| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Rechner arbrbeitet ca. 10 min. nach Hochfahren aus Standby. Immer.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.09.2012, 01:29
| #1 |
 |  Rechner arbrbeitet ca. 10 min. nach Hochfahren aus Standby. Immer. Hallo Arne, hier bin ich wieder. Nicht aus Thailand und das Knutsch- Emicon ist auch weg. Ich habe Avast pro und Malewarebytes auf dem Rechner. Hier der Mwb- Lauf: <Log> Malwarebytes Anti-Malware (PRO) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.09.04.10 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 stefan :: STEFANS-PC [Administrator] Schutz: Deaktiviert 04.09.2012 22:51:23 mbam-log-2012-09-04 (22-51-23).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 388040 Laufzeit: 1 Stunde(n), 29 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) <<Log aus>> War wieder falsch mit den Logtags, oder? Liebe Grüße vonStefan <log>OTL Logfile: Code:
ATTFilter OTL logfile created on: 05.09.2012 02:38:50 - Run 9 OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\stefan\Desktop Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 50,96% Memory free 3,98 Gb Paging File | 2,52 Gb Available in Paging File | 63,25% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116,21 Gb Total Space | 9,14 Gb Free Space | 7,87% Space Free | Partition Type: NTFS Drive E: | 115,21 Gb Total Space | 35,90 Gb Free Space | 31,17% Space Free | Partition Type: NTFS Computer Name: STEFANS-PC | User Name: stefan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\stefan\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\ZooskMessenger\ZooskMessenger.exe () PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe (Apple Inc.) PRC - C:\Program Files\Secunia\PSI\psia.exe (Secunia) PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia) PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia) PRC - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba) PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Windows\System32\Defrag.exe (Microsoft Corp.) PRC - C:\Windows\System32\DfrgNtfs.exe (Microsoft Corp.) PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) ========== Modules (No Company Name) ========== MOD - C:\Program Files\ZooskMessenger\ZooskMessenger.exe () MOD - C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\WebKit.dll () MOD - C:\Program Files\WinRAR\RarExt.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) SRV - (Freemake Improver) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake) SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\psia.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia) SRV - (Browser Defender Update Service) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.) SRV - (TemproMonitoringService) -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH) SRV - (SmartFaceVWatchSrv) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba) SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) ========== Driver Services (SafeList) ========== DRV - (ZTEusbser6k) -- system32\DRIVERS\ZTEusbser6k.sys File not found DRV - (ZTEusbnmea) -- system32\DRIVERS\ZTEusbnmea.sys File not found DRV - (ZTEusbmdm6k) -- system32\DRIVERS\ZTEusbmdm6k.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (massfilter_hs) -- system32\drivers\massfilter_hs.sys File not found DRV - (massfilter) -- system32\drivers\massfilter.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found DRV - (catchme) -- C:\Users\stefan\AppData\Local\Temp\catchme.sys File not found DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswNdis2) -- C:\Windows\System32\drivers\aswNdis2.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (AswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswKbd) -- C:\Windows\System32\drivers\aswKbd.sys (AVAST Software) DRV - (aswFW) -- C:\Windows\System32\drivers\aswFW.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (RTL8168) -- C:\Windows\System32\drivers\Rt630x86.sys (Realtek ) DRV - (aswNdis) -- C:\Windows\System32\drivers\aswNdis.sys (ALWIL Software) DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.) DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation ) DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.) DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider) DRV - (wanatw) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={6C0D6281-F2C4-4FB6-B1DE-7028444E0505}&mid=493e07e0b9d847d08220d15775673ab8-3dca03a8ec3f6c9cd658841b42ac98f8421faedf&lang=de&ds=is015&pr=sa&d=2012-07-03 14:14:54&v=11.1.0.12&sap=hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109958&babsrc=SP_ss&mntrId=90911d57000000000000001a7342fff6 IE - HKCU\..\SearchScopes\{7778C055-331F-4501-B665-6D412AA02FF2}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms} IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={6C0D6281-F2C4-4FB6-B1DE-7028444E0505}&mid=493e07e0b9d847d08220d15775673ab8-3dca03a8ec3f6c9cd658841b42ac98f8421faedf&lang=de&ds=is015&pr=sa&d=2012-07-03 14:14:54&v=11.1.0.12&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..CT2736476.browser.search.defaultthis.engineName: true FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Freeware.de Customized Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2736476&SearchSource=13" FF - prefs.js..extensions.enabledAddons: isreaditlater@ideashower.com:3.0.0 FF - prefs.js..extensions.enabledAddons: plugin@searchgby.com:0.9.50 FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.0 FF - prefs.js..extensions.enabledAddons: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.5 FF - prefs.js..extensions.enabledAddons: fmconverter@gmail.com:1.0.0 FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1466 FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2 FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.11.2 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.2b FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.1.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=2&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\stefan\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\stefan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.05.01 00:40:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2011.07.09 00:14:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012.08.23 09:55:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012.02.02 18:23:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.08.22 00:05:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.02 15:15:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.16 10:26:11 | 000,000,000 | ---D | M] [2009.08.04 21:29:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\stefan\AppData\Roaming\mozilla\Extensions [2012.08.29 10:30:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\stefan\AppData\Roaming\mozilla\Firefox\Profiles\afsd7hfq.default\extensions [2012.08.16 11:06:57 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\stefan\AppData\Roaming\mozilla\Firefox\Profiles\afsd7hfq.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012.05.10 23:35:58 | 000,000,000 | ---D | M] (SearchGBY) -- C:\Users\stefan\AppData\Roaming\mozilla\Firefox\Profiles\afsd7hfq.default\extensions\plugin@searchgby.com [2012.07.12 16:04:35 | 000,223,394 | ---- | M] () (No name found) -- C:\Users\stefan\AppData\Roaming\mozilla\firefox\profiles\afsd7hfq.default\extensions\isreaditlater@ideashower.com.xpi [2012.08.29 10:30:15 | 000,118,918 | ---- | M] () (No name found) -- C:\Users\stefan\AppData\Roaming\mozilla\firefox\profiles\afsd7hfq.default\extensions\searchy@searchy.xpi [2012.07.25 10:07:09 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\stefan\AppData\Roaming\mozilla\firefox\profiles\afsd7hfq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.03.30 17:58:51 | 000,685,019 | ---- | M] () (No name found) -- C:\Users\stefan\AppData\Roaming\mozilla\firefox\profiles\afsd7hfq.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi [2012.07.15 22:34:06 | 000,000,915 | ---- | M] () -- C:\Users\stefan\AppData\Roaming\mozilla\firefox\profiles\afsd7hfq.default\searchplugins\conduit.xml [2012.09.04 20:30:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.07.16 10:26:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.09.04 20:30:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.08.22 00:05:47 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2012.02.02 18:23:38 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- C:\PROGRAM FILES\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX [2009.08.15 04:10:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2012.09.02 15:15:30 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.01.23 12:50:38 | 000,170,080 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2012.06.17 20:09:14 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2012.07.03 14:14:48 | 000,003,750 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012.05.05 10:12:21 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.09.02 15:15:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.17 20:09:14 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2012.06.17 20:09:14 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2012.09.02 15:15:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml [2012.06.17 20:09:14 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml ========== Chrome ========== CHR - homepage: hxxp://isearch.avg.com/?cid={6C0D6281-F2C4-4FB6-B1DE-7028444E0505}&mid=493e07e0b9d847d08220d15775673ab8-3dca03a8ec3f6c9cd658841b42ac98f8421faedf&lang=de&ds=is015&pr=sa&d=2012-07-03 14:14:54&v=11.1.0.12&sap=hp CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://isearch.avg.com/?cid={6C0D6281-F2C4-4FB6-B1DE-7028444E0505}&mid=493e07e0b9d847d08220d15775673ab8-3dca03a8ec3f6c9cd658841b42ac98f8421faedf&lang=de&ds=is015&pr=sa&d=2012-07-03 14:14:54&v=11.1.0.12&sap=hp CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Freemake np-plugin for google chrome (Enabled) = C:\Users\stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: Facebook Plugin (Enabled) = C:\Users\stefan\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Users\stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: SiteAdvisor = C:\Users\stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.1_0\ CHR - Extension: avast! WebRep = C:\Users\stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\ CHR - Extension: Freemake Video Converter = C:\Users\stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.1_0\ CHR - Extension: Google Mail = C:\Users\stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.03.12 20:34:29 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKCU..\Run: [Facebook Update] C:\Users\stefan\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe (Adobe Systems Incorporated) O4 - Startup: C:\Users\stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk = C:\Program Files\ZooskMessenger\ZooskMessenger.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - Reg Error: Key error. File not found O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - eBay - eine der größten deutschen Shopping-Websites File not found O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D479C68-92B0-4157-B684-8C5176B9A625}: DhcpNameServer = 192.168.8.