.text C:\Programme\Nero\Update\NASvc.exe[216] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 0039006C
.text C:\Programme\Nero\Update\NASvc.exe[216] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\Programme\Nero\Update\NASvc.exe[216] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003A01D4
.text C:\Programme\Nero\Update\NASvc.exe[216] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003A00E4
.text C:\Programme\Nero\Update\NASvc.exe[216] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003A0120
.text C:\Programme\Nero\Update\NASvc.exe[216] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003A015C
.text C:\Programme\Nero\Update\NASvc.exe[216] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003A0198
.text C:\Programme\Nero\Update\NASvc.exe[216] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003A0030
.text C:\Programme\Nero\Update\NASvc.exe[216] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003A006C
.text C:\Programme\Nero\Update\NASvc.exe[216] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003A00A8
.text C:\WINDOWS\RTHDCPL.EXE[248] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00140030
.text C:\WINDOWS\RTHDCPL.EXE[248] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0014006C
.text C:\WINDOWS\RTHDCPL.EXE[248] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003801D4
.text C:\WINDOWS\RTHDCPL.EXE[248] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003800E4
.text C:\WINDOWS\RTHDCPL.EXE[248] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00380120
.text C:\WINDOWS\RTHDCPL.EXE[248] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 0038015C
.text C:\WINDOWS\RTHDCPL.EXE[248] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00380198
.text C:\WINDOWS\RTHDCPL.EXE[248] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 00380030
.text C:\WINDOWS\RTHDCPL.EXE[248] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 0038006C
.text C:\WINDOWS\RTHDCPL.EXE[248] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003800A8
.text C:\WINDOWS\RTHDCPL.EXE[248] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003900E4
.text C:\WINDOWS\RTHDCPL.EXE[248] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390120
.text C:\WINDOWS\RTHDCPL.EXE[248] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003900A8
.text C:\WINDOWS\RTHDCPL.EXE[248] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00390030
.text C:\WINDOWS\RTHDCPL.EXE[248] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 0039006C
.text C:\WINDOWS\RTHDCPL.EXE[248] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[260] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00150030
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[260] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0015006C
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[260] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 003901D4
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[260] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[260] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003900E4
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[260] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390120
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[260] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 0039015C
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[260] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390198
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[260] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 00390030
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[260] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 0039006C
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[260] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003900A8
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[260] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003A00E4
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[260] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003A0120
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[260] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003A00A8
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[260] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003A0030
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[260] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003A006C
.text C:\Programme\Alwil Software\Avast5\AvastSvc.exe[416] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\WINDOWS\system32\spoolsv.exe[524] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\spoolsv.exe[524] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\spoolsv.exe[524] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\spoolsv.exe[524] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\spoolsv.exe[524] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\spoolsv.exe[524] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\spoolsv.exe[524] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\spoolsv.exe[524] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\spoolsv.exe[524] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\spoolsv.exe[524] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\spoolsv.exe[524] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\spoolsv.exe[524] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\spoolsv.exe[524] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\spoolsv.exe[524] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\spoolsv.exe[524] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\Rundll32.exe[712] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\Rundll32.exe[712] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\Rundll32.exe[712] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\Rundll32.exe[712] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\Rundll32.exe[712] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\Rundll32.exe[712] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\Rundll32.exe[712] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\Rundll32.exe[712] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C01D4
