| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Malware gefunden mit Avast und Spybot SD. Ist mein Rechner jetzt sauber? inkl. logfilesWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.07.2011, 16:02
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Malware gefunden mit Avast und Spybot SD. Ist mein Rechner jetzt sauber? inkl. logfiles Lass das erstmal mit fixen, notfalls kommst du an die fms.dll immer noch über die Q von OTL => C:\_OTL\MovedFiles
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
08.07.2011, 21:17
| #17 |
 | Malware gefunden mit Avast und Spybot SD. Ist mein Rechner jetzt sauber? inkl. logfiles Ich habe die fms.dll drin gelassen. Es sieht so aus als ob es bei der Entfernung Probleme gab (s.u.). Ich bin gespannt auf deine Interpretation des Logs.
__________________Code:
ATTFilter Error: Unable to interpret <Code:> in the current context!
========== OTL ==========
Prefs.js: "Freecorder Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "" removed from browser.search.order.2
Prefs.js: "chr-greentree_ff&type=971163" removed from browser.search.param.yahoo-fr
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://search.conduit.com/?ctid=CT1060933&SearchSource=13" removed from browser.startup.homepage
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ deleted successfully.
C:\Program Files\Freecorder\prxtbFre2.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1392B8D2-5C05-419F-A8F6-B9F15A596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}\ not found.
File C:\Program Files\Freecorder\prxtbFre2.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
File C:\Program Files\Freecorder\prxtbFre2.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files\ConduitEngine\prxConduitEngine.dll moved successfully.
C:\Windows\Internet Logs folder moved successfully.
C:\Program Files\ConduitEngine folder moved successfully.
File move failed. C:\Windows\System32\fms.dll scheduled to be moved on reboot.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.25.0 log created on 07082011_203508
Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\fms.dll scheduled to be moved on reboot.
Registry entries deleted on Reboot...
|
|
10.07.2011, 18:26
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware gefunden mit Avast und Spybot SD. Ist mein Rechner jetzt sauber? inkl. logfiles Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ |
|
12.07.2011, 09:22
| #19 |
| | Malware gefunden mit Avast und Spybot SD. Ist mein Rechner jetzt sauber? inkl. logfiles Es sieht so aus, als ob nichts gefunden wurde. Code:
ATTFilter 2011/07/12 09:15:26.0527 2116 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/12 09:15:26.0855 2116 ================================================================================
2011/07/12 09:15:26.0855 2116 SystemInfo:
2011/07/12 09:15:26.0855 2116
2011/07/12 09:15:26.0855 2116 OS Version: 6.1.7601 ServicePack: 1.0
2011/07/12 09:15:26.0855 2116 Product type: Workstation
2011/07/12 09:15:26.0855 2116 ComputerName: ***-PC
2011/07/12 09:15:26.0855 2116 UserName: ***
2011/07/12 09:15:26.0855 2116 Windows directory: C:\Windows
2011/07/12 09:15:26.0855 2116 System windows directory: C:\Windows
2011/07/12 09:15:26.0855 2116 Processor architecture: Intel x86
2011/07/12 09:15:26.0855 2116 Number of processors: 2
2011/07/12 09:15:26.0855 2116 Page size: 0x1000
2011/07/12 09:15:26.0855 2116 Boot type: Normal boot
2011/07/12 09:15:26.0855 2116 ================================================================================
2011/07/12 09:15:27.0853 2116 Initialize success
2011/07/12 09:16:08.0591 2788 ================================================================================
2011/07/12 09:16:08.0591 2788 Scan started
2011/07/12 09:16:08.0591 2788 Mode: Manual;
2011/07/12 09:16:08.0591 2788 ================================================================================
2011/07/12 09:16:09.0823 2788 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
2011/07/12 09:16:09.0886 2788 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/07/12 09:16:10.0010 2788 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/07/12 09:16:10.0198 2788 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/12 09:16:10.0354 2788 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/12 09:16:10.0400 2788 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/12 09:16:10.0556 2788 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
2011/07/12 09:16:10.0619 2788 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/07/12 09:16:10.0744 2788 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/07/12 09:16:10.0931 2788 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/07/12 09:16:10.0993 2788 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/07/12 09:16:11.0024 2788 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/07/12 09:16:11.0149 2788 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/12 09:16:11.0212 2788 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/12 09:16:11.0321 2788 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
2011/07/12 09:16:11.0383 2788 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/12 09:16:11.0430 2788 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
2011/07/12 09:16:11.0555 2788 androidusb (e94e2ea7faaa05c776a711edb198b9fd) C:\Windows\system32\Drivers\androidusb.sys
2011/07/12 09:16:11.0617 2788 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/07/12 09:16:11.0789 2788 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/07/12 09:16:11.0836 2788 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/12 09:16:11.0929 2788 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\Windows\system32\drivers\aswFsBlk.sys
2011/07/12 09:16:12.0038 2788 aswMonFlt (ff83c93aeee8b0cf4b464ca667a67acd) C:\Windows\system32\drivers\aswMonFlt.sys
2011/07/12 09:16:12.0085 2788 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\Windows\system32\drivers\aswRdr.sys
2011/07/12 09:16:12.0226 2788 aswSnx (17230708a2028cd995656df455f2e303) C:\Windows\system32\drivers\aswSnx.sys
2011/07/12 09:16:12.0350 2788 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\Windows\system32\drivers\aswSP.sys
2011/07/12 09:16:12.0397 2788 aswTdi (984cfce2168286c2511695c2f9621475) C:\Windows\system32\drivers\aswTdi.sys
2011/07/12 09:16:12.0522 2788 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/12 09:16:12.0584 2788 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/07/12 09:16:12.0725 2788 athr (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys
2011/07/12 09:16:12.0990 2788 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/07/12 09:16:13.0302 2788 AtiPcie (5a1465ad2e7c1bc39cda12a355329096) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/07/12 09:16:13.0505 2788 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/07/12 09:16:13.0645 2788 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/07/12 09:16:13.0708 2788 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/07/12 09:16:13.0848 2788 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/12 09:16:14.0035 2788 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/12 09:16:14.0098 2788 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/12 09:16:14.0129 2788 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/12 09:16:14.0269 2788 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/07/12 09:16:14.0316 2788 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/12 09:16:14.0347 2788 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/12 09:16:14.0472 2788 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/12 09:16:14.0503 2788 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/12 09:16:14.0659 2788 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/12 09:16:14.0737 2788 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
2011/07/12 09:16:14.0878 2788 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/12 09:16:14.0940 2788 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/07/12 09:16:15.0112 2788 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/12 09:16:15.0174 2788 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/07/12 09:16:15.0283 2788 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/07/12 09:16:15.0346 2788 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/12 09:16:15.0486 2788 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
2011/07/12 09:16:15.0548 2788 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/12 09:16:15.0736 2788 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
2011/07/12 09:16:15.0814 2788 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/07/12 09:16:15.0970 2788 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/07/12 09:16:16.0032 2788 DKbFltr (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys
2011/07/12 09:16:16.0204 2788 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/07/12 09:16:16.0266 2788 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/12 09:16:16.0484 2788 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/07/12 09:16:16.0687 2788 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/12 09:16:16.0812 2788 epmntdrv (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys
2011/07/12 09:16:16.0890 2788 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/07/12 09:16:17.0015 2788 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys
2011/07/12 09:16:17.0124 2788 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/07/12 09:16:17.0249 2788 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/07/12 09:16:17.0311 2788 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/12 09:16:17.0452 2788 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/07/12 09:16:17.0483 2788 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/07/12 09:16:17.0530 2788 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/12 09:16:17.0670 2788 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/07/12 09:16:17.0732 2788 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/07/12 09:16:17.0857 2788 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/12 09:16:17.0920 2788 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/12 09:16:18.0060 2788 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/12 09:16:18.0122 2788 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/12 09:16:18.0294 2788 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/12 09:16:18.0372 2788 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
2011/07/12 09:16:18.0512 2788 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/12 09:16:18.0544 2788 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/12 09:16:18.0684 2788 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/12 09:16:18.0762 2788 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
2011/07/12 09:16:18.0934 2788 hotcore3 (86a41bab21b31f8a1b8f5fb93106b63f) C:\Windows\system32\DRIVERS\hotcore3.sys
2011/07/12 09:16:18.0996 2788 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/07/12 09:16:19.0168 2788 HSF_DPV (efed6bd9b9d5f407adca918bbe2d410d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/07/12 09:16:19.0308 2788 HSXHWAZL (c2eb8396c46e13f76037d70eae8820a9) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/07/12 09:16:19.0370 2788 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
2011/07/12 09:16:19.0495 2788 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/12 09:16:19.0573 2788 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
2011/07/12 09:16:19.0682 2788 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
2011/07/12 09:16:19.0776 2788 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
2011/07/12 09:16:19.0885 2788 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/12 09:16:20.0057 2788 IntcAzAudAddService (f2baa4ff548f7f0317f7638951c1cd9c) C:\Windows\system32\drivers\RTKVHDA.sys
2011/07/12 09:16:20.0182 2788 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/07/12 09:16:20.0244 2788 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/12 09:16:20.0291 2788 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/12 09:16:20.0431 2788 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
2011/07/12 09:16:20.0494 2788 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/07/12 09:16:20.0618 2788 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/07/12 09:16:20.0696 2788 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/07/12 09:16:20.0728 2788 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
2011/07/12 09:16:20.0884 2788 k57nd60x (c4c95805b85bce1eb9d20f4a02fc5f9b) C:\Windows\system32\DRIVERS\k57nd60x.sys
2011/07/12 09:16:21.0008 2788 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
2011/07/12 09:16:21.0071 2788 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
2011/07/12 09:16:21.0133 2788 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/12 09:16:21.0242 2788 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/12 09:16:21.0383 2788 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/12 09:16:21.0508 2788 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/12 09:16:21.0586 2788 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/12 09:16:21.0679 2788 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/12 09:16:21.0742 2788 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/12 09:16:21.0882 2788 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/07/12 09:16:22.0054 2788 massfilter_hs (6d0667d493702b4ac7cf0399c7f9b656) C:\Windows\system32\drivers\massfilter_hs.sys
2011/07/12 09:16:22.0116 2788 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/07/12 09:16:22.0241 2788 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/12 09:16:22.0288 2788 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/12 09:16:22.0334 2788 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/07/12 09:16:22.0475 2788 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/12 09:16:22.0537 2788 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
2011/07/12 09:16:22.0662 2788 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/12 09:16:22.0724 2788 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
2011/07/12 09:16:22.0849 2788 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