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FC486A3-58D8-41E1-AD9B-EBBD52601BB9}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{824598E9-254D-4EE0-88DA-91B2DAFCE300}: DhcpNameServer = 115.178.58.26 115.178.58.10 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{860B02B8-1034-4B7B-B24A-7F2524BB7CE6}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9432ACA8-31E7-41F3-A91F-B334FC66FF5C}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\msdaipp\oledb - No CLSID value found O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found O24 - Desktop WallPaper: C:\Users\stefan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\stefan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.05 02:37:17 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\stefan\Desktop\OTL.exe [2012.09.04 20:30:40 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.09.04 20:30:40 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.09.04 20:30:40 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.09.03 01:06:39 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.08.28 19:09:36 | 000,000,000 | ---D | C] -- C:\Medion [2012.08.26 16:21:38 | 000,000,000 | ---D | C] -- C:\Users\stefan\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1 [2012.08.26 16:21:30 | 000,000,000 | ---D | C] -- C:\Program Files\ZooskMessenger [2012.08.26 16:21:28 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2012.08.26 16:21:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR [2012.08.17 00:19:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Whiz [2012.08.17 00:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2012.08.16 00:31:38 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.08.16 00:31:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.08.16 00:31:33 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.08.16 00:31:30 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.08.16 00:31:29 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.08.16 00:31:28 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.08.16 00:31:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.08.16 00:31:04 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys ========== Files - Modified Within 30 Days ========== [2012.09.05 02:37:18 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\stefan\Desktop\OTL.exe [2012.09.05 02:36:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.05 02:34:25 | 000,050,477 | ---- | M] () -- C:\Users\stefan\Desktop\Defogger.exe [2012.09.05 02:16:23 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.05 02:16:23 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.05 02:10:36 | 000,002,565 | ---- | M] () -- C:\Users\stefan\Desktop\Microsoft Word.lnk [2012.09.05 02:10:26 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.05 02:09:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.04 23:56:10 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2415907942-3743196634-3517938245-1000UA.job [2012.09.04 22:36:53 | 002,149,897 | ---- | M] () -- C:\Users\stefan\Gasrails.JPG [2012.09.04 21:33:55 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.04 20:56:02 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2415907942-3743196634-3517938245-1000Core.job [2012.09.04 20:15:43 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012.08.28 20:24:56 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll [2012.08.28 20:24:53 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2012.08.28 20:10:12 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.08.28 20:10:07 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.08.28 20:09:57 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.08.28 12:06:15 | 000,000,813 | ---- | M] () -- C:\Users\stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk [2012.08.26 16:21:32 | 000,000,777 | ---- | M] () -- C:\Users\Public\Desktop\ZooskMessenger.lnk [2012.08.22 00:05:49 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2012.08.21 11:13:14 | 000,202,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys [2012.08.21 11:13:14 | 000,058,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2012.08.21 11:13:14 | 000,018,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys [2012.08.21 11:13:13 | 000,113,776 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2012.08.21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2012.08.21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2012.08.21 10:53:25 | 000,218,633 | ---- | M] () -- C:\Users\stefan\Seebestattung-anonym-Schliersee.pdf [2012.08.17 00:15:53 | 000,087,040 | ---- | M] () -- C:\Users\stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.08.16 11:12:27 | 000,628,750 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.08.16 11:12:27 | 000,596,004 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.16 11:12:27 | 000,126,462 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.08.16 11:12:27 | 000,104,078 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.08.16 00:40:43 | 000,371,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.08.15 10:50:32 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.08.15 10:50:30 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2012.09.05 02:34:24 | 000,050,477 | ---- | C] () -- C:\Users\stefan\Desktop\Defogger.exe [2012.09.04 22:36:50 | 002,149,897 | ---- | C] () -- C:\Users\stefan\Gasrails.JPG [2012.08.26 16:21:39 | 000,000,813 | ---- | C] () -- C:\Users\stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk [2012.08.26 16:21:32 | 000,000,789 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZooskMessenger.lnk [2012.08.26 16:21:32 | 000,000,777 | ---- | C] () -- C:\Users\Public\Desktop\ZooskMessenger.lnk [2012.08.19 21:21:26 | 000,218,633 | ---- | C] () -- C:\Users\stefan\Desktop\Seebestattung-anonym-Schliersee.pdf [2012.08.09 11:16:51 | 001,149,479 | ---- | C] () -- C:\Users\stefan\Desktop\Wetterstein.JPG [2012.07.06 13:13:00 | 000,105,898 | ---- | C] () -- C:\Users\stefan\K800_Certificate.JPG [2012.03.15 10:34:10 | 000,130,374 | R--- | C] () -- C:\Users\stefan\Entwicklung seit Kauf.pdf [2012.03.08 09:17:54 | 000,000,000 | ---- | C] () -- C:\Users\stefan\defogger_reenable [2012.02.14 13:23:52 | 002,988,767 | ---- | C] () -- C:\Users\stefan\Muddy2.mp3 [2012.02.14 13:19:13 | 003,367,403 | ---- | C] () -- C:\Users\stefan\Muddy1.mp3 [2012.02.02 19:37:10 | 000,001,194 | ---- | C] () -- C:\Users\stefan\stefan - Verknüpfung.lnk [2012.01.05 10:24:00 | 000,001,629 | ---- | C] () -- C:\Users\stefan\iTunes.lnk [2012.01.05 10:17:30 | 000,001,854 | ---- | C] () -- C:\Users\stefan\Safari.lnk [2011.11.17 17:21:25 | 000,644,939 | ---- | C] () -- C:\Users\stefan\Kündigung w140.pdf [2011.11.16 13:15:14 | 000,061,066 | ---- | C] () -- C:\Users\stefan\Scottland.pdf [2011.10.06 10:15:46 | 000,000,771 | ---- | C] () -- C:\Users\stefan\Picasa 3.lnk [2011.09.21 19:43:28 | 000,202,775 | ---- | C] () -- C:\Users\stefan\schnellbahn-netzplan2011.pdf [2011.09.20 13:07:52 | 011,627,520 | R--- | C] () -- C:\Users\stefan\poorsideofworld.pps [2011.07.09 00:14:21 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll [2011.06.26 22:29:43 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini [2011.06.10 13:40:58 | 000,001,227 | ---- | C] () -- C:\Users\stefan\HP Solution Center.lnk [2011.06.06 23:40:19 | 000,001,772 | ---- | C] () -- C:\Users\stefan\18 WoS Across America.lnk [2010.11.01 13:26:47 | 000,000,680 | ---- | C] () -- C:\Users\stefan\AppData\Local\d3d9caps.dat [2010.08.24 12:29:45 | 000,000,644 | ---- | C] () -- C:\Users\stefan\DOCs.lnk [2010.03.25 20:39:06 | 000,011,302 | -HS- | C] () -- C:\Users\stefan\AlbumArt_{019AF42D-61B5-4A5B-8075-542235A4241A}_Large.jpg [2010.03.25 20:39:06 | 000,002,738 | -HS- | C] () -- C:\Users\stefan\AlbumArt_{019AF42D-61B5-4A5B-8075-542235A4241A}_Small.jpg [2010.03.16 15:22:24 | 000,011,302 | -HS- | C] () -- C:\Users\stefan\Folder.jpg [2010.03.16 15:22:24 | 000,002,738 | -HS- | C] () -- C:\Users\stefan\AlbumArtSmall.jpg [2010.02.15 14:48:13 | 000,000,856 | ---- | C] () -- C:\Users\stefan\.recently-used.xbel [2009.12.12 17:55:25 | 006,569,410 | ---- | C] () -- C:\Users\stefan\01-Maschen-Draht-Zaun(RadioEdit).mp3 [2009.08.04 02:10:01 | 000,087,040 | ---- | C] () -- C:\Users\stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > <<log>> -Text- Das mit den Tags war wieder falsch. Und verschrieben habe ich mich auch noch. Grad im Titel. Sorry. War schon so spät/ früh. Ich kriege den Avast nicht ausgeschaltet für den Gmerscan. Gruß vonStefan --Text-- |
|
05.09.2012, 21:49
| #2 |
| | Rechner arbrbeitet ca. 10 min. nach Hochfahren aus Standby. Immer. GMER Logfile:
__________________Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-05 22:45:39
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.01.0
Running: p0rnxxi3.exe; Driver: C:\Users\stefan\AppData\Local\Temp\kglirfob.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8E747708]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x903097C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8E74811C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8E752F28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8E752F74]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8E7530F6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8E752E96]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x90309BBA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8E752EDE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x8E748310]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8E7530B0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x8E748A9C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8E747756]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x903098AC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8E7473BE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8E7477A4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8E74C456]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8E749464]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8E752F52]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8E752F96]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8E75311A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8E752EBC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8E75303A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8E752F06]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8E7530D4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x90309A2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8E749330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0x8E748EDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8E7477F2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8E747840]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x8E74891C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8E747448]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8E7475F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8E74759E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x8E748BFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x8E748D5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8E747668]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x90309AF6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x8E748794]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8E74788E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x90309962]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x8E748498]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x90321966]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 10D 82EFA7D0 4 Bytes [08, 77, 74, 8E]
.text ntkrnlpa.exe!KeSetEvent + 131 82EFA7F4 4 Bytes [C8, 97, 30, 90] {ENTER 0x3097, 0x90}
.text ntkrnlpa.exe!KeSetEvent + 191 82EFA854 4 Bytes [1C, 81, 74, 8E] {SBB AL, 0x81; JZ 0xffffffffffffff92}
.text ntkrnlpa.exe!KeSetEvent + 1D1 82EFA894 8 Bytes [28, 2F, 75, 8E, 74, 2F, 75, ...] {SUB [EDI], CH; JNZ 0xffffffffffffff92; JZ 0x35; JNZ 0xffffffffffffff96}
.text ntkrnlpa.exe!KeSetEvent + 1DD 82EFA8A0 4 Bytes [F6, 30, 75, 8E] {DIV BYTE [EAX]; JNZ 0xffffffffffffff92}
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 8302562F 5 Bytes JMP 9031E806 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 8307E543 5 Bytes JMP 90320320 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 83087E68 4 Bytes CALL 8E749B07 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 8308BADC 4 Bytes CALL 8E749B1D \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 830DFDF6 7 Bytes JMP 9032196A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x88B54480, 0x3C939, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x88B95900, 0x3CA, 0x48000040]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\csrss.exe[732] KERNEL32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Windows\system32\wininit.exe[776] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Windows\system32\csrss.exe[788] KERNEL32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Windows\system32\services.exe[820] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Windows\system32\lsass.exe[860] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text ...
