Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 15.06.2012, 11:47   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist? - Standard

Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist?



Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.06.2012, 18:47   #17
ph.ie
 
Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist? - Standard

Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist?



Code:
ATTFilter
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-15 18:21:05
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEKT-60V5T1 rev.12.01A12
Running: 5e0nkd9m.exe; Driver: C:\Users\Phie\AppData\Local\Temp\kwldapow.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                        ZwAddBootEntry [0x8EA55DF8]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                        ZwAllocateVirtualMemory [0x8F526A5A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                        ZwAssignProcessToJobObject [0x8EA5685E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                        ZwCreateEvent [0x8EA5B2E4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                        ZwCreateEventPair [0x8EA5B330]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                        ZwCreateIoCompletion [0x8EA5B422]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                        ZwCreateMutant [0x8EA5B252]
SSDT            8F2E8B9E                                                                                                                                     ZwCreateSection
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                        ZwCreateSemaphore [0x8EA5B29A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                        ZwCreateTimer [0x8EA5B3DC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                        ZwDeleteBootEntry [0x8EA55E44]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                        ZwFreeVirtualMemory [0x8F526B34]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                        ZwLoadDriver [0x8EA55AD6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                        ZwModifyBootEntry [0x8EA55E90]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                        ZwNotifyChangeKey [0x8EA58D1C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                        ZwNotifyChangeMultipleKeys [0x8EA56B02]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                        ZwOpenEvent [0x8EA5B30E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                        ZwOpenEventPair [0x8EA5B352]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                        ZwOpenIoCompletion [0x8EA5B446]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                        ZwOpenMutant [0x8EA5B278]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                        ZwOpenSection [0x8EA5B3AE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                        ZwOpenSemaphore [0x8EA5B2C2]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                        ZwOpenTimer [0x8EA5B400]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                        ZwProtectVirtualMemory [0x8F526CA0]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                        ZwQueryObject [0x8EA569CE]
SSDT            8F2E8BA8                                                                                                                                     ZwRequestWaitReplyPort
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                        ZwSetBootEntryOrder [0x8EA55EDC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                        ZwSetBootOptions [0x8EA55F28]
SSDT            8F2E8BA3                                                                                                                                     ZwSetContextThread
SSDT            8F2E8BAD                                                                                                                                     ZwSetSecurityObject
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                        ZwSetSystemInformation [0x8EA55B46]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                        ZwSetSystemPowerState [0x8EA55CEA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                        ZwShutdownSystem [0x8EA55C92]
SSDT            8F2E8BB2                                                                                                                                     ZwSystemDebugControl
SSDT            8F2E8B3F                                                                                                                                     ZwTerminateProcess
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                        ZwVdmControl [0x8EA55F74]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                        ZwWriteVirtualMemory [0x8F526BE0]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                        ZwCreateProcessEx [0x8F53CD92]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                        ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                                                     82E803C9 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                       82EB9D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10CB                                                                                                          82EC0D80 4 Bytes  [F8, 5D, A5, 8E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10F3                                                                                                          82EC0DA8 4 Bytes  [5A, 6A, 52, 8F]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1153                                                                                                          82EC0E08 4 Bytes  [5E, 68, A5, 8E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11A7                                                                                                          82EC0E5C 8 Bytes  [E4, B2, A5, 8E, 30, B3, A5, ...]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11B3                                                                                                          82EC0E68 4 Bytes  [22, B4, A5, 8E]