2011/07/12 09:16:22.0927 2788 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/12 09:16:23.0068 2788 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
2011/07/12 09:16:23.0130 2788 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/12 09:16:23.0239 2788 mrxsmb10 (a70c828a93cce4c11617f6249f4d87fc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/12 09:16:23.0286 2788 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/12 09:16:23.0333 2788 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
2011/07/12 09:16:23.0442 2788 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
2011/07/12 09:16:23.0520 2788 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/07/12 09:16:23.0629 2788 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/12 09:16:23.0692 2788 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/07/12 09:16:23.0832 2788 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/12 09:16:23.0894 2788 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/12 09:16:23.0910 2788 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/07/12 09:16:24.0035 2788 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/07/12 09:16:24.0097 2788 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
2011/07/12 09:16:24.0253 2788 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/07/12 09:16:24.0300 2788 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/12 09:16:24.0331 2788 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/07/12 09:16:24.0456 2788 mwlPSDFilter (2de94e435c3efde58c7b1856d4f20724) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
2011/07/12 09:16:24.0503 2788 mwlPSDNServ (61920a7146eed3d903dbbb8ec295af76) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
2011/07/12 09:16:24.0534 2788 mwlPSDVDisk (e0f49721e68ebd2983e84c44fada6665) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
2011/07/12 09:16:24.0674 2788 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/12 09:16:24.0768 2788 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
2011/07/12 09:16:24.0908 2788 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/12 09:16:24.0971 2788 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/12 09:16:25.0096 2788 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/12 09:16:25.0158 2788 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/12 09:16:25.0189 2788 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
2011/07/12 09:16:25.0314 2788 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/12 09:16:25.0361 2788 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/12 09:16:25.0532 2788 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/12 09:16:25.0595 2788 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/07/12 09:16:25.0626 2788 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/12 09:16:25.0782 2788 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
2011/07/12 09:16:25.0954 2788 NTIDrvr (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\Drivers\NTIDrvr.sys
2011/07/12 09:16:26.0016 2788 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/07/12 09:16:26.0141 2788 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
2011/07/12 09:16:26.0188 2788 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
2011/07/12 09:16:26.0219 2788 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/07/12 09:16:26.0250 2788 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/07/12 09:16:26.0390 2788 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/07/12 09:16:26.0453 2788 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
2011/07/12 09:16:26.0562 2788 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/07/12 09:16:26.0640 2788 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
2011/07/12 09:16:26.0671 2788 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/07/12 09:16:26.0796 2788 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/12 09:16:26.0843 2788 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/07/12 09:16:26.0890 2788 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/07/12 09:16:27.0092 2788 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/12 09:16:27.0139 2788 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/07/12 09:16:27.0280 2788 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/12 09:16:27.0436 2788 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
2011/07/12 09:16:27.0529 2788 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/12 09:16:27.0654 2788 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/12 09:16:27.0701 2788 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/12 09:16:27.0748 2788 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/12 09:16:27.0872 2788 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/12 09:16:27.0950 2788 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/12 09:16:28.0106 2788 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/12 09:16:28.0169 2788 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/12 09:16:28.0262 2788 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/12 09:16:28.0340 2788 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/12 09:16:28.0434 2788 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/12 09:16:28.0512 2788 RDPDISPM (a862a3a8d7d2d75bdc41b556325e9876) C:\Windows\system32\DRIVERS\rdpdispm.sys
2011/07/12 09:16:28.0621 2788 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/12 09:16:28.0668 2788 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/12 09:16:28.0715 2788 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
2011/07/12 09:16:28.0840 2788 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
2011/07/12 09:16:28.0933 2788 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/12 09:16:29.0058 2788 RTHDMIAzAudService (87407b31ea6ff0dc4765258164b98bea) C:\Windows\system32\drivers\RtHDMIV.sys
2011/07/12 09:16:29.0136 2788 RTSTOR (05ff3c3100f163558e37d0a975bef05c) C:\Windows\system32\drivers\RTSTOR.SYS
2011/07/12 09:16:29.0245 2788 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/07/12 09:16:29.0339 2788 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/12 09:16:29.0479 2788 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/12 09:16:29.0651 2788 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/12 09:16:29.0854 2788 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/07/12 09:16:29.0994 2788 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/12 09:16:30.0119 2788 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/07/12 09:16:30.0212 2788 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/12 09:16:30.0290 2788 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/12 09:16:30.0337 2788 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/12 09:16:30.0462 2788 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
2011/07/12 09:16:30.0602 2788 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/12 09:16:30.0696 2788 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/12 09:16:30.0821 2788 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/07/12 09:16:30.0914 2788 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/07/12 09:16:31.0055 2788 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
2011/07/12 09:16:31.0133 2788 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/12 09:16:31.0258 2788 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/12 09:16:31.0382 2788 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/12 09:16:31.0460 2788 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
2011/07/12 09:16:31.0601 2788 SynTP (aee6e411a915f50101895ba8dc5c15d4) C:\Windows\system32\DRIVERS\SynTP.sys
2011/07/12 09:16:31.0679 2788 tapoas (827c8058c284ff0013e4462efe2591a3) C:\Windows\system32\DRIVERS\tapoas.sys
2011/07/12 09:16:31.0835 2788 Tcpip (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\drivers\tcpip.sys
2011/07/12 09:16:32.0022 2788 TCPIP6 (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/12 09:16:32.0147 2788 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/12 09:16:32.0225 2788 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
2011/07/12 09:16:32.0256 2788 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
2011/07/12 09:16:32.0365 2788 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/12 09:16:32.0443 2788 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
2011/07/12 09:16:32.0615 2788 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/12 09:16:32.0771 2788 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
2011/07/12 09:16:32.0818 2788 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/12 09:16:32.0942 2788 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/12 09:16:32.0989 2788 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
2011/07/12 09:16:33.0114 2788 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/12 09:16:33.0223 2788 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/12 09:16:33.0348 2788 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
2011/07/12 09:16:33.0410 2788 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/12 09:16:33.0566 2788 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
2011/07/12 09:16:33.0613 2788 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\drivers\usbccgp.sys
2011/07/12 09:16:33.0754 2788 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/07/12 09:16:33.0800 2788 usbehci (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\drivers\usbehci.sys
2011/07/12 09:16:33.0832 2788 usbfilter (edca5124b54bcf04e5c0538aa397a9c1) C:\Windows\system32\DRIVERS\usbfilter.sys
2011/07/12 09:16:33.0941 2788 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
2011/07/12 09:16:33.0988 2788 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys
2011/07/12 09:16:34.0050 2788 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/12 09:16:34.0175 2788 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\drivers\USBSTOR.SYS
2011/07/12 09:16:34.0222 2788 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys
2011/07/12 09:16:34.0253 2788 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
2011/07/12 09:16:34.0393 2788 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/07/12 09:16:34.0487 2788 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/12 09:16:34.0596 2788 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/07/12 09:16:34.0658 2788 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
2011/07/12 09:16:34.0783 2788 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/07/12 09:16:34.0830 2788 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/07/12 09:16:34.0908 2788 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/07/12 09:16:35.0033 2788 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
2011/07/12 09:16:35.0095 2788 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/07/12 09:16:35.0142 2788 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
2011/07/12 09:16:35.0282 2788 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/12 09:16:35.0329 2788 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/07/12 09:16:35.0485 2788 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/07/12 09:16:35.0548 2788 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/12 09:16:35.0610 2788 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/12 09:16:35.0626 2788 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/12 09:16:35.0797 2788 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/07/12 09:16:35.0860 2788 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/12 09:16:36.0047 2788 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/12 09:16:36.0125 2788 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/07/12 09:16:36.0203 2788 winachsf (d0116c473ef3c381a42bb55036a1adb1) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/07/12 09:16:36.0421 2788 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/07/12 09:16:36.0484 2788 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/12 09:16:36.0655 2788 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/12 09:16:36.0749 2788 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
2011/07/12 09:16:36.0874 2788 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/12 09:16:36.0967 2788 XAudio (22a08b9faecd6a306868f59b7f03f188) C:\Windows\system32\DRIVERS\XAudio32.sys
2011/07/12 09:16:37.0108 2788 zghsdiag (5565a88c7be30aa31c71e8aa37e45791) C:\Windows\system32\DRIVERS\zghsdiag.sys
2011/07/12 09:16:37.0154 2788 zghsmdm (5565a88c7be30aa31c71e8aa37e45791) C:\Windows\system32\DRIVERS\zghsmdm.sys
2011/07/12 09:16:37.0295 2788 zghsnmea (5565a88c7be30aa31c71e8aa37e45791) C:\Windows\system32\DRIVERS\zghsnmea.sys
2011/07/12 09:16:37.0388 2788 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/07/12 09:16:37.0420 2788 Boot (0x1200) (110c0351b8749af135b78ed4c128768c) \Device\Harddisk0\DR0\Partition0
2011/07/12 09:16:37.0466 2788 Boot (0x1200) (12cdc09b516e13945bc19d9f715ed795) \Device\Harddisk0\DR0\Partition1
2011/07/12 09:16:37.0482 2788 ================================================================================
2011/07/12 09:16:37.0482 2788 Scan finished
2011/07/12 09:16:37.0482 2788 ================================================================================
2011/07/12 09:16:37.0498 5828 Detected object count: 0
2011/07/12 09:16:37.0498 5828 Actual detected object count: 0
|
|
12.07.2011, 13:50
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware gefunden mit Avast und Spybot SD. Ist mein Rechner jetzt sauber? inkl. logfiles Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.07.2011, 18:40
| #21 |
| | Malware gefunden mit Avast und Spybot SD. Ist mein Rechner jetzt sauber? inkl. logfiles ComboFix wurde aus versehen zu früh gestartet. Dies ist jetzt das Ergebnis des zweiten Durchlaufs. Anscheinend war Windows Defender nicht deaktiviert und ich ahne schon, dass der Vorgang nochmal wiederholt werden muss. Vielen Dank für dein wachsames Auge und die Auswertung des Logs. Code:
ATTFilter ComboFix 11-07-12.09 - *** 13/07/2011 17:59:48.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2814.1778 [GMT 1:00]
Running from: e:\freeware\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Readme.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-06-13 to 2011-07-13 )))))))))))))))))))))))))))))))
.
.
