| |
| |||||||
Log-Analyse und Auswertung: Probleme mit Laptop, Verseuchter Link, Trojaner, Remote Control?, Abstürze von Firefox, dlls, Word..Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
07.03.2012, 21:39
| #1 |
 |  Probleme mit Laptop, Verseuchter Link, Trojaner, Remote Control?, Abstürze von Firefox, dlls, Word.. Ok, Cosinus aka Arne, meine Nerven liegen heute blank mit der ganzen Scannerei. Habe jetzt langsam keine Lust mehr. Habe wieder alle Scans, wie gewünscht, durchgeführt. Probleme gab es dabei keine. Hat nur sehr lange gedauert. Nach den Scans konnte ich irgendwie auf dem Desktop trotz mehrmaligem Neustart keine Objekte anklicken/auswählen (blau unterlegen, also nicht öffnen!) ohne dass es unendlich geladen hat. Rechter Mausklick und Auswahlmenü ging auch nicht. Bin dann in den Abgesicherten Modus und habe die heruntergeladenen Scan-Programme alle gelöscht. Jetzt geht es zum Glück wieder problemlos. Aber ich will durch die Aktionen echt nichts verschlimmern. Momentan läuft der Computer eigentlich gut und die Scans laufen auch reibungslos durch. Bei dem letzten wurde ein Error angezeigt und ein "suspicous" file. Das wird ja in den Logs ersichtlich sein. Ansonsten verlief alles ohne Komplikationen. Hier die Log-files: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-07 20:12:59
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.892C
Running: us6k0rww.exe; Driver: C:\DOKUME~1\JEAN-L~1\LOKALE~1\Temp\fxlyipoc.sys
---- System - GMER 1.0.15 ----
SSDT 9B777D3C ZwClose
SSDT 9B777CF6 ZwCreateKey
SSDT 9B777D46 ZwCreateSection
SSDT 9B777CEC ZwCreateThread
SSDT 9B777CFB ZwDeleteKey
SSDT 9B777D05 ZwDeleteValueKey
SSDT 9B777D37 ZwDuplicateObject
SSDT 9B777D0A ZwLoadKey
SSDT 9B777CD8 ZwOpenProcess
SSDT 9B777CDD ZwOpenThread
SSDT 9B777D5F ZwQueryValueKey
SSDT 9B777D14 ZwReplaceKey
SSDT 9B777D50 ZwRequestWaitReplyPort
SSDT 9B777D0F ZwRestoreKey
SSDT 9B777D4B ZwSetContextThread
SSDT 9B777D55 ZwSetSecurityObject
SSDT 9B777D00 ZwSetValueKey
SSDT 9B777D5A ZwSystemDebugControl
SSDT 9B777CE7 ZwTerminateProcess
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\Explorer.EXE[808] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\WINDOWS\Explorer.EXE[808] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[808] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [87, 71]
.text C:\WINDOWS\Explorer.EXE[808] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[808] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [8D, 71]
.text C:\WINDOWS\Explorer.EXE[808] ntdll.dll!NtOpenFile 7C91D59E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[808] ntdll.dll!NtOpenFile + 4 7C91D5A2 2 Bytes [84, 71]
.text C:\WINDOWS\Explorer.EXE[808] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[808] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [8A, 71]
.text C:\WINDOWS\Explorer.EXE[808] ntdll.dll!NtSetContextThread 7C91DBAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[808] ntdll.dll!NtSetContextThread + 4 7C91DBB2 2 Bytes [81, 71]
.text C:\WINDOWS\Explorer.EXE[808] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[808] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [90, 71]
.text C:\WINDOWS\Explorer.EXE[808] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CA0001
.text C:\WINDOWS\Explorer.EXE[808] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 71970F5A
.text C:\WINDOWS\Explorer.EXE[808] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 71940F5A
.text C:\WINDOWS\Explorer.EXE[808] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 719A0F5A
.text C:\WINDOWS\Explorer.EXE[808] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 71A00F5A
.text C:\WINDOWS\Explorer.EXE[808] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 719D0F5A
.text C:\WINDOWS\Explorer.EXE[808] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[808] USER32.dll!SendInput + 4 7E37F144 2 Bytes [A5, 71]
.text C:\WINDOWS\Explorer.EXE[808] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 71A30F5A
.text C:\WINDOWS\Explorer.EXE[808] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 71AC0F5A
.text C:\WINDOWS\Explorer.EXE[808] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71A90F5A
.text C:\WINDOWS\Explorer.EXE[808] WS2_32.dll!GetAddrInfoW 02B52899 6 Bytes JMP 71760F5A
.text C:\WINDOWS\Explorer.EXE[808] WS2_32.dll!connect 02B54A07 6 Bytes JMP 717F0F5A
.text C:\WINDOWS\Explorer.EXE[808] WS2_32.dll!gethostbyname 02B55355 6 Bytes JMP 71790F5A
.text C:\WINDOWS\Explorer.EXE[808] WS2_32.dll!listen 02B58CD3 6 Bytes JMP 717C0F5A
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [87, 71]
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [8D, 71]
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] ntdll.dll!NtOpenFile 7C91D59E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] ntdll.dll!NtOpenFile + 4 7C91D5A2 2 Bytes [84, 71]
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [8A, 71]
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] ntdll.dll!NtSetContextThread 7C91DBAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] ntdll.dll!NtSetContextThread + 4 7C91DBB2 2 Bytes [81, 71]
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [90, 71]
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B80001
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 71970F5A
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 71940F5A
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 719A0F5A
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 71A00F5A
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 719D0F5A
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] USER32.dll!SendInput + 4 7E37F144 2 Bytes [A5, 71]
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 71A30F5A
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 71AC0F5A
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71A90F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [87, 71]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [8D, 71]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] ntdll.dll!NtOpenFile 7C91D59E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] ntdll.dll!NtOpenFile + 4 7C91D5A2 2 Bytes [84, 71]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [8A, 71]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] ntdll.dll!NtSetContextThread 7C91DBAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] ntdll.dll!NtSetContextThread + 4 7C91DBB2 2 Bytes [81, 71]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [90, 71]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009F0001
