| |
| |||||||
Log-Analyse und Auswertung: Infizierte RegistrierungsschlüsselWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
15.04.2012, 16:18
| #16 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Infizierte Registrierungsschlüssel Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
17.04.2012, 17:18
| #17 |
 | Infizierte Registrierungsschlüssel Hi
__________________Hatte keine probleme mit CF Combofix Logfile: Code:
ATTFilter ComboFix 12-04-16.03 - Jagger 17.04.2012 18:09:54.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.3582.3018 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Jagger\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Kaspersky Anti-Virus *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\Jagger\Anwendungsdaten\inst.exe
c:\dokumente und einstellungen\Jagger\WINDOWS
c:\windows\IsUn0407.exe
c:\windows\system\d3d9.dll
c:\windows\system\ddraw.dll
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\ReadMe.txt
c:\windows\unin0407.exe
O:\Setup.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-03-17 bis 2012-04-17 ))))))))))))))))))))))))))))))
.
.
2100-02-08 15:03 . 2001-05-11 10:39 53248 ----a-w- c:\programme\ACMonitor_X73.exe
2012-04-11 16:49 . 2012-04-11 16:49 -------- d-----w- C:\_OTL
2012-04-08 07:11 . 2012-04-08 07:11 -------- d-----w- c:\programme\ESET
2012-04-08 07:04 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-04-08 07:03 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-04-08 07:03 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-04-08 07:03 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-04-08 07:02 . 2012-01-09 16:20 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-06 23:15 . 2010-08-30 13:25 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2009-05-08 17:28 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-05-21 10:32 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2009-05-08 17:43 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2009-05-08 17:43 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2009-05-08 17:43 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2009-05-08 17:43 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-06 23:01 . 2009-05-08 17:43 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-06 23:01 . 2009-05-08 17:43 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 22:58 . 2009-05-08 17:43 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-03-01 11:00 . 2002-08-29 01:43 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:00 . 2002-08-29 01:43 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-03-01 11:00 . 2002-08-29 01:43 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-29 14:09 . 2002-08-29 01:43 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 14:09 . 2001-08-18 19:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 12:17 . 2008-08-31 08:11 385024 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:57 . 2002-08-29 01:23 1860224 ----a-w- c:\windows\system32\win32k.sys
2008-02-14 13:23 . 2008-02-14 13:23 231944 ------w- c:\programme\gwflash.exe
2007-09-21 18:42 . 2007-09-21 18:42 19008 ------w- c:\programme\markfun.a64
2007-08-21 18:49 . 2007-08-21 18:49 17912 ------w- c:\programme\markfun.w32
2007-03-02 03:48 . 2007-03-02 03:48 240448 ------w- c:\programme\gwf32.exe
2006-11-23 22:47 . 2006-11-23 22:47 207680 ------w- c:\programme\BIOS_Run.exe
2005-04-27 18:40 . 2005-04-27 18:40 6800 ------w- c:\programme\W95_HUA.vxd
2001-05-08 15:36 . 2000-12-05 14:56 114688 ----a-w- c:\programme\lxarscan.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\programme\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 16132608]
"nwiz"="nwiz.exe" [2008-12-25 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"36X Raid Configurer"="c:\windows\System32\JMRaidSetup.exe" [2007-02-06 1953792]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