2011-07-13 17:10 . 2011-07-13 17:10 -------- d-----w- c:\users\***\AppData\Local\temp
2011-07-13 17:10 . 2011-07-13 17:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-12 12:14 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B5BA84C-0700-4705-9CBE-A5D3D4DF8268}\mpengine.dll
2011-07-04 20:09 . 2011-07-04 20:09 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2011-07-04 20:09 . 2011-05-29 08:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-04 20:09 . 2011-07-04 20:09 -------- d-----w- c:\programdata\Malwarebytes
2011-07-04 20:09 . 2011-05-29 08:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-02 12:37 . 2011-01-17 05:47 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-07-02 12:37 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-07-02 12:37 . 2011-02-24 05:38 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-07-02 12:35 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-07-02 12:34 . 2011-07-02 12:34 -------- d-----w- c:\program files\Apple Software Update
2011-07-02 12:33 . 2011-07-02 12:33 -------- d-----w- c:\program files\iPod
2011-07-02 12:33 . 2011-07-02 12:33 -------- d-----w- c:\program files\iTunes
2011-07-02 12:11 . 2011-07-02 12:11 -------- d-----w- c:\program files\Common Files\Java
2011-07-02 12:07 . 2011-07-02 12:07 -------- d-----w- c:\program files\FileZilla FTP Client
2011-07-02 12:06 . 2011-03-25 19:04 18048 ----a-w- c:\windows\system32\EuEpmGdi.dll
2011-07-02 12:06 . 2011-03-25 19:03 2340992 ----a-w- c:\windows\system32\BootMan.exe
2011-07-02 12:06 . 2011-03-24 09:57 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2011-07-02 12:06 . 2011-03-24 09:57 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2011-07-02 12:06 . 2011-03-24 09:57 14216 ----a-w- c:\windows\system32\epmntdrv.sys
2011-07-02 09:44 . 2011-07-02 09:44 -------- d-----w- c:\windows\system32\SPReview
2011-07-02 09:20 . 2011-07-02 09:20 -------- d-----w- c:\program files\Common Files\Adobe
2011-07-02 09:11 . 2010-11-20 09:50 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2011-07-02 09:10 . 2010-11-20 12:21 270848 ----a-w- c:\windows\system32\tsmf.dll
2011-07-02 09:09 . 2010-11-20 12:20 864256 ----a-w- c:\program files\Common Files\System\Ole DB\oledb32.dll
2011-07-02 09:08 . 2010-11-20 12:20 1596416 ----a-w- c:\program files\DVD Maker\Pipeline.dll
2011-07-02 09:07 . 2010-11-20 12:21 67584 ----a-w- c:\windows\system32\WUDFSvc.dll
2011-07-02 09:06 . 2010-11-20 12:21 301568 ----a-w- c:\windows\system32\srchadmin.dll
2011-07-02 09:06 . 2010-11-20 12:20 859648 ----a-w- c:\windows\system32\OobeFldr.dll
2011-07-02 09:06 . 2010-11-20 09:50 31232 ----a-w- c:\windows\system32\drivers\CompositeBus.sys
2011-07-02 09:06 . 2010-11-20 08:38 108544 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-07-02 09:06 . 2010-11-20 12:29 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-07-02 09:06 . 2010-11-20 12:29 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-07-02 09:06 . 2010-11-20 08:47 10240 ----a-w- c:\windows\system32\drivers\acpipmi.sys
2011-07-02 09:06 . 2010-11-20 12:29 274304 ----a-w- c:\windows\system32\drivers\acpi.sys
2011-07-02 09:06 . 2010-11-20 10:01 164864 ----a-w- c:\windows\system32\drivers\1394ohci.sys
2011-07-01 22:54 . 2011-07-01 22:54 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-01 22:54 . 2011-07-01 22:54 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-29 16:41 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 16:41 . 2010-11-20 12:18 145920 ----a-w- c:\windows\system32\cfgmgr32.dll
2011-06-19 22:56 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-19 22:56 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-06-19 22:56 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-19 22:13 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-19 22:13 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-19 22:13 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-19 22:13 . 2011-04-25 04:31 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-19 22:13 . 2010-11-20 12:29 187776 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2011-06-19 22:13 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-19 22:13 . 2011-02-25 05:34 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-19 22:13 . 2011-04-27 02:17 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-19 22:13 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-19 22:13 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-19 22:13 . 2011-05-03 04:30 741376 ----a-w- c:\windows\system32\inetcomm.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 17:59 . 2011-03-26 13:33 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-07-04 11:43 . 2010-10-03 19:36 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2010-10-03 19:36 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-05-17 17:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2010-10-03 19:37 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2010-10-03 19:37 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2010-10-03 19:37 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-10-03 19:37 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2010-10-03 19:37 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-02 12:11 . 2010-10-01 19:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-02 12:08 . 2011-05-26 12:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-02 09:51 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-05-24 18:14 . 2010-06-03 22:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-07-01 22:54 . 2011-04-01 22:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-06-10 19:34 . 2010-06-10 19:34 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-10-27 11:05 40496 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-10 30192]
"KeePass 2 PreLoad"="c:\program files\KeePass Password Safe 2\KeePass.exe" [2011-04-10 1733120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Metacafe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Metacafe.lnk
backup=c:\windows\pss\Metacafe.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OpenVPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN Client.lnk
backup=c:\windows\pss\OpenVPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SMART Board Tools.lnk]
backup=c:\windows\pss\SMART Board Tools.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SMART Board Tools.lnk
.
[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePower Management]
2009-08-28 20:05 703008 ----a-w- c:\program files\Acer\Acer ePower Management\ePowerTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 11:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-06 11:55 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent]
2009-01-20 23:41 156968 ----a-w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupManagerTray]
2009-04-01 20:06 249600 ----a-w- c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2009-01-20 23:41 202024 ----a-w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisTecLiveUpdate]
2008-10-27 14:09 199464 ----a-w- c:\program files\EgisTec Egis Software Update\EgisUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2010-11-20 12:17 144384 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 16:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jessops Insert Detect]
2003-02-17 11:45 262144 ----a-w- c:\program files\Jessops\Picture Suite\InsDetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2009-08-27 04:48 1194504 ----a-w- c:\program files\Launch Manager\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mwlDaemon]
2008-10-27 11:05 346672 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2008-12-26 16:30 173288 ----a-w- c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI]
2009-06-11 08:36 200704 ----a-w- c:\windows\PLFSetI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProductReg]
2008-11-17 08:47 135168 ----a-w- c:\program files\Acer\WR_PopUp\ProductReg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 17:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-07-06 09:47 7600672 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2009-07-06 09:48 1833504 ------w- c:\program files\Realtek\Audio\HDA\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMART Board Service]
2009-09-17 11:42 2647336 ----a-w- c:\program files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMART SNMP Agent]
2009-09-17 11:43 1049896 ----a-w- c:\program files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-12-05 06:54 1410344 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2009-07-14 01:14 660480 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
R2 OpenVPNAccessClient;OpenVPN Access Client;c:\program files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [2010-08-12 24064]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2010-08-07 25728]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-03-24 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-03-24 8456]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-10 30192]
R3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [2010-06-28 9216]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [2010-06-11 9040]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-19 1343400]
R3 zghsdiag;ZTE General Handset Diagnostic Port;c:\windows\system32\DRIVERS\zghsdiag.sys [2010-09-08 106752]
R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys [2010-09-08 106752]
R3 zghsnmea;ZTE General Handset NMEA Port;c:\windows\system32\DRIVERS\zghsnmea.sys [2010-09-08 106752]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-01-15 40560]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-18 75048]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-28 727584]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2008-10-09 19504]
S2 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2008-10-09 16432]
S2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-10-09 59952]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2008-10-27 306736]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-01 54528]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-04-19 993848]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-04-19 399416]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2010-08-03 26112]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-28 22072]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeapfk
*Deregistered* - mfeavfk
*Deregistered* - mfebopk
*Deregistered* - mfehidk
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
Akamai REG_MULTI_SZ Akamai
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://starter.metacafe.com
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0609&m=aspire_5536
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\kvxt9ehx.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxps://duckduckgo.com/?q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
BHO-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
MSConfigStartUp-Freecorder FLV Service - e:\documents\FLVSrvc.exe
MSConfigStartUp-SearchSettings - c:\program files\pdfforge Toolbar\SearchSettings.exe
MSConfigStartUp-StartCCC - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-07-13 18:14:43
ComboFix-quarantined-files.txt 2011-07-13 17:14
.
Pre-Run: 36,227,309,568 bytes free
Post-Run: 36,047,413,248 bytes free
.