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 71970F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 71940F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 719A0F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 71A00F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 719D0F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] USER32.dll!SendInput + 4 7E37F144 2 Bytes [A5, 71]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 71A30F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 71AC0F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71A90F5A
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [87, 71]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [8D, 71]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] ntdll.dll!NtOpenFile 7C91D59E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] ntdll.dll!NtOpenFile + 4 7C91D5A2 2 Bytes [84, 71]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [8A, 71]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] ntdll.dll!NtSetContextThread 7C91DBAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] ntdll.dll!NtSetContextThread + 4 7C91DBB2 2 Bytes [81, 71]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [90, 71]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B20001
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 719A0F5A
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 71A00F5A
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 719D0F5A
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] USER32.dll!SendInput + 4 7E37F144 2 Bytes [A5, 71]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 71A30F5A
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 71AC0F5A
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71A90F5A
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 71970F5A
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 71940F5A
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] WS2_32.dll!GetAddrInfoW 016B2899 6 Bytes JMP 71760F5A
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] WS2_32.dll!connect 016B4A07 6 Bytes JMP 717F0F5A
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] WS2_32.dll!gethostbyname 016B5355 6 Bytes JMP 71790F5A
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] WS2_32.dll!listen 016B8CD3 6 Bytes JMP 717C0F5A
.text C:\WINDOWS\system32\wscntfy.exe[3116] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\wscntfy.exe[3116] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[3116] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [87, 71]
.text C:\WINDOWS\system32\wscntfy.exe[3116] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[3116] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [8D, 71]
.text C:\WINDOWS\system32\wscntfy.exe[3116] ntdll.dll!NtOpenFile 7C91D59E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[3116] ntdll.dll!NtOpenFile + 4 7C91D5A2 2 Bytes [84, 71]
.text C:\WINDOWS\system32\wscntfy.exe[3116] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[3116] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [8A, 71]
.text C:\WINDOWS\system32\wscntfy.exe[3116] ntdll.dll!NtSetContextThread 7C91DBAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[3116] ntdll.dll!NtSetContextThread + 4 7C91DBB2 2 Bytes [81, 71]
.text C:\WINDOWS\system32\wscntfy.exe[3116] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[3116] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [90, 71]
.text C:\WINDOWS\system32\wscntfy.exe[3116] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00900001
.text C:\WINDOWS\system32\wscntfy.exe[3116] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 719A0F5A
.text C:\WINDOWS\system32\wscntfy.exe[3116] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 71A00F5A
.text C:\WINDOWS\system32\wscntfy.exe[3116] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 719D0F5A
.text C:\WINDOWS\system32\wscntfy.exe[3116] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[3116] USER32.dll!SendInput + 4 7E37F144 2 Bytes [A5, 71]
.text C:\WINDOWS\system32\wscntfy.exe[3116] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 71A30F5A
.text C:\WINDOWS\system32\wscntfy.exe[3116] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 71AC0F5A
.text C:\WINDOWS\system32\wscntfy.exe[3116] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71A90F5A
.text C:\WINDOWS\system32\wscntfy.exe[3116] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 71970F5A
.text C:\WINDOWS\system32\wscntfy.exe[3116] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 71940F5A
.text C:\WINDOWS\system32\hkcmd.exe[3176] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\hkcmd.exe[3176] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[3176] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [87, 71]
.text C:\WINDOWS\system32\hkcmd.exe[3176] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[3176] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [8D, 71]
.text C:\WINDOWS\system32\hkcmd.exe[3176] ntdll.dll!NtOpenFile 7C91D59E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[3176] ntdll.dll!NtOpenFile + 4 7C91D5A2 2 Bytes [84, 71]
.text C:\WINDOWS\system32\hkcmd.exe[3176] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[3176] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [8A, 71]
.text C:\WINDOWS\system32\hkcmd.exe[3176] ntdll.dll!NtSetContextThread 7C91DBAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[3176] ntdll.dll!NtSetContextThread + 4 7C91DBB2 2 Bytes [81, 71]
.text C:\WINDOWS\system32\hkcmd.exe[3176] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[3176] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [90, 71]
.text C:\WINDOWS\system32\hkcmd.exe[3176] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A10001
.text C:\WINDOWS\system32\hkcmd.exe[3176] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 719A0F5A
.text C:\WINDOWS\system32\hkcmd.exe[3176] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 71A00F5A
.text C:\WINDOWS\system32\hkcmd.exe[3176] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 719D0F5A
.text C:\WINDOWS\system32\hkcmd.exe[3176] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[3176] USER32.dll!SendInput + 4 7E37F144 2 Bytes [A5, 71]
.text C:\WINDOWS\system32\hkcmd.exe[3176] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 71A30F5A
.text C:\WINDOWS\system32\hkcmd.exe[3176] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 71AC0F5A
.text C:\WINDOWS\system32\hkcmd.exe[3176] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71A90F5A
.text C:\WINDOWS\system32\hkcmd.exe[3176] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 71970F5A
.text C:\WINDOWS\system32\hkcmd.exe[3176] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 71940F5A