.text           ...                                                                                                                                          
PAGE            ntkrnlpa.exe!ObMakeTemporaryObject                                                                                                           8304DC64 5 Bytes  JMP 8F539C8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ObInsertObject + 27                                                                                                             83066290 5 Bytes  JMP 8F53B764 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108                                                                                                  8307B3D7 4 Bytes  CALL 8EA571B5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE            ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122                                                                                                 830951E0 4 Bytes  CALL 8EA571CB \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE            ntkrnlpa.exe!ZwCreateProcessEx                                                                                                               8311F11A 7 Bytes  JMP 8F53CD96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text           C:\windows\system32\DRIVERS\atikmdag.sys                                                                                                     section is writeable [0x8FC0E000, 0x2D51CE, 0xE8000020]
.text           C:\windows\system32\DRIVERS\atksgt.sys                                                                                                       section is writeable [0xAB7AA300, 0x3B6D8, 0xE8000020]
.text           C:\windows\system32\DRIVERS\lirsgt.sys                                                                                                       section is writeable [0xAB7ED300, 0x1BEE, 0xE8000020]
.text           kernel32.dll!GetBinaryTypeW + 70                                                                                                             771D69F4 1 Byte  [62]
.text           user32.dll!UnhookWindowsHookEx                                                                                                               767EADF9 5 Bytes  [E9, 0A, 5C, A3, 89] {JMP 0xffffffff89a35c0f}
.text           user32.dll!UnhookWinEvent                                                                                                                    767EB750 5 Bytes  [E9, A7, 4C, A3, 89] {JMP 0xffffffff89a34cac}
.text           user32.dll!SetWindowsHookExW                                                                                                                 767EE30C 5 Bytes  [E9, F3, 24, A3, 89] {JMP 0xffffffff89a324f8}
.text           user32.dll!SetWinEventHook                                                                                                                   767F24DC 5 Bytes  [E9, 17, DD, A2, 89] {JMP 0xffffffff89a2dd1c}
.text           user32.dll!SetWindowsHookExA                                                                                                                 76816D0C 5 Bytes  [E9, EF, 98, A0, 89] {JMP 0xffffffff89a098f4}

---- User code sections - GMER 1.0.15 ----

.text           C:\windows\system32\csrss.exe[432] kernel32.dll!GetBinaryTypeW + 70                                                                          771D69F4 1 Byte  [62]
.text           C:\Program Files\Avira\AntiVir Desktop\avguard.exe[440] ntdll.dll!LdrUnloadDll                                                               772AC86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Avira\AntiVir Desktop\avguard.exe[440] ntdll.dll!LdrLoadDll                                                                 772B223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Avira\AntiVir Desktop\avguard.exe[440] kernel32.dll!GetBinaryTypeW + 70                                                     771D69F4 1 Byte  [62]
.text           C:\Program Files\Avira\AntiVir Desktop\avguard.exe[440] USER32.dll!UnhookWindowsHookEx                                                       767EADF9 5 Bytes  JMP 00210A08 
.text           C:\Program Files\Avira\AntiVir Desktop\avguard.exe[440] USER32.dll!UnhookWinEvent                                                            767EB750 5 Bytes  JMP 002103FC 
.text           C:\Program Files\Avira\AntiVir Desktop\avguard.exe[440] USER32.dll!SetWindowsHookExW                                                         767EE30C 5 Bytes  JMP 00210804 
.text           C:\Program Files\Avira\AntiVir Desktop\avguard.exe[440] USER32.dll!SetWinEventHook                                                           767F24DC 5 Bytes  JMP 002101F8 
.text           C:\Program Files\Avira\AntiVir Desktop\avguard.exe[440] USER32.dll!SetWindowsHookExA                                                         76816D0C 5 Bytes  JMP 00210600 
.text           C:\windows\system32\wininit.exe[512] ntdll.dll!LdrUnloadDll                                                                                  772AC86E 5 Bytes  JMP 000303FC 
.text           C:\windows\system32\wininit.exe[512] ntdll.dll!LdrLoadDll                                                                                    772B223E 5 Bytes  JMP 000301F8 