- - End Of File - - 4A04ABEB1090FED08067E650F70ECE72
|
|
13.07.2011, 20:10
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware gefunden mit Avast und Spybot SD. Ist mein Rechner jetzt sauber? inkl. logfiles Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.07.2011, 18:28
| #23 |
| | Malware gefunden mit Avast und Spybot SD. Ist mein Rechner jetzt sauber? inkl. logfiles Hallo, Ich war die letzten paar Tage weg. Nun habe ich aber die Logs beider Scans. Code:
ATTFilter GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-07-14 12:39:46
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545025B9A300 rev.PB2OC60F
Running: 87hyv2pp.exe; Driver: C:\Users\***\AppData\Local\Temp\awdoqpoc.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8AF7D202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x90A2CD8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8AF7F7F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8AF7F848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8AF7F95E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8AF7F746]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8AF7F898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8AF7F79A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8AF7F90C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8AF7D226]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x90A2CE3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8AF7CFF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8AF7D24A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8AF7FD56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8AF7DCDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8AF7F820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8AF7F870]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8AF7F988]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8AF7F772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8AF7F8D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8AF7F7C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8AF7F936]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x90A2CED4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8AF7DBA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8AF7D26E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8AF7D292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8AF7D04A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8AF7D186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8AF7D162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8AF7D1AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8AF7D2B6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x90A42398]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKey + 13C1 8348C339 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 834C5D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 834CCDC0 4 Bytes [02, D2, F7, 8A]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 834CCDE8 4 Bytes [8C, CD, A2, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 834CCE9C 8 Bytes [F0, F7, F7, 8A, 48, F8, F7, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 834CCEA8 4 Bytes [5E, F9, F7, 8A]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 834CCEC4 4 Bytes [46, F7, F7, 8A]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 83659B72 5 Bytes JMP 90A3DD4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 8367215E 5 Bytes JMP 90A3F80A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 8368725D 4 Bytes CALL 8AF7E34B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 836A102F 4 Bytes CALL 8AF7E361 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 8372AE6E 7 Bytes JMP 90A4239C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91A09000, 0x2D5378, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\svchost.exe[280] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[280] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[280] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[324] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 000603FC
.text C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[324] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 000601F8
.text C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[324] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[324] USER32.dll!UnhookWindowsHookEx 7671ADF9 5 Bytes JMP 00100A08
.text C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[324] USER32.dll!UnhookWinEvent 7671B750 5 Bytes JMP 001003FC
.text C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[324] USER32.dll!SetWindowsHookExW 7671E30C 5 Bytes JMP 00100804
.text C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[324] USER32.dll!SetWinEventHook 767224DC 5 Bytes JMP 001001F8
.text C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[324] USER32.dll!SetWindowsHookExA 76746D0C 5 Bytes JMP 00100600
.text C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe[344] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe[344] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 001601F8
.text C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe[344] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe[344] USER32.dll!UnhookWindowsHookEx 7671ADF9 5 Bytes JMP 00190A08
.text C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe[344] USER32.dll!UnhookWinEvent 7671B750 5 Bytes JMP 001903FC
.text C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe[344] USER32.dll!SetWindowsHookExW 7671E30C 5 Bytes JMP 00190804
.text C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe[344] USER32.dll!SetWinEventHook 767224DC 5 Bytes JMP 001901F8
.text C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe[344] USER32.dll!SetWindowsHookExA 76746D0C 5 Bytes JMP 00190600
.text C:\Windows\system32\csrss.exe[404] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Windows\system32\wininit.exe[480] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[480] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[480] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Windows\system32\wininit.exe[480] USER32.dll!UnhookWindowsHookEx 7671ADF9 5 Bytes JMP 000C0A08
.text C:\Windows\system32\wininit.exe[480] USER32.dll!UnhookWinEvent 7671B750 5 Bytes JMP 000C03FC
.text C:\Windows\system32\wininit.exe[480] USER32.dll!SetWindowsHookExW 7671E30C 5 Bytes JMP 000C0804
.text C:\Windows\system32\wininit.exe[480] USER32.dll!SetWinEventHook 767224DC 5 Bytes JMP 000C01F8
.text C:\Windows\system32\wininit.exe[480] USER32.dll!SetWindowsHookExA 76746D0C 5 Bytes JMP 000C0600
.text C:\Windows\system32\csrss.exe[492] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Windows\system32\services.exe[528] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\services.exe[528] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\services.exe[528] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Windows\system32\lsass.exe[552] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsass.exe[552] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsass.exe[552] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Windows\system32\lsass.exe[552] USER32.dll!UnhookWindowsHookEx 7671ADF9 5 Bytes JMP 000D0A08
.text C:\Windows\system32\lsass.exe[552] USER32.dll!UnhookWinEvent 7671B750 5 Bytes JMP 000D03FC
.text C:\Windows\system32\lsass.exe[552] USER32.dll!SetWindowsHookExW 7671E30C 5 Bytes JMP 000D0804
.text C:\Windows\system32\lsass.exe[552] USER32.dll!SetWinEventHook 767224DC 5 Bytes JMP 000D01F8
.text C:\Windows\system32\lsass.exe[552] USER32.dll!SetWindowsHookExA 76746D0C 5 Bytes JMP 000D0600
.text C:\Windows\system32\lsm.exe[560] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsm.exe[560] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsm.exe[560] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[596] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[596] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[596] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[596] USER32.dll!UnhookWindowsHookEx 7671ADF9 5 Bytes JMP 00050A08
.text C:\Windows\system32\winlogon.exe[596] USER32.dll!UnhookWinEvent 7671B750 5 Bytes JMP 000503FC
.text C:\Windows\system32\winlogon.exe[596] USER32.dll!SetWindowsHookExW 7671E30C 5 Bytes JMP 00050804
.text C:\Windows\system32\winlogon.exe[596] USER32.dll!SetWinEventHook 767224DC 5 Bytes JMP 000501F8
.text C:\Windows\system32\winlogon.exe[596] USER32.dll!SetWindowsHookExA 76746D0C 5 Bytes JMP 00050600
.text C:\Windows\system32\svchost.exe[712] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[712] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[712] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Windows\system32\svchost.exe[808] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[808] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[808] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Windows\system32\atiesrxx.exe[856] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 001603FC
.text C:\Windows\system32\atiesrxx.exe[856] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 001601F8
.text C:\Windows\system32\atiesrxx.exe[856] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Windows\system32\atiesrxx.exe[856] USER32.dll!UnhookWindowsHookEx 7671ADF9 5 Bytes JMP 001F0A08
.text C:\Windows\system32\atiesrxx.exe[856] USER32.dll!UnhookWinEvent 7671B750 5 Bytes JMP 001F03FC
.text C:\Windows\system32\atiesrxx.exe[856] USER32.dll!SetWindowsHookExW 7671E30C 5 Bytes JMP 001F0804
.text C:\Windows\system32\atiesrxx.exe[856] USER32.dll!SetWinEventHook 767224DC 5 Bytes JMP 001F01F8
.text C:\Windows\system32\atiesrxx.exe[856] USER32.dll!SetWindowsHookExA 76746D0C 5 Bytes JMP 001F0600
.text C:\Windows\System32\svchost.exe[952] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[952] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[952] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Windows\System32\svchost.exe[952] USER32.dll!UnhookWindowsHookEx 7671ADF9 5 Bytes JMP 00870A08
.text C:\Windows\System32\svchost.exe[952] USER32.dll!UnhookWinEvent 7671B750 5 Bytes JMP 008703FC
.text C:\Windows\System32\svchost.exe[952] USER32.dll!SetWindowsHookExW 7671E30C 5 Bytes JMP 00870804
.text C:\Windows\System32\svchost.exe[952] USER32.dll!SetWinEventHook 767224DC 5 Bytes JMP 008701F8
.text C:\Windows\System32\svchost.exe[952] USER32.dll!SetWindowsHookExA 76746D0C 5 Bytes JMP 00870600
.text C:\Windows\System32\svchost.exe[1000] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[1000] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1000] USER32.dll!UnhookWindowsHookEx 7671ADF9 5 Bytes JMP 003C0A08
.text C:\Windows\System32\svchost.exe[1000] USER32.dll!UnhookWinEvent 7671B750 5 Bytes JMP 003C03FC
.text C:\Windows\System32\svchost.exe[1000] USER32.dll!SetWindowsHookExW 7671E30C 5 Bytes JMP 003C0804
.text C:\Windows\System32\svchost.exe[1000] USER32.dll!SetWinEventHook 767224DC 5 Bytes JMP 003C01F8
.text C:\Windows\System32\svchost.exe[1000] USER32.dll!SetWindowsHookExA 76746D0C 5 Bytes JMP 003C0600
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1036] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1036] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 001601F8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1036] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1036] USER32.dll!UnhookWindowsHookEx 7671ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1036] USER32.dll!UnhookWinEvent 7671B750 5 Bytes JMP 001F03FC
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1036] USER32.dll!SetWindowsHookExW 7671E30C 5 Bytes JMP 001F0804
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1036] USER32.dll!SetWinEventHook 767224DC 5 Bytes JMP 001F01F8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1036] USER32.dll!SetWindowsHookExA 76746D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\svchost.exe[1044] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1044] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1044] USER32.dll!UnhookWindowsHookEx 7671ADF9 5 Bytes JMP 00C10A08
.text C:\Windows\system32\svchost.exe[1044] USER32.dll!UnhookWinEvent 7671B750 5 Bytes JMP 00C103FC
.text C:\Windows\system32\svchost.exe[1044] USER32.dll!SetWindowsHookExW 7671E30C 5 Bytes JMP 00C10804