PS2 Keyboard English Edition.lnk - c:\programme\Delux\PS2 Keyboard English Edition\keyboard.exe [2008-3-19 245760]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 02:50 155648 ------w- c:\windows\system32\NeroCheck.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Unreal Tournament 3 (LG)\\Binaries\\UT3.exe"=
"c:\\Programme\\Gamers.IRC\\mirc.exe"=
"c:\\Programme\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=
"c:\\Programme\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.9\\cnc3game.dat"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programme\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Programme\\UT3 Dedicated Server\\Binaries\\UT3.exe"=
"o:\\Programme\\DC++\\DCPlusPlus.exe"=
"o:\\UT2004\\System\\UT2004.exe"=
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [21.05.2009 21:03 130936]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [21.05.2011 12:32 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [08.05.2009 19:43 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [08.05.2009 19:43 20696]
R2 AVMPORT;AVMPORT;c:\windows\system32\drivers\avmport.sys [19.03.2008 20:18 59520]
R2 sdAuxService;PC Tools Auxiliary Service;c:\programme\Spyware Doctor\pctsAuxs.exe [21.05.2009 21:03 348752]
R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [07.10.2007 07:19 1714176]
R3 AVMWAN;AVM NDIS WAN CAPI Treiber;c:\windows\system32\drivers\avmwan.sys [11.09.2002 02:00 37568]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [08.11.2008 16:06 22784]
R3 fpcibase;FRITZ!Card PCI;c:\windows\system32\drivers\fpcibase.sys [11.09.2002 02:00 484176]
S2 gupdate;Google Update-Dienst (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [07.10.2007 01:39 136176]
S3 DIGIRPS;Digi PortServer-Treiber;c:\windows\system32\drivers\digirlpt.sys [19.03.2008 18:26 42880]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [07.10.2007 01:39 136176]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [04.05.2008 10:47 47360]
S3 usb2vcom;USB to Serial Bridge Controller;c:\windows\system32\drivers\usb2vcom.sys [18.06.2009 11:48 30368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 13:04 8192 ----a-w- c:\programme\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2007-10-06 23:39]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2007-10-06 23:39]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uSearchMigratedDefaultURL =
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
Trusted Zone: eset.com\www
TCP: DhcpNameServer = 192.168.1.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-Adobe ARM - c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-AnyDVD - c:\programme\SlySoft\AnyDVD\AnyDVDtray.exe
AddRemove-softonic-de3 Toolbar - c:\programme\softonic-de3\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-04-17 18:13
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1454471165-343818398-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1454471165-343818398-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:2e,68,33,67,62,64,56,2d,5d,d7,5d,34,7b,04,3b,df,77,53,1c,c0,f9,0f,d4,
f8,f8,dd,d2,75,14,b9,55,84,90,e8,e1,f0,89,4c,f1,30,38,c1,87,47,c6,d9,0f,d9,\
"??"=hex:17,0b,e6,a2,3b,f7,5f,c4,6d,d7,95,d7,50,16,5e,2d
.
Zeit der Fertigstellung: 2012-04-17 18:14:29
ComboFix-quarantined-files.txt 2012-04-17 16:14
ComboFix2.txt 2009-05-22 16:00
ComboFix3.txt 2008-05-25 13:53
ComboFix4.txt 2008-05-25 13:02
.
Vor Suchlauf: 5.078.290.432 Bytes frei
Nach Suchlauf: 5.105.422.336 Bytes frei
.
- - End Of File - - 09D1550280D73323324F450743350278
|
|
17.04.2012, 18:53
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierte Registrierungsschlüssel Bitte nun Logs mit GMER und OSAM erstellen und posten.