.text C:\WINDOWS\system32\igfxpers.exe[3184] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\igfxpers.exe[3184] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[3184] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [87, 71]
.text C:\WINDOWS\system32\igfxpers.exe[3184] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[3184] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [8D, 71]
.text C:\WINDOWS\system32\igfxpers.exe[3184] ntdll.dll!NtOpenFile 7C91D59E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[3184] ntdll.dll!NtOpenFile + 4 7C91D5A2 2 Bytes [84, 71]
.text C:\WINDOWS\system32\igfxpers.exe[3184] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[3184] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [8A, 71]
.text C:\WINDOWS\system32\igfxpers.exe[3184] ntdll.dll!NtSetContextThread 7C91DBAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[3184] ntdll.dll!NtSetContextThread + 4 7C91DBB2 2 Bytes [81, 71]
.text C:\WINDOWS\system32\igfxpers.exe[3184] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[3184] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [90, 71]
.text C:\WINDOWS\system32\igfxpers.exe[3184] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003C0001
.text C:\WINDOWS\system32\igfxpers.exe[3184] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 719A0F5A
.text C:\WINDOWS\system32\igfxpers.exe[3184] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 71A00F5A
.text C:\WINDOWS\system32\igfxpers.exe[3184] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 719D0F5A
.text C:\WINDOWS\system32\igfxpers.exe[3184] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[3184] USER32.dll!SendInput + 4 7E37F144 2 Bytes [A5, 71]
.text C:\WINDOWS\system32\igfxpers.exe[3184] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 71A30F5A
.text C:\WINDOWS\system32\igfxpers.exe[3184] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 71AC0F5A
.text C:\WINDOWS\system32\igfxpers.exe[3184] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71A90F5A
.text C:\WINDOWS\system32\igfxpers.exe[3184] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 71970F5A
.text C:\WINDOWS\system32\igfxpers.exe[3184] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 71940F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[3252] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\igfxsrvc.exe[3252] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[3252] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [87, 71]
.text C:\WINDOWS\system32\igfxsrvc.exe[3252] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[3252] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [8D, 71]
.text C:\WINDOWS\system32\igfxsrvc.exe[3252] ntdll.dll!NtOpenFile 7C91D59E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[3252] ntdll.dll!NtOpenFile + 4 7C91D5A2 2 Bytes [84, 71]
.text C:\WINDOWS\system32\igfxsrvc.exe[3252] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[3252] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [8A, 71]
.text C:\WINDOWS\system32\igfxsrvc.exe[3252] ntdll.dll!NtSetContextThread 7C91DBAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[3252] ntdll.dll!NtSetContextThread + 4 7C91DBB2 2 Bytes [81, 71]
.text C:\WINDOWS\system32\igfxsrvc.exe[3252] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[3252] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [90, 71]
.text C:\WINDOWS\system32\igfxsrvc.exe[3252] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009D0001
.text C:\WINDOWS\system32\igfxsrvc.exe[3252] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 719A0F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[3252] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 71A00F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[3252] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 719D0F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[3252] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[3252] USER32.dll!SendInput + 4 7E37F144 2 Bytes [A5, 71]
.text C:\WINDOWS\system32\igfxsrvc.exe[3252] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 71A30F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[3252] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 71AC0F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[3252] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71A90F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[3252] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 71970F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[3252] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 71940F5A
.text C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [81, 71]
.text C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [87, 71]
.text C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] ntdll.dll!NtOpenFile 7C91D59E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] ntdll.dll!NtOpenFile + 4 7C91D5A2 2 Bytes [7E, 71] {JLE 0x73}
.text C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [84, 71]
.text C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] ntdll.dll!NtSetContextThread 7C91DBAE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] ntdll.dll!NtSetContextThread + 4 7C91DBB2 2 Bytes [7B, 71] {JNP 0x73}
.text C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [8A, 71]
.text C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A70001
.text C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 71910F5A
.text C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 718E0F5A
.text C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 71940F5A
.text C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 719A0F5A
.text C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 71970F5A
.text C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] USER32.dll!SendInput + 4 7E37F144 2 Bytes [9F, 71]
.text C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 719D0F5A
.text C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 71A60F5A
.text C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71A30F5A
.text C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [87, 71]
.text C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [8D, 71]
.text C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] ntdll.dll!NtOpenFile 7C91D59E 3 Bytes [FF, 25, 1E]
.text C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] ntdll.dll!NtOpenFile + 4 7C91D5A2 2 Bytes [84, 71]
.text C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E]
.text C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [8A, 71]
.text C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] ntdll.dll!NtSetContextThread 7C91DBAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] ntdll.dll!NtSetContextThread + 4 7C91DBB2 2 Bytes [81, 71]
