| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: SMART_HDD und schwarzer BildschirmWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.04.2012, 10:46
| #31 |
 |  SMART_HDD und schwarzer Bildschirm So, geschafft: GMER GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-04-14 09:35:41
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0
Running: x2qt5p9s.exe; Driver: C:\Users\Mini-ZZ\AppData\Local\Temp\pxliyfoc.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8B957DF8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8C443A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8B95885E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8B95D2E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8B95D330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8B95D422]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8B95D252]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8B95D374]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8B95D29A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8B95D3DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8B957E44]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8C443B34]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8B957AD6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8B957E90]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8B95AD1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8B958B02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8B95D30E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8B95D352]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8B95D446]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8B95D278]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8B95D3AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8B95D2C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8B95D400]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8C443CA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8B9589CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8B957EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8B957F28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8B957B46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8B957CEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8B957C92]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8B957D5A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x8C443D60]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8B957F74]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8C443BE0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8C459D92]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKey + 13C1 81C913D9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81CCAD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 81CD1DC0 4 Bytes [F8, 7D, 95, 8B]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 81CD1DE8 4 Bytes [5A, 3A, 44, 8C]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 81CD1E48 4 Bytes [5E, 88, 95, 8B]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 81CD1E9C 8 Bytes [E4, D2, 95, 8B, 30, D3, 95, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 81CD1EA8 4 Bytes JMP 95D42281
.text ...
.text kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
---- User code sections - GMER 1.0.15 ----
.text C:\ProgramData\DatacardService\DCService.exe[268] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 001603FC
.text C:\ProgramData\DatacardService\DCService.exe[268] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 001601F8
.text C:\ProgramData\DatacardService\DCService.exe[268] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\ProgramData\DatacardService\DCService.exe[268] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 001F0A08
.text C:\ProgramData\DatacardService\DCService.exe[268] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 001F03FC
.text C:\ProgramData\DatacardService\DCService.exe[268] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 001F0804
.text C:\ProgramData\DatacardService\DCService.exe[268] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 001F01F8
.text C:\ProgramData\DatacardService\DCService.exe[268] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\csrss.exe[448] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe[464] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 001603FC
.text C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe[464] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 001601F8
.text C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe[464] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe[464] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00180A08
.text C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe[464] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 001803FC
.text C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe[464] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00180804
.text C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe[464] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 001801F8
.text C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe[464] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00180600
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[496] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[504] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[504] ntdll.dll!LdrLoadDll 7777223E 3 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[504] ntdll.dll!LdrLoadDll + 4 77772242 1 Byte [88]
.text C:\Windows\system32\wininit.exe[504] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[504] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 000C0A08
.text C:\Windows\system32\wininit.exe[504] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 000C03FC
.text C:\Windows\system32\wininit.exe[504] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 000C0804
.text C:\Windows\system32\wininit.exe[504] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 000C01F8
.text C:\Windows\system32\wininit.exe[504] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 000C0600
.text C:\Windows\system32\csrss.exe[512] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\ProgramData\DatacardService\DCSHelper.exe[552] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 001603FC
.text C:\ProgramData\DatacardService\DCSHelper.exe[552] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 001601F8
.text C:\ProgramData\DatacardService\DCSHelper.exe[552] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\ProgramData\DatacardService\DCSHelper.exe[552] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00200A08
.text C:\ProgramData\DatacardService\DCSHelper.exe[552] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 002003FC
.text C:\ProgramData\DatacardService\DCSHelper.exe[552] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00200804