__________________GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ |
|
18.04.2012, 17:41
| #19 |
| | Infizierte Registrierungsschlüssel GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-04-18 18:15:48
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c WDC_WD5000AAKS-00A7B0 rev.01.03B01
Running: nl8s7dbd.exe; Driver: C:\DOKUME~1\Jagger\LOKALE~1\Temp\uftdypod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB63B7DF8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB646CA5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xB63B885E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB63E4D5D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB63BD2E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB63BD330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB63BD422]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xB9EB5514]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB63BD252]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB9EA4282]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB9EA4474]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB63BD374]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB63BD29A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB63BD3DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB63B7E44]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xB9EB5D00]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xB9EB5FB8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB63BA9A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB63E528E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB63E50F9]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB646CB34]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB63B7AD6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB63B7E90]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB63BAD1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB63B8B02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB63BD30E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB63BD352]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB63BD446]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xB9EB43FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB63BD278]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB63BA518]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB63BD3AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB63BD2C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB63BA74C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB63BD400]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB646CCA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB63E4F74]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB63B89CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB63E4DC6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB9EB6422]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB63E3D84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB63B7EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB63B7F28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB63B7B46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB63B7CEA]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xB9EB57D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB63B7C92]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB63B7D5A]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xB9EA3F32]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB63B7F74]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0xB646CBE0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2CA0 8050453C 8 Bytes JMP EA4474B9
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64A8 4 Bytes CALL B63B919F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC556 5 Bytes JMP B647FC8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FDA 5 Bytes JMP B648174C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8FA8360, 0x35366F, 0xE8000020]
.text win32k.sys!EngFreeUserMem + 674 BF8098F2 5 Bytes JMP B63BC180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D0 BF80C84E 5 Bytes JMP B63BC07C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF8138E6 5 Bytes JMP B63BC036 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C550 5 Bytes JMP B63BB724 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF8240C0 5 Bytes JMP B63BAF84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828A2A 5 Bytes JMP B63BC2EA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF831475 5 Bytes JMP B63BC4F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B68E BF839EB3 5 Bytes JMP B63BBF3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF851745 5 Bytes JMP B63BAE66 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC6A 5 Bytes JMP B63BB7E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E2D4 5 Bytes JMP B63BB384 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E35F 5 Bytes JMP B63BB562 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F5D2 5 Bytes JMP B63BAE4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5457 BF8649A1 5 Bytes JMP B63BC0BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4128 BF873CF0 5 Bytes JMP B63BB51C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF890FA2 5 Bytes JMP B63BB7FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF89454D 5 Bytes JMP B63BC232 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF895025 5 Bytes JMP B63BC450 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 3857 BF89C3CB 5 Bytes JMP B63BB70C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DEC BF89D960 5 Bytes JMP B63BAFF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9E0 BF8C1EE0 5 Bytes JMP B63BB104 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA342 5 Bytes JMP B63BB1AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA5C2 5 Bytes JMP B63BB2E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC017 5 Bytes JMP B63BAD52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + CB3D BF8F5016 5 Bytes JMP B63BB73C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19DF BF913566 5 Bytes JMP B63BAF22 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 25B3 BF91413A 5 Bytes JMP B63BB0B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F2C BF916AB3 5 Bytes JMP B63BB67C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1940 BF946632 5 Bytes JMP B63BC3A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
---- User code sections - GMER 1.0.15 ----