.text C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [90, 71]
.text C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003F0001
.text C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 71970F5A
.text C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 71940F5A
.text C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 719A0F5A
.text C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 71A00F5A
.text C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 719D0F5A
.text C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]
.text C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] USER32.dll!SendInput + 4 7E37F144 2 Bytes [A5, 71]
.text C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 71A30F5A
.text C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 71AC0F5A
.text C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71A90F5A
.text C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] WS2_32.dll!GetAddrInfoW 00D62899 6 Bytes JMP 717F0F5A
.text C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] WS2_32.dll!connect 00D64A07 6 Bytes JMP 717C0F5A
.text C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] WS2_32.dll!gethostbyname 00D65355 6 Bytes JMP 71760F5A
.text C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] WS2_32.dll!listen 00D68CD3 6 Bytes JMP 71790F5A
.text C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [81, 71]
.text C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [87, 71]
.text C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] ntdll.dll!NtOpenFile 7C91D59E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] ntdll.dll!NtOpenFile + 4 7C91D5A2 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [84, 71]
.text C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] ntdll.dll!NtSetContextThread 7C91DBAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] ntdll.dll!NtSetContextThread + 4 7C91DBB2 2 Bytes [7B, 71] {JNP 0x73}
.text C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [8A, 71]
.text C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B30001
.text C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 71940F5A
.text C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 719A0F5A
.text C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 71970F5A
.text C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]
.text C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] USER32.dll!SendInput + 4 7E37F144 2 Bytes [9F, 71]
.text C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 719D0F5A
.text C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 71A60F5A
.text C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71A30F5A
.text C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 71910F5A
.text C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 718E0F5A
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [87, 71]
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [8D, 71]
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] ntdll.dll!NtOpenFile 7C91D59E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] ntdll.dll!NtOpenFile + 4 7C91D5A2 2 Bytes [84, 71]
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [8A, 71]
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] ntdll.dll!NtSetContextThread 7C91DBAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] ntdll.dll!NtSetContextThread + 4 7C91DBB2 2 Bytes [81, 71]
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [90, 71]
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AB0001
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 719A0F5A
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 71A00F5A
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 719D0F5A
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] USER32.dll!SendInput + 4 7E37F144 2 Bytes [A5, 71]
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 71A30F5A
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 71AC0F5A
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71A90F5A
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 71970F5A
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 71940F5A
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] WS2_32.dll!GetAddrInfoW 01352899 6 Bytes JMP 717C0F5A
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] WS2_32.dll!connect 01354A07 6 Bytes JMP 71790F5A
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] WS2_32.dll!gethostbyname 01355355 6 Bytes JMP 717F0F5A
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] WS2_32.dll!listen 01358CD3 6 Bytes JMP 71760F5A
.text C:\Programme\FreePDF_XP\fpassist.exe[3676] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\Programme\FreePDF_XP\fpassist.exe[3676] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\Programme\FreePDF_XP\fpassist.exe[3676] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [87, 71]
.text C:\Programme\FreePDF_XP\fpassist.exe[3676] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\Programme\FreePDF_XP\fpassist.exe[3676] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [8D, 71]
.text C:\Programme\FreePDF_XP\fpassist.exe[3676] ntdll.dll!NtOpenFile 7C91D59E 3 Bytes [FF, 25, 1E]
.text C:\Programme\FreePDF_XP\fpassist.exe[3676] ntdll.dll!NtOpenFile + 4 7C91D5A2 2 Bytes [84, 71]
.text C:\Programme\FreePDF_XP\fpassist.exe[3676] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E]
.text C:\Programme\FreePDF_XP\fpassist.exe[3676] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [8A, 71]
.text C:\Programme\FreePDF_XP\fpassist.exe[3676] ntdll.dll!NtSetContextThread 7C91DBAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\FreePDF_XP\fpassist.exe[3676] ntdll.dll!NtSetContextThread + 4 7C91DBB2 2 Bytes [81, 71]
.text C:\Programme\FreePDF_XP\fpassist.exe[3676] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\Programme\FreePDF_XP\fpassist.exe[3676] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [90, 71]
.text C:\Programme\FreePDF_XP\fpassist.exe[3676] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A50001
.text C:\Programme\FreePDF_XP\fpassist.exe[3676] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 719A0F5A
.text C:\Programme\FreePDF_XP\fpassist.exe[3676] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 71A00F5A
.text C:\Programme\FreePDF_XP\fpassist.exe[3676] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 719D0F5A
.text C:\Programme\FreePDF_XP\fpassist.exe[3676] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]
.text C:\Programme\FreePDF_XP\fpassist.exe[3676] USER32.dll!SendInput + 4 7E37F144 2 Bytes [A5, 71]
.text C:\Programme\FreePDF_XP\fpassist.exe[3676] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 71A30F5A
.text C:\Programme\FreePDF_XP\fpassist.exe[3676] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 71AC0F5A