.text C:\WINDOWS\system32\Rundll32.exe[712] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\Rundll32.exe[712] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\Rundll32.exe[712] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C015C
.text C:\WINDOWS\system32\Rundll32.exe[712] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0198
.text C:\WINDOWS\system32\Rundll32.exe[712] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\Rundll32.exe[712] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\Rundll32.exe[712] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C00A8
.text C:\Programme\PDF24\pdf24.exe[724] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00140030
.text C:\Programme\PDF24\pdf24.exe[724] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0014006C
.text C:\Programme\PDF24\pdf24.exe[724] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 005401D4
.text C:\Programme\PDF24\pdf24.exe[724] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 005400E4
.text C:\Programme\PDF24\pdf24.exe[724] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00540120
.text C:\Programme\PDF24\pdf24.exe[724] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 0054015C
.text C:\Programme\PDF24\pdf24.exe[724] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00540198
.text C:\Programme\PDF24\pdf24.exe[724] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 00540030
.text C:\Programme\PDF24\pdf24.exe[724] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 0054006C
.text C:\Programme\PDF24\pdf24.exe[724] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 005400A8
.text C:\Programme\PDF24\pdf24.exe[724] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 005500E4
.text C:\Programme\PDF24\pdf24.exe[724] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00550120
.text C:\Programme\PDF24\pdf24.exe[724] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 005500A8
.text C:\Programme\PDF24\pdf24.exe[724] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00550030
.text C:\Programme\PDF24\pdf24.exe[724] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 0055006C
.text C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\winlogon.exe[1124] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00070030
.text C:\WINDOWS\system32\winlogon.exe[1124] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0007006C
.text C:\WINDOWS\system32\winlogon.exe[1124] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\winlogon.exe[1124] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\winlogon.exe[1124] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\winlogon.exe[1124] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\winlogon.exe[1124] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\winlogon.exe[1124] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\winlogon.exe[1124] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\winlogon.exe[1124] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\winlogon.exe[1124] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\winlogon.exe[1124] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\winlogon.exe[1124] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\winlogon.exe[1124] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\winlogon.exe[1124] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\services.exe[1172] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\services.exe[1172] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\services.exe[1172] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\services.exe[1172] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\services.exe[1172] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\services.exe[1172] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\services.exe[1172] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\services.exe[1172] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\services.exe[1172] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\services.exe[1172] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\services.exe[1172] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\services.exe[1172] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\services.exe[1172] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\services.exe[1172] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\services.exe[1172] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\lsass.exe[1184] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\lsass.exe[1184] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\lsass.exe[1184] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\lsass.exe[1184] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\lsass.exe[1184] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\lsass.exe[1184] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\lsass.exe[1184] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\lsass.exe[1184] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\lsass.exe[1184] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\lsass.exe[1184] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\lsass.exe[1184] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\lsass.exe[1184] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\lsass.exe[1184] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\lsass.exe[1184] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\lsass.exe[1184] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00150030
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0015006C
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003900E4
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390120
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003900A8
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00390030
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 0039006C
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003A01D4
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003A00E4
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003A0120
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003A015C
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003A0198