.text           C:\windows\system32\wininit.exe[512] kernel32.dll!GetBinaryTypeW + 70                                                                        771D69F4 1 Byte  [62]
.text           C:\windows\system32\wininit.exe[512] USER32.dll!UnhookWindowsHookEx                                                                          767EADF9 5 Bytes  JMP 00050A08 
.text           C:\windows\system32\wininit.exe[512] USER32.dll!UnhookWinEvent                                                                               767EB750 5 Bytes  JMP 000503FC 
.text           C:\windows\system32\wininit.exe[512] USER32.dll!SetWindowsHookExW                                                                            767EE30C 5 Bytes  JMP 00050804 
.text           C:\windows\system32\wininit.exe[512] USER32.dll!SetWinEventHook                                                                              767F24DC 5 Bytes  JMP 000501F8 
.text           C:\windows\system32\wininit.exe[512] USER32.dll!SetWindowsHookExA                                                                            76816D0C 5 Bytes  JMP 00050600 
.text           C:\windows\system32\csrss.exe[524] kernel32.dll!GetBinaryTypeW + 70                                                                          771D69F4 1 Byte  [62]
.text           C:\windows\system32\services.exe[568] ntdll.dll!LdrUnloadDll                                                                                 772AC86E 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\services.exe[568] ntdll.dll!LdrLoadDll                                                                                   772B223E 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\services.exe[568] kernel32.dll!GetBinaryTypeW + 70                                                                       771D69F4 1 Byte  [62]
.text           C:\windows\system32\lsass.exe[584] ntdll.dll!LdrUnloadDll                                                                                    772AC86E 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\lsass.exe[584] ntdll.dll!LdrLoadDll                                                                                      772B223E 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\lsass.exe[584] kernel32.dll!GetBinaryTypeW + 70                                                                          771D69F4 1 Byte  [62]
.text           C:\windows\system32\lsm.exe[592] ntdll.dll!LdrUnloadDll                                                                                      772AC86E 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\lsm.exe[592] ntdll.dll!LdrLoadDll                                                                                        772B223E 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\lsm.exe[592] kernel32.dll!GetBinaryTypeW + 70                                                                            771D69F4 1 Byte  [62]
.text           C:\windows\system32\winlogon.exe[640] ntdll.dll!LdrUnloadDll                                                                                 772AC86E 5 Bytes  JMP 000303FC 
.text           C:\windows\system32\winlogon.exe[640] ntdll.dll!LdrLoadDll                                                                                   772B223E 5 Bytes  JMP 000301F8 
.text           C:\windows\system32\winlogon.exe[640] kernel32.dll!GetBinaryTypeW + 70                                                                       771D69F4 1 Byte  [62]
.text           C:\windows\system32\winlogon.exe[640] USER32.dll!UnhookWindowsHookEx                                                                         767EADF9 5 Bytes  JMP 000C0A08 
.text           C:\windows\system32\winlogon.exe[640] USER32.dll!UnhookWinEvent                                                                              767EB750 5 Bytes  JMP 000C03FC 
.text           C:\windows\system32\winlogon.exe[640] USER32.dll!SetWindowsHookExW                                                                           767EE30C 5 Bytes  JMP 000C0804 
.text           C:\windows\system32\winlogon.exe[640] USER32.dll!SetWinEventHook                                                                             767F24DC 5 Bytes  JMP 000C01F8 
.text           C:\windows\system32\winlogon.exe[640] USER32.dll!SetWindowsHookExA                                                                           76816D0C 5 Bytes  JMP 000C0600 
.text           C:\windows\system32\svchost.exe[732] ntdll.dll!LdrUnloadDll                                                                                  772AC86E 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\svchost.exe[732] ntdll.dll!LdrLoadDll                                                                                    772B223E 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\svchost.exe[732] kernel32.dll!GetBinaryTypeW + 70                                                                        771D69F4 1 Byte  [62]
.text           C:\windows\system32\svchost.exe[732] USER32.dll!UnhookWindowsHookEx                                                                          767EADF9 5 Bytes  JMP 00230A08 
.text           C:\windows\system32\svchost.exe[732] USER32.dll!UnhookWinEvent                                                                               767EB750 5 Bytes  JMP 002303FC 
.text           C:\windows\system32\svchost.exe[732] USER32.dll!SetWindowsHookExW                                                                            767EE30C 5 Bytes  JMP 00230804 
.text           C:\windows\system32\svchost.exe[732] USER32.dll!SetWinEventHook                                                                              767F24DC 5 Bytes  JMP 002301F8 
.text           C:\windows\system32\svchost.exe[732] USER32.dll!SetWindowsHookExA                                                                            76816D0C 5 Bytes  JMP 00230600 