.text C:\Programme\FreePDF_XP\fpassist.exe[3676] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71A90F5A
.text C:\Programme\FreePDF_XP\fpassist.exe[3676] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 71970F5A
.text C:\Programme\FreePDF_XP\fpassist.exe[3676] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 71940F5A
.text C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [87, 71]
.text C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [8D, 71]
.text C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] ntdll.dll!NtOpenFile 7C91D59E 3 Bytes [FF, 25, 1E]
.text C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] ntdll.dll!NtOpenFile + 4 7C91D5A2 2 Bytes [84, 71]
.text C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E]
.text C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [8A, 71]
.text C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] ntdll.dll!NtSetContextThread 7C91DBAE 3 Bytes [FF, 25, 1E]
.text C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] ntdll.dll!NtSetContextThread + 4 7C91DBB2 2 Bytes [81, 71]
.text C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [90, 71]
.text C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003D0001
.text C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 719A0F5A
.text C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 71A00F5A
.text C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 719D0F5A
.text C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]
.text C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] USER32.dll!SendInput + 4 7E37F144 2 Bytes [A5, 71]
.text C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 71A30F5A
.text C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 71AC0F5A
.text C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71A90F5A
.text C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 71970F5A
.text C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 71940F5A
.text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [87, 71]
.text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [8D, 71]
.text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] ntdll.dll!NtOpenFile 7C91D59E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] ntdll.dll!NtOpenFile + 4 7C91D5A2 2 Bytes [84, 71]
.text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [8A, 71]
.text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] ntdll.dll!NtSetContextThread 7C91DBAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] ntdll.dll!NtSetContextThread + 4 7C91DBB2 2 Bytes [81, 71]
.text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [90, 71]
.text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003C0001
.text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 719A0F5A
.text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 71A00F5A
.text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 719D0F5A
.text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]
.text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] USER32.dll!SendInput + 4 7E37F144 2 Bytes [A5, 71]
.text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 71A30F5A
.text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 71AC0F5A
.text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71A90F5A
.text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 71970F5A
.text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 71940F5A
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [87, 71]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [8D, 71]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] ntdll.dll!NtOpenFile 7C91D59E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] ntdll.dll!NtOpenFile + 4 7C91D5A2 2 Bytes [84, 71]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [8A, 71]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] ntdll.dll!NtSetContextThread 7C91DBAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] ntdll.dll!NtSetContextThread + 4 7C91DBB2 2 Bytes [81, 71]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [90, 71]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C70001
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 71970F5A
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 71940F5A
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 719A0F5A
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 71A00F5A
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 719D0F5A
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] USER32.dll!SendInput + 4 7E37F144 2 Bytes [A5, 71]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 71A30F5A
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 71AC0F5A
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71A90F5A
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 20:23:49 on 07.03.2012 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 10.0.2 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "ImageDrive.cpl" - "Ahead Software AG" - C:\WINDOWS\system32\ImageDrive.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "ISUSPM.cpl" - "InstallShield Software Corporation" - C:\WINDOWS\system32\ISUSPM.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "WACntlPnl.cpl" - "Hewlett-Packard Development Company, L.P." - C:\WINDOWS\system32\WACntlPnl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "ContentDirectory" - "Microsoft Corporation" - c:\programme\windows media connect\mswmccpl.dll "PTHOST.CPL" - "HP" - C:\Programme\HPQ\HP ProtectTools Security Manager\PTHOST.CPL "QlbConfg" - ? - C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbConfg.cpl "SMAX4CP" - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMax4.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "a-squared Malware-IDS utility driver" (a2util) - "Emsi Software GmbH" - C:\Programme\Emsisoft Anti-Malware\a2util32.sys "A2 Direct Disk Access Support Driver" (A2DDA) - "Emsi Software GmbH" - C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys "a2acc" (a2acc) - "Emsi Software GmbH" - C:\PROGRAMME\EMSISOFT ANTI-MALWARE\a2accx86.sys "a2injectiondriver" (a2injectiondriver) - "Emsi Software GmbH" - C:\Programme\Emsisoft Anti-Malware\a2dix86.