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003A0030
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003A006C
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003A00A8
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1380] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[1380] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[1380] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[1380] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[1380] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\System32\svchost.exe[1576] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\System32\svchost.exe[1576] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\System32\svchost.exe[1576] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\WINDOWS\System32\svchost.exe[1576] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\WINDOWS\System32\svchost.exe[1576] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\WINDOWS\System32\svchost.exe[1576] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\WINDOWS\System32\svchost.exe[1576] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\System32\svchost.exe[1576] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\System32\svchost.exe[1576] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\System32\svchost.exe[1576] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\System32\svchost.exe[1576] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\System32\svchost.exe[1576] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\System32\svchost.exe[1576] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\svchost.exe[1616] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1616] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1616] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[1616] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[1616] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[1616] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[1616] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\svchost.exe[1668] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1668] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1668] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[1668] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1668] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1668] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[1668] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[1668] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1668] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1668] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1668] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[1668] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[1668] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[1668] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[1668] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1796] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[1796] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[1796] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[1796] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[1796] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C006C
.text C:\Programme\Free Desktop Clock\DesktopClock.exe[1892] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00150030
.text C:\Programme\Free Desktop Clock\DesktopClock.exe[1892] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0015006C
.text C:\Programme\Free Desktop Clock\DesktopClock.exe[1892] advapi32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003B01D4
.text C:\Programme\Free Desktop Clock\DesktopClock.exe[1892] advapi32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003B00E4
.text C:\Programme\Free Desktop Clock\DesktopClock.exe[1892] advapi32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003B0120
.text C:\Programme\Free Desktop Clock\DesktopClock.exe[1892] advapi32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003B015C
.text C:\Programme\Free Desktop Clock\DesktopClock.exe[1892] advapi32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003B0198
.text C:\Programme\Free Desktop Clock\DesktopClock.exe[1892] advapi32.dll!CreateServiceA 77E07211 5 Bytes JMP 003B0030
.text C:\Programme\Free Desktop Clock\DesktopClock.exe[1892] advapi32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003B006C
.text C:\Programme\Free Desktop Clock\DesktopClock.exe[1892] advapi32.dll!DeleteService 77E074B1 5 Bytes JMP 003B00A8
.text C:\Programme\Free Desktop Clock\DesktopClock.exe[1892] user32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003C00E4
.text C:\Programme\Free Desktop Clock\DesktopClock.exe[1892] user32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003C0120
.text C:\Programme\Free Desktop Clock\DesktopClock.exe[1892] user32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003C00A8
.text C:\Programme\Free Desktop Clock\DesktopClock.exe[1892] user32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003C0030
.text C:\Programme\Free Desktop Clock\DesktopClock.exe[1892] user32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003C006C
.text C:\WINDOWS\system32\Ati2evxx.exe[1944] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00150030
.text C:\WINDOWS\system32\Ati2evxx.exe[1944] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0015006C
.text C:\WINDOWS\system32\Ati2evxx.exe[1944] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003900E4
.text C:\WINDOWS\system32\Ati2evxx.exe[1944] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390120
.text C:\WINDOWS\system32\Ati2evxx.exe[1944] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003900A8
.text C:\WINDOWS\system32\Ati2evxx.exe[1944] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00390030
.text C:\WINDOWS\system32\Ati2evxx.exe[1944] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 0039006C
.text C:\WINDOWS\system32\Ati2evxx.exe[1944] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\WINDOWS\system32\Ati2evxx.exe[1944] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003A01D4
.text C:\WINDOWS\system32\Ati2evxx.exe[1944] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003A00E4