.text           C:\windows\system32\svchost.exe[836] ntdll.dll!LdrUnloadDll                                                                                  772AC86E 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\svchost.exe[836] ntdll.dll!LdrLoadDll                                                                                    772B223E 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\svchost.exe[836] kernel32.dll!GetBinaryTypeW + 70                                                                        771D69F4 1 Byte  [62]
.text           C:\windows\system32\svchost.exe[836] user32.dll!UnhookWindowsHookEx                                                                          767EADF9 5 Bytes  JMP 00410A08 
.text           C:\windows\system32\svchost.exe[836] user32.dll!UnhookWinEvent                                                                               767EB750 5 Bytes  JMP 004103FC 
.text           C:\windows\system32\svchost.exe[836] user32.dll!SetWindowsHookExW                                                                            767EE30C 5 Bytes  JMP 00410804 
.text           C:\windows\system32\svchost.exe[836] user32.dll!SetWinEventHook                                                                              767F24DC 5 Bytes  JMP 004101F8 
.text           C:\windows\system32\svchost.exe[836] user32.dll!SetWindowsHookExA                                                                            76816D0C 5 Bytes  JMP 00410600 
.text           C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[852] KERNEL32.dll!GetBinaryTypeW + 70                                      771D69F4 1 Byte  [62]
.text           C:\windows\System32\svchost.exe[892] ntdll.dll!LdrUnloadDll                                                                                  772AC86E 5 Bytes  JMP 000603FC 
.text           C:\windows\System32\svchost.exe[892] ntdll.dll!LdrLoadDll                                                                                    772B223E 5 Bytes  JMP 000601F8 
.text           C:\windows\System32\svchost.exe[892] kernel32.dll!GetBinaryTypeW + 70                                                                        771D69F4 1 Byte  [62]
.text           C:\windows\System32\svchost.exe[892] USER32.dll!UnhookWindowsHookEx                                                                          767EADF9 5 Bytes  JMP 00250A08 
.text           C:\windows\System32\svchost.exe[892] USER32.dll!UnhookWinEvent                                                                               767EB750 5 Bytes  JMP 002503FC 
.text           C:\windows\System32\svchost.exe[892] USER32.dll!SetWindowsHookExW                                                                            767EE30C 5 Bytes  JMP 00250804 
.text           C:\windows\System32\svchost.exe[892] USER32.dll!SetWinEventHook                                                                              767F24DC 5 Bytes  JMP 002501F8 
.text           C:\windows\System32\svchost.exe[892] USER32.dll!SetWindowsHookExA                                                                            76816D0C 5 Bytes  JMP 00250600 
.text           C:\windows\system32\atiesrxx.exe[984] ntdll.dll!LdrUnloadDll                                                                                 772AC86E 5 Bytes  JMP 001603FC 
.text           C:\windows\system32\atiesrxx.exe[984] ntdll.dll!LdrLoadDll                                                                                   772B223E 5 Bytes  JMP 001601F8 
.text           C:\windows\system32\atiesrxx.exe[984] kernel32.dll!GetBinaryTypeW + 70                                                                       771D69F4 1 Byte  [62]
.text           C:\windows\system32\atiesrxx.exe[984] USER32.dll!UnhookWindowsHookEx                                                                         767EADF9 5 Bytes  JMP 00200A08 
.text           C:\windows\system32\atiesrxx.exe[984] USER32.dll!UnhookWinEvent                                                                              767EB750 5 Bytes  JMP 002003FC 
.text           C:\windows\system32\atiesrxx.exe[984] USER32.dll!SetWindowsHookExW                                                                           767EE30C 5 Bytes  JMP 00200804 
.text           C:\windows\system32\atiesrxx.exe[984] USER32.dll!SetWinEventHook                                                                             767F24DC 5 Bytes  JMP 002001F8 
.text           C:\windows\system32\atiesrxx.exe[984] USER32.dll!SetWindowsHookExA                                                                           76816D0C 5 Bytes  JMP 00200600 
.text           C:\windows\System32\svchost.exe[1036] ntdll.dll!LdrUnloadDll                                                                                 772AC86E 5 Bytes  JMP 000603FC 
.text           C:\windows\System32\svchost.exe[1036] ntdll.dll!LdrLoadDll                                                                                   772B223E 5 Bytes  JMP 000601F8 
.text           C:\windows\System32\svchost.exe[1036] kernel32.dll!GetBinaryTypeW + 70                                                                       771D69F4 1 Byte  [62]
.text           C:\windows\System32\svchost.exe[1036] USER32.dll!UnhookWindowsHookEx                                                                         767EADF9 5 Bytes  JMP 00190A08 
.text           C:\windows\System32\svchost.exe[1036] USER32.dll!UnhookWinEvent                                                                              767EB750 5 Bytes  JMP 001903FC 
.text           C:\windows\System32\svchost.exe[1036] USER32.dll!SetWindowsHookExW                                                                           767EE30C 5 Bytes  JMP 00190804 