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\DOKUME~1\JEAN-L~1\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "Cisco Systems IPsec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\WINDOWS\system32\Drivers\CVPNDRVA.sys "DLABOIOM" (DLABOIOM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLABOIOM.SYS "DLACDBHM" (DLACDBHM) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DLACDBHM.SYS "DLADResN" (DLADResN) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLADResN.SYS "DLAIFS_M" (DLAIFS_M) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAIFS_M.SYS "DLAOPIOM" (DLAOPIOM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAOPIOM.SYS "DLAPoolM" (DLAPoolM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAPoolM.SYS "DLARTL_N" (DLARTL_N) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DLARTL_N.SYS "DLAUDFAM" (DLAUDFAM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAUDFAM.SYS "DLAUDF_M" (DLAUDF_M) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAUDF_M.SYS "DRVMCDB" (DRVMCDB) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DRVMCDB.SYS "DRVNDDM" (DRVNDDM) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DRVNDDM.SYS "fxlyipoc" (fxlyipoc) - ? - C:\DOKUME~1\JEAN-L~1\LOKALE~1\Temp\fxlyipoc.sys (Hidden registry entry, rootkit activity | File not found) "GTIPCI21" (GTIPCI21) - ? - C:\WINDOWS\System32\DRIVERS\gtipci21.sys (File not found) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "SYMIDSCO" (SYMIDSCO) - ? - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys (File not found) "tifm21" (tifm21) - ? - C:\WINDOWS\System32\drivers\tifm21.sys (File not found) "vsdatant" (vsdatant) - "Zone Labs LLC" - C:\WINDOWS\system32\vsdatant.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "WIDCOMM USB Bluetooth Driver" (BTWUSB) - "Broadcom Corporation." - C:\WINDOWS\System32\Drivers\btwusb.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll {B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} "PXCInfoShlExt Class" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {AB77609F-2178-4E6F-9C4B-44AC179D937A} "a-squared Anti-Malware Shell Extension" - "Emsi Software GmbH" - C:\Programme\Emsisoft Anti-Malware\a2contmenu.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found) {5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess" - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLASHX_W.DLL {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL {CF822AB4-6DB5-4FDA-BC28-E61DF36D2583} "PDF-XChange PDF Preview Provider" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll {67EB453C-1BE1-48EC-AAF3-23B10277FCC1} "PDF-XChange PDF Property Handler" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll {EBD0B8F4-A9A0-41B7-9695-030CD264D9C8} "PDF-XChange PDF Thumbnail Provider" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll {5B043439-4F53-436E-8CFE-28F80934DBE6} "PXCPreviewHandlerXP Class" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\PXCPrevHost.exe {7F67036B-66F1-411A-AD85-759FB9C5B0DB} "SampleView" - "XSS" - C:\WINDOWS\system32\ShellvRTF.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Programme\Unlocker\UnlockerCOM.dll (File found, but it contains no detailed information) {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll {E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL {E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL {E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL {E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL XCShInfo "{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A}" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "Klicke hier um das Projekt xp-AntiSpy zu unterstützen" - ? - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (File not found) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} "QuickStores-Toolbar" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess" - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLASHX_W.DLL {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} "QuickStores-Toolbar" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "Adobe Gamma Loader.lnk" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Jean-Luc Picard\Startmenü\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "mount.exe" - "Gibin Software House (hxxp://www.gibinsoft.net)" - C:\Programme\GiPo@Utilities\FileUtilities.3\mount.exe /z -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "Cpqset" - ? - C:\Programme\HPQ\Default Settings\cpqset.exe (File found, but it contains no detailed information) "DLA" - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLACTRLW.EXE "emsisoft anti-malware" - "Emsi Software GmbH" - "c:\programme\emsisoft anti-malware\a2guard.exe" /d=60 "FreePDF Assistant" - "shbox.de" - C:\Programme\FreePDF_XP\fpassist.exe "hpWirelessAssistant" - "Hewlett-Packard Development Company, L.P." - C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe "ISUSPM Startup" - "InstallShield Software Corporation" - C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup "ISUSScheduler" - "InstallShield Software Corporation" - "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start "NeroCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe "PTHOSTTR" - "Hewlett-Packard Development Company, L.P." - C:\Programme\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start "QlbCtrl" - " Hewlett-Packard Development Company, L.P." - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start "Recguard" - ? - C:\WINDOWS\Sminst\Recguard.exe "Reminder" - ? - C:\WINDOWS\Creator\Remind_XP.exe "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" "WatchDog" - "InterVideo Inc." - C:\Programme\InterVideo\DVD Check\DVDCheck.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll "PDF995 Monitor" - ? - C:\WINDOWS\system32\pdf995mon.dll (File found, but it contains no detailed information) "Redirected Port" - ? - C:\WINDOWS\system32\redmonnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\sched.exe "Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe "Emsisoft Anti-Malware 6.0 - Service" (a2AntiMalware) - "Emsi Software GmbH" - C:\Programme\Emsisoft Anti-Malware\a2service.exe "hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe "Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "PC Angel" (PCA) - "SoftThinks" - C:\WINDOWS\SMINST\PCAngel.exe "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Programme\Skype\Updater\Updater.exe "Time-Sync Client" (ServiceTimeSyncClient) - "Speed-Soft" - C:\Programme\Time-Sync\TimeSyncServiceClient.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Media Connect (WMC)" (WmcCds) - "Microsoft Corporation" - c:\programme\windows media connect\mswmccds.exe "Windows Media Connect-Hilfsprogramm" (WmcCdsLs) - "Microsoft Corporation" - C:\Programme\Windows Media Connect\mswmcls.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-07 20:29:27
-----------------------------
20:29:27.233 OS Version: Windows 5.1.2600 Service Pack 3
20:29:27.233 Number of processors: 2 586 0xE08
20:29:27.233 ComputerName: HAL9000L UserName:
20:29:27.718 Initialize success
20:29:55.806 write error "aswEngin.dll". Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.