.text C:\ProgramData\DatacardService\DCSHelper.exe[552] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 002001F8
.text C:\ProgramData\DatacardService\DCSHelper.exe[552] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00200600
.text C:\Windows\system32\services.exe[560] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\services.exe[560] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\services.exe[560] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\lsass.exe[592] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsass.exe[592] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsass.exe[592] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\lsm.exe[600] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsm.exe[600] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsm.exe[600] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[608] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[608] ntdll.dll!LdrLoadDll 7777223E 3 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[608] ntdll.dll!LdrLoadDll + 4 77772242 1 Byte [88]
.text C:\Windows\system32\winlogon.exe[608] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[608] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00050A08
.text C:\Windows\system32\winlogon.exe[608] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 000503FC
.text C:\Windows\system32\winlogon.exe[608] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00050804
.text C:\Windows\system32\winlogon.exe[608] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 000501F8
.text C:\Windows\system32\winlogon.exe[608] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00050600
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[672] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[672] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[672] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[672] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00080A08
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[672] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 000803FC
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[672] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00080804
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[672] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 000801F8
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[672] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[744] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[744] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[744] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[840] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[840] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[840] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[892] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[892] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[892] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[892] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00180A08
.text C:\Windows\System32\svchost.exe[892] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 001803FC
.text C:\Windows\System32\svchost.exe[892] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00180804
.text C:\Windows\System32\svchost.exe[892] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 001801F8
.text C:\Windows\System32\svchost.exe[892] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00180600
.text C:\Windows\System32\svchost.exe[972] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[972] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[972] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[972] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00470A08
.text C:\Windows\System32\svchost.exe[972] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 004703FC
.text C:\Windows\System32\svchost.exe[972] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00470804
.text C:\Windows\System32\svchost.exe[972] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 004701F8
.text C:\Windows\System32\svchost.exe[972] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00470600
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1000] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00540A08
.text C:\Windows\system32\svchost.exe[1000] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 005403FC
.text C:\Windows\system32\svchost.exe[1000] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00540804
.text C:\Windows\system32\svchost.exe[1000] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 005401F8
.text C:\Windows\system32\svchost.exe[1000] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00540600
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1028] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1028] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1028] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1028] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 000F0A08
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1028] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 000F03FC
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1028] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 000F0804
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1028] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 000F01F8
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1028] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 000F0600
.text C:\Program Files\IDT\WDM\STacSV.exe[1060] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 001603FC
.text C:\Program Files\IDT\WDM\STacSV.exe[1060] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 001601F8
.text C:\Program Files\IDT\WDM\STacSV.exe[1060] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Program Files\IDT\WDM\STacSV.exe[1060] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00200A08
.text C:\Program Files\IDT\WDM\STacSV.exe[1060] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 002003FC
.text C:\Program Files\IDT\WDM\STacSV.exe[1060] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00200804
.text C:\Program Files\IDT\WDM\STacSV.exe[1060] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 002001F8
.text C:\Program Files\IDT\WDM\STacSV.exe[1060] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00200600
.text C:\Windows\system32\AUDIODG.EXE[1156] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[1248] KERNEL32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1256] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1256] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1256] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 001E0A08
.text C:\Windows\system32\svchost.exe[1256] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 001E03FC
.text C:\Windows\system32\svchost.exe[1256] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 001E0804