.text           C:\windows\System32\svchost.exe[1036] USER32.dll!SetWinEventHook                                                                             767F24DC 5 Bytes  JMP 001901F8 
.text           C:\windows\System32\svchost.exe[1036] USER32.dll!SetWindowsHookExA                                                                           76816D0C 5 Bytes  JMP 00190600 
.text           C:\windows\System32\svchost.exe[1084] ntdll.dll!LdrUnloadDll                                                                                 772AC86E 5 Bytes  JMP 000603FC 
.text           C:\windows\System32\svchost.exe[1084] ntdll.dll!LdrLoadDll                                                                                   772B223E 5 Bytes  JMP 000601F8 
.text           C:\windows\System32\svchost.exe[1084] kernel32.dll!GetBinaryTypeW + 70                                                                       771D69F4 1 Byte  [62]
.text           C:\windows\System32\svchost.exe[1084] USER32.dll!UnhookWindowsHookEx                                                                         767EADF9 5 Bytes  JMP 004C0A08 
.text           C:\windows\System32\svchost.exe[1084] USER32.dll!UnhookWinEvent                                                                              767EB750 5 Bytes  JMP 004C03FC 
.text           C:\windows\System32\svchost.exe[1084] USER32.dll!SetWindowsHookExW                                                                           767EE30C 5 Bytes  JMP 004C0804 
.text           C:\windows\System32\svchost.exe[1084] USER32.dll!SetWinEventHook                                                                             767F24DC 5 Bytes  JMP 004C01F8 
.text           C:\windows\System32\svchost.exe[1084] USER32.dll!SetWindowsHookExA                                                                           76816D0C 5 Bytes  JMP 004C0600 
.text           C:\windows\system32\svchost.exe[1124] ntdll.dll!LdrUnloadDll                                                                                 772AC86E 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\svchost.exe[1124] ntdll.dll!LdrLoadDll                                                                                   772B223E 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\svchost.exe[1124] kernel32.dll!GetBinaryTypeW + 70                                                                       771D69F4 1 Byte  [62]
.text           C:\windows\system32\svchost.exe[1124] USER32.dll!UnhookWindowsHookEx                                                                         767EADF9 5 Bytes  JMP 00C80A08 
.text           C:\windows\system32\svchost.exe[1124] USER32.dll!UnhookWinEvent                                                                              767EB750 5 Bytes  JMP 00C803FC 
.text           C:\windows\system32\svchost.exe[1124] USER32.dll!SetWindowsHookExW                                                                           767EE30C 5 Bytes  JMP 00C80804 
.text           C:\windows\system32\svchost.exe[1124] USER32.dll!SetWinEventHook                                                                             767F24DC 5 Bytes  JMP 00C801F8 
.text           C:\windows\system32\svchost.exe[1124] USER32.dll!SetWindowsHookExA                                                                           76816D0C 5 Bytes  JMP 00C80600 
.text           C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe[1164] ntdll.dll!LdrUnloadDll                772AC86E 5 Bytes  JMP 001603FC 
.text           C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe[1164] ntdll.dll!LdrLoadDll                  772B223E 5 Bytes  JMP 001601F8 
.text           C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe[1164] kernel32.dll!GetBinaryTypeW + 70      771D69F4 1 Byte  [62]
.text           C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe[1164] USER32.dll!UnhookWindowsHookEx        767EADF9 5 Bytes  JMP 00200A08 
.text           C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe[1164] USER32.dll!UnhookWinEvent             767EB750 5 Bytes  JMP 002003FC 
.text           C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe[1164] USER32.dll!SetWindowsHookExW          767EE30C 5 Bytes  JMP 00200804 
.text           C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe[1164] USER32.dll!SetWinEventHook            767F24DC 5 Bytes  JMP 002001F8 
.text           C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe[1164] USER32.dll!SetWindowsHookExA          76816D0C 5 Bytes  JMP 00200600 
.text           C:\windows\system32\svchost.exe[1264] ntdll.dll!LdrUnloadDll                                                                                 772AC86E 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\svchost.exe[1264] ntdll.dll!LdrLoadDll                                                                                   772B223E 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\svchost.exe[1264] kernel32.dll!GetBinaryTypeW + 70                                                                       771D69F4 1 Byte  [62]
.text           C:\windows\system32\svchost.exe[1264] USER32.dll!UnhookWindowsHookEx                                                                         767EADF9 5 Bytes  JMP 00140A08 
.text           C:\windows\system32\svchost.exe[1264] USER32.dll!UnhookWinEvent                                                                              767EB750 5 Bytes  JMP 001403FC 
.text           C:\windows\system32\svchost.exe[1264] USER32.dll!SetWindowsHookExW                                                                           767EE30C 5 Bytes  JMP 00140804 
.text           C:\windows\system32\svchost.exe[1264] USER32.dll!SetWinEventHook                                                                             767F24DC 5 Bytes  JMP 001401F8 