20:30:11.806 AVAST engine download error: 0
20:30:11.806 AVAST engine error: -1
20:30:29.602 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
20:30:29.602 Disk 0 Vendor: FUJITSU_ 892C Size: 95396MB BusType: 3
20:30:29.727 Disk 0 MBR read successfully
20:30:29.727 Disk 0 MBR scan
20:30:29.727 Disk 0 unknown MBR code
20:30:29.774 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 87884 MB offset 63
20:30:29.836 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 7508 MB offset 179988543
20:30:29.883 Disk 0 scanning sectors +195365520
20:30:30.336 Disk 0 scanning C:\WINDOWS\system32\drivers
20:31:52.649 Service scanning
20:32:08.668 Modules scanning
20:33:29.064 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
20:33:41.907 Disk 0 trace - called modules:
20:33:41.954
20:33:41.954 Scan finished successfully
20:33:55.079 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\MBR.dat"
20:33:55.095 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\aswMBR.txt"
Herzliche Grüße Picard |
|
07.03.2012, 23:30
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Probleme mit Laptop, Verseuchter Link, Trojaner, Remote Control?, Abstürze von Firefox, dlls, Word.. Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.
__________________Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ |
|
08.03.2012, 09:03
| #3 |
| | Probleme mit Laptop, Verseuchter Link, Trojaner, Remote Control?, Abstürze von Firefox, dlls, Word.. Hab ich gemacht, aber nach dem log-file zu urteilen, hat sich, glaube ich, nichts geändert:
__________________Code:
ATTFilter aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-08 08:48:27
-----------------------------
08:48:27.075 OS Version: Windows 5.1.2600 Service Pack 3
08:48:27.075 Number of processors: 2 586 0xE08
08:48:27.075 ComputerName: HAL9000L UserName:
08:48:28.106 Initialize success
08:48:34.184 AVAST engine defs: 12030701
08:48:41.403 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
08:48:41.403 Disk 0 Vendor: FUJITSU_ 892C Size: 95396MB BusType: 3
08:48:41.466 Disk 0 MBR read successfully
08:48:41.466 Disk 0 MBR scan
08:48:41.497 Disk 0 unknown MBR code
08:48:41.513 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 87884 MB offset 63
08:48:41.544 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 7508 MB offset 179988543
08:48:41.575 Disk 0 scanning sectors +195365520
08:48:41.778 Disk 0 scanning C:\WINDOWS\system32\drivers
08:49:23.825 Service scanning
08:49:42.903 Modules scanning
08:50:17.731 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
08:50:22.841 Disk 0 trace - called modules:
08:50:22.888 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
08:50:22.903 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x899b1968]
08:50:22.919 3 CLASSPNP.SYS[f74e7fd7] -> nt!IofCallDriver -> \Device\00000089[0x899eff18]
08:50:22.934 5 ACPI.sys[f735d620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x89a36030]
08:50:22.950 Scan finished successfully
08:50:37.075 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\MBR.dat"
08:50:37.075 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-08 08:58:09
-----------------------------
08:58:09.546 OS Version: Windows 5.1.2600 Service Pack 3
08:58:09.546 Number of processors: 2 586 0xE08
08:58:09.546 ComputerName: HAL9000L UserName:
08:58:10.796 Initialize success
08:58:25.937 AVAST engine defs: 12030701
08:58:31.343 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
08:58:31.343 Disk 0 Vendor: FUJITSU_ 892C Size: 95396MB BusType: 3
08:58:31.390 Disk 0 MBR read successfully
08:58:31.390 Disk 0 MBR scan
08:58:31.484 Disk 0 Windows XP default MBR code
08:58:31.484 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 87884 MB offset 63
08:58:31.515 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 7508 MB offset 179988543
08:58:31.953 Disk 0 scanning sectors +195365520
08:58:32.062 Disk 0 scanning C:\WINDOWS\system32\drivers
08:59:00.921 Service scanning
08:59:39.390 Modules scanning
08:59:46.296 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
08:59:47.812 Disk 0 trace - called modules:
08:59:48.328 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
08:59:48.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89a04ab8]
08:59:48.328 3 CLASSPNP.SYS[f74e7fd7] -> nt!IofCallDriver -> \Device\00000089[0x899c6978]
08:59:48.343 5 ACPI.sys[f735d620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x89a03030]
08:59:48.343 Scan finished successfully
08:59:59.156 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\extern\Trojaner\MBR.dat"
08:59:59.187 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\extern\Trojaner\aswMBR.txt"