.text C:\Windows\system32\svchost.exe[1256] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 001E01F8
.text C:\Windows\system32\svchost.exe[1256] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 001E0600
.text C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[1300] KERNEL32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[1444] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\Dwm.exe[1444] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\Dwm.exe[1444] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[1444] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 000F0A08
.text C:\Windows\system32\Dwm.exe[1444] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 000F03FC
.text C:\Windows\system32\Dwm.exe[1444] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 000F0804
.text C:\Windows\system32\Dwm.exe[1444] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 000F01F8
.text C:\Windows\system32\Dwm.exe[1444] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 000F0600
.text C:\Windows\system32\svchost.exe[1488] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1488] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1488] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1488] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 003E0A08
.text C:\Windows\system32\svchost.exe[1488] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 003E03FC
.text C:\Windows\system32\svchost.exe[1488] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 003E0804
.text C:\Windows\system32\svchost.exe[1488] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 003E01F8
.text C:\Windows\system32\svchost.exe[1488] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 003E0600
.text C:\Windows\Explorer.EXE[1532] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Windows\Explorer.EXE[1532] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Windows\Explorer.EXE[1532] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\Explorer.EXE[1532] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00120A08
.text C:\Windows\Explorer.EXE[1532] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 001203FC
.text C:\Windows\Explorer.EXE[1532] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00120804
.text C:\Windows\Explorer.EXE[1532] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 001201F8
.text C:\Windows\Explorer.EXE[1532] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00120600
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1588] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00310A08
.text C:\Windows\system32\svchost.exe[1588] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 003103FC
.text C:\Windows\system32\svchost.exe[1588] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00310804
.text C:\Windows\system32\svchost.exe[1588] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 003101F8
.text C:\Windows\system32\svchost.exe[1588] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00310600
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1640] kernel32.dll!SetUnhandledExceptionFilter 7637F4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1640] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe[1684] KERNEL32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1748] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Windows\System32\spoolsv.exe[1748] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Windows\System32\spoolsv.exe[1748] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1748] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00100A08
.text C:\Windows\System32\spoolsv.exe[1748] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 001003FC
.text C:\Windows\System32\spoolsv.exe[1748] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00100804
.text C:\Windows\System32\spoolsv.exe[1748] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 001001F8
.text C:\Windows\System32\spoolsv.exe[1748] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00100600
.text C:\Windows\system32\taskhost.exe[1760] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskhost.exe[1760] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskhost.exe[1760] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[1760] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 000E0A08
.text C:\Windows\system32\taskhost.exe[1760] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 000E03FC
.text C:\Windows\system32\taskhost.exe[1760] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 000E0804
.text C:\Windows\system32\taskhost.exe[1760] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 000E01F8
.text C:\Windows\system32\taskhost.exe[1760] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 000E0600
.text C:\Program Files\IDT\WDM\aestsrv.exe[1888] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 001603FC
.text C:\Program Files\IDT\WDM\aestsrv.exe[1888] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 001601F8
.text C:\Program Files\IDT\WDM\aestsrv.exe[1888] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Program Files\Microsoft\BingBar\BBSvc.EXE[1928] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Microsoft\BingBar\BBSvc.EXE[1928] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Program Files\Microsoft\BingBar\BBSvc.EXE[1928] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Program Files\Microsoft\BingBar\BBSvc.EXE[1928] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00140A08
.text C:\Program Files\Microsoft\BingBar\BBSvc.EXE[1928] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 001403FC
.text C:\Program Files\Microsoft\BingBar\BBSvc.EXE[1928] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00140804
.text C:\Program Files\Microsoft\BingBar\BBSvc.EXE[1928] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 001401F8
.text C:\Program Files\Microsoft\BingBar\BBSvc.EXE[1928] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00140600
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1960] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1960] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1960] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1960] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1960] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 001003FC
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1960] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00100804
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1960] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 001001F8
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1960] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00100600