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[980] ntdll.dll!LdrLoadDll 77A99378 5 Bytes JMP 001601F8
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[980] ntdll.dll!LdrUnloadDll 77AAB680 5 Bytes JMP 001603FC
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[980] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[980] USER32.dll!SetWindowsHookExA 768A6322 5 Bytes JMP 00170600
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[980] USER32.dll!SetWindowsHookExW 768A87AD 5 Bytes JMP 00170804
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[980] USER32.dll!UnhookWindowsHookEx 768A98DB 5 Bytes JMP 00170A08
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[980] USER32.dll!SetWinEventHook 768A9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[980] USER32.dll!UnhookWinEvent 768AC06F 5 Bytes JMP 001703FC
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[980] ADVAPI32.dll!DeleteService 7698A07E 5 Bytes JMP 00390600
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[980] ADVAPI32.dll!SetServiceObjectSecurity 769C6CD9 5 Bytes JMP 00391014
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[980] ADVAPI32.dll!ChangeServiceConfigA 769C6DD9 5 Bytes JMP 00390804
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[980] ADVAPI32.dll!ChangeServiceConfigW 769C6F81 5 Bytes JMP 00390A08
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[980] ADVAPI32.dll!ChangeServiceConfig2A 769C7099 5 Bytes JMP 00390C0C
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[980] ADVAPI32.dll!ChangeServiceConfig2W 769C71E1 5 Bytes JMP 00390E10
.text C:\Windows\WindowsMobile\wmdSync.exe[1008] ntdll.dll!LdrLoadDll 77A99378 5 Bytes JMP 000501F8
.text C:\Windows\WindowsMobile\wmdSync.exe[1008] ntdll.dll!LdrUnloadDll 77AAB680 5 Bytes JMP 000503FC
.text C:\Windows\WindowsMobile\wmdSync.exe[1008] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Windows\WindowsMobile\wmdSync.exe[1008] ADVAPI32.dll!CreateServiceW 76989EB4 5 Bytes JMP 000703FC
.text C:\Windows\WindowsMobile\wmdSync.exe[1008] ADVAPI32.dll!DeleteService 7698A07E 5 Bytes JMP 00070600
.text C:\Windows\WindowsMobile\wmdSync.exe[1008] ADVAPI32.dll!SetServiceObjectSecurity 769C6CD9 5 Bytes JMP 00071014
.text C:\Windows\WindowsMobile\wmdSync.exe[1008] ADVAPI32.dll!ChangeServiceConfigA 769C6DD9 5 Bytes JMP 00070804
.text C:\Windows\WindowsMobile\wmdSync.exe[1008] ADVAPI32.dll!ChangeServiceConfigW 769C6F81 5 Bytes JMP 00070A08
.text C:\Windows\WindowsMobile\wmdSync.exe[1008] ADVAPI32.dll!ChangeServiceConfig2A 769C7099 5 Bytes JMP 00070C0C
.text C:\Windows\WindowsMobile\wmdSync.exe[1008] ADVAPI32.dll!ChangeServiceConfig2W 769C71E1 5 Bytes JMP 00070E10
.text C:\Windows\WindowsMobile\wmdSync.exe[1008] ADVAPI32.dll!CreateServiceA 769C72A1 5 Bytes JMP 000701F8
.text C:\Windows\WindowsMobile\wmdSync.exe[1008] USER32.dll!SetWindowsHookExA 768A6322 5 Bytes JMP 00080600
.text C:\Windows\WindowsMobile\wmdSync.exe[1008] USER32.dll!SetWindowsHookExW 768A87AD 5 Bytes JMP 00080804
.text C:\Windows\WindowsMobile\wmdSync.exe[1008] USER32.dll!UnhookWindowsHookEx 768A98DB 5 Bytes JMP 00080A08
.text C:\Windows\WindowsMobile\wmdSync.exe[1008] USER32.dll!SetWinEventHook 768A9F3A 5 Bytes JMP 000801F8
.text C:\Windows\WindowsMobile\wmdSync.exe[1008] USER32.dll!UnhookWinEvent 768AC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[1076] ntdll.dll!LdrLoadDll 77A99378 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[1076] ntdll.dll!LdrUnloadDll 77AAB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[1076] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[1076] ADVAPI32.dll!CreateServiceW 76989EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[1076] ADVAPI32.dll!DeleteService 7698A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[1076] ADVAPI32.dll!SetServiceObjectSecurity 769C6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[1076] ADVAPI32.dll!ChangeServiceConfigA 769C6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[1076] ADVAPI32.dll!ChangeServiceConfigW 769C6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[1076] ADVAPI32.dll!ChangeServiceConfig2A 769C7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[1076] ADVAPI32.dll!ChangeServiceConfig2W 769C71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[1076] ADVAPI32.dll!CreateServiceA 769C72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[1076] USER32.dll!SetWindowsHookExA 768A6322 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[1076] USER32.dll!SetWindowsHookExW 768A87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[1076] USER32.dll!UnhookWindowsHookEx 768A98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[1076] USER32.dll!SetWinEventHook 768A9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[1076] USER32.dll!UnhookWinEvent 768AC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[1120] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1188] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Windows\system32\agrsmsvc.exe[1216] ntdll.dll!LdrLoadDll 77A99378 5 Bytes JMP 000801F8
.text C:\Windows\system32\agrsmsvc.exe[1216] ntdll.dll!LdrUnloadDll 77AAB680 5 Bytes JMP 000803FC
.text C:\Windows\system32\agrsmsvc.exe[1216] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Windows\system32\agrsmsvc.exe[1216] ADVAPI32.dll!CreateServiceW 76989EB4 5 Bytes JMP 000A03FC
.text C:\Windows\system32\agrsmsvc.exe[1216] ADVAPI32.dll!DeleteService 7698A07E 5 Bytes JMP 000A0600
.text C:\Windows\system32\agrsmsvc.exe[1216] ADVAPI32.dll!SetServiceObjectSecurity 769C6CD9 5 Bytes JMP 000A1014
.text C:\Windows\system32\agrsmsvc.exe[1216] ADVAPI32.dll!ChangeServiceConfigA 769C6DD9 5 Bytes JMP 000A0804
.text C:\Windows\system32\agrsmsvc.exe[1216] ADVAPI32.dll!ChangeServiceConfigW 769C6F81 5 Bytes JMP 000A0A08
.text C:\Windows\system32\agrsmsvc.exe[1216] ADVAPI32.dll!ChangeServiceConfig2A 769C7099 5 Bytes JMP 000A0C0C
.text C:\Windows\system32\agrsmsvc.exe[1216] ADVAPI32.dll!ChangeServiceConfig2W 769C71E1 5 Bytes JMP 000A0E10
.text C:\Windows\system32\agrsmsvc.exe[1216] ADVAPI32.dll!CreateServiceA 769C72A1 5 Bytes JMP 000A01F8
.text C:\Windows\system32\agrsmsvc.exe[1216] USER32.dll!SetWindowsHookExA 768A6322 5 Bytes JMP 000B0600
.text C:\Windows\system32\agrsmsvc.exe[1216] USER32.dll!SetWindowsHookExW 768A87AD 5 Bytes JMP 000B0804
.text C:\Windows\system32\agrsmsvc.exe[1216] USER32.dll!UnhookWindowsHookEx 768A98DB 5 Bytes JMP 000B0A08
.text C:\Windows\system32\agrsmsvc.exe[1216] USER32.dll!SetWinEventHook 768A9F3A 5 Bytes JMP 000B01F8
.text C:\Windows\system32\agrsmsvc.exe[1216] USER32.dll!UnhookWinEvent 768AC06F 5 Bytes JMP 000B03FC
.text C:\Windows\System32\svchost.exe[1248] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1268] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Windows\system32\AUDIODG.EXE[1368] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Users\stefan\Desktop\p0rnxxi3.exe[1448] ntdll.dll!LdrLoadDll 77A99378 5 Bytes JMP 001501F8
.text C:\Users\stefan\Desktop\p0rnxxi3.exe[1448] ntdll.dll!LdrUnloadDll 77AAB680 5 Bytes JMP 001503FC
.text C:\Users\stefan\Desktop\p0rnxxi3.exe[1448] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Users\stefan\Desktop\p0rnxxi3.exe[1448] ADVAPI32.dll!CreateServiceW 76989EB4 5 Bytes JMP 001903FC
.text C:\Users\stefan\Desktop\p0rnxxi3.exe[1448] ADVAPI32.dll!DeleteService 7698A07E 5 Bytes JMP 00190600
.text C:\Users\stefan\Desktop\p0rnxxi3.exe[1448] ADVAPI32.dll!SetServiceObjectSecurity 769C6CD9 5 Bytes JMP 00191014
.text C:\Users\stefan\Desktop\p0rnxxi3.exe[1448] ADVAPI32.dll!ChangeServiceConfigA 769C6DD9 5 Bytes JMP 00190804
.text C:\Users\stefan\Desktop\p0rnxxi3.exe[1448] ADVAPI32.dll!ChangeServiceConfigW 769C6F81 5 Bytes JMP 00190A08
.text C:\Users\stefan\Desktop\p0rnxxi3.exe[1448] ADVAPI32.dll!ChangeServiceConfig2A 769C7099 5 Bytes JMP 00190C0C
.text C:\Users\stefan\Desktop\p0rnxxi3.exe[1448] ADVAPI32.dll!ChangeServiceConfig2W 769C71E1 5 Bytes JMP 00190E10
.text C:\Users\stefan\Desktop\p0rnxxi3.exe[1448] ADVAPI32.dll!CreateServiceA 769C72A1 5 Bytes JMP 001901F8
.text C:\Users\stefan\Desktop\p0rnxxi3.exe[1448] USER32.dll!SetWindowsHookExA 768A6322 5 Bytes JMP 001A0600
.text C:\Users\stefan\Desktop\p0rnxxi3.exe[1448] USER32.dll!SetWindowsHookExW 768A87AD 5 Bytes JMP 001A0804
.text C:\Users\stefan\Desktop\p0rnxxi3.exe[1448] USER32.dll!UnhookWindowsHookEx 768A98DB 5 Bytes JMP 001A0A08
.text C:\Users\stefan\Desktop\p0rnxxi3.exe[1448] USER32.dll!SetWinEventHook 768A9F3A 5 Bytes JMP 001A01F8
.text C:\Users\stefan\Desktop\p0rnxxi3.exe[1448] USER32.dll!UnhookWinEvent 768AC06F 5 Bytes JMP 001A03FC
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1480] ntdll.dll!LdrLoadDll 77A99378 5 Bytes JMP 000501F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1480] ntdll.dll!LdrUnloadDll 77AAB680 5 Bytes JMP 000503FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1480] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1480] ADVAPI32.dll!CreateServiceW 76989EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1480] ADVAPI32.dll!DeleteService 7698A07E 5 Bytes JMP 00070600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1480] ADVAPI32.dll!SetServiceObjectSecurity 769C6CD9 5 Bytes JMP 00071014
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1480] ADVAPI32.dll!ChangeServiceConfigA 769C6DD9 5 Bytes JMP 00070804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1480] ADVAPI32.dll!ChangeServiceConfigW 769C6F81 5 Bytes JMP 00070A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1480] ADVAPI32.dll!ChangeServiceConfig2A 769C7099 5 Bytes JMP 00070C0C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1480] ADVAPI32.dll!ChangeServiceConfig2W 769C71E1 5 Bytes JMP 00070E10