Herzlichen Dank und Grüße Picard |
|
08.03.2012, 10:55
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit Laptop, Verseuchter Link, Trojaner, Remote Control?, Abstürze von Firefox, dlls, Word..Zitat:
Stammt von => DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions) Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
12.03.2012, 15:24
| #5 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit Laptop, Verseuchter Link, Trojaner, Remote Control?, Abstürze von Firefox, dlls, Word..Zitat:
Wenn die Datei schon ausgewertet sein sollte, bitte eine weitere Auswertung starten.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.03.2012, 16:13
| #6 |
| | Probleme mit Laptop, Verseuchter Link, Trojaner, Remote Control?, Abstürze von Firefox, dlls, Word.. Hallo Cosinus aka Arne, die Datei Code:
ATTFilter C:\WINDOWS\$HF_MIG$\KB956803\SP2QFE\AFD.SYS
Herzliche Grüße Picard |
|
12.03.2012, 16:21
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit Laptop, Verseuchter Link, Trojaner, Remote Control?, Abstürze von Firefox, dlls, Word.. Hast du die Datei entfernt? 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.03.2012, 16:29
| #8 |
| | Probleme mit Laptop, Verseuchter Link, Trojaner, Remote Control?, Abstürze von Firefox, dlls, Word.. Nicht, dass ich wüsste. Ich habe die Bereinigung mit der SUPERAntiSpyware gemacht, aber extra darauf geachtet, dass ich die Dateien nicht aus der Quarantäne lösche, falls ich sie wiederherstellen soll. Ich schlage vor, ich scanne heute Nacht nochmal das System, um zu sehen, ob die Datei ein weiteres Mal entdeckt wird. In jedem Fall poste ich dann das Ergebnis. |
|
13.03.2012, 08:10
| #9 |
| | Probleme mit Laptop, Verseuchter Link, Trojaner, Remote Control?, Abstürze von Firefox, dlls, Word.. Hallo Cosinus aka Arne, also nach nochmaligem Scan erscheint die Datei tatsächlich nicht mehr. Verstehe ich auch nicht, weil ich garantiert so vorgegangen bin, wie ich es beschrieben habe. Im Explorer ist sie auch nachwievor nicht auffindbar. Die einzige Datei, die jetzt noch vom Scanner gefunden wird ist: Code:
ATTFilter Trojan.Agent/Gen-Sirefef
C:\SYSTEM VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP60\A0050107.SYS
Danke Dir für ene große Hilfe! Herzliche Grüße Picard |
|
13.03.2012, 17:01
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit Laptop, Verseuchter Link, Trojaner, Remote Control?, Abstürze von Firefox, dlls, Word.. Dann war es nur ein Überrest  Rechner soweit wieder ok?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.03.2012, 17:06
| #11 |
| | Probleme mit Laptop, Verseuchter Link, Trojaner, Remote Control?, Abstürze von Firefox, dlls, Word.. Hi Cosinus aka Arne, genau, vergessen wir diesen Dateischnipsel einfach. Ja, der Rechner läuft seit den ersten Scans stabil und ich arbeite schon wieder viel dran. Komische Vorkommnisse, Abstürtze verschiedener Art gab es auch nicht mehr - zumindst keine, die ich mir nicht auch durch Überbeanspruchung der CPU oder des RAMs erklären könnte. Vielen herzlichen Dank!! Die ganzen Scans haben mich auch beruhigt, obwohl ja schon Einiges gefunden wurde. War das jetzt was Dramatisches oder eher nicht? Muss ich jetzt alle Passwörter ändern? Super Board hier! Finde ich klasse, dass es Euch gibt und Ihr so kompetent und schnell Hilfe leistet! Danke, Danke, Danke! Herzliche Grüße Picard |
|
13.03.2012, 17:43
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit Laptop, Verseuchter Link, Trojaner, Remote Control?, Abstürze von Firefox, dlls, Word.. Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt. Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Adobe - Andere Version des Adobe Flash Player installieren Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.03.2012, 18:03
| #13 |
| | Probleme mit Laptop, Verseuchter Link, Trojaner, Remote Control?, Abstürze von Firefox, dlls, Word.. Ok, Cosinus aka Arne, Danke für die abschließenden Hinweise, die ich natürlich befolgen werde. Schön, dass jetzt alles wieder funktioniert.  Klasse Team!  Danke! Hoffentlich nicht bis allzu bald. Macht aber weiter so! Herzlichen Gruß Picard |
|
| Themen zu Probleme mit Laptop, Verseuchter Link, Trojaner, Remote Control?, Abstürze von Firefox, dlls, Word.. |
| absturz, adobe, antivir, ausspioniert, avira, desktop, einstellungen, emsisoft, emsisoft anti-malware, excel, explorer, firefox, frage, helper, hängt, infiziert, keine dateien, launch, mozilla, netstat, ordner, plug-in, programme, registry, remote control, remote controll, scan, security, software, svchost.exe, system, tracker, trojaner, verseuchter link |
Hybrid-Darstellung