.text C:\Programme\Spyware Doctor\pctsAuxs.exe[128] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Programme\Spyware Doctor\pctsAuxs.exe[128] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Spyware Doctor\pctsAuxs.exe[128] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Programme\Spyware Doctor\pctsAuxs.exe[128] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Spyware Doctor\pctsAuxs.exe[128] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\Programme\Spyware Doctor\pctsAuxs.exe[128] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\Programme\Spyware Doctor\pctsAuxs.exe[128] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\Programme\Spyware Doctor\pctsAuxs.exe[128] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\Programme\Spyware Doctor\pctsAuxs.exe[128] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\Programme\Spyware Doctor\pctsAuxs.exe[128] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\Programme\Spyware Doctor\pctsAuxs.exe[128] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\Programme\Spyware Doctor\pctsAuxs.exe[128] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\Programme\Spyware Doctor\pctsAuxs.exe[128] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\Programme\Spyware Doctor\pctsAuxs.exe[128] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003A0804
.text C:\Programme\Spyware Doctor\pctsAuxs.exe[128] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003A0A08
.text C:\Programme\Spyware Doctor\pctsAuxs.exe[128] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003A0600
.text C:\Programme\Spyware Doctor\pctsAuxs.exe[128] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003A01F8
.text C:\Programme\Spyware Doctor\pctsAuxs.exe[128] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\RTHDCPL.EXE[232] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\RTHDCPL.EXE[232] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[232] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\RTHDCPL.EXE[232] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[232] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00381014
.text C:\WINDOWS\RTHDCPL.EXE[232] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00380804
.text C:\WINDOWS\RTHDCPL.EXE[232] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00380A08
.text C:\WINDOWS\RTHDCPL.EXE[232] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\RTHDCPL.EXE[232] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00380E10
.text C:\WINDOWS\RTHDCPL.EXE[232] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003801F8
.text C:\WINDOWS\RTHDCPL.EXE[232] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\RTHDCPL.EXE[232] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00380600
.text C:\WINDOWS\RTHDCPL.EXE[232] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\WINDOWS\RTHDCPL.EXE[232] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\RTHDCPL.EXE[232] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\WINDOWS\RTHDCPL.EXE[232] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\RTHDCPL.EXE[232] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\WINDOWS\RTHDCPL.EXE[232] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\WINDOWS\system32\RUNDLL32.EXE[248] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\RUNDLL32.EXE[248] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\RUNDLL32.EXE[248] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\RUNDLL32.EXE[248] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\RUNDLL32.EXE[248] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\RUNDLL32.EXE[248] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\RUNDLL32.EXE[248] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\RUNDLL32.EXE[248] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\RUNDLL32.EXE[248] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\RUNDLL32.EXE[248] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\RUNDLL32.EXE[248] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\RUNDLL32.EXE[248] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\RUNDLL32.EXE[248] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\RUNDLL32.EXE[248] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\RUNDLL32.EXE[248] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\RUNDLL32.EXE[248] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\RUNDLL32.EXE[248] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\rundll32.exe[284] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\rundll32.exe[284] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\rundll32.exe[284] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\rundll32.exe[284] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\rundll32.exe[284] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\rundll32.exe[284] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\rundll32.exe[284] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\rundll32.exe[284] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\rundll32.exe[284] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\rundll32.exe[284] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\rundll32.exe[284] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\rundll32.exe[284] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\rundll32.exe[284] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\rundll32.exe[284] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\rundll32.exe[284] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\rundll32.exe[284] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\rundll32.exe[284] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\ctfmon.exe[372] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[372] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[372] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[372] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[372] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\ctfmon.exe[372] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\ctfmon.exe[372] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\ctfmon.exe[372] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\ctfmon.exe[372] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\ctfmon.exe[372] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\ctfmon.exe[372] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\ctfmon.exe[372] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\ctfmon.exe[372] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\ctfmon.exe[372] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\ctfmon.exe[372] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\ctfmon.exe[372] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\ctfmon.exe[372] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002D03FC
.text C:\Programme\Delux\PS2 Keyboard English Edition\keyboard.exe[404] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001401F8
.text C:\Programme\Delux\PS2 Keyboard English Edition\keyboard.exe[404] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Delux\PS2 Keyboard English Edition\keyboard.exe[404] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001403FC
.text C:\Programme\Delux\PS2 Keyboard English Edition\keyboard.exe[404] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Delux\PS2 Keyboard English Edition\keyboard.exe[404] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00381014