.text           C:\windows\system32\svchost.exe[1264] USER32.dll!SetWindowsHookExA                                                                           76816D0C 5 Bytes  JMP 00140600 
.text           C:\windows\system32\AUDIODG.EXE[1292] kernel32.dll!GetBinaryTypeW + 70                                                                       771D69F4 1 Byte  [62]
.text           C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1304] ntdll.dll!LdrUnloadDll                                                         772AC86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1304] ntdll.dll!LdrLoadDll                                                           772B223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1304] kernel32.dll!GetBinaryTypeW + 70                                               771D69F4 1 Byte  [62]
.text           C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1304] USER32.dll!UnhookWindowsHookEx                                                 767EADF9 5 Bytes  JMP 00200A08 
.text           C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1304] USER32.dll!UnhookWinEvent                                                      767EB750 5 Bytes  JMP 002003FC 
.text           C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1304] USER32.dll!SetWindowsHookExW                                                   767EE30C 5 Bytes  JMP 00200804 
.text           C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1304] USER32.dll!SetWinEventHook                                                     767F24DC 5 Bytes  JMP 002001F8 
.text           C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1304] USER32.dll!SetWindowsHookExA                                                   76816D0C 5 Bytes  JMP 00200600 
.text           C:\windows\system32\svchost.exe[1356] ntdll.dll!LdrUnloadDll                                                                                 772AC86E 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\svchost.exe[1356] ntdll.dll!LdrLoadDll                                                                                   772B223E 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\svchost.exe[1356] kernel32.dll!GetBinaryTypeW + 70                                                                       771D69F4 1 Byte  [62]
.text           C:\windows\system32\svchost.exe[1356] USER32.dll!UnhookWindowsHookEx                                                                         767EADF9 5 Bytes  JMP 00530A08 
.text           C:\windows\system32\svchost.exe[1356] USER32.dll!UnhookWinEvent                                                                              767EB750 5 Bytes  JMP 005303FC 
.text           C:\windows\system32\svchost.exe[1356] USER32.dll!SetWindowsHookExW                                                                           767EE30C 5 Bytes  JMP 00530804 
.text           C:\windows\system32\svchost.exe[1356] USER32.dll!SetWinEventHook                                                                             767F24DC 5 Bytes  JMP 005301F8 
.text           C:\windows\system32\svchost.exe[1356] USER32.dll!SetWindowsHookExA                                                                           76816D0C 5 Bytes  JMP 00530600 
.text           C:\windows\system32\atieclxx.exe[1408] ntdll.dll!LdrUnloadDll                                                                                772AC86E 5 Bytes  JMP 001603FC 
.text           C:\windows\system32\atieclxx.exe[1408] ntdll.dll!LdrLoadDll                                                                                  772B223E 5 Bytes  JMP 001601F8 
.text           C:\windows\system32\atieclxx.exe[1408] kernel32.dll!GetBinaryTypeW + 70                                                                      771D69F4 1 Byte  [62]
.text           C:\windows\system32\atieclxx.exe[1408] USER32.dll!UnhookWindowsHookEx                                                                        767EADF9 5 Bytes  JMP 002F0A08 
.text           C:\windows\system32\atieclxx.exe[1408] USER32.dll!UnhookWinEvent                                                                             767EB750 5 Bytes  JMP 002F03FC 
.text           C:\windows\system32\atieclxx.exe[1408] USER32.dll!SetWindowsHookExW                                                                          767EE30C 5 Bytes  JMP 002F0804 
.text           C:\windows\system32\atieclxx.exe[1408] USER32.dll!SetWinEventHook                                                                            767F24DC 5 Bytes  JMP 002F01F8 
.text           C:\windows\system32\atieclxx.exe[1408] USER32.dll!SetWindowsHookExA                                                                          76816D0C 5 Bytes  JMP 002F0600 
.text           C:\windows\system32\svchost.exe[1544] ntdll.dll!LdrUnloadDll                                                                                 772AC86E 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\svchost.exe[1544] ntdll.dll!LdrLoadDll                                                                                   772B223E 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\svchost.exe[1544] kernel32.dll!GetBinaryTypeW + 70                                                                       771D69F4 1 Byte  [62]
.text           C:\windows\system32\svchost.exe[1544] USER32.dll!UnhookWindowsHookEx                                                                         767EADF9 5 Bytes  JMP 00590A08 
.text           C:\windows\system32\svchost.exe[1544] USER32.dll!UnhookWinEvent                                                                              767EB750 5 Bytes  JMP 005903FC 
.text           C:\windows\system32\svchost.exe[1544] USER32.dll!SetWindowsHookExW                                                                           767EE30C 5 Bytes  JMP 00590804 