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2340] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2340] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2340] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2340] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00110A08
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2340] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 001103FC
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2340] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00110804
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2340] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 001101F8
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2340] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00110600
.text C:\Windows\system32\svchost.exe[2436] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[2436] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[2436] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2484] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[2484] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[2484] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2484] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00210A08
.text C:\Windows\System32\svchost.exe[2484] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 002103FC
.text C:\Windows\System32\svchost.exe[2484] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00210804
.text C:\Windows\System32\svchost.exe[2484] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 002101F8
.text C:\Windows\System32\svchost.exe[2484] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00210600
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2536] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2536] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2536] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2536] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 001A0A08
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2536] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 001A03FC
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2536] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 001A0804
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2536] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 001A01F8
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2536] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 001A0600
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2616] KERNEL32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\System32\igfxtray.exe[2724] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 001603FC
.text C:\Windows\System32\igfxtray.exe[2724] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 001601F8
.text C:\Windows\System32\igfxtray.exe[2724] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\System32\igfxtray.exe[2724] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00200A08
.text C:\Windows\System32\igfxtray.exe[2724] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 002003FC
.text C:\Windows\System32\igfxtray.exe[2724] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00200804
.text C:\Windows\System32\igfxtray.exe[2724] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 002001F8
.text C:\Windows\System32\igfxtray.exe[2724] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00200600
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2744] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2744] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 001601F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2744] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2744] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2744] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 001F03FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2744] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 001F0804
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2744] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2744] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 001F0600
.text C:\Windows\System32\hkcmd.exe[2836] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 001603FC
.text C:\Windows\System32\hkcmd.exe[2836] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 001601F8
.text C:\Windows\System32\hkcmd.exe[2836] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\System32\hkcmd.exe[2836] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00190A08
.text C:\Windows\System32\hkcmd.exe[2836] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 001903FC
.text C:\Windows\System32\hkcmd.exe[2836] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00190804
.text C:\Windows\System32\hkcmd.exe[2836] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 001901F8
.text C:\Windows\System32\hkcmd.exe[2836] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00190600
.text C:\Windows\System32\igfxpers.exe[2852] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 001603FC
.text C:\Windows\System32\igfxpers.exe[2852] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 001601F8
.text C:\Windows\System32\igfxpers.exe[2852] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\System32\igfxpers.exe[2852] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00210A08
.text C:\Windows\System32\igfxpers.exe[2852] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 002103FC
.text C:\Windows\System32\igfxpers.exe[2852] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00210804
.text C:\Windows\System32\igfxpers.exe[2852] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 002101F8
.text C:\Windows\System32\igfxpers.exe[2852] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00210600
.text C:\Program Files\IDT\WDM\sttray.exe[2896] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 001603FC
.text C:\Program Files\IDT\WDM\sttray.exe[2896] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 001601F8
.text C:\Program Files\IDT\WDM\sttray.exe[2896] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Program Files\IDT\WDM\sttray.exe[2896] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\IDT\WDM\sttray.exe[2896] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 001F03FC
.text C:\Program Files\IDT\WDM\sttray.exe[2896] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 001F0804
.text C:\Program Files\IDT\WDM\sttray.exe[2896] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\IDT\WDM\sttray.exe[2896] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2944] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2944] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 001601F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2944] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2944] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2944] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 001F03FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2944] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 001F0804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2944] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2944] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[2952] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[2952] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[2952] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[2952] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[2952] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 001F03FC