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1480] ADVAPI32.dll!CreateServiceA 769C72A1 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1480] USER32.dll!SetWindowsHookExA 768A6322 5 Bytes JMP 00080600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1480] USER32.dll!SetWindowsHookExW 768A87AD 5 Bytes JMP 00080804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1480] USER32.dll!UnhookWindowsHookEx 768A98DB 5 Bytes JMP 00080A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1480] USER32.dll!SetWinEventHook 768A9F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1480] USER32.dll!UnhookWinEvent 768AC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[1632] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1756] kernel32.dll!SetUnhandledExceptionFilter 76A3A8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1756] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Windows\system32\WLANExt.exe[1764] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[1800] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1956] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Program Files\ZooskMessenger\ZooskMessenger.exe[1964] ntdll.dll!LdrLoadDll 77A99378 5 Bytes JMP 000501F8
.text C:\Program Files\ZooskMessenger\ZooskMessenger.exe[1964] ntdll.dll!LdrUnloadDll 77AAB680 5 Bytes JMP 000503FC
.text C:\Program Files\ZooskMessenger\ZooskMessenger.exe[1964] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Program Files\ZooskMessenger\ZooskMessenger.exe[1964] USER32.dll!SetWindowsHookExA 768A6322 5 Bytes JMP 00170600
.text C:\Program Files\ZooskMessenger\ZooskMessenger.exe[1964] USER32.dll!SetWindowsHookExW 768A87AD 5 Bytes JMP 00170804
.text C:\Program Files\ZooskMessenger\ZooskMessenger.exe[1964] USER32.dll!UnhookWindowsHookEx 768A98DB 5 Bytes JMP 00170A08
.text C:\Program Files\ZooskMessenger\ZooskMessenger.exe[1964] USER32.dll!SetWinEventHook 768A9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\ZooskMessenger\ZooskMessenger.exe[1964] USER32.dll!UnhookWinEvent 768AC06F 5 Bytes JMP 001703FC
.text C:\Program Files\ZooskMessenger\ZooskMessenger.exe[1964] ADVAPI32.dll!CreateServiceW 76989EB4 5 Bytes JMP 001803FC
.text C:\Program Files\ZooskMessenger\ZooskMessenger.exe[1964] ADVAPI32.dll!DeleteService 7698A07E 5 Bytes JMP 00180600
.text C:\Program Files\ZooskMessenger\ZooskMessenger.exe[1964] ADVAPI32.dll!SetServiceObjectSecurity 769C6CD9 5 Bytes JMP 00181014
.text C:\Program Files\ZooskMessenger\ZooskMessenger.exe[1964] ADVAPI32.dll!ChangeServiceConfigA 769C6DD9 5 Bytes JMP 00180804
.text C:\Program Files\ZooskMessenger\ZooskMessenger.exe[1964] ADVAPI32.dll!ChangeServiceConfigW 769C6F81 5 Bytes JMP 00180A08
.text C:\Program Files\ZooskMessenger\ZooskMessenger.exe[1964] ADVAPI32.dll!ChangeServiceConfig2A 769C7099 5 Bytes JMP 00180C0C
.text C:\Program Files\ZooskMessenger\ZooskMessenger.exe[1964] ADVAPI32.dll!ChangeServiceConfig2W 769C71E1 5 Bytes JMP 00180E10
.text C:\Program Files\ZooskMessenger\ZooskMessenger.exe[1964] ADVAPI32.dll!CreateServiceA 769C72A1 5 Bytes JMP 001801F8
.text C:\Windows\system32\svchost.exe[1984] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2080] ntdll.dll!LdrLoadDll 77A99378 5 Bytes JMP 001501F8
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2080] ntdll.dll!LdrUnloadDll 77AAB680 5 Bytes JMP 001503FC
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2080] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2080] USER32.dll!SetWindowsHookExA 768A6322 5 Bytes JMP 001D0600
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2080] USER32.dll!SetWindowsHookExW 768A87AD 5 Bytes JMP 001D0804
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2080] USER32.dll!UnhookWindowsHookEx 768A98DB 5 Bytes JMP 001D0A08
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2080] USER32.dll!SetWinEventHook 768A9F3A 5 Bytes JMP 001D01F8
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2080] USER32.dll!UnhookWinEvent 768AC06F 5 Bytes JMP 001D03FC
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2080] ADVAPI32.dll!CreateServiceW 76989EB4 5 Bytes JMP 001E03FC
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2080] ADVAPI32.dll!DeleteService 7698A07E 5 Bytes JMP 001E0600
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2080] ADVAPI32.dll!SetServiceObjectSecurity 769C6CD9 5 Bytes JMP 001E1014
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2080] ADVAPI32.dll!ChangeServiceConfigA 769C6DD9 5 Bytes JMP 001E0804
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2080] ADVAPI32.dll!ChangeServiceConfigW 769C6F81 5 Bytes JMP 001E0A08
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2080] ADVAPI32.dll!ChangeServiceConfig2A 769C7099 5 Bytes JMP 001E0C0C
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2080] ADVAPI32.dll!ChangeServiceConfig2W 769C71E1 5 Bytes JMP 001E0E10
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2080] ADVAPI32.dll!CreateServiceA 769C72A1 5 Bytes JMP 001E01F8
.text C:\Windows\system32\svchost.exe[2120] ntdll.dll!LdrLoadDll 77A99378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2120] ntdll.dll!LdrUnloadDll 77AAB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2120] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2120] ADVAPI32.dll!CreateServiceW 76989EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2120] ADVAPI32.dll!DeleteService 7698A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2120] ADVAPI32.dll!SetServiceObjectSecurity 769C6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2120] ADVAPI32.dll!ChangeServiceConfigA 769C6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2120] ADVAPI32.dll!ChangeServiceConfigW 769C6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2120] ADVAPI32.dll!ChangeServiceConfig2A 769C7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2120] ADVAPI32.dll!ChangeServiceConfig2W 769C71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2120] ADVAPI32.dll!CreateServiceA 769C72A1 5 Bytes JMP 000701F8
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2244] ntdll.dll!LdrLoadDll 77A99378 5 Bytes JMP 000501F8
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2244] ntdll.dll!LdrUnloadDll 77AAB680 5 Bytes JMP 000503FC
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2244] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2244] USER32.dll!SetWindowsHookExA 768A6322 5 Bytes JMP 00070600
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2244] USER32.dll!SetWindowsHookExW 768A87AD 5 Bytes JMP 00070804
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2244] USER32.dll!UnhookWindowsHookEx 768A98DB 5 Bytes JMP 00070A08
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2244] USER32.dll!SetWinEventHook 768A9F3A 5 Bytes JMP 000701F8
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2244] USER32.dll!UnhookWinEvent 768AC06F 5 Bytes JMP 000703FC
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2244] ADVAPI32.dll!CreateServiceW 76989EB4 5 Bytes JMP 000803FC
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2244] ADVAPI32.dll!DeleteService 7698A07E 5 Bytes JMP 00080600
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2244] ADVAPI32.dll!SetServiceObjectSecurity 769C6CD9 5 Bytes JMP 00081014
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2244] ADVAPI32.dll!ChangeServiceConfigA 769C6DD9 5 Bytes JMP 00080804
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2244] ADVAPI32.dll!ChangeServiceConfigW 769C6F81 5 Bytes JMP 00080A08
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2244] ADVAPI32.dll!ChangeServiceConfig2A 769C7099 5 Bytes JMP 00080C0C
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2244] ADVAPI32.dll!ChangeServiceConfig2W 769C71E1 5 Bytes JMP 00080E10
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2244] ADVAPI32.dll!CreateServiceA 769C72A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[2296] ntdll.dll!LdrLoadDll 77A99378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2296] ntdll.dll!LdrUnloadDll 77AAB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2296] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2296] ADVAPI32.dll!CreateServiceW 76989EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2296] ADVAPI32.dll!DeleteService 7698A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2296] ADVAPI32.dll!SetServiceObjectSecurity 769C6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2296] ADVAPI32.dll!ChangeServiceConfigA 769C6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2296] ADVAPI32.dll!ChangeServiceConfigW 769C6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2296] ADVAPI32.dll!ChangeServiceConfig2A 769C7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2296] ADVAPI32.dll!ChangeServiceConfig2W 769C71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2296] ADVAPI32.dll!CreateServiceA 769C72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[2296] USER32.dll!SetWindowsHookExA 768A6322 5 Bytes JMP 001E0600
.text C:\Windows\system32\svchost.exe[2296] USER32.dll!SetWindowsHookExW 768A87AD 5 Bytes JMP 001E0804
.text C:\Windows\system32\svchost.exe[2296] USER32.dll!UnhookWindowsHookEx 768A98DB 5 Bytes JMP 001E0A08
.text C:\Windows\system32\svchost.exe[2296] USER32.dll!SetWinEventHook 768A9F3A 5 Bytes JMP 001E01F8
.text C:\Windows\system32\svchost.exe[2296] USER32.dll!UnhookWinEvent 768AC06F 5 Bytes JMP 001E03FC