.text C:\WINDOWS\system32\Ati2evxx.exe[1944] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003A0120
.text C:\WINDOWS\system32\Ati2evxx.exe[1944] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003A015C
.text C:\WINDOWS\system32\Ati2evxx.exe[1944] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003A0198
.text C:\WINDOWS\system32\Ati2evxx.exe[1944] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003A0030
.text C:\WINDOWS\system32\Ati2evxx.exe[1944] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003A006C
.text C:\WINDOWS\system32\Ati2evxx.exe[1944] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003A00A8
.text C:\Programme\Java\jre6\bin\jqs.exe[2028] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00150030
.text C:\Programme\Java\jre6\bin\jqs.exe[2028] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0015006C
.text C:\Programme\Java\jre6\bin\jqs.exe[2028] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 003901D4
.text C:\Programme\Java\jre6\bin\jqs.exe[2028] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\Programme\Java\jre6\bin\jqs.exe[2028] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003900E4
.text C:\Programme\Java\jre6\bin\jqs.exe[2028] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390120
.text C:\Programme\Java\jre6\bin\jqs.exe[2028] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 0039015C
.text C:\Programme\Java\jre6\bin\jqs.exe[2028] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390198
.text C:\Programme\Java\jre6\bin\jqs.exe[2028] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 00390030
.text C:\Programme\Java\jre6\bin\jqs.exe[2028] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 0039006C
.text C:\Programme\Java\jre6\bin\jqs.exe[2028] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003900A8
.text C:\Programme\Java\jre6\bin\jqs.exe[2028] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003A00E4
.text C:\Programme\Java\jre6\bin\jqs.exe[2028] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003A0120
.text C:\Programme\Java\jre6\bin\jqs.exe[2028] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003A00A8
.text C:\Programme\Java\jre6\bin\jqs.exe[2028] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003A0030
.text C:\Programme\Java\jre6\bin\jqs.exe[2028] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003A006C
.text C:\Programme\Free Desktop Clock\DesktopClock.exe[2036] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00150030
.text C:\Programme\Free Desktop Clock\DesktopClock.exe[2036] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0015006C
.text C:\Programme\Free Desktop Clock\DesktopClock.exe[2036] advapi32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003B01D4
.text C:\Programme\Free Desktop Clock\DesktopClock.exe[2036] advapi32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003B00E4
.text C:\Programme\Free Desktop Clock\DesktopClock.exe[2036] advapi32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003B0120
.text C:\Programme\Free Desktop Clock\DesktopClock.exe[2036] advapi32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003B015C
.text C:\Programme\Free Desktop Clock\DesktopClock.exe[2036] advapi32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003B0198
.text C:\Programme\Free Desktop Clock\DesktopClock.exe[2036] advapi32.dll!CreateServiceA 77E07211 5 Bytes JMP 003B0030
.text C:\Programme\Free Desktop Clock\DesktopClock.exe[2036] advapi32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003B006C
.text C:\Programme\Free Desktop Clock\DesktopClock.exe[2036] advapi32.dll!DeleteService 77E074B1 5 Bytes JMP 003B00A8
.text C:\Programme\Free Desktop Clock\DesktopClock.exe[2036] user32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003C00E4
.text C:\Programme\Free Desktop Clock\DesktopClock.exe[2036] user32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003C0120
.text C:\Programme\Free Desktop Clock\DesktopClock.exe[2036] user32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003C00A8
.text C:\Programme\Free Desktop Clock\DesktopClock.exe[2036] user32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003C0030
.text C:\Programme\Free Desktop Clock\DesktopClock.exe[2036] user32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003C006C
.text C:\WINDOWS\system32\svchost.exe[2044] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[2044] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[2044] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[2044] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[2044] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[2044] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[2044] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[2044] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[2044] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[2044] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[2044] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[2044] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[2044] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[2044] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[2044] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C006C
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[1172] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005E0002
IAT C:\WINDOWS\system32\services.exe[1172] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005E0000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\atapi \Device\Ide\IdePort0 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\atapi \Device\Ide\IdePort1 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\atapi \Device\Ide\IdePort2 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\atapi \Device\Ide\IdePort3 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\atapi \Device\Ide\IdePort4 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\atapi \Device\Ide\IdePort5 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-28 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-20 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-a sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\atapi \Device\Ide\IdeDeviceP4T1L0-12 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- EOF - GMER 1.0.15 ----