.text C:\Windows\system32\svchost.exe[1044] USER32.dll!SetWinEventHook 767224DC 5 Bytes JMP 00C101F8
.text C:\Windows\system32\svchost.exe[1044] USER32.dll!SetWindowsHookExA 76746D0C 5 Bytes JMP 00C10600
.text C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe[1152] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe[1152] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 001601F8
.text C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe[1152] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1172] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1172] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1172] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1172] USER32.dll!UnhookWindowsHookEx 7671ADF9 5 Bytes JMP 00900A08
.text C:\Windows\system32\svchost.exe[1172] USER32.dll!UnhookWinEvent 7671B750 5 Bytes JMP 009003FC
.text C:\Windows\system32\svchost.exe[1172] USER32.dll!SetWindowsHookExW 7671E30C 5 Bytes JMP 00900804
.text C:\Windows\system32\svchost.exe[1172] USER32.dll!SetWinEventHook 767224DC 5 Bytes JMP 009001F8
.text C:\Windows\system32\svchost.exe[1172] USER32.dll!SetWindowsHookExA 76746D0C 5 Bytes JMP 00900600
.text C:\Windows\system32\atieclxx.exe[1256] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 001603FC
.text C:\Windows\system32\atieclxx.exe[1256] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 001601F8
.text C:\Windows\system32\atieclxx.exe[1256] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Windows\system32\atieclxx.exe[1256] USER32.dll!UnhookWindowsHookEx 7671ADF9 5 Bytes JMP 001F0A08
.text C:\Windows\system32\atieclxx.exe[1256] USER32.dll!UnhookWinEvent 7671B750 5 Bytes JMP 001F03FC
.text C:\Windows\system32\atieclxx.exe[1256] USER32.dll!SetWindowsHookExW 7671E30C 5 Bytes JMP 001F0804
.text C:\Windows\system32\atieclxx.exe[1256] USER32.dll!SetWinEventHook 767224DC 5 Bytes JMP 001F01F8
.text C:\Windows\system32\atieclxx.exe[1256] USER32.dll!SetWindowsHookExA 76746D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\svchost.exe[1276] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1276] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1276] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1276] USER32.dll!UnhookWindowsHookEx 7671ADF9 5 Bytes JMP 008F0A08
.text C:\Windows\system32\svchost.exe[1276] USER32.dll!UnhookWinEvent 7671B750 5 Bytes JMP 008F03FC
.text C:\Windows\system32\svchost.exe[1276] USER32.dll!SetWindowsHookExW 7671E30C 5 Bytes JMP 008F0804
.text C:\Windows\system32\svchost.exe[1276] USER32.dll!SetWinEventHook 767224DC 5 Bytes JMP 008F01F8
.text C:\Windows\system32\svchost.exe[1276] USER32.dll!SetWindowsHookExA 76746D0C 5 Bytes JMP 008F0600
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1400] kernel32.dll!SetUnhandledExceptionFilter 75F13D01 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1400] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Program Files\Secunia\PSI\PSIA.exe[1472] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 000603FC
.text C:\Program Files\Secunia\PSI\PSIA.exe[1472] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 000601F8
.text C:\Program Files\Secunia\PSI\PSIA.exe[1472] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Program Files\Secunia\PSI\PSIA.exe[1472] USER32.dll!UnhookWindowsHookEx 7671ADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Secunia\PSI\PSIA.exe[1472] USER32.dll!UnhookWinEvent 7671B750 5 Bytes JMP 001003FC
.text C:\Program Files\Secunia\PSI\PSIA.exe[1472] USER32.dll!SetWindowsHookExW 7671E30C 5 Bytes JMP 00100804
.text C:\Program Files\Secunia\PSI\PSIA.exe[1472] USER32.dll!SetWinEventHook 767224DC 5 Bytes JMP 001001F8
.text C:\Program Files\Secunia\PSI\PSIA.exe[1472] USER32.dll!SetWindowsHookExA 76746D0C 5 Bytes JMP 00100600
.text C:\Windows\System32\spoolsv.exe[1732] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\spoolsv.exe[1732] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\spoolsv.exe[1732] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1732] USER32.dll!UnhookWindowsHookEx 7671ADF9 5 Bytes JMP 00140A08
.text C:\Windows\System32\spoolsv.exe[1732] USER32.dll!UnhookWinEvent 7671B750 5 Bytes JMP 001403FC
.text C:\Windows\System32\spoolsv.exe[1732] USER32.dll!SetWindowsHookExW 7671E30C 5 Bytes JMP 00140804
.text C:\Windows\System32\spoolsv.exe[1732] USER32.dll!SetWinEventHook 767224DC 5 Bytes JMP 001401F8
.text C:\Windows\System32\spoolsv.exe[1732] USER32.dll!SetWindowsHookExA 76746D0C 5 Bytes JMP 00140600
.text C:\Windows\system32\svchost.exe[1760] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 000A03FC
.text C:\Windows\system32\svchost.exe[1760] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 000A01F8
.text C:\Windows\system32\svchost.exe[1760] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1760] USER32.dll!UnhookWindowsHookEx 7671ADF9 5 Bytes JMP 003D0A08
.text C:\Windows\system32\svchost.exe[1760] USER32.dll!UnhookWinEvent 7671B750 5 Bytes JMP 003D03FC
.text C:\Windows\system32\svchost.exe[1760] USER32.dll!SetWindowsHookExW 7671E30C 5 Bytes JMP 003D0804
.text C:\Windows\system32\svchost.exe[1760] USER32.dll!SetWinEventHook 767224DC 5 Bytes JMP 003D01F8
.text C:\Windows\system32\svchost.exe[1760] USER32.dll!SetWindowsHookExA 76746D0C 5 Bytes JMP 003D0600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1840] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 000703FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1840] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1840] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1840] USER32.dll!UnhookWindowsHookEx 7671ADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1840] USER32.dll!UnhookWinEvent 7671B750 5 Bytes JMP 001003FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1840] USER32.dll!SetWindowsHookExW 7671E30C 5 Bytes JMP 00100804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1840] USER32.dll!SetWinEventHook 767224DC 5 Bytes JMP 001001F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1840] USER32.dll!SetWindowsHookExA 76746D0C 5 Bytes JMP 00100600
.text C:\Windows\System32\svchost.exe[1880] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[1880] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[1880] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1880] USER32.dll!UnhookWindowsHookEx 7671ADF9 5 Bytes JMP 00310A08
.text C:\Windows\System32\svchost.exe[1880] USER32.dll!UnhookWinEvent 7671B750 5 Bytes JMP 003103FC
.text C:\Windows\System32\svchost.exe[1880] USER32.dll!SetWindowsHookExW 7671E30C 5 Bytes JMP 00310804
.text C:\Windows\System32\svchost.exe[1880] USER32.dll!SetWinEventHook 767224DC 5 Bytes JMP 003101F8
.text C:\Windows\System32\svchost.exe[1880] USER32.dll!SetWindowsHookExA 76746D0C 5 Bytes JMP 00310600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1904] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1904] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1904] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1904] USER32.dll!UnhookWindowsHookEx 7671ADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1904] USER32.dll!UnhookWinEvent 7671B750 5 Bytes JMP 001003FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1904] USER32.dll!SetWindowsHookExW 7671E30C 5 Bytes JMP 00100804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1904] USER32.dll!SetWinEventHook 767224DC 5 Bytes JMP 001001F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1904] USER32.dll!SetWindowsHookExA 76746D0C 5 Bytes JMP 00100600
.text C:\Program Files\Bonjour\mDNSResponder.exe[1952] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 000603FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[1952] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 000601F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1952] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1952] USER32.dll!UnhookWindowsHookEx 7671ADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[1952] USER32.dll!UnhookWinEvent 7671B750 5 Bytes JMP 001003FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[1952] USER32.dll!SetWindowsHookExW 7671E30C 5 Bytes JMP 00100804
.text C:\Program Files\Bonjour\mDNSResponder.exe[1952] USER32.dll!SetWinEventHook 767224DC 5 Bytes JMP 001001F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1952] USER32.dll!SetWindowsHookExA 76746D0C 5 Bytes JMP 00100600
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[1980] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[1980] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 001601F8
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[1980] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[1980] USER32.dll!UnhookWindowsHookEx 7671ADF9 5 Bytes JMP 00180A08
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[1980] USER32.dll!UnhookWinEvent 7671B750 5 Bytes JMP 001803FC
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[1980] USER32.dll!SetWindowsHookExW 7671E30C 5 Bytes JMP 00180804
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[1980] USER32.dll!SetWinEventHook 767224DC 5 Bytes JMP 001801F8
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[1980] USER32.dll!SetWindowsHookExA 76746D0C 5 Bytes JMP 00180600
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[2016] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[2016] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 001601F8
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[2016] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[2016] USER32.dll!UnhookWindowsHookEx 7671ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[2016] USER32.dll!UnhookWinEvent 7671B750 5 Bytes JMP 002003FC
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[2016] USER32.dll!SetWindowsHookExW 7671E30C 5 Bytes JMP 00200804
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[2016] USER32.dll!SetWinEventHook 767224DC 5 Bytes JMP 002001F8
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[2016] USER32.dll!SetWindowsHookExA 76746D0C 5 Bytes JMP 00200600
.text C:\Windows\system32\Dwm.exe[2056] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\Dwm.exe[2056] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\Dwm.exe[2056] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[2056] USER32.dll!UnhookWindowsHookEx 7671ADF9 5 Bytes JMP 00100A08
.text C:\Windows\system32\Dwm.exe[2056] USER32.dll!UnhookWinEvent 7671B750 5 Bytes JMP 001003FC
.text C:\Windows\system32\Dwm.exe[2056] USER32.dll!SetWindowsHookExW 7671E30C 5 Bytes JMP 00100804
.text C:\Windows\system32\Dwm.exe[2056] USER32.dll!SetWinEventHook 767224DC 5 Bytes JMP 001001F8
.text C:\Windows\system32\Dwm.exe[2056] USER32.dll!SetWindowsHookExA 76746D0C 5 Bytes JMP 00100600
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2340] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2340] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 001601F8
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2340] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2340] USER32.dll!UnhookWindowsHookEx 7671ADF9 5 Bytes JMP 002F0A08
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2340] USER32.dll!UnhookWinEvent 7671B750 5 Bytes JMP 002F03FC
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2340] USER32.dll!SetWindowsHookExW 7671E30C 5 Bytes JMP 002F0804
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2340] USER32.dll!SetWinEventHook 767224DC 5 Bytes JMP 002F01F8
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2340] USER32.dll!SetWindowsHookExA 76746D0C 5 Bytes JMP 002F0600
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[2528] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[2528] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[2528] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[2528] USER32.dll!UnhookWindowsHookEx 7671ADF9 5 Bytes JMP 000F0A08
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[2528] USER32.dll!UnhookWinEvent 7671B750 5 Bytes JMP 000F03FC
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[2528] USER32.dll!SetWindowsHookExW 7671E30C 5 Bytes JMP 000F0804
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[2528] USER32.dll!SetWinEventHook 767224DC 5 Bytes JMP 000F01F8