.text C:\Programme\Delux\PS2 Keyboard English Edition\keyboard.exe[404] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00380804
.text C:\Programme\Delux\PS2 Keyboard English Edition\keyboard.exe[404] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00380A08
.text C:\Programme\Delux\PS2 Keyboard English Edition\keyboard.exe[404] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00380C0C
.text C:\Programme\Delux\PS2 Keyboard English Edition\keyboard.exe[404] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00380E10
.text C:\Programme\Delux\PS2 Keyboard English Edition\keyboard.exe[404] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003801F8
.text C:\Programme\Delux\PS2 Keyboard English Edition\keyboard.exe[404] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003803FC
.text C:\Programme\Delux\PS2 Keyboard English Edition\keyboard.exe[404] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00380600
.text C:\Programme\Delux\PS2 Keyboard English Edition\keyboard.exe[404] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\Programme\Delux\PS2 Keyboard English Edition\keyboard.exe[404] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\Programme\Delux\PS2 Keyboard English Edition\keyboard.exe[404] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\Programme\Delux\PS2 Keyboard English Edition\keyboard.exe[404] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\Programme\Delux\PS2 Keyboard English Edition\keyboard.exe[404] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\Programme\Delux\PS2 Keyboard English Edition\keyboard.exe[404] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\WINDOWS\System32\smss.exe[688] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[760] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[760] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[760] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[760] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[760] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[760] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[760] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[760] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[760] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[760] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[760] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[760] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[760] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[760] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[760] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[760] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[760] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[800] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[800] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[800] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[800] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[800] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[800] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[800] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[800] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[800] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[800] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[800] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[800] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[800] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[800] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[800] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[800] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[800] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\nvsvc32.exe[876] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\nvsvc32.exe[876] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[876] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\nvsvc32.exe[876] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[876] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\nvsvc32.exe[876] USER32.dll!UnhookWindowsHookEx 7E37D5F3 3 Bytes JMP 00380A08
.text C:\WINDOWS\system32\nvsvc32.exe[876] USER32.dll!UnhookWindowsHookEx + 4 7E37D5F7 1 Byte [82]
.text C:\WINDOWS\system32\nvsvc32.exe[876] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\nvsvc32.exe[876] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\nvsvc32.exe[876] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\nvsvc32.exe[876] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\WINDOWS\system32\nvsvc32.exe[876] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\WINDOWS\system32\nvsvc32.exe[876] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\nvsvc32.exe[876] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\nvsvc32.exe[876] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\nvsvc32.exe[876] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\nvsvc32.exe[876] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\nvsvc32.exe[876] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\nvsvc32.exe[876] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\PnkBstrA.exe[888] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\PnkBstrA.exe[888] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\PnkBstrA.exe[888] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\PnkBstrA.exe[888] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\PnkBstrA.exe[888] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\PnkBstrA.exe[888] USER32.dll!UnhookWindowsHookEx 7E37D5F3 3 Bytes JMP 00380A08
.text C:\WINDOWS\system32\PnkBstrA.exe[888] USER32.dll!UnhookWindowsHookEx + 4 7E37D5F7 1 Byte [82]
.text C:\WINDOWS\system32\PnkBstrA.exe[888] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\PnkBstrA.exe[888] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\PnkBstrA.exe[888] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\PnkBstrA.exe[888] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\WINDOWS\system32\PnkBstrA.exe[888] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\WINDOWS\system32\PnkBstrA.exe[888] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\PnkBstrA.exe[888] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\PnkBstrA.exe[888] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\PnkBstrA.exe[888] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\PnkBstrA.exe[888] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\PnkBstrA.exe[888] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\PnkBstrA.exe[888] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\csrss.exe[924] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[924] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[948] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[948] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