.text           C:\windows\system32\svchost.exe[1544] USER32.dll!SetWinEventHook                                                                             767F24DC 5 Bytes  JMP 005901F8 
.text           C:\windows\system32\svchost.exe[1544] USER32.dll!SetWindowsHookExA                                                                           76816D0C 5 Bytes  JMP 00590600 
.text           C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1612] kernel32.dll!SetUnhandledExceptionFilter                                            771BF4FB 4 Bytes  [C2, 04, 00, 90] {RET 0x4; NOP }
.text           C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1612] kernel32.dll!GetBinaryTypeW + 70                                                    771D69F4 1 Byte  [62]
.text           C:\windows\system32\WLANExt.exe[1620] ntdll.dll!LdrUnloadDll                                                                                 772AC86E 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\WLANExt.exe[1620] ntdll.dll!LdrLoadDll                                                                                   772B223E 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\WLANExt.exe[1620] kernel32.dll!GetBinaryTypeW + 70                                                                       771D69F4 1 Byte  [62]
.text           C:\windows\system32\WLANExt.exe[1620] USER32.dll!UnhookWindowsHookEx                                                                         767EADF9 5 Bytes  JMP 000A0A08 
.text           C:\windows\system32\WLANExt.exe[1620] USER32.dll!UnhookWinEvent                                                                              767EB750 5 Bytes  JMP 000A03FC 
.text           C:\windows\system32\WLANExt.exe[1620] USER32.dll!SetWindowsHookExW                                                                           767EE30C 3 Bytes  JMP 000A0804 
.text           C:\windows\system32\WLANExt.exe[1620] USER32.dll!SetWindowsHookExW + 4                                                                       767EE310 1 Byte  [89]
.text           C:\windows\system32\WLANExt.exe[1620] USER32.dll!SetWinEventHook                                                                             767F24DC 5 Bytes  JMP 000A01F8 
.text           C:\windows\system32\WLANExt.exe[1620] USER32.dll!SetWindowsHookExA                                                                           76816D0C 5 Bytes  JMP 000A0600 
.text           C:\windows\system32\conhost.exe[1628] ntdll.dll!LdrUnloadDll                                                                                 772AC86E 5 Bytes  JMP 000303FC 
.text           C:\windows\system32\conhost.exe[1628] ntdll.dll!LdrLoadDll                                                                                   772B223E 5 Bytes  JMP 000301F8 
.text           C:\windows\system32\conhost.exe[1628] kernel32.dll!GetBinaryTypeW + 70                                                                       771D69F4 1 Byte  [62]
.text           C:\windows\system32\conhost.exe[1628] USER32.dll!UnhookWindowsHookEx                                                                         767EADF9 5 Bytes  JMP 00150A08 
.text           C:\windows\system32\conhost.exe[1628] USER32.dll!UnhookWinEvent                                                                              767EB750 5 Bytes  JMP 001503FC 
.text           C:\windows\system32\conhost.exe[1628] USER32.dll!SetWindowsHookExW                                                                           767EE30C 5 Bytes  JMP 00150804 
.text           C:\windows\system32\conhost.exe[1628] USER32.dll!SetWinEventHook                                                                             767F24DC 5 Bytes  JMP 001501F8 
.text           C:\windows\system32\conhost.exe[1628] USER32.dll!SetWindowsHookExA                                                                           76816D0C 5 Bytes  JMP 00150600 
.text           C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe[1748] ntdll.dll!LdrUnloadDll               772AC86E 5 Bytes  JMP 001603FC 
.text           C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe[1748] ntdll.dll!LdrLoadDll                 772B223E 5 Bytes  JMP 001601F8 
.text           C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe[1748] kernel32.dll!GetBinaryTypeW + 70     771D69F4 1 Byte  [62]
.text           C:\windows\System32\spoolsv.exe[1776] ntdll.dll!LdrUnloadDll                                                                                 772AC86E 5 Bytes  JMP 000603FC 
.text           C:\windows\System32\spoolsv.exe[1776] ntdll.dll!LdrLoadDll                                                                                   772B223E 5 Bytes  JMP 000601F8 
.text           C:\windows\System32\spoolsv.exe[1776] kernel32.dll!GetBinaryTypeW + 70                                                                       771D69F4 1 Byte  [62]
.text           C:\windows\System32\spoolsv.exe[1776] USER32.dll!UnhookWindowsHookEx                                                                         767EADF9 5 Bytes  JMP 00100A08 
.text           C:\windows\System32\spoolsv.exe[1776] USER32.dll!UnhookWinEvent                                                                              767EB750 5 Bytes  JMP 001003FC 
.text           C:\windows\System32\spoolsv.exe[1776] USER32.dll!SetWindowsHookExW                                                                           767EE30C 5 Bytes  JMP 00100804 
.text           C:\windows\System32\spoolsv.exe[1776] USER32.dll!SetWinEventHook                                                                             767F24DC 5 Bytes  JMP 001001F8 
.text           C:\windows\System32\spoolsv.exe[1776] USER32.dll!SetWindowsHookExA                                                                           76816D0C 5 Bytes  JMP 00100600 