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[2952] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 001F0804
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[2952] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[2952] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3104] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3104] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 001601F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3104] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3104] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00180A08
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3104] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 001803FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3104] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00180804
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3104] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 001801F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3104] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00180600
.text C:\Windows\system32\igfxsrvc.exe[3144] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 001603FC
.text C:\Windows\system32\igfxsrvc.exe[3144] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 001601F8
.text C:\Windows\system32\igfxsrvc.exe[3144] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\igfxsrvc.exe[3144] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00180A08
.text C:\Windows\system32\igfxsrvc.exe[3144] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 001803FC
.text C:\Windows\system32\igfxsrvc.exe[3144] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00180804
.text C:\Windows\system32\igfxsrvc.exe[3144] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 001801F8
.text C:\Windows\system32\igfxsrvc.exe[3144] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00180600
.text C:\Users\Mini-ZZ\Downloads\x2qt5p9s.exe[3172] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3204] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3216] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 002603FC
.text C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3216] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 002601F8
.text C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3216] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3216] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00330A08
.text C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3216] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 003303FC
.text C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3216] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00330804
.text C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3216] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 003301F8
.text C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3216] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00330600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3224] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3224] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3224] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3224] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00220A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3224] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 002203FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3224] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00220804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3224] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 002201F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3224] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00220600
.text C:\Windows\system32\conhost.exe[3292] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000303FC
.text C:\Windows\system32\conhost.exe[3292] ntdll.dll!LdrLoadDll 7777223E 3 Bytes JMP 000301F8
.text C:\Windows\system32\conhost.exe[3292] ntdll.dll!LdrLoadDll + 4 77772242 1 Byte [88]
.text C:\Windows\system32\conhost.exe[3292] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\conhost.exe[3292] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 000C0A08
.text C:\Windows\system32\conhost.exe[3292] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 000C03FC
.text C:\Windows\system32\conhost.exe[3292] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 000C0804
.text C:\Windows\system32\conhost.exe[3292] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 000C01F8
.text C:\Windows\system32\conhost.exe[3292] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 000C0600
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3428] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3428] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3428] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3428] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 000A0A08
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3428] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 000A03FC
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3428] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 000A0804
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3428] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 000A01F8
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3428] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 000A0600
.text C:\Windows\system32\wbem\wmiprvse.exe[3584] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\ctfmon.exe[3604] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[3704] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\wbem\wmiprvse.exe[3704] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3704] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[3704] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00100A08
.text C:\Windows\system32\wbem\wmiprvse.exe[3704] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 001003FC
.text C:\Windows\system32\wbem\wmiprvse.exe[3704] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00100804
.text C:\Windows\system32\wbem\wmiprvse.exe[3704] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 001001F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3704] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00100600