[948] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[948] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[948] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\winlogon.exe[948] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[948] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[948] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\winlogon.exe[948] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\winlogon.exe[948] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[948] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[948] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[948] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\winlogon.exe[948] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\winlogon.exe[948] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\winlogon.exe[948] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\winlogon.exe[948] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\services.exe[992] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[992] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[992] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[992] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[992] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\services.exe[992] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[992] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[992] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\services.exe[992] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\services.exe[992] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[992] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[992] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[992] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[992] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[992] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[992] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[992] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\lsass.exe[1004] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[1004] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1004] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[1004] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1004] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[1004] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[1004] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[1004] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[1004] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[1004] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[1004] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[1004] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[1004] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[1004] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[1004] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[1004] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[1004] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\Dokumente und Einstellungen\Jagger\Desktop\nl8s7dbd.exe[1068] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Dokumente und Einstellungen\Jagger\Desktop\nl8s7dbd.exe[1068] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1172] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1172] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1172] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1172] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1172] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1172] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1172] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1172] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[1300] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1300] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1300] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1300] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1300] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1300] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1300] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1300] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1300] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1300] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1300] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1300] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1300] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1300] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1300] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1300] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1300] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[1424] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1424] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1424] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1424] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1424] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1424] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1424] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1424] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\Programme\Alwil Software\Avast5\AvastSvc.exe[1800] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Alwil Software\Avast5\AvastSvc.exe[1800] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Programme\Alwil Software\Avast5\AvastSvc.exe[1800] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1964] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[1964] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1964] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1964] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\Explorer.EXE[1964] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[1964] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[1964] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\Explorer.EXE[1964] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\Explorer.EXE[1964] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[1964] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[1964] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[1964] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\Explorer.EXE[1964] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\Explorer.EXE[1964] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002D0600