.text C:\Program Files\iPod\bin\iPodService.exe[2336] ntdll.dll!LdrLoadDll 77A99378 5 Bytes JMP 000501F8
.text C:\Program Files\iPod\bin\iPodService.exe[2336] ntdll.dll!LdrUnloadDll 77AAB680 5 Bytes JMP 000503FC
.text C:\Program Files\iPod\bin\iPodService.exe[2336] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[2336] ADVAPI32.dll!CreateServiceW 76989EB4 5 Bytes JMP 001703FC
.text C:\Program Files\iPod\bin\iPodService.exe[2336] ADVAPI32.dll!DeleteService 7698A07E 5 Bytes JMP 00170600
.text C:\Program Files\iPod\bin\iPodService.exe[2336] ADVAPI32.dll!SetServiceObjectSecurity 769C6CD9 5 Bytes JMP 00171014
.text C:\Program Files\iPod\bin\iPodService.exe[2336] ADVAPI32.dll!ChangeServiceConfigA 769C6DD9 5 Bytes JMP 00170804
.text C:\Program Files\iPod\bin\iPodService.exe[2336] ADVAPI32.dll!ChangeServiceConfigW 769C6F81 5 Bytes JMP 00170A08
.text C:\Program Files\iPod\bin\iPodService.exe[2336] ADVAPI32.dll!ChangeServiceConfig2A 769C7099 5 Bytes JMP 00170C0C
.text C:\Program Files\iPod\bin\iPodService.exe[2336] ADVAPI32.dll!ChangeServiceConfig2W 769C71E1 5 Bytes JMP 00170E10
.text C:\Program Files\iPod\bin\iPodService.exe[2336] ADVAPI32.dll!CreateServiceA 769C72A1 5 Bytes JMP 001701F8
.text C:\Program Files\iPod\bin\iPodService.exe[2336] USER32.dll!SetWindowsHookExA 768A6322 5 Bytes JMP 00180600
.text C:\Program Files\iPod\bin\iPodService.exe[2336] USER32.dll!SetWindowsHookExW 768A87AD 5 Bytes JMP 00180804
.text C:\Program Files\iPod\bin\iPodService.exe[2336] USER32.dll!UnhookWindowsHookEx 768A98DB 5 Bytes JMP 00180A08
.text C:\Program Files\iPod\bin\iPodService.exe[2336] USER32.dll!SetWinEventHook 768A9F3A 5 Bytes JMP 001801F8
.text C:\Program Files\iPod\bin\iPodService.exe[2336] USER32.dll!UnhookWinEvent 768AC06F 5 Bytes JMP 001803FC
.text C:\Windows\system32\svchost.exe[2516] ntdll.dll!LdrLoadDll 77A99378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2516] ntdll.dll!LdrUnloadDll 77AAB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2516] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2516] ADVAPI32.dll!CreateServiceW 76989EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2516] ADVAPI32.dll!DeleteService 7698A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2516] ADVAPI32.dll!SetServiceObjectSecurity 769C6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2516] ADVAPI32.dll!ChangeServiceConfigA 769C6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2516] ADVAPI32.dll!ChangeServiceConfigW 769C6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2516] ADVAPI32.dll!ChangeServiceConfig2A 769C7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2516] ADVAPI32.dll!ChangeServiceConfig2W 769C71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2516] ADVAPI32.dll!CreateServiceA 769C72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[2516] USER32.dll!SetWindowsHookExA 768A6322 5 Bytes JMP 00120600
.text C:\Windows\system32\svchost.exe[2516] USER32.dll!SetWindowsHookExW 768A87AD 5 Bytes JMP 00120804
.text C:\Windows\system32\svchost.exe[2516] USER32.dll!UnhookWindowsHookEx 768A98DB 5 Bytes JMP 00120A08
.text C:\Windows\system32\svchost.exe[2516] USER32.dll!SetWinEventHook 768A9F3A 5 Bytes JMP 001201F8
.text C:\Windows\system32\svchost.exe[2516] USER32.dll!UnhookWinEvent 768AC06F 5 Bytes JMP 001203FC
.text C:\Program Files\Secunia\PSI\PSIA.exe[2576] ntdll.dll!LdrLoadDll 77A99378 5 Bytes JMP 000501F8
.text C:\Program Files\Secunia\PSI\PSIA.exe[2576] ntdll.dll!LdrUnloadDll 77AAB680 5 Bytes JMP 000503FC
.text C:\Program Files\Secunia\PSI\PSIA.exe[2576] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Program Files\Secunia\PSI\PSIA.exe[2576] ADVAPI32.dll!CreateServiceW 76989EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Secunia\PSI\PSIA.exe[2576] ADVAPI32.dll!DeleteService 7698A07E 5 Bytes JMP 00070600
.text C:\Program Files\Secunia\PSI\PSIA.exe[2576] ADVAPI32.dll!SetServiceObjectSecurity 769C6CD9 5 Bytes JMP 00071014
.text C:\Program Files\Secunia\PSI\PSIA.exe[2576] ADVAPI32.dll!ChangeServiceConfigA 769C6DD9 5 Bytes JMP 00070804
.text C:\Program Files\Secunia\PSI\PSIA.exe[2576] ADVAPI32.dll!ChangeServiceConfigW 769C6F81 5 Bytes JMP 00070A08
.text C:\Program Files\Secunia\PSI\PSIA.exe[2576] ADVAPI32.dll!ChangeServiceConfig2A 769C7099 5 Bytes JMP 00070C0C
.text C:\Program Files\Secunia\PSI\PSIA.exe[2576] ADVAPI32.dll!ChangeServiceConfig2W 769C71E1 5 Bytes JMP 00070E10
.text C:\Program Files\Secunia\PSI\PSIA.exe[2576] ADVAPI32.dll!CreateServiceA 769C72A1 5 Bytes JMP 000701F8
.text C:\Program Files\Secunia\PSI\PSIA.exe[2576] USER32.dll!SetWindowsHookExA 768A6322 5 Bytes JMP 00080600
.text C:\Program Files\Secunia\PSI\PSIA.exe[2576] USER32.dll!SetWindowsHookExW 768A87AD 5 Bytes JMP 00080804
.text C:\Program Files\Secunia\PSI\PSIA.exe[2576] USER32.dll!UnhookWindowsHookEx 768A98DB 5 Bytes JMP 00080A08
.text C:\Program Files\Secunia\PSI\PSIA.exe[2576] USER32.dll!SetWinEventHook 768A9F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Secunia\PSI\PSIA.exe[2576] USER32.dll!UnhookWinEvent 768AC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\rundll32.exe[2620] ntdll.dll!LdrLoadDll 77A99378 5 Bytes JMP 000601F8
.text C:\Windows\system32\rundll32.exe[2620] ntdll.dll!LdrUnloadDll 77AAB680 5 Bytes JMP 000603FC
.text C:\Windows\system32\rundll32.exe[2620] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Windows\system32\rundll32.exe[2620] USER32.dll!SetWindowsHookExA 768A6322 5 Bytes JMP 00070600
.text C:\Windows\system32\rundll32.exe[2620] USER32.dll!SetWindowsHookExW 768A87AD 5 Bytes JMP 00070804
.text C:\Windows\system32\rundll32.exe[2620] USER32.dll!UnhookWindowsHookEx 768A98DB 5 Bytes JMP 00070A08
.text C:\Windows\system32\rundll32.exe[2620] USER32.dll!SetWinEventHook 768A9F3A 5 Bytes JMP 000701F8
.text C:\Windows\system32\rundll32.exe[2620] USER32.dll!UnhookWinEvent 768AC06F 5 Bytes JMP 000703FC
.text C:\Windows\system32\rundll32.exe[2620] ADVAPI32.dll!CreateServiceW 76989EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\rundll32.exe[2620] ADVAPI32.dll!DeleteService 7698A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\rundll32.exe[2620] ADVAPI32.dll!SetServiceObjectSecurity 769C6CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\rundll32.exe[2620] ADVAPI32.dll!ChangeServiceConfigA 769C6DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\rundll32.exe[2620] ADVAPI32.dll!ChangeServiceConfigW 769C6F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\rundll32.exe[2620] ADVAPI32.dll!ChangeServiceConfig2A 769C7099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\rundll32.exe[2620] ADVAPI32.dll!ChangeServiceConfig2W 769C71E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\rundll32.exe[2620] ADVAPI32.dll!CreateServiceA 769C72A1 5 Bytes JMP 000801F8
.text C:\Program Files\Secunia\PSI\sua.exe[2632] ntdll.dll!LdrLoadDll 77A99378 5 Bytes JMP 000601F8
.text C:\Program Files\Secunia\PSI\sua.exe[2632] ntdll.dll!LdrUnloadDll 77AAB680 5 Bytes JMP 000603FC
.text C:\Program Files\Secunia\PSI\sua.exe[2632] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Program Files\Secunia\PSI\sua.exe[2632] ADVAPI32.dll!CreateServiceW 76989EB4 5 Bytes JMP 000E03FC
.text C:\Program Files\Secunia\PSI\sua.exe[2632] ADVAPI32.dll!DeleteService 7698A07E 5 Bytes JMP 000E0600
.text C:\Program Files\Secunia\PSI\sua.exe[2632] ADVAPI32.dll!SetServiceObjectSecurity 769C6CD9 5 Bytes JMP 000E1014
.text C:\Program Files\Secunia\PSI\sua.exe[2632] ADVAPI32.dll!ChangeServiceConfigA 769C6DD9 5 Bytes JMP 000E0804
.text C:\Program Files\Secunia\PSI\sua.exe[2632] ADVAPI32.dll!ChangeServiceConfigW 769C6F81 5 Bytes JMP 000E0A08
.text C:\Program Files\Secunia\PSI\sua.exe[2632] ADVAPI32.dll!ChangeServiceConfig2A 769C7099 5 Bytes JMP 000E0C0C
.text C:\Program Files\Secunia\PSI\sua.exe[2632] ADVAPI32.dll!ChangeServiceConfig2W 769C71E1 5 Bytes JMP 000E0E10
.text C:\Program Files\Secunia\PSI\sua.exe[2632] ADVAPI32.dll!CreateServiceA 769C72A1 5 Bytes JMP 000E01F8
.text C:\Windows\system32\svchost.exe[2648] ntdll.dll!LdrLoadDll 77A99378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2648] ntdll.dll!LdrUnloadDll 77AAB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2648] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2648] ADVAPI32.dll!CreateServiceW 76989EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2648] ADVAPI32.dll!DeleteService 7698A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2648] ADVAPI32.dll!SetServiceObjectSecurity 769C6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2648] ADVAPI32.dll!ChangeServiceConfigA 769C6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2648] ADVAPI32.dll!ChangeServiceConfigW 769C6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2648] ADVAPI32.dll!ChangeServiceConfig2A 769C7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2648] ADVAPI32.dll!ChangeServiceConfig2W 769C71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2648] ADVAPI32.dll!CreateServiceA 769C72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\wbem\unsecapp.exe[2756] ntdll.dll!LdrLoadDll 77A99378 5 Bytes JMP 000501F8