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[2528] USER32.dll!SetWindowsHookExA 76746D0C 5 Bytes JMP 000F0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2640] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2640] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2640] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2640] USER32.dll!UnhookWindowsHookEx 7671ADF9 5 Bytes JMP 00210A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2640] USER32.dll!UnhookWinEvent 7671B750 5 Bytes JMP 002103FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2640] USER32.dll!SetWindowsHookExW 7671E30C 5 Bytes JMP 00210804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2640] USER32.dll!SetWinEventHook 767224DC 5 Bytes JMP 002101F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2640] USER32.dll!SetWindowsHookExA 76746D0C 5 Bytes JMP 00210600
.text C:\Windows\System32\alg.exe[2680] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\alg.exe[2680] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\alg.exe[2680] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Windows\System32\alg.exe[2680] USER32.dll!UnhookWindowsHookEx 7671ADF9 5 Bytes JMP 00100A08
.text C:\Windows\System32\alg.exe[2680] USER32.dll!UnhookWinEvent 7671B750 5 Bytes JMP 001003FC
.text C:\Windows\System32\alg.exe[2680] USER32.dll!SetWindowsHookExW 7671E30C 5 Bytes JMP 00100804
.text C:\Windows\System32\alg.exe[2680] USER32.dll!SetWinEventHook 767224DC 5 Bytes JMP 001001F8
.text C:\Windows\System32\alg.exe[2680] USER32.dll!SetWindowsHookExA 76746D0C 5 Bytes JMP 00100600
.text C:\Windows\system32\svchost.exe[2788] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[2788] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[2788] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2788] USER32.dll!UnhookWindowsHookEx 7671ADF9 5 Bytes JMP 008D0A08
.text C:\Windows\system32\svchost.exe[2788] USER32.dll!UnhookWinEvent 7671B750 5 Bytes JMP 008D03FC
.text C:\Windows\system32\svchost.exe[2788] USER32.dll!SetWindowsHookExW 7671E30C 5 Bytes JMP 008D0804
.text C:\Windows\system32\svchost.exe[2788] USER32.dll!SetWinEventHook 767224DC 5 Bytes JMP 008D01F8
.text C:\Windows\system32\svchost.exe[2788] USER32.dll!SetWindowsHookExA 76746D0C 5 Bytes JMP 008D0600
.text C:\Windows\system32\svchost.exe[2912] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[2912] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[2912] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2912] USER32.dll!UnhookWindowsHookEx 7671ADF9 5 Bytes JMP 00210A08
.text C:\Windows\system32\svchost.exe[2912] USER32.dll!UnhookWinEvent 7671B750 5 Bytes JMP 002103FC
.text C:\Windows\system32\svchost.exe[2912] USER32.dll!SetWindowsHookExW 7671E30C 5 Bytes JMP 00210804
.text C:\Windows\system32\svchost.exe[2912] USER32.dll!SetWinEventHook 767224DC 5 Bytes JMP 002101F8
.text C:\Windows\system32\svchost.exe[2912] USER32.dll!SetWindowsHookExA 76746D0C 5 Bytes JMP 00210600
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2968] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2992] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2992] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 001601F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2992] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2992] USER32.dll!UnhookWindowsHookEx 7671ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2992] USER32.dll!UnhookWinEvent 7671B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2992] USER32.dll!SetWindowsHookExW 7671E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2992] USER32.dll!SetWinEventHook 767224DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2992] USER32.dll!SetWindowsHookExA 76746D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\wuauclt.exe[3032] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 000703FC
.text C:\Windows\system32\wuauclt.exe[3032] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 000701F8
.text C:\Windows\system32\wuauclt.exe[3032] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Windows\system32\wuauclt.exe[3032] USER32.dll!UnhookWindowsHookEx 7671ADF9 5 Bytes JMP 00100A08
.text C:\Windows\system32\wuauclt.exe[3032] USER32.dll!UnhookWinEvent 7671B750 5 Bytes JMP 001003FC
.text C:\Windows\system32\wuauclt.exe[3032] USER32.dll!SetWindowsHookExW 7671E30C 5 Bytes JMP 00100804
.text C:\Windows\system32\wuauclt.exe[3032] USER32.dll!SetWinEventHook 767224DC 5 Bytes JMP 001001F8
.text C:\Windows\system32\wuauclt.exe[3032] USER32.dll!SetWindowsHookExA 76746D0C 5 Bytes JMP 00100600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3168] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3168] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 001601F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3168] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3168] USER32.dll!UnhookWindowsHookEx 7671ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3168] USER32.dll!UnhookWinEvent 7671B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3168] USER32.dll!SetWindowsHookExW 7671E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3168] USER32.dll!SetWinEventHook 767224DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3168] USER32.dll!SetWindowsHookExA 76746D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Secunia\PSI\sua.exe[3172] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 000703FC
.text C:\Program Files\Secunia\PSI\sua.exe[3172] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 000701F8
.text C:\Program Files\Secunia\PSI\sua.exe[3172] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[3284] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\taskeng.exe[3284] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\taskeng.exe[3284] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[3284] USER32.dll!UnhookWindowsHookEx 7671ADF9 5 Bytes JMP 00130A08
.text C:\Windows\system32\taskeng.exe[3284] USER32.dll!UnhookWinEvent 7671B750 5 Bytes JMP 001303FC
.text C:\Windows\system32\taskeng.exe[3284] USER32.dll!SetWindowsHookExW 7671E30C 5 Bytes JMP 00130804
.text C:\Windows\system32\taskeng.exe[3284] USER32.dll!SetWinEventHook 767224DC 5 Bytes JMP 001301F8
.text C:\Windows\system32\taskeng.exe[3284] USER32.dll!SetWindowsHookExA 76746D0C 5 Bytes JMP 00130600
.text C:\Windows\System32\svchost.exe[3544] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[3544] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[3544] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3544] user32.dll!UnhookWindowsHookEx 7671ADF9 5 Bytes JMP 001D0A08
.text C:\Windows\System32\svchost.exe[3544] user32.dll!UnhookWinEvent 7671B750 5 Bytes JMP 001D03FC
.text C:\Windows\System32\svchost.exe[3544] user32.dll!SetWindowsHookExW 7671E30C 5 Bytes JMP 001D0804
.text C:\Windows\System32\svchost.exe[3544] user32.dll!SetWinEventHook 767224DC 5 Bytes JMP 001D01F8
.text C:\Windows\System32\svchost.exe[3544] user32.dll!SetWindowsHookExA 76746D0C 5 Bytes JMP 001D0600
.text C:\Windows\System32\svchost.exe[3628] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[3628] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[3628] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3628] USER32.dll!UnhookWindowsHookEx 7671ADF9 5 Bytes JMP 00150A08
.text C:\Windows\System32\svchost.exe[3628] USER32.dll!UnhookWinEvent 7671B750 5 Bytes JMP 001503FC
.text C:\Windows\System32\svchost.exe[3628] USER32.dll!SetWindowsHookExW 7671E30C 5 Bytes JMP 00150804
.text C:\Windows\System32\svchost.exe[3628] USER32.dll!SetWinEventHook 767224DC 5 Bytes JMP 001501F8
.text C:\Windows\System32\svchost.exe[3628] USER32.dll!SetWindowsHookExA 76746D0C 5 Bytes JMP 00150600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3672] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 000A03FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3672] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 000A01F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3672] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3672] USER32.dll!UnhookWindowsHookEx 7671ADF9 5 Bytes JMP 00150A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3672] USER32.dll!UnhookWinEvent 7671B750 5 Bytes JMP 001503FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3672] USER32.dll!SetWindowsHookExW 7671E30C 5 Bytes JMP 00150804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3672] USER32.dll!SetWinEventHook 767224DC 5 Bytes JMP 001501F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3672] USER32.dll!SetWindowsHookExA 76746D0C 5 Bytes JMP 00150600
.text C:\Windows\system32\SearchIndexer.exe[3704] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\SearchIndexer.exe[3704] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\SearchIndexer.exe[3704] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3704] USER32.dll!UnhookWindowsHookEx 7671ADF9 5 Bytes JMP 00140A08
.text C:\Windows\system32\SearchIndexer.exe[3704] USER32.dll!UnhookWinEvent 7671B750 5 Bytes JMP 001403FC
.text C:\Windows\system32\SearchIndexer.exe[3704] USER32.dll!SetWindowsHookExW 7671E30C 5 Bytes JMP 00140804
.text C:\Windows\system32\SearchIndexer.exe[3704] USER32.dll!SetWinEventHook 767224DC 5 Bytes JMP 001401F8
.text C:\Windows\system32\SearchIndexer.exe[3704] USER32.dll!SetWindowsHookExA 76746D0C 5 Bytes JMP 00140600
.text C:\Windows\system32\taskhost.exe[4068] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskhost.exe[4068] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskhost.exe[4068] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[4068] USER32.dll!UnhookWindowsHookEx 7671ADF9 5 Bytes JMP 000E0A08
.text C:\Windows\system32\taskhost.exe[4068] USER32.dll!UnhookWinEvent 7671B750 5 Bytes JMP 000E03FC
.text C:\Windows\system32\taskhost.exe[4068] USER32.dll!SetWindowsHookExW 7671E30C 5 Bytes JMP 000E0804
.text C:\Windows\system32\taskhost.exe[4068] USER32.dll!SetWinEventHook 767224DC 5 Bytes JMP 000E01F8
.text C:\Windows\system32\taskhost.exe[4068] USER32.dll!SetWindowsHookExA 76746D0C 5 Bytes JMP 000E0600
.text C:\Windows\Explorer.EXE[4080] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 000603FC
.text C:\Windows\Explorer.EXE[4080] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 000601F8
.text C:\Windows\Explorer.EXE[4080] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text C:\Windows\Explorer.EXE[4080] USER32.dll!UnhookWindowsHookEx 7671ADF9 5 Bytes JMP 00150A08
.text C:\Windows\Explorer.EXE[4080] USER32.dll!UnhookWinEvent 7671B750 5 Bytes JMP 001503FC
.text C:\Windows\Explorer.EXE[4080] USER32.dll!SetWindowsHookExW 7671E30C 5 Bytes JMP 00150804
.text C:\Windows\Explorer.EXE[4080] USER32.dll!SetWinEventHook 767224DC 5 Bytes JMP 001501F8
.text C:\Windows\Explorer.EXE[4080] USER32.dll!SetWindowsHookExA 76746D0C 5 Bytes JMP 00150600
.text C:\Windows\system32\ctfmon.exe[4124] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text E:\Freeware\87hyv2pp.exe[5700] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 001603FC
.text E:\Freeware\87hyv2pp.exe[5700] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 001601F8
.text E:\Freeware\87hyv2pp.exe[5700] kernel32.dll!GetBinaryTypeW + 70 75F24F63 1 Byte [62]
.text E:\Freeware\87hyv2pp.exe[5700] USER32.dll!UnhookWindowsHookEx 7671ADF9 5 Bytes JMP 00210A08
.text E:\Freeware\87hyv2pp.exe[5700] USER32.dll!UnhookWinEvent 7671B750 5 Bytes JMP 002103FC
.text E:\Freeware\87hyv2pp.exe[5700] USER32.dll!SetWindowsHookExW 7671E30C 5 Bytes JMP 00210804
.text E:\Freeware\87hyv2pp.exe[5700] USER32.dll!SetWinEventHook 767224DC 5 Bytes JMP 002101F8
.text E:\Freeware\87hyv2pp.exe[5700] USER32.dll!SetWindowsHookExA 76746D0C 5 Bytes JMP 00210600
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[324] @ C:\Windows\system32\SHELL32.dll [USER32.dll!ExitWindowsEx] [00701210] C:\Program Files\NewTech Infosystems\Acer Backup Manager\Pehook.DLL (Backup Manager Module/NewTech Infosystems, Inc.)
IAT C:\Windows\Explorer.EXE[4080] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001DA0] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/EgisTec Inc.)
IAT C:\Windows\Explorer.EXE[4080] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [10002480] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/EgisTec Inc.)