.text C:\Windows\system32\SearchIndexer.exe[3760] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\SearchIndexer.exe[3760] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\SearchIndexer.exe[3760] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3760] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00090A08
.text C:\Windows\system32\SearchIndexer.exe[3760] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 000903FC
.text C:\Windows\system32\SearchIndexer.exe[3760] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00090804
.text C:\Windows\system32\SearchIndexer.exe[3760] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 000901F8
.text C:\Windows\system32\SearchIndexer.exe[3760] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00090600
.text C:\Windows\system32\svchost.exe[3920] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000A03FC
.text C:\Windows\system32\svchost.exe[3920] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000A01F8
.text C:\Windows\system32\svchost.exe[3920] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3972] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[3972] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[3972] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3972] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00230A08
.text C:\Windows\system32\svchost.exe[3972] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 002303FC
.text C:\Windows\system32\svchost.exe[3972] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00230804
.text C:\Windows\system32\svchost.exe[3972] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 002301F8
.text C:\Windows\system32\svchost.exe[3972] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00230600
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4004] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4004] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 001601F8
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4004] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4004] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00190A08
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4004] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 001903FC
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4004] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00190804
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4004] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 001901F8
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4004] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00190600
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1640] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7136F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[3204] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7136F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3216] @ C:\Windows\system32\ADVAPI32.DLL [KERNEL32.dll!GetProcAddress] [7575FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3216] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7575FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3216] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7575FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3216] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7575FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3216] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [7575FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3216] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [7575FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000050 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
und OSAM OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 11:27:35 on 14.04.2012 OS: Windows 7 Starter Edition Service Pack 1 (Build 7601), 32-bit Default Browser: Mozilla Corporation Firefox 11.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "HP Documentation.cpl" - "Hewlett-Packard" - C:\Windows\system32\HP Documentation.cpl "HPWA.cpl" - "Hewlett-Packard" - C:\Windows\system32\HPWA.cpl "QuickWebConfTool.cpl" - "DeviceVM, Inc." - C:\Windows\system32\QuickWebConfTool.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\Windows\system32\drivers\aswFsBlk.sys "aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys "aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\System32\Drivers\aswrdr2.sys "aswSnx" (aswSnx) - "AVAST Software" - C:\Windows\system32\drivers\aswSnx.sys "aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys "avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\Windows\system32\drivers\aswTdi.sys "catchme" (catchme) - ? - C:\Users\Mini-ZZ\AppData\Local\Temp\catchme.sys (File not found) "Sftfs" (Sftfs) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftfslh.sys "Sftplay" (Sftplay) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftplaylh.sys "Sftredir" (Sftredir) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftredirlh.sys "Sftvol" (Sftvol) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftvollh.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {4FB2407C-C8E4-BBC8-BB1C-FCCB2EF5914B} "StubPath" - "ArcSoft Inc." - C:\Program Files\Hewlett-Packard\HP Media Suite\Home\HPMediaSuite.exe "/installer" -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\ashShell.dll {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL {5FCD4425-CA3A-48F4-A57C-B8A75C32ACB1} "NSE_WithSubFld" - ? - C:\Program Files\Hewlett-Packard\Recovery\Protect.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll {E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll {E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll {E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll {622AFE52-33F6-4D9F-9966-E0BC52D7D69D} "Zecter" - "Versionate Inc." - C:\Program Files\Hewlett-Packard\HP CloudDrive\ShellExt.dll {855156F0-2A0F-11DE-8C30-0800200C9A66} "Zecter" - "Versionate Inc." - C:\Program Files\Hewlett-Packard\HP CloudDrive\ShellExt.dll {B3C78E40-6B64-47C3-AE34-60B770881EB8} "Zecter" - "Versionate Inc." - C:\Program Files\Hewlett-Packard\HP CloudDrive\ShellExt.dll {D25B32FE-CB96-491A-98FF-AD59DA382D69} "Zecter" - "Versionate Inc." - C:\Program Files\Hewlett-Packard\HP CloudDrive\ShellExt.dll {E032716F-2E0A-4CCB-9FEB-BF2090B035DF} "Zecter" - "Versionate Inc." - C:\Program Files\Hewlett-Packard\HP CloudDrive\ShellExt.dll {EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5} "Zecter" - "Versionate Inc." - C:\Program Files\Hewlett-Packard\HP CloudDrive\ShellExt.