.text C:\Windows\system32\wbem\unsecapp.exe[2756] ntdll.dll!LdrUnloadDll 77AAB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\wbem\unsecapp.exe[2756] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Windows\system32\wbem\unsecapp.exe[2756] ADVAPI32.dll!CreateServiceW 76989EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\wbem\unsecapp.exe[2756] ADVAPI32.dll!DeleteService 7698A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\wbem\unsecapp.exe[2756] ADVAPI32.dll!SetServiceObjectSecurity 769C6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\wbem\unsecapp.exe[2756] ADVAPI32.dll!ChangeServiceConfigA 769C6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\wbem\unsecapp.exe[2756] ADVAPI32.dll!ChangeServiceConfigW 769C6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\wbem\unsecapp.exe[2756] ADVAPI32.dll!ChangeServiceConfig2A 769C7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\wbem\unsecapp.exe[2756] ADVAPI32.dll!ChangeServiceConfig2W 769C71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\wbem\unsecapp.exe[2756] ADVAPI32.dll!CreateServiceA 769C72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\wbem\unsecapp.exe[2756] USER32.dll!SetWindowsHookExA 768A6322 5 Bytes JMP 00080600
.text C:\Windows\system32\wbem\unsecapp.exe[2756] USER32.dll!SetWindowsHookExW 768A87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\wbem\unsecapp.exe[2756] USER32.dll!UnhookWindowsHookEx 768A98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\wbem\unsecapp.exe[2756] USER32.dll!SetWinEventHook 768A9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\wbem\unsecapp.exe[2756] USER32.dll!UnhookWinEvent 768AC06F 5 Bytes JMP 000803FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[2848] ntdll.dll!LdrLoadDll 77A99378 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[2848] ntdll.dll!LdrUnloadDll 77AAB680 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[2848] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2848] ADVAPI32.dll!CreateServiceW 76989EB4 5 Bytes JMP 000803FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[2848] ADVAPI32.dll!DeleteService 7698A07E 5 Bytes JMP 00080600
.text C:\Program Files\Windows Sidebar\sidebar.exe[2848] ADVAPI32.dll!SetServiceObjectSecurity 769C6CD9 5 Bytes JMP 00081014
.text C:\Program Files\Windows Sidebar\sidebar.exe[2848] ADVAPI32.dll!ChangeServiceConfigA 769C6DD9 5 Bytes JMP 00080804
.text C:\Program Files\Windows Sidebar\sidebar.exe[2848] ADVAPI32.dll!ChangeServiceConfigW 769C6F81 5 Bytes JMP 00080A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[2848] ADVAPI32.dll!ChangeServiceConfig2A 769C7099 5 Bytes JMP 00080C0C
.text C:\Program Files\Windows Sidebar\sidebar.exe[2848] ADVAPI32.dll!ChangeServiceConfig2W 769C71E1 5 Bytes JMP 00080E10
.text C:\Program Files\Windows Sidebar\sidebar.exe[2848] ADVAPI32.dll!CreateServiceA 769C72A1 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[2848] USER32.dll!SetWindowsHookExA 768A6322 5 Bytes JMP 00090600
.text C:\Program Files\Windows Sidebar\sidebar.exe[2848] USER32.dll!SetWindowsHookExW 768A87AD 5 Bytes JMP 00090804
.text C:\Program Files\Windows Sidebar\sidebar.exe[2848] USER32.dll!UnhookWindowsHookEx 768A98DB 5 Bytes JMP 00090A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[2848] USER32.dll!SetWinEventHook 768A9F3A 5 Bytes JMP 000901F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[2848] USER32.dll!UnhookWinEvent 768AC06F 5 Bytes JMP 000903FC
.text C:\Windows\System32\svchost.exe[2864] ntdll.dll!LdrLoadDll 77A99378 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[2864] ntdll.dll!LdrUnloadDll 77AAB680 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[2864] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2864] ADVAPI32.dll!CreateServiceW 76989EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[2864] ADVAPI32.dll!DeleteService 7698A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[2864] ADVAPI32.dll!SetServiceObjectSecurity 769C6CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[2864] ADVAPI32.dll!ChangeServiceConfigA 769C6DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[2864] ADVAPI32.dll!ChangeServiceConfigW 769C6F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[2864] ADVAPI32.dll!ChangeServiceConfig2A 769C7099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[2864] ADVAPI32.dll!ChangeServiceConfig2W 769C71E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[2864] ADVAPI32.dll!CreateServiceA 769C72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchIndexer.exe[2888] ntdll.dll!LdrLoadDll 77A99378 5 Bytes JMP 000501F8
.text C:\Windows\system32\SearchIndexer.exe[2888] ntdll.dll!LdrUnloadDll 77AAB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\SearchIndexer.exe[2888] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[2888] ADVAPI32.dll!CreateServiceW 76989EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\SearchIndexer.exe[2888] ADVAPI32.dll!DeleteService 7698A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\SearchIndexer.exe[2888] ADVAPI32.dll!SetServiceObjectSecurity 769C6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\SearchIndexer.exe[2888] ADVAPI32.dll!ChangeServiceConfigA 769C6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\SearchIndexer.exe[2888] ADVAPI32.dll!ChangeServiceConfigW 769C6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\SearchIndexer.exe[2888] ADVAPI32.dll!ChangeServiceConfig2A 769C7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\SearchIndexer.exe[2888] ADVAPI32.dll!ChangeServiceConfig2W 769C71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\SearchIndexer.exe[2888] ADVAPI32.dll!CreateServiceA 769C72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchIndexer.exe[2888] USER32.dll!SetWindowsHookExA 768A6322 5 Bytes JMP 00080600
.text C:\Windows\system32\SearchIndexer.exe[2888] USER32.dll!SetWindowsHookExW 768A87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\SearchIndexer.exe[2888] USER32.dll!UnhookWindowsHookEx 768A98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\SearchIndexer.exe[2888] USER32.dll!SetWinEventHook 768A9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\SearchIndexer.exe[2888] USER32.dll!UnhookWinEvent 768AC06F 5 Bytes JMP 000803FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2972] ntdll.dll!LdrLoadDll 77A99378 5 Bytes JMP 000501F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2972] ntdll.dll!LdrUnloadDll 77AAB680 5 Bytes JMP 000503FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2972] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2972] ADVAPI32.dll!CreateServiceW 76989EB4 5 Bytes JMP 001503FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2972] ADVAPI32.dll!DeleteService 7698A07E 5 Bytes JMP 00150600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2972] ADVAPI32.dll!SetServiceObjectSecurity 769C6CD9 5 Bytes JMP 00151014
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2972] ADVAPI32.dll!ChangeServiceConfigA 769C6DD9 5 Bytes JMP 00150804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2972] ADVAPI32.dll!ChangeServiceConfigW 769C6F81 3 Bytes JMP 00150A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2972] ADVAPI32.dll!ChangeServiceConfigW + 4 769C6F85 1 Byte [89]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2972] ADVAPI32.dll!ChangeServiceConfig2A 769C7099 5 Bytes JMP 00150C0C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2972] ADVAPI32.dll!ChangeServiceConfig2W 769C71E1 5 Bytes JMP 00150E10
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2972] ADVAPI32.dll!CreateServiceA 769C72A1 5 Bytes JMP 001501F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2972] USER32.dll!SetWindowsHookExA 768A6322 3 Bytes JMP 00160600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2972] USER32.dll!SetWindowsHookExA + 4 768A6326 1 Byte [89]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2972] USER32.dll!SetWindowsHookExW 768A87AD 3 Bytes JMP 00160804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2972] USER32.dll!SetWindowsHookExW + 4 768A87B1 1 Byte [89]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2972] USER32.dll!UnhookWindowsHookEx 768A98DB 5 Bytes JMP 00160A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2972] USER32.dll!SetWinEventHook 768A9F3A 3 Bytes JMP 001601F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2972] USER32.dll!SetWinEventHook + 4 768A9F3E 1 Byte [89]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2972] USER32.dll!UnhookWinEvent 768AC06F 5 Bytes JMP 001603FC
.text C:\Windows\system32\taskeng.exe[3092] ntdll.dll!LdrLoadDll 77A99378 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[3092] ntdll.dll!LdrUnloadDll 77AAB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[3092] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[3092] ADVAPI32.dll!CreateServiceW 76989EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[3092] ADVAPI32.dll!DeleteService 7698A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[3092] ADVAPI32.dll!SetServiceObjectSecurity 769C6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[3092] ADVAPI32.dll!ChangeServiceConfigA 769C6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[3092] ADVAPI32.dll!ChangeServiceConfigW 769C6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[3092] ADVAPI32.dll!ChangeServiceConfig2A 769C7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[3092] ADVAPI32.dll!ChangeServiceConfig2W 769C71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[3092] ADVAPI32.dll!CreateServiceA 769C72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[3092] USER32.dll!SetWindowsHookExA 768A6322 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[3092] USER32.dll!SetWindowsHookExW 768A87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[3092] USER32.dll!UnhookWindowsHookEx 768A98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[3092] USER32.dll!SetWinEventHook 768A9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[3092] USER32.dll!UnhookWinEvent 768AC06F 5 Bytes JMP 000803FC