.text C:\WINDOWS\Explorer.EXE[1964] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\Explorer.EXE[1964] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\spoolsv.exe[1984] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[1984] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1984] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1984] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\spoolsv.exe[1984] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[1984] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[1984] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\spoolsv.exe[1984] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\spoolsv.exe[1984] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[1984] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\spoolsv.exe[1984] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[1984] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\spoolsv.exe[1984] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\spoolsv.exe[1984] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\spoolsv.exe[1984] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\spoolsv.exe[1984] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[2264] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[2264] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2264] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[2264] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2264] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[2264] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[2264] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\alg.exe[2264] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[2264] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[2264] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\alg.exe[2264] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\alg.exe[2264] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\alg.exe[2264] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\alg.exe[2264] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\alg.exe[2264] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[2264] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[2264] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C0600
.text C:\Programme\Alwil Software\Avast5\AvastUI.exe[2536] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Alwil Software\Avast5\AvastUI.exe[2536] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[3100] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wscntfy.exe[3100] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[3100] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wscntfy.exe[3100] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[3100] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\wscntfy.exe[3100] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\wscntfy.exe[3100] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\wscntfy.exe[3100] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\wscntfy.exe[3100] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\wscntfy.exe[3100] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\system32\wscntfy.exe[3100] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\system32\wscntfy.exe[3100] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\system32\wscntfy.exe[3100] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\system32\wscntfy.exe[3100] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\system32\wscntfy.exe[3100] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\system32\wscntfy.exe[3100] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\wscntfy.exe[3100] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002E0600
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[992] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005E0002
IAT C:\WINDOWS\system32\services.exe[992] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005E0000
IAT C:\Programme\Alwil Software\Avast5\AvastSvc.exe[1800] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Programme\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Programme\Alwil Software\Avast5\AvastUI.exe[2536] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Programme\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
---- EOF - GMER 1.0.15 ----
OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 18:21:07 on 18.04.2012 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl "PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswFsBlk.sys "aswRdr" (aswRdr) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswRdr.sys "aswSnx" (aswSnx) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswSnx.sys "aswSP" (aswSP) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswSP.sys "avast! Asynchronous Virus Monitor" (Aavmker4) - "AVAST Software" - C:\WINDOWS\system32\drivers\Aavmker4.sys "avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswTdi.sys "avast! Standard Shield Support" (aswMon2) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswMon2.sys "AVMPORT" (AVMPORT) - "AVM Berlin" - C:\WINDOWS\System32\drivers\avmport.sys "catchme" (catchme) - ? - C:\DOKUME~1\Jagger\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "gdrv" (gdrv) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\gdrv.sys "giveio" (giveio) - ? - C:\WINDOWS\System32\giveio.sys (File found, but it contains no detailed information) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "nv" (nv) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\nv4_mini.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PCTools KDS" (PCTCore) - "PC Tools" - C:\WINDOWS\System32\drivers\PCTCore.sys "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "speedfan" (speedfan) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\System32\speedfan.sys "StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys (File not found) "Tunebite High-Speed Dubbing" (tbhsd) - "RapidSolution Software AG" - C:\WINDOWS\System32\drivers\tbhsd.sys "uftdypod" (uftdypod) - ? - C:\DOKUME~1\Jagger\LOKALE~1\Temp\uftdypod.sys (Hidden registry entry, rootkit activity | File not found) "USB to Serial Bridge Controller" (usb2vcom) - ? - C:\WINDOWS\System32\Drivers\usb2vcom.sys "VSO Software ezplay" (ezplay) - "VSO Software" - C:\WINDOWS\System32\Drivers\ezplay.sys "VSO Software pcouffin" (pcouffin) - "VSO Software" - C:\WINDOWS\System32\Drivers\pcouffin.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} "PixiePack Codec Pack 1.0.100.0" - ? - C:\Programme\PixiePack Codec Pack\InstallerHelper.exe {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- AutorunsDisabled "AutorunsDisabled" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll {472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Programme\Alwil Software\Avast5\ashShell.