|
|
25.04.2011, 23:58
| #20 |
| | Trojaner oder defekte Festplatte? Für eine Antwort war das leider zu viel Text, hier ist das zweite Logfile, das dritte kommt auch gleich noch. OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 00:53:02 on 26.04.2011 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.6.16 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswFsBlk.sys "aswRdr" (aswRdr) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswRdr.sys "aswSnx" (aswSnx) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswSnx.sys "aswSP" (aswSP) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswSP.sys "atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "avast! Asynchronous Virus Monitor" (Aavmker4) - "AVAST Software" - C:\WINDOWS\system32\drivers\Aavmker4.sys "avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswTdi.sys "avast! Standard Shield Support" (aswMon2) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswMon2.sys "catchme" (catchme) - ? - C:\cofi.exe\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "mbr" (mbr) - ? - C:\DOKUME~1\Tesa\LOKALE~1\Temp\mbr.sys (Hidden registry entry, rootkit activity | File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "pxloypow" (pxloypow) - ? - C:\DOKUME~1\Tesa\LOKALE~1\Temp\pxloypow.sys (Hidden registry entry, rootkit activity | File not found) "StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfdrv01.sys "StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfhlp02.sys "StarForce Protection Synchronization Driver (version 4.x)" (sfsync04) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfsync04.sys "StarForce Protection VFS Driver (version 2.x)" (sfvfs02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfvfs02.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Programme\Alwil Software\Avast5\ashShell.dll {19741013-C829-11D1-8233-0020AF3E97A9} "Context Menu Shell Extension" - ? - C:\Programme\PaintStar\picview.dll (File found, but it contains no detailed information) {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll "ICQ7" - "ICQ, LLC." - C:\Programme\ICQ7.0\ICQ.exe -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Tesa\Startmenü\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "SkinClock" - ? - C:\Programme\Free Desktop Clock\DesktopClock.exe (File found, but it contains no detailed information) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" "avast5" - "AVAST Software" - "C:\Programme\Alwil Software\Avast5\avastUI.exe" /nogui "PDFPrint" - "Geek Software GmbH" - C:\Programme\PDF24\pdf24.exe "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "@C:\Programme\Nero\Update\NASvc.exe,-200" (NAUpdate) - "Nero AG" - C:\Programme\Nero\Update\NASvc.exe "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Programme\Alwil Software\Avast5\AvastSvc.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
26.04.2011, 00:03
| #21 |
| | Trojaner oder defekte Festplatte? MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows XP Professional Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x0000003d Kernel Drivers (total 140): 0x804D7000 \WINDOWS\system32\ntoskrnl.exe 0x80701000 \WINDOWS\system32\hal.dll 0xF7987000 \WINDOWS\system32\KDCOM.DLL 0xF7897000 \WINDOWS\system32\BOOTVID.dll 0xF75A7000 ACPI.sys 0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xF7596000 pci.sys 0xF75F7000 isapnp.sys 0xF7607000 ohci1394.sys 0xF7617000 \WINDOWS\system32\DRIVERS\1394BUS.SYS 0xF74E4000 sfsync04.sys 0xF7A4F000 pciide.sys 0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xF7627000 MountMgr.sys 0xF74C5000 ftdisk.sys 0xF798B000 dmload.sys 0xF749F000 dmio.sys 0xF770F000 PartMgr.sys 0xF7637000 VolSnap.sys 0xF7487000 atapi.sys 0xF7647000 disk.sys 0xF7657000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xF7467000 fltmgr.sys 0xF7455000 sr.sys 0xF743E000 KSecDD.sys 0xF742B000 WudfPf.sys 0xF7B52000 Ntfs.sys 0xF786A000 NDIS.sys 0xF7418000 sfvfs02.sys 0xF7717000 sfhlp02.sys 0xF7406000 sfdrv01.sys 0xF7850000 Mup.sys 0xF76C7000 \SystemRoot\system32\DRIVERS\nic1394.sys 0xF76F7000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xB95A5000 \SystemRoot\system32\DRIVERS\ati2mtag.sys 0xB9591000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xB9569000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xB9530000 \SystemRoot\system32\DRIVERS\yk51x86.sys 0xBA35B000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xB950C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xBA353000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xB93B8000 \SystemRoot\system32\drivers\P17.sys 0xB9394000 \SystemRoot\system32\drivers\portcls.sys 0xF7586000 \SystemRoot\system32\drivers\drmk.sys 0xB9371000 \SystemRoot\system32\drivers\ks.sys 0xB9341000 \SystemRoot\system32\DRIVERS\ctoss2k.sys 0xB931B000 \SystemRoot\system32\DRIVERS\ctsfm2k.sys 0xBA33B000 \SystemRoot\system32\DRIVERS\fdc.sys 0xF79D5000 \SystemRoot\system32\DRIVERS\ASACPI.sys 0xF7576000 \SystemRoot\system32\DRIVERS\serial.sys 0xBA565000 \SystemRoot\system32\DRIVERS\serenum.sys 0xF7566000 \SystemRoot\system32\DRIVERS\imapi.sys 0xF7556000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xF7546000 \SystemRoot\system32\DRIVERS\redbook.sys 0xB9A98000 \SystemRoot\system32\DRIVERS\audstub.sys 0xF7536000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xBA3B6000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xB9304000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xB9B77000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xB9B67000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xBA313000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xB92F3000 \SystemRoot\system32\DRIVERS\psched.sys 0xB9B57000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xF776F000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xF777F000 \SystemRoot\system32\DRIVERS\raspti.sys 0xB92C3000 \SystemRoot\system32\DRIVERS\rdpdr.sys 0xB9B47000 \SystemRoot\system32\DRIVERS\termdd.sys 0xF7797000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xF779F000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xF79DB000 \SystemRoot\system32\DRIVERS\swenum.sys 0xB9265000 \SystemRoot\system32\DRIVERS\update.sys 0xF791F000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xB9B17000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xAD228000 \SystemRoot\system32\drivers\AtiHdmi.sys 0xACC4C000 \SystemRoot\system32\drivers\RtkHDAud.sys 0xB9B07000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xF79E3000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xF77C7000 \SystemRoot\system32\DRIVERS\flpydisk.sys 0xF79E7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xB9A4B000 \SystemRoot\System32\Drivers\Null.SYS 0xF79EB000 \SystemRoot\System32\Drivers\Beep.SYS 0xF77EF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xF77FF000 \SystemRoot\System32\drivers\vga.sys 0xF79EF000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF79F3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF780F000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF781F000 \SystemRoot\System32\Drivers\Npfs.SYS 0xBA581000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xACBC9000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xACB70000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xF7526000 \SystemRoot\System32\Drivers\aswTdi.SYS 0xACB4A000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xF7516000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xACB22000 \SystemRoot\system32\DRIVERS\netbt.sys 0xBA333000 \SystemRoot\System32\Drivers\aswRdr.SYS 0xF7506000 \SystemRoot\system32\DRIVERS\arp1394.sys 0xACB00000 \SystemRoot\System32\drivers\afd.sys 0xF74F6000 \SystemRoot\system32\DRIVERS\netbios.sys 0xACAD5000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xACA65000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xBA7A0000 \SystemRoot\System32\Drivers\Fips.SYS 0xACA1D000 \SystemRoot\System32\Drivers\aswSP.SYS 0xAC997000 \SystemRoot\System32\Drivers\aswSnx.SYS 0xF7777000 \SystemRoot\System32\Drivers\Aavmker4.SYS 0xAC8CD000 \SystemRoot\system32\DRIVERS\RTL8187.sys 0xBA770000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xF77BF000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0xACC04000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xBA760000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xACC00000 \SystemRoot\system32\DRIVERS\mouhid.sys 0xBA7BC000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0xAC8B5000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xF799B000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xBA3BA000 \SystemRoot\System32\drivers\Dxapi.sys 0xF77E7000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xB9A48000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF012000 \SystemRoot\System32\ati2dvag.dll 0xBF06B000 \SystemRoot\System32\ati2cqag.dll 0xBF101000 \SystemRoot\System32\atikvmag.dll 0xBF19A000 \SystemRoot\System32\atiok3x2.dll 0xBF1FA000 \SystemRoot\System32\ati3duag.dll 0xBF54F000 \SystemRoot\System32\ativvaxx.dll 0xBF74C000 \SystemRoot\System32\ATMFD.DLL 0xA9DE4000 \SystemRoot\System32\Drivers\aswFsBlk.SYS 0xACC28000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xA9B1D000 \SystemRoot\System32\Drivers\aswMon2.SYS 0xA9798000 \SystemRoot\system32\drivers\wdmaud.sys 0xA9B8C000 \SystemRoot\system32\drivers\sysaudio.sys 0xA9603000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xA94F8000 \SystemRoot\system32\DRIVERS\atksgt.sys 0xBA34B000 \SystemRoot\system32\DRIVERS\lirsgt.sys 0xA9270000 \SystemRoot\system32\DRIVERS\srv.sys 0xA8FAF000 \SystemRoot\System32\Drivers\HTTP.sys 0xF77B7000 \??\C:\cofi.exe\catchme.sys 0xF79AF000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS 0xA8E28000 \??\C:\DOKUME~1\Tesa\LOKALE~1\Temp\pxloypow.sys 0xA8DFD000 \SystemRoot\system32\drivers\kmixer.sys 0x7C910000 \WINDOWS\system32\ntdll.dll Processes (total 33): 0 System Idle Process 4 System 876 C:\WINDOWS\system32\smss.exe 1092 csrss.exe 1124 C:\WINDOWS\system32\winlogon.exe 1172 C:\WINDOWS\system32\services.exe 1184 C:\WINDOWS\system32\lsass.exe 1360 C:\WINDOWS\system32\ati2evxx.exe 1380 C:\WINDOWS\system32\svchost.exe 1432 svchost.exe 1576 C:\WINDOWS\system32\svchost.exe 1616 C:\WINDOWS\system32\svchost.exe 1668 svchost.exe 1796 svchost.exe 1944 C:\WINDOWS\system32\ati2evxx.exe 416 C:\Programme\Alwil Software\Avast5\AvastSvc.exe 524 C:\WINDOWS\system32\spoolsv.exe 1028 svchost.exe 2028 C:\Programme\Java\jre6\bin\jqs.exe 712 C:\WINDOWS\system32\rundll32.exe 216 C:\Programme\Nero\Update\NASvc.exe 248 C:\WINDOWS\RTHDCPL.EXE 260 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe 640 C:\Programme\Alwil Software\Avast5\AvastUI.exe 724 C:\Programme\PDF24\pdf24.exe 2044 C:\WINDOWS\system32\svchost.exe 2036 C:\Programme\Free Desktop Clock\DesktopClock.exe 2464 C:\WINDOWS\system32\wbem\wmiapsrv.exe 3920 alg.exe 3600 C:\WINDOWS\explorer.exe 3476 C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe 1892 C:\Programme\Free Desktop Clock\DesktopClock.exe 3012 C:\Dokumente und Einstellungen\Tesa\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS) PhysicalDrive0 Model Number: ST3750640AS, Rev: 3.AAE PhysicalDrive1 Model Number: ST3750640AS, Rev: 3.AAE Size Device Name MBR Status -------------------------------------------- 698 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: 31D100779DE502702C374F7C15687B56FCFD5528 698 GB \\.\PhysicalDrive1 Windows XP MBR code detected SHA1: 31D100779DE502702C374F7C15687B56FCFD5528 Done! Danke für's viele lesen, der Rechner läuft schohn wesentlich besser. Unten in der Taskleiste fehlt seit der Anwendung von GMER das "DE", hat das etwas zu bedeuten? |
|
26.04.2011, 11:17
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner oder defekte Festplatte? Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojaner oder defekte Festplatte? |
| adobe, audio, avast, dateien, dateien unsichtbar, defekt, defekte festplatte, festplatte, festplatte defekt, flash-player, frage, gelöscht, gesperrt, leer, linux, lösung, microsoft, nicht sicher, ordner, problem, programme, rechner, scan, spybot, systemwiederherstellung, tojaner, trojaner, trojaner eingefangen, updates, verdacht, voll, wärend, ändern |
Linear-Darstellung