IAT C:\Windows\Explorer.EXE[4080] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [10001290] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/EgisTec Inc.)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
Device \Driver\ACPI_HAL \Device\0000004f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 18:20:48 on 19.07.2011 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit Default Browser: Mozilla Corporation Firefox 5.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl "SMARTBoardCPL" - "SMART Technologies ULC" - C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardCPL.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AMD USB Filter Driver" (usbfilter) - "Advanced Micro Devices Inc." - C:\Windows\System32\DRIVERS\usbfilter.sys "Apple Mobile USB Driver" (USBAAPL) - "Apple, Inc." - C:\Windows\System32\Drivers\usbaapl.sys "aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\Windows\system32\drivers\aswFsBlk.sys "aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys "aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\system32\drivers\aswRdr.sys "aswSnx" (aswSnx) - "AVAST Software" - C:\Windows\system32\drivers\aswSnx.sys "aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys "avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\Windows\system32\drivers\aswTdi.sys "catchme" (catchme) - ? - C:\Users\***\AppData\Local\Temp\catchme.sys (File not found) "epmntdrv" (epmntdrv) - ? - C:\Windows\system32\epmntdrv.sys (File found, but it contains no detailed information) "EuGdiDrv" (EuGdiDrv) - ? - C:\Windows\system32\EuGdiDrv.sys (File found, but it contains no detailed information) "hc3ServiceName" (hotcore3) - "Paragon Software Group" - C:\Windows\System32\DRIVERS\hotcore3.sys "mwlPSDFilter" (mwlPSDFilter) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDFilter.sys "mwlPSDNServ" (mwlPSDNServ) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDNServ.sys "mwlPSDVDisk" (mwlPSDVDisk) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys "PSI" (PSI) - "Secunia" - C:\Windows\System32\DRIVERS\psi_mf.sys "UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys "Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\Drivers\NTIDrvr.sys [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} "PXCInfoShlExt Class" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\ashShell.dll {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "EgisTec Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {CF822AB4-6DB5-4FDA-BC28-E61DF36D2583} "PDF-XChange PDF Preview Provider" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll {67EB453C-1BE1-48EC-AAF3-23B10277FCC1} "PDF-XChange PDF Property Handler" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll {EBD0B8F4-A9A0-41B7-9695-030CD264D9C8} "PDF-XChange PDF Thumbnail Provider" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) XCShInfo "{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A}" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {67BCF957-85FC-4036-8DC4-D4D80E00A77B} "CIEDownload Object" - "SMART Technologies ULC." - C:\Program Files\SMART Technologies\SMART Notebook\NotebookPlugin.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Dropbox.lnk" - "Dropbox, Inc." - C:\Users\Moritz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Shortcut exists | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Secunia PSI Tray.lnk" - "Secunia" - C:\Program Files\Secunia\PSI\psi_tray.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Rapportexe" - "Trusteer Ltd." - "C:\Users\Moritz\AppData\Roaming\Trusteer\Rapport\app\bin\RapportService.exe" -start -after_boot -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Google Desktop Search" - "Google" - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup "KeePass 2 PreLoad" - "Dominik Reichl" - "C:\Program Files\KeePass Password Safe 2\KeePass.exe" --preload "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Bullzip PDF Print Monitor" - "Bullzip" - C:\Windows\system32\bzpdf.dll "SMART Local Port" - "SMART Technologies" - C:\Windows\system32\smrtlocalmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe "Akamai NetSession Interface" (Akamai) - ? - c:\program files\common files\akamai\netsession_win_e477fed.dll (File found, but it contains no detailed information) "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe "Bonjour Service" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "CLHNService" (CLHNService) - ? - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe "Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe "iPod Service" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "MyWinLocker Service" (MWLService) - "EgisTec Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe "NTI Backup Now 5 Backup Service" (NTIBackupSvc) - "NewTech InfoSystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe "NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe "NTI IScheduleSvc" (NTI IScheduleSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe "OpenVPN Access Client" (OpenVPNAccessClient) - ? - C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe (File found, but it contains no detailed information) "SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe "Secunia PSI Agent" (Secunia PSI Agent) - "Secunia" - C:\Program Files\Secunia\PSI\PSIA.exe "Secunia Update Agent" (Secunia Update Agent) - "Secunia" - C:\Program Files\Secunia\PSI\sua.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
19.07.2011, 21:20
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware gefunden mit Avast und Spybot SD. Ist mein Rechner jetzt sauber? inkl. logfiles Und was ist mit mbrcheck?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.07.2011, 22:11
| #25 | |
| | Malware gefunden mit Avast und Spybot SD. Ist mein Rechner jetzt sauber? inkl. logfilesZitat:
Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: Aspire 5536
Logical Drives Mask: 0x0000001c
Kernel Drivers (total 205):
0x83416000 \SystemRoot\system32\ntkrnlpa.exe
0x83828000 \SystemRoot\system32\halmacpi.dll
0x80BD4000 \SystemRoot\system32\kdcom.dll
0x83A07000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x83A12000 \SystemRoot\system32\PSHED.dll
0x83A23000 \SystemRoot\system32\BOOTVID.dll
0x83A2B000 \SystemRoot\system32\CLFS.SYS
0x83A6D000 \SystemRoot\system32\CI.dll
0x83B18000 \SystemRoot\system32\drivers\Wdf01000.sys
0x83B89000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x83B97000 \SystemRoot\system32\drivers\ACPI.sys
0x83BDF000 \SystemRoot\system32\drivers\WMILIB.SYS
0x83BE8000 \SystemRoot\system32\drivers\msisadrv.sys
0x8AE1F000 \SystemRoot\system32\drivers\pci.sys
0x8AE49000 \SystemRoot\system32\drivers\vdrvroot.sys
0x8AE54000 \SystemRoot\System32\drivers\partmgr.sys
0x8AE65000 \SystemRoot\system32\drivers\volmgr.sys
0x8AE75000 \SystemRoot\System32\drivers\volmgrx.sys
0x8AEC0000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8AEC8000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8AED3000 \SystemRoot\System32\drivers\mountmgr.sys
0x8AEE9000 \SystemRoot\System32\Drivers\UBHelper.sys
0x8AEF1000 \SystemRoot\system32\drivers\atapi.sys
0x8AEFA000 \SystemRoot\system32\drivers\ataport.SYS
0x8AF1D000 \SystemRoot\system32\drivers\msahci.sys
0x8AF27000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8AF35000 \SystemRoot\system32\drivers\amdxata.sys
0x8AF3E000 \SystemRoot\system32\drivers\fltmgr.sys
0x8AF72000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B03F000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B16E000 \SystemRoot\System32\Drivers\msrpc.sys
0x8B199000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8AF83000 \SystemRoot\System32\Drivers\cng.sys
0x8B1AC000 \SystemRoot\System32\drivers\pcw.sys
0x8B1BA000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8B205000 \SystemRoot\system32\drivers\ndis.sys
0x8B2BC000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B2FA000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8B432000 \SystemRoot\System32\drivers\tcpip.sys
0x8B57C000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B5AD000 \SystemRoot\system32\drivers\volsnap.sys
0x8B5EC000 \SystemRoot\System32\Drivers\spldr.sys
0x8B400000 \SystemRoot\System32\drivers\rdyboost.sys
0x8B31F000 \SystemRoot\System32\Drivers\mup.sys
0x8B5F4000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8B32F000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8B42D000 \SystemRoot\system32\DRIVERS\hotcore3.sys
0x8B361000 \SystemRoot\system32\DRIVERS\disk.sys
0x8B372000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8B397000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x8B3D2000 \SystemRoot\system32\drivers\cdrom.sys
0x9023C000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x902AC000 \SystemRoot\System32\Drivers\Null.SYS
0x902B3000 \SystemRoot\System32\Drivers\Beep.SYS
0x902BA000 \SystemRoot\System32\drivers\vga.sys
0x902C6000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x902E7000 \SystemRoot\System32\drivers\watchdog.sys
0x902F4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x902FC000 \SystemRoot\system32\drivers\rdpencdd.sys
0x90304000 \SystemRoot\system32\drivers\rdprefmp.sys
0x9030C000 \SystemRoot\System32\Drivers\Msfs.SYS
0x90317000 \SystemRoot\System32\Drivers\Npfs.SYS
0x90325000 \SystemRoot\system32\DRIVERS\tdx.sys
0x9033C000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90348000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x90351000 \SystemRoot\system32\drivers\afd.sys
0x903AB000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x903B0000 \SystemRoot\System32\DRIVERS\netbt.sys
0x903E2000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x90200000 \SystemRoot\system32\DRIVERS\pacer.sys
0x9021F000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x903E9000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8B1C3000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8B1D6000 \SystemRoot\system32\drivers\termdd.sys
0x9000B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9004C000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90056000 \SystemRoot\system32\drivers\mssmbios.sys
0x90060000 \SystemRoot\System32\drivers\discache.sys
0x9006C000 \SystemRoot\System32\Drivers\dfsc.sys
0x90084000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x90092000 \SystemRoot\System32\Drivers\aswSP.SYS
0x900DC000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x900FD000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x9010E000 \SystemRoot\system32\drivers\wmiacpi.sys
0x91A36000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x90117000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x91F4B000 \SystemRoot\System32\drivers\dxgmms1.sys
0x91F84000 \SystemRoot\system32\drivers\HDAudBus.sys
0x91FA3000 \SystemRoot\system32\DRIVERS\k57nd60x.sys
0x90E34000 \SystemRoot\system32\DRIVERS\athr.sys
0x90F61000 \SystemRoot\System32\Drivers\fastfat.SYS
0x90F8B000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x90F95000 \SystemRoot\system32\Drivers\NTIDrvr.sys
0x90F9D000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x90FA3000 \SystemRoot\system32\drivers\usbohci.sys
0x90FAD000 \SystemRoot\system32\drivers\USBPORT.SYS
0x90E00000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x90E09000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x90E0B000 \SystemRoot\system32\drivers\usbehci.sys
0x90E1A000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x91FDF000 \SystemRoot\system32\drivers\i8042prt.sys
0x90E1E000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x91A00000 \SystemRoot\system32\drivers\kbdclass.sys
0x901CE000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x91A0D000 \SystemRoot\system32\drivers\mouclass.sys
0x91A1A000 \SystemRoot\system32\drivers\CompositeBus.sys
0x8B1E7000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x8B000000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x90E28000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8B018000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8AFE0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8AE00000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x97A11000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x97A28000 \SystemRoot\system32\DRIVERS\tapoas.sys