.text C:\Windows\Explorer.EXE[3160] ntdll.dll!LdrLoadDll 77A99378 5 Bytes JMP 000501F8
.text C:\Windows\Explorer.EXE[3160] ntdll.dll!LdrUnloadDll 77AAB680 5 Bytes JMP 000503FC
.text C:\Windows\Explorer.EXE[3160] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Windows\Explorer.EXE[3160] ADVAPI32.dll!CreateServiceW 76989EB4 5 Bytes JMP 000B03FC
.text C:\Windows\Explorer.EXE[3160] ADVAPI32.dll!DeleteService 7698A07E 5 Bytes JMP 000B0600
.text C:\Windows\Explorer.EXE[3160] ADVAPI32.dll!SetServiceObjectSecurity 769C6CD9 5 Bytes JMP 000B1014
.text C:\Windows\Explorer.EXE[3160] ADVAPI32.dll!ChangeServiceConfigA 769C6DD9 5 Bytes JMP 000B0804
.text C:\Windows\Explorer.EXE[3160] ADVAPI32.dll!ChangeServiceConfigW 769C6F81 5 Bytes JMP 000B0A08
.text C:\Windows\Explorer.EXE[3160] ADVAPI32.dll!ChangeServiceConfig2A 769C7099 5 Bytes JMP 000B0C0C
.text C:\Windows\Explorer.EXE[3160] ADVAPI32.dll!ChangeServiceConfig2W 769C71E1 5 Bytes JMP 000B0E10
.text C:\Windows\Explorer.EXE[3160] ADVAPI32.dll!CreateServiceA 769C72A1 5 Bytes JMP 000B01F8
.text C:\Windows\Explorer.EXE[3160] USER32.dll!SetWindowsHookExA 768A6322 5 Bytes JMP 000C0600
.text C:\Windows\Explorer.EXE[3160] USER32.dll!SetWindowsHookExW 768A87AD 5 Bytes JMP 000C0804
.text C:\Windows\Explorer.EXE[3160] USER32.dll!UnhookWindowsHookEx 768A98DB 5 Bytes JMP 000C0A08
.text C:\Windows\Explorer.EXE[3160] USER32.dll!SetWinEventHook 768A9F3A 5 Bytes JMP 000C01F8
.text C:\Windows\Explorer.EXE[3160] USER32.dll!UnhookWinEvent 768AC06F 5 Bytes JMP 000C03FC
.text C:\Program Files\iTunes\iTunesHelper.exe[3364] ntdll.dll!LdrLoadDll 77A99378 5 Bytes JMP 000501F8
.text C:\Program Files\iTunes\iTunesHelper.exe[3364] ntdll.dll!LdrUnloadDll 77AAB680 5 Bytes JMP 000503FC
.text C:\Program Files\iTunes\iTunesHelper.exe[3364] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[3364] ADVAPI32.dll!CreateServiceW 76989EB4 5 Bytes JMP 000703FC
.text C:\Program Files\iTunes\iTunesHelper.exe[3364] ADVAPI32.dll!DeleteService 7698A07E 5 Bytes JMP 00070600
.text C:\Program Files\iTunes\iTunesHelper.exe[3364] ADVAPI32.dll!SetServiceObjectSecurity 769C6CD9 5 Bytes JMP 00071014
.text C:\Program Files\iTunes\iTunesHelper.exe[3364] ADVAPI32.dll!ChangeServiceConfigA 769C6DD9 5 Bytes JMP 00070804
.text C:\Program Files\iTunes\iTunesHelper.exe[3364] ADVAPI32.dll!ChangeServiceConfigW 769C6F81 5 Bytes JMP 00070A08
.text C:\Program Files\iTunes\iTunesHelper.exe[3364] ADVAPI32.dll!ChangeServiceConfig2A 769C7099 5 Bytes JMP 00070C0C
.text C:\Program Files\iTunes\iTunesHelper.exe[3364] ADVAPI32.dll!ChangeServiceConfig2W 769C71E1 5 Bytes JMP 00070E10
.text C:\Program Files\iTunes\iTunesHelper.exe[3364] ADVAPI32.dll!CreateServiceA 769C72A1 5 Bytes JMP 000701F8
.text C:\Program Files\iTunes\iTunesHelper.exe[3364] USER32.dll!SetWindowsHookExA 768A6322 5 Bytes JMP 00080600
.text C:\Program Files\iTunes\iTunesHelper.exe[3364] USER32.dll!SetWindowsHookExW 768A87AD 5 Bytes JMP 00080804
.text C:\Program Files\iTunes\iTunesHelper.exe[3364] USER32.dll!UnhookWindowsHookEx 768A98DB 5 Bytes JMP 00080A08
.text C:\Program Files\iTunes\iTunesHelper.exe[3364] USER32.dll!SetWinEventHook 768A9F3A 5 Bytes JMP 000801F8
.text C:\Program Files\iTunes\iTunesHelper.exe[3364] USER32.dll!UnhookWinEvent 768AC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\Dwm.exe[3368] ntdll.dll!LdrLoadDll 77A99378 5 Bytes JMP 000501F8
.text C:\Windows\system32\Dwm.exe[3368] ntdll.dll!LdrUnloadDll 77AAB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\Dwm.exe[3368] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[3368] ADVAPI32.dll!CreateServiceW 76989EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\Dwm.exe[3368] ADVAPI32.dll!DeleteService 7698A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\Dwm.exe[3368] ADVAPI32.dll!SetServiceObjectSecurity 769C6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\Dwm.exe[3368] ADVAPI32.dll!ChangeServiceConfigA 769C6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\Dwm.exe[3368] ADVAPI32.dll!ChangeServiceConfigW 769C6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\Dwm.exe[3368] ADVAPI32.dll!ChangeServiceConfig2A 769C7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\Dwm.exe[3368] ADVAPI32.dll!ChangeServiceConfig2W 769C71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\Dwm.exe[3368] ADVAPI32.dll!CreateServiceA 769C72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\Dwm.exe[3368] USER32.dll!SetWindowsHookExA 768A6322 5 Bytes JMP 00080600
.text C:\Windows\system32\Dwm.exe[3368] USER32.dll!SetWindowsHookExW 768A87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\Dwm.exe[3368] USER32.dll!UnhookWindowsHookEx 768A98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\Dwm.exe[3368] USER32.dll!SetWinEventHook 768A9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\Dwm.exe[3368] USER32.dll!UnhookWinEvent 768AC06F 5 Bytes JMP 000803FC
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3660] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[3704] ntdll.dll!LdrLoadDll 77A99378 5 Bytes JMP 000501F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3704] ntdll.dll!LdrUnloadDll 77AAB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\wbem\wmiprvse.exe[3704] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[3704] ADVAPI32.dll!CreateServiceW 76989EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\wbem\wmiprvse.exe[3704] ADVAPI32.dll!DeleteService 7698A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\wbem\wmiprvse.exe[3704] ADVAPI32.dll!SetServiceObjectSecurity 769C6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\wbem\wmiprvse.exe[3704] ADVAPI32.dll!ChangeServiceConfigA 769C6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\wbem\wmiprvse.exe[3704] ADVAPI32.dll!ChangeServiceConfigW 769C6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\wbem\wmiprvse.exe[3704] ADVAPI32.dll!ChangeServiceConfig2A 769C7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\wbem\wmiprvse.exe[3704] ADVAPI32.dll!ChangeServiceConfig2W 769C71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\wbem\wmiprvse.exe[3704] ADVAPI32.dll!CreateServiceA 769C72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3704] USER32.dll!SetWindowsHookExA 768A6322 5 Bytes JMP 00080600
.text C:\Windows\system32\wbem\wmiprvse.exe[3704] USER32.dll!SetWindowsHookExW 768A87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\wbem\wmiprvse.exe[3704] USER32.dll!UnhookWindowsHookEx 768A98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\wbem\wmiprvse.exe[3704] USER32.dll!SetWinEventHook 768A9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3704] USER32.dll!UnhookWinEvent 768AC06F 5 Bytes JMP 000803FC
.text C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe[3720] ntdll.dll!LdrLoadDll 77A99378 5 Bytes JMP 001501F8
.text C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe[3720] ntdll.dll!LdrUnloadDll 77AAB680 5 Bytes JMP 001503FC
.text C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe[3720] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe[3720] USER32.dll!SetWindowsHookExA 768A6322 5 Bytes JMP 003E0600
.text C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe[3720] USER32.dll!SetWindowsHookExW 768A87AD 5 Bytes JMP 003E0804
.text C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe[3720] USER32.dll!UnhookWindowsHookEx 768A98DB 5 Bytes JMP 003E0A08
.text C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe[3720] USER32.dll!SetWinEventHook 768A9F3A 5 Bytes JMP 003E01F8
.text C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe[3720] USER32.dll!UnhookWinEvent 768AC06F 5 Bytes JMP 003E03FC
.text C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe[3720] ADVAPI32.dll!CreateServiceW 76989EB4 5 Bytes JMP 003F03FC
.text C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe[3720] ADVAPI32.dll!DeleteService 7698A07E 5 Bytes JMP 003F0600
.text C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe[3720] ADVAPI32.dll!SetServiceObjectSecurity 769C6CD9 5 Bytes JMP 003F1014
.text C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe[3720] ADVAPI32.dll!ChangeServiceConfigA 769C6DD9 5 Bytes JMP 003F0804
.text C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe[3720] ADVAPI32.dll!ChangeServiceConfigW 769C6F81 5 Bytes JMP 003F0A08
.text C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe[3720] ADVAPI32.dll!ChangeServiceConfig2A 769C7099 5 Bytes JMP 003F0C0C
.text C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe[3720] ADVAPI32.dll!ChangeServiceConfig2W 769C71E1 5 Bytes JMP 003F0E10
.text C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe[3720] ADVAPI32.dll!CreateServiceA 769C72A1 5 Bytes JMP 003F01F8
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3824] ntdll.dll!LdrLoadDll 77A99378 5 Bytes JMP 000501F8
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3824] ntdll.dll!LdrUnloadDll 77AAB680 5 Bytes JMP 000503FC
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3824] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3824] USER32.dll!SetWindowsHookExA 768A6322 5 Bytes JMP 00070600
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3824] USER32.dll!SetWindowsHookExW 768A87AD 5 Bytes JMP 00070804
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3824] USER32.dll!UnhookWindowsHookEx 768A98DB 5 Bytes JMP 00070A08
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3824] USER32.dll!SetWinEventHook 768A9F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3824] USER32.dll!UnhookWinEvent 768AC06F 5 Bytes JMP 000703FC