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {72923739-5A47-40A3-9895-25AF0DFBB9E4} "Glary Utilities Context Menu Shell Extension" - ? - (File not found | COM-object registry key not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? - (File not found | COM-object registry key not found) {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Programme\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {5d86ddb5-bdf9-441b-9e9e-d4730f4ee499} "BDSCANONLINE Control" - "BitDefender" - C:\WINDOWS\DOWNLO~1\oscan82.ocx / hxxp://download.bitdefender.com/resources/scan8/oscan8.cab DirectAnimation Java Classes "DirectAnimation Java Classes" - ? - (File not found | COM-object registry key not found) / file://C:\WINDOWS\Java\classes\dajava.cab Microsoft XML Parser for Java "Microsoft XML Parser for Java" - ? - (File not found | COM-object registry key not found) / file://C:\WINDOWS\Java\classes\xmldso.cab {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab {17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab {00000161-0000-0010-8000-00AA00389B71} "{00000161-0000-0010-8000-00AA00389B71}" - ? - (File not found | COM-object registry key not found) / hxxp://codecs.microsoft.com/codecs/i386/msaudio.cab {166B1BCA-3F9C-11CF-8075-444553540000} "{166B1BCA-3F9C-11CF-8075-444553540000}" - ? - (File not found | COM-object registry key not found) / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab {41564D57-9980-0010-8000-00AA00389B71} "{41564D57-9980-0010-8000-00AA00389B71}" - ? - (File not found | COM-object registry key not found) / hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "{D27CDB6E-AE6D-11CF-96B8-444553540000}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "avast! WebRep" - "AVAST Software" - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! WebRep" - "AVAST Software" - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "PS2 Keyboard English Edition.lnk" - ? - C:\Programme\Delux\PS2 Keyboard English Edition\Keyboard.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Jagger\Startmenü\Programme\Autostart\desktop.ini -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "36X Raid Configurer" - "Gigabyte Technology Corp." - C:\WINDOWS\System32\JMRaidSetup.exe boot "JMB36X IDE Setup" - ? - C:\WINDOWS\JM\JMInsIDE.exe (File found, but it contains no detailed information) "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup "NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit "nwiz" - "NVIDIA Corporation" - nwiz.exe /install [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Lexmark Network Port" - "Lexmark International, Inc." - C:\WINDOWS\system32\LEXLMPM.DLL [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Programme\Alwil Software\Avast5\AvastSvc.exe "Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe "LexBce Server" (LexBceS) - ? - C:\WINDOWS\system32\LEXBCES.EXE (File not found) "NVIDIA Display Driver Service" (NVSvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe "PC Tools Auxiliary Service" (sdAuxService) - "PC Tools" - C:\Programme\Spyware Doctor\pctsAuxs.exe "PnkBstrA" (PnkBstrA) - ? - C:\WINDOWS\system32\PnkBstrA.exe (File found, but it contains no detailed information) "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
18.04.2012, 17:42
| #20 |
| | Infizierte Registrierungsschlüssel Hi Und noch den aswMBR aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-04-18 18:21:43 ----------------------------- 18:21:43.468 OS Version: Windows 5.1.2600 Service Pack 3 18:21:43.468 Number of processors: 2 586 0xF0B 18:21:43.468 ComputerName: JAEGER UserName: Jagger 18:21:43.656 Initialize success 18:21:46.453 AVAST engine defs: 12041801 18:22:52.890 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 18:22:52.890 Disk 0 Vendor: WDC_WD20EARX-00PASB0 51.0AB51 Size: 1907728MB BusType: 3 18:22:52.953 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c 18:22:52.953 Disk 1 Vendor: WDC_WD5000AAKS-00A7B0 01.03B01 Size: 476938MB BusType: 3 18:22:53.000 Disk 1 MBR read successfully 18:22:53.000 Disk 1 MBR scan 18:22:53.015 Disk 1 Windows XP default MBR code 18:22:53.015 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 49999 MB offset 63 18:22:53.015 Disk 1 Partition - 00 0F Extended LBA 199996 MB offset 102398310 18:22:53.031 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 226941 MB offset 511991550 18:22:53.046 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 199996 MB offset 102398373 18:22:53.046 Disk 1 scanning sectors +976768065 18:22:53.156 Disk 1 scanning C:\WINDOWS\system32\drivers 18:23:08.921 Service scanning 18:23:14.578 Modules scanning 18:23:34.453 Disk 1 trace - called modules: 18:23:34.468 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 18:23:34.468 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8b619ab8] 18:23:34.468 3 CLASSPNP.SYS[ba0f8fd7] -> nt!IofCallDriver -> \Device\00000083[0x8b62af18] 18:23:34.468 5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-c[0x8b677d98] 18:23:34.703 AVAST engine scan C:\WINDOWS 18:23:52.812 AVAST engine scan C:\WINDOWS\system32 18:27:37.203 AVAST engine scan C:\WINDOWS\system32\drivers 18:28:06.125 AVAST engine scan C:\Dokumente und Einstellungen\Jagger 18:30:05.140 AVAST engine scan C:\Dokumente und Einstellungen\All Users 18:30:51.781 Scan finished successfully 18:31:55.500 Disk 1 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Jagger\Desktop\MBR.dat" 18:31:55.500 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Jagger\Desktop\aswMBR.txt" Jagger |
|
18.04.2012, 21:03
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierte Registrierungsschlüssel Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ --> Infizierte Registrierungsschlüssel |
|
19.04.2012, 19:40
| #22 |
| | Infizierte Registrierungsschlüssel Hi Hier noch die beiden log Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.04.19.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Jagger :: JAEGER [Administrator] Schutz: Deaktiviert 19.04.2012 17:18:47 mbam-log-2012-04-19 (17-18-47).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 273851 Laufzeit: 31 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 04/19/2012 at 07:30 PM
Application Version : 5.0.1146
Core Rules Database Version : 8481
Trace Rules Database Version: 6293
Scan type : Quick Scan
Total Scan Time : 00:02:25
Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 472
Memory threats detected : 0
Registry items scanned : 32647
Registry threats detected : 0
File items scanned : 7266
File threats detected : 4
Adware.Tracking Cookie
C:\Dokumente und Einstellungen\Jagger\Cookies\ECDUM6S5.txt [ /c.atdmt.com ]
C:\Dokumente und Einstellungen\Jagger\Cookies\YKATFSBP.txt [ /serving-sys.com ]
C:\Dokumente und Einstellungen\Jagger\Cookies\1Q9SEMUV.txt [ /atdmt.com ]
C:\Dokumente und Einstellungen\Jagger\Cookies\1185I5VJ.txt [ /bs.serving-sys.com ]
|
|
19.04.2012, 19:55
| #23 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierte RegistrierungsschlüsselZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Infizierte Registrierungsschlüssel |
| about, administrator, anti-malware, autostart, data, dateien, dateisystem, explorer, file, gelöscht, gen, heuristiks/extra, heuristiks/shuriken, image, infizierte, laptop, malwarebytes, microsoft, programme, pup.offerbundler.st, pup.spyware.marketscore, quarantäne, relevantknowledge, security, service pack 3, software, speicher, system volume information, test, _restore |