0x97A33000 \SystemRoot\system32\drivers\swenum.sys
0x97A35000 \SystemRoot\system32\drivers\ks.sys
0x97A69000 \SystemRoot\system32\drivers\umbus.sys
0x97A77000 \SystemRoot\system32\drivers\usbhub.sys
0x97ABB000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x97ACC000 \SystemRoot\system32\drivers\RtHDMIV.sys
0x97AF2000 \SystemRoot\system32\drivers\portcls.sys
0x97B21000 \SystemRoot\system32\drivers\drmk.sys
0x9920A000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x99492000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x994CF000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x97B3A000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x995D1000 \SystemRoot\system32\drivers\modem.sys
0x82520000 \SystemRoot\System32\win32k.sys
0x995DE000 \SystemRoot\System32\drivers\Dxapi.sys
0x995E8000 \SystemRoot\System32\Drivers\crashdmp.sys
0x995F5000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x99200000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x97BEF000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x8B39F000 \SystemRoot\system32\drivers\usbccgp.sys
0x8C00B000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8C02F000 \SystemRoot\system32\DRIVERS\monitor.sys
0x82780000 \SystemRoot\System32\TSDDD.dll
0x8C03A000 \SystemRoot\system32\drivers\luafv.sys
0x8C055000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x8C08D000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x8C090000 \SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
0x8C099000 \SystemRoot\system32\drivers\WudfPf.sys
0x8C0B3000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8C0C3000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8C109000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8C119000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8C12C000 \SystemRoot\system32\drivers\HTTP.sys
0x8C1B1000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8C1CA000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8C1DC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9E038000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9E073000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9E0A6000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9E0AA000 \SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
0x9E0B3000 \SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
0x9E0C5000 \SystemRoot\system32\drivers\peauth.sys
0x9E15C000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9E166000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9E187000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9E194000 \SystemRoot\system32\DRIVERS\XAudio32.sys
0x9E19C000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9D434000 \SystemRoot\System32\DRIVERS\srv.sys
0x9D486000 \SystemRoot\System32\drivers\ipnat.sys
0x9D4AC000 \SystemRoot\system32\DRIVERS\psi_mf.sys
0x9D519000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x82400000 \SystemRoot\System32\cdd.dll
0x77010000 \Windows\System32\ntdll.dll
0x47BB0000 \Windows\System32\smss.exe
0x77250000 \Windows\System32\apisetschema.dll
0x00EC0000 \Windows\System32\autochk.exe
0x77230000 \Windows\System32\lpk.dll
0x76E50000 \Windows\System32\iertutil.dll
0x771E0000 \Windows\System32\gdi32.dll
0x76DA0000 \Windows\System32\msvcrt.dll
0x771C0000 \Windows\System32\imm32.dll
0x771B0000 \Windows\System32\psapi.dll
0x76CC0000 \Windows\System32\kernel32.dll
0x76BA0000 \Windows\System32\wininet.dll
0x75F50000 \Windows\System32\shell32.dll
0x77180000 \Windows\System32\imagehlp.dll
0x75DB0000 \Windows\System32\setupapi.dll
0x77160000 \Windows\System32\sechost.dll
0x75D70000 \Windows\System32\ws2_32.dll
0x75CE0000 \Windows\System32\clbcatq.dll
0x75C50000 \Windows\System32\oleaut32.dll
0x77150000 \Windows\System32\nsi.dll
0x75B80000 \Windows\System32\user32.dll
0x75B00000 \Windows\System32\comdlg32.dll
0x75A50000 \Windows\System32\rpcrt4.dll
0x75A00000 \Windows\System32\Wldap32.dll
0x758A0000 \Windows\System32\ole32.dll
0x75790000 \Windows\System32\urlmon.dll
0x756C0000 \Windows\System32\msctf.dll
0x75620000 \Windows\System32\advapi32.dll
0x75610000 \Windows\System32\normaliz.dll
0x755B0000 \Windows\System32\difxapi.dll
0x75550000 \Windows\System32\shlwapi.dll
0x754B0000 \Windows\System32\usp10.dll
0x75480000 \Windows\System32\wintrust.dll
0x75430000 \Windows\System32\KernelBase.dll
0x75310000 \Windows\System32\crypt32.dll
0x75280000 \Windows\System32\comctl32.dll
0x75250000 \Windows\System32\cfgmgr32.dll
0x75230000 \Windows\System32\devobj.dll
0x75220000 \Windows\System32\msasn1.dll
Processes (total 81):
0 System Idle Process
4 System
304 C:\Windows\System32\smss.exe
440 csrss.exe
516 C:\Windows\System32\wininit.exe
528 csrss.exe
564 C:\Windows\System32\services.exe
588 C:\Windows\System32\lsass.exe
596 C:\Windows\System32\lsm.exe
628 C:\Windows\System32\winlogon.exe
748 C:\Windows\System32\svchost.exe
844 C:\Windows\System32\svchost.exe
892 C:\Windows\System32\atiesrxx.exe
984 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1080 C:\Windows\System32\svchost.exe
1196 C:\Windows\System32\svchost.exe
1260 C:\Windows\System32\atieclxx.exe
1316 C:\Windows\System32\svchost.exe
1436 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1764 C:\Windows\System32\spoolsv.exe
1792 C:\Windows\System32\svchost.exe
1880 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
1916 C:\Windows\System32\svchost.exe
1940 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1980 C:\Program Files\Bonjour\mDNSResponder.exe
2004 C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
332 C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
456 C:\Windows\System32\svchost.exe
508 C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
764 C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
1272 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
1308 C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
1496 C:\Program Files\Secunia\PSI\psia.exe
2116 C:\Windows\System32\svchost.exe
2284 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2636 dwm.exe
2656 taskhost.exe
2692 explorer.exe
2884 taskeng.exe
3000 C:\Windows\System32\alg.exe
3212 C:\Windows\System32\svchost.exe
3304 C:\Windows\System32\svchost.exe
3536 SynTPEnh.exe
3616 GoogleDesktop.exe
3676 jusched.exe
3688 GoogleDesktop.exe
4048 C:\Windows\System32\SearchIndexer.exe
2188 C:\Program Files\Windows Media Player\wmpnetwk.exe
2476 C:\Program Files\Secunia\PSI\sua.exe
3604 SynTPHelper.exe
3432 psi_tray.exe
3568 Dropbox.exe
3628 C:\Windows\System32\svchost.exe
4720 C:\Windows\System32\svchost.exe
4956 InputPersonalization.exe
3408 KeePass.exe
4196 C:\Windows\System32\LogonUI.exe
5728 rundll32.exe
5564 csrss.exe
1772 C:\Windows\System32\winlogon.exe
728 C:\Windows\System32\atieclxx.exe
3880 C:\Windows\System32\dwm.exe
5820 C:\Windows\explorer.exe
5816 C:\Windows\System32\taskhost.exe
5852 C:\Windows\System32\taskeng.exe
2708 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1232 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
3184 C:\Program Files\Common Files\Java\Java Update\jusched.exe
4232 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
4832 C:\Program Files\Secunia\PSI\psi_tray.exe
5632 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
2596 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4836 C:\Program Files\Mozilla Firefox\firefox.exe
1360 C:\Program Files\Mozilla Firefox\plugin-container.exe
5468 C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
2544 C:\Windows\explorer.exe
4228 C:\Windows\System32\audiodg.exe
4064 C:\Windows\System32\dllhost.exe
4336 E:\Freeware\Trojaner Board\MBRCheck.exe
4056 C:\Windows\System32\conhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71100000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000014`b24b6c00 (NTFS)
PhysicalDrive0 Model Number: HitachiHTS545025B9A300, Rev: PB2OC60F
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Done!
|
|
20.07.2011, 08:35
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware gefunden mit Avast und Spybot SD. Ist mein Rechner jetzt sauber? inkl. logfiles Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.07.2011, 22:17
| #27 |
| |  PUP.Dealio.TB Malwarebytes hat PUP.Dealio.TB gefunden. Kann es sich dabei um einen false positive handeln? Ich habe bisher erst einmal nichts weiteres unternommen, d.h. PUP.Dealio.TB nicht entfernt oder die anderen beiden Programme durchlaufen lassen. Ich würde gerne erst hören wie ich nach dem Fund weiter vorgehen soll. Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7212
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
20/07/2011 22:07:49
mbam-log-2011-07-20 (22-06-34).txt
Scan type: Full scan (C:\|E:\|)
Objects scanned: 367688
Time elapsed: 2 hour(s), 34 minute(s), 12 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\***\Desktop\backups\backup-20100603-234206-205.dll (PUP.Dealio.TB) -> No action taken.
|
|
21.07.2011, 08:57
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware gefunden mit Avast und Spybot SD. Ist mein Rechner jetzt sauber? inkl. logfiles PUP = Potentially unwanted Program Das beduetet, dass das Programm möglicherweise nicht gewollt ist, ein Schädling aus der Beschreibung lässt sich so nicht direkt ableiten!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.07.2011, 18:21
| #29 |
| | Malware gefunden mit Avast und Spybot SD. Ist mein Rechner jetzt sauber? inkl. logfiles Alles klar. Ich habe "backup-20100603-234206-205.dll (PUP.Dealio.TB)" mit VirSCAN.org gescannt und nur einer der antivirus engines hat einen moeglichen Virenhinweis gefunden. Hier nun die zwei ausstehenden Logs. ESET hat zwei Funde. Wobei einer davon die backup-20100603-234206-205.dll ist. Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=6f490a3ec3d9ca4282127f465780d748
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-21 09:43:03
# local_time=2011-07-21 10:43:03 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=768 16777215 100 0 25103177 25103177 0 0
# compatibility_mode=5893 16776573 100 94 144555 63707759 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=382
# found=0
# cleaned=0
# scan_time=15
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=6f490a3ec3d9ca4282127f465780d748
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-21 12:32:28
# local_time=2011-07-21 01:32:28 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=768 16777215 100 0 25103484 25103484 0 0
# compatibility_mode=5893 16776573 100 94 144862 63708066 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=188527
# found=2
# cleaned=0
# scan_time=9873
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\6c4bbadf-65319182 Java/TrojanDownloader.Agent.NBE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\Desktop\backups\backup-20100603-234206-205.dll probably a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 07/21/2011 at 11:22 AM
Application Version : 4.55.1000
Core Rules Database Version : 7436
Trace Rules Database Version: 5248
Scan type : Complete Scan
Total Scan Time : 11:20:13
Memory items scanned : 386
Memory threats detected : 0
Registry items scanned : 8406
Registry threats detected : 0
File items scanned : 176420
File threats detected : 0
|
|
21.07.2011, 18:32
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware gefunden mit Avast und Spybot SD. Ist mein Rechner jetzt sauber? inkl. logfiles Ja das sind nur Überreste. Rechner wieder im Lot?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Malware gefunden mit Avast und Spybot SD. Ist mein Rechner jetzt sauber? inkl. logfiles |
| 7-zip, akamai, avast, bho, bonjour, c:\windows\system32\rundll32.exe, canon, computer, conduit, desktop, error, failed, firefox, flash player, google, heur, hijack, home, install.exe, intranet, locker, logfile, malware, malware gefunden, mozilla thunderbird, mywinlocker, nicht sicher, object, openvpn, plug-in, popup, realtek, rootkit, safer networking, scan, secunia psi, security, snap-in, spybot, start menu, system, tracker, trojaner, usb 2.0, virscan.org, webcheck, windows |
Linear-Darstellung