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3824] ADVAPI32.dll!CreateServiceW 76989EB4 5 Bytes JMP 000803FC
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3824] ADVAPI32.dll!DeleteService 7698A07E 5 Bytes JMP 00080600
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3824] ADVAPI32.dll!SetServiceObjectSecurity 769C6CD9 5 Bytes JMP 00081014
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3824] ADVAPI32.dll!ChangeServiceConfigA 769C6DD9 5 Bytes JMP 00080804
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3824] ADVAPI32.dll!ChangeServiceConfigW 769C6F81 5 Bytes JMP 00080A08
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3824] ADVAPI32.dll!ChangeServiceConfig2A 769C7099 5 Bytes JMP 00080C0C
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3824] ADVAPI32.dll!ChangeServiceConfig2W 769C71E1 5 Bytes JMP 00080E10
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3824] ADVAPI32.dll!CreateServiceA 769C72A1 5 Bytes JMP 000801F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3892] ntdll.dll!LdrLoadDll 77A99378 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3892] ntdll.dll!LdrUnloadDll 77AAB680 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3892] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3892] ADVAPI32.dll!CreateServiceW 76989EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3892] ADVAPI32.dll!DeleteService 7698A07E 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3892] ADVAPI32.dll!SetServiceObjectSecurity 769C6CD9 5 Bytes JMP 00171014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3892] ADVAPI32.dll!ChangeServiceConfigA 769C6DD9 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3892] ADVAPI32.dll!ChangeServiceConfigW 769C6F81 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3892] ADVAPI32.dll!ChangeServiceConfig2A 769C7099 5 Bytes JMP 00170C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3892] ADVAPI32.dll!ChangeServiceConfig2W 769C71E1 5 Bytes JMP 00170E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3892] ADVAPI32.dll!CreateServiceA 769C72A1 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3892] USER32.dll!SetWindowsHookExA 768A6322 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3892] USER32.dll!SetWindowsHookExW 768A87AD 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3892] USER32.dll!UnhookWindowsHookEx 768A98DB 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3892] USER32.dll!SetWinEventHook 768A9F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3892] USER32.dll!UnhookWinEvent 768AC06F 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe[3956] ntdll.dll!LdrLoadDll 77A99378 5 Bytes JMP 000501F8
.text C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe[3956] ntdll.dll!LdrUnloadDll 77AAB680 5 Bytes JMP 000503FC
.text C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe[3956] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe[3956] ADVAPI32.dll!CreateServiceW 76989EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe[3956] ADVAPI32.dll!DeleteService 7698A07E 5 Bytes JMP 00070600
.text C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe[3956] ADVAPI32.dll!SetServiceObjectSecurity 769C6CD9 5 Bytes JMP 00071014
.text C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe[3956] ADVAPI32.dll!ChangeServiceConfigA 769C6DD9 5 Bytes JMP 00070804
.text C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe[3956] ADVAPI32.dll!ChangeServiceConfigW 769C6F81 5 Bytes JMP 00070A08
.text C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe[3956] ADVAPI32.dll!ChangeServiceConfig2A 769C7099 5 Bytes JMP 00070C0C
.text C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe[3956] ADVAPI32.dll!ChangeServiceConfig2W 769C71E1 5 Bytes JMP 00070E10
.text C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe[3956] ADVAPI32.dll!CreateServiceA 769C72A1 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe[3956] USER32.dll!SetWindowsHookExA 768A6322 5 Bytes JMP 00080600
.text C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe[3956] USER32.dll!SetWindowsHookExW 768A87AD 5 Bytes JMP 00080804
.text C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe[3956] USER32.dll!UnhookWindowsHookEx 768A98DB 5 Bytes JMP 00080A08
.text C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe[3956] USER32.dll!SetWinEventHook 768A9F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe[3956] USER32.dll!UnhookWinEvent 768AC06F 5 Bytes JMP 000803FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[4092] ntdll.dll!LdrLoadDll 77A99378 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[4092] ntdll.dll!LdrUnloadDll 77AAB680 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[4092] kernel32.dll!GetBinaryTypeW + 70 76A62467 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4092] ADVAPI32.dll!CreateServiceW 76989EB4 5 Bytes JMP 001903FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[4092] ADVAPI32.dll!DeleteService 7698A07E 5 Bytes JMP 00190600
.text C:\Program Files\Windows Sidebar\sidebar.exe[4092] ADVAPI32.dll!SetServiceObjectSecurity 769C6CD9 5 Bytes JMP 00191014
.text C:\Program Files\Windows Sidebar\sidebar.exe[4092] ADVAPI32.dll!ChangeServiceConfigA 769C6DD9 5 Bytes JMP 00190804
.text C:\Program Files\Windows Sidebar\sidebar.exe[4092] ADVAPI32.dll!ChangeServiceConfigW 769C6F81 5 Bytes JMP 00190A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[4092] ADVAPI32.dll!ChangeServiceConfig2A 769C7099 5 Bytes JMP 00190C0C
.text C:\Program Files\Windows Sidebar\sidebar.exe[4092] ADVAPI32.dll!ChangeServiceConfig2W 769C71E1 5 Bytes JMP 00190E10
.text C:\Program Files\Windows Sidebar\sidebar.exe[4092] ADVAPI32.dll!CreateServiceA 769C72A1 5 Bytes JMP 001901F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[4092] USER32.dll!SetWindowsHookExA 768A6322 5 Bytes JMP 001A0600
.text C:\Program Files\Windows Sidebar\sidebar.exe[4092] USER32.dll!SetWindowsHookExW 768A87AD 5 Bytes JMP 001A0804
.text C:\Program Files\Windows Sidebar\sidebar.exe[4092] USER32.dll!UnhookWindowsHookEx 768A98DB 5 Bytes JMP 001A0A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[4092] USER32.dll!SetWinEventHook 768A9F3A 5 Bytes JMP 001A01F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[4092] USER32.dll!UnhookWinEvent 768AC06F 5 Bytes JMP 001A03FC
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\system32\services.exe[820] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00780002
IAT C:\Windows\system32\services.exe[820] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00780000
IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1756] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [73BEF6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Program Files\AVAST Software\Avast\afwServ.exe[1800] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [73BEF6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74907817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7494B4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7490BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [748FF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [749075E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [748FE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [749373F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7490DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [748FFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [748FFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [748F71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7498CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7492C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [748FD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [748F6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [748F687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74902AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[3660] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [73BEF6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\tdx \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
---- EOF - GMER 1.0.15 ----
Entschuldige bitte, ich habe einen Todesfall in der Familie und kann erstmal nicht weitermachen. Lieben Gruß vonStefan |
|
27.09.2012, 13:41
| #3 |
| /// Helfer-Team  | Rechner arbrbeitet ca. 10 min. nach Hochfahren aus Standby. Immer. Mein Beileid. Ist das Problem noch aktuell?
__________________ |
|
27.09.2012, 17:23
| #4 |
| | Rechner arbrbeitet ca. 10 min. nach Hochfahren aus Standby. Immer. Ja leider. Bißchen besser nach avast- behandlung aber zu mehr fehlt mir jetzt zeit |
|
27.09.2012, 19:31
| #5 |
| /// Helfer-Team | Rechner arbrbeitet ca. 10 min. nach Hochfahren aus Standby. Immer. Hast du Combofix ausfeguehrt? Wieso? Wo ist das Log? |
|
13.11.2012, 21:43
| #6 |
| /// Helfer-Team | Rechner arbrbeitet ca. 10 min. nach Hochfahren aus Standby. Immer. Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________ --> Rechner arbrbeitet ca. 10 min. nach Hochfahren aus Standby. Immer. |
|
| Themen zu Rechner arbrbeitet ca. 10 min. nach Hochfahren aus Standby. Immer. |
| administrator, anti-malware, application/pdf:, autostart, avast, avg secure search, bösartige, dateien, enigma, explorer, falsch, gefunde, gen, google earth, hochfahren, limited.com/facebook, log, malewarebytes, minute, objekte, plug-in, rechner, registrierung, search the web, secunia psi, secure search, service, service pack 2, speicher, stunde, tarma, tracker, version, verzeichnisse, vista, vollständiger |
Linear-Darstellung