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} "Add to Evernote" - "Evernote Corporation" - C:\Program Files\Evernote\Evernote3.5\enbar.dll {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Mini-ZZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "HP Media Suite.lnk" - "ArcSoft Inc." - C:\Program Files\Hewlett-Packard\HP Media Suite\Home\ArcStart.exe (Shortcut exists | File exists) -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "avast" - "AVAST Software" - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui "HP Quick Launch" - "Hewlett-Packard Company" - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe "HPWirelessAssistant" - ? - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden (File found, but it contains no detailed information) "IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "ZumoDrive" - ? - "C:\Program Files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Application Virtualization Client" (sftlist) - "Microsoft Corporation" - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe "Application Virtualization Service Agent" (sftvsa) - "Microsoft Corporation" - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe "avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\AVAST Software\Avast\AvastSvc.exe "BBUpdate" (BBUpdate) - "Microsoft Corporation" - C:\Program Files\Microsoft\BingBar\SeaPort.EXE "Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BBSvc.EXE "Client Virtualization Handler" (cvhsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE "DCService.exe" (DCService.exe) - ? - C:\ProgramData\DatacardService\DCService.exe "DeviceVM Meta Data Export Service" (DvmMDES) - "DeviceVM, Inc." - C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe "GameConsoleService" (GameConsoleService) - "WildTangent, Inc." - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe "HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard Company" - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe "HP Quick Synchronization Service" (HPDrvMntSvc.exe) - "Hewlett-Packard Company" - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe "HP Software Framework Service" (hpqwmiex) - "Hewlett-Packard Company" - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe "HP Wireless Assistant Service" (HP Wireless Assistant Service) - "Hewlett-Packard Company" - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe "HPWMISVC" (HPWMISVC) - ? - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code] und aswMBR Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-14 11:31:38
-----------------------------
11:31:38.618 OS Version: Windows 6.1.7601 Service Pack 1
11:31:38.618 Number of processors: 2 586 0x1C0A
11:31:38.618 ComputerName: HP-MINI-ZZ UserName: Mini-ZZ
11:31:44.843 Initialize success
11:31:45.841 AVAST engine defs: 12041301
11:32:20.832 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
11:32:20.848 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
11:32:20.879 Disk 0 MBR read successfully
11:32:20.894 Disk 0 MBR scan
11:32:20.894 Disk 0 unknown MBR code
11:32:20.910 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
11:32:20.941 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 220817 MB offset 409600
11:32:20.972 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17354 MB offset 452642816
11:32:21.004 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808
11:32:21.035 Disk 0 scanning sectors +488395120
11:32:21.097 Disk 0 scanning C:\Windows\system32\drivers
11:32:42.890 Service scanning
11:33:24.152 Modules scanning
11:33:55.134 Disk 0 trace - called modules:
11:33:55.197 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
11:33:55.212 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85575030]
11:33:55.243 3 CLASSPNP.SYS[887b359e] -> nt!IofCallDriver -> [0x84b46890]
11:33:55.259 5 ACPI.sys[8808c3d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84b35028]
11:33:59.346 AVAST engine scan C:\Windows
11:34:07.552 AVAST engine scan C:\Windows\system32
11:37:39.463 AVAST engine scan C:\Windows\system32\drivers
11:38:00.632 AVAST engine scan C:\Users\Mini-ZZ
11:39:11.097 AVAST engine scan C:\ProgramData
11:42:02.604 Scan finished successfully
11:44:09.323 Disk 0 MBR has been saved successfully to "C:\Users\Mini-ZZ\Desktop\MBR.dat"
11:44:09.338 The log file has been saved successfully to "C:\Users\Mini-ZZ\Desktop\aswMBR.txt"
|
|
15.04.2012, 15:38
| #32 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | SMART_HDD und schwarzer Bildschirm Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.
__________________Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ |
|
18.04.2012, 15:09
| #33 |
| | SMART_HDD und schwarzer Bildschirm o.k. wo sieht es nun nach dem Fix aus:
__________________Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-18 15:49:38
-----------------------------
15:49:38.736 OS Version: Windows 6.1.7601 Service Pack 1
15:49:38.736 Number of processors: 2 586 0x1C0A
15:49:38.752 ComputerName: HP-MINI-ZZ UserName: Mini-ZZ
15:50:07.315 Initialize success
15:50:07.612 AVAST engine defs: 12041800
15:50:18.454 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
15:50:18.454 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
15:50:18.516 Disk 0 MBR read successfully
15:50:18.532 Disk 0 MBR scan
15:50:18.547 Disk 0 Windows 7 default MBR code
15:50:18.579 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
15:50:18.594 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 220817 MB offset 409600
15:50:18.641 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17354 MB offset 452642816
15:50:18.688 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808
15:50:18.750 Disk 0 scanning sectors +488395120
15:50:18.937 Disk 0 scanning C:\Windows\system32\drivers
15:50:43.913 Service scanning
15:51:21.447 Modules scanning
15:52:19.962 Disk 0 trace - called modules:
15:52:20.025 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
15:52:20.056 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85575030]
15:52:20.072 3 CLASSPNP.SYS[887b159e] -> nt!IofCallDriver -> [0x84b45b90]
15:52:20.087 5 ACPI.sys[880af3d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84b35028]
15:52:24.034 AVAST engine scan C:\Windows
15:52:38.074 AVAST engine scan C:\Windows\system32
15:57:23.539 AVAST engine scan C:\Windows\system32\drivers
15:57:44.568 AVAST engine scan C:\Users\Mini-ZZ
15:58:52.631 AVAST engine scan C:\ProgramData
16:01:00.411 Scan finished successfully
16:05:37.748 Disk 0 MBR has been saved successfully to "C:\Users\Mini-ZZ\Desktop\MBR.dat"
16:05:37.779 The log file has been saved successfully to "C:\Users\Mini-ZZ\Desktop\aswMBR_2.txt"
|
|
18.04.2012, 20:36
| #34 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SMART_HDD und schwarzer Bildschirm Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
| Themen zu SMART_HDD und schwarzer Bildschirm |
| angebliche, avast, bildschirm, dateisystem, explorer, fehlermeldungen, festplatte, gen, hallo zusammen, heuristiks/extra, heuristiks/shuriken, maus, maustaste, mozilla, papierkorb, platte, rechte, scan, scanner, schwarze, schwarzer, schwarzer bildschirm, situation, smart, windows, windows 7, windows 7 starter, zusammen, öffnen |
Linear-Darstellung