.text           C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe[1852] KERNEL32.dll!GetBinaryTypeW + 70                                        771D69F4 1 Byte  [62]
.text           C:\Program Files\Avira\AntiVir Desktop\sched.exe[1888] ntdll.dll!LdrUnloadDll                                                                772AC86E 5 Bytes  JMP 000603FC 
.text           C:\Program Files\Avira\AntiVir Desktop\sched.exe[1888] ntdll.dll!LdrLoadDll                                                                  772B223E 5 Bytes  JMP 000601F8 
.text           C:\Program Files\Avira\AntiVir Desktop\sched.exe[1888] kernel32.dll!GetBinaryTypeW + 70                                                      771D69F4 1 Byte  [62]
.text           C:\Program Files\Avira\AntiVir Desktop\sched.exe[1888] USER32.dll!UnhookWindowsHookEx                                                        767EADF9 5 Bytes  JMP 00100A08 
.text           C:\Program Files\Avira\AntiVir Desktop\sched.exe[1888] USER32.dll!UnhookWinEvent                                                             767EB750 5 Bytes  JMP 001003FC 
.text           C:\Program Files\Avira\AntiVir Desktop\sched.exe[1888] USER32.dll!SetWindowsHookExW                                                          767EE30C 5 Bytes  JMP 00100804 
.text           C:\Program Files\Avira\AntiVir Desktop\sched.exe[1888] USER32.dll!SetWinEventHook                                                            767F24DC 5 Bytes  JMP 001001F8 
.text           C:\Program Files\Avira\AntiVir Desktop\sched.exe[1888] USER32.dll!SetWindowsHookExA                                                          76816D0C 5 Bytes  JMP 00100600 
.text           C:\windows\system32\Dwm.exe[1924] ntdll.dll!LdrUnloadDll                                                                                     772AC86E 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\Dwm.exe[1924] ntdll.dll!LdrLoadDll                                                                                       772B223E 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\Dwm.exe[1924] kernel32.dll!GetBinaryTypeW + 70                                                                           771D69F4 1 Byte  [62]
.text           C:\windows\system32\Dwm.exe[1924] USER32.dll!UnhookWindowsHookEx                                                                             767EADF9 5 Bytes  JMP 000F0A08 
.text           C:\windows\system32\Dwm.exe[1924] USER32.dll!UnhookWinEvent                                                                                  767EB750 5 Bytes  JMP 000F03FC 
.text           C:\windows\system32\Dwm.exe[1924] USER32.dll!SetWindowsHookExW                                                                               767EE30C 5 Bytes  JMP 000F0804 
.text           C:\windows\system32\Dwm.exe[1924] USER32.dll!SetWinEventHook                                                                                 767F24DC 5 Bytes  JMP 000F01F8 
.text           C:\windows\system32\Dwm.exe[1924] USER32.dll!SetWindowsHookExA                                                                               76816D0C 5 Bytes  JMP 000F0600 
.text           C:\windows\Explorer.EXE[1948] ntdll.dll!LdrUnloadDll                                                                                         772AC86E 5 Bytes  JMP 000603FC 
.text           C:\windows\Explorer.EXE[1948] ntdll.dll!LdrLoadDll                                                                                           772B223E 5 Bytes  JMP 000601F8 
.text           C:\windows\Explorer.EXE[1948] kernel32.dll!GetBinaryTypeW + 70                                                                               771D69F4 1 Byte  [62]
.text           C:\windows\Explorer.EXE[1948] USER32.dll!UnhookWindowsHookEx                                                                                 767EADF9 5 Bytes  JMP 00150A08 
.text           C:\windows\Explorer.EXE[1948] USER32.dll!UnhookWinEvent                                                                                      767EB750 5 Bytes  JMP 001503FC 
.text           C:\windows\Explorer.EXE[1948] USER32.dll!SetWindowsHookExW                                                                                   767EE30C 5 Bytes  JMP 00150804 
.text           C:\windows\Explorer.EXE[1948] USER32.dll!SetWinEventHook                                                                                     767F24DC 5 Bytes  JMP 001501F8 
.text           C:\windows\Explorer.EXE[1948] USER32.dll!SetWindowsHookExA                                                                                   76816D0C 5 Bytes  JMP 00150600 
.text           C:\Program Files\LSI SoftModem\agrsmsvc.exe[1992] ntdll.dll!LdrUnloadDll                                                                     772AC86E 5 Bytes  JMP 000A03FC 
.text           C:\Program Files\LSI SoftModem\agrsmsvc.exe[1992] ntdll.dll!LdrLoadDll                                                                       772B223E 5 Bytes  JMP 000A01F8 
.text           C:\Program Files\LSI SoftModem\agrsmsvc.exe[1992] kernel32.dll!GetBinaryTypeW + 70                                                           771D69F4 1 Byte  [62]
.text           C:\Program Files\LSI SoftModem\agrsmsvc.exe[1992] USER32.dll!UnhookWindowsHookEx                                                             767EADF9 5 Bytes  JMP 00240A08 
.text           C:\Program Files\LSI SoftModem\agrsmsvc.exe[1992] USER32.dll!UnhookWinEvent                                                                  767EB750 5 Bytes  JMP 002403FC 
.text           C:\Program Files\LSI SoftModem\agrsmsvc.exe[1992] USER32.dll!SetWindowsHookExW                                                               767EE30C 5 Bytes  JMP 00240804 
.text           C:\Program Files\LSI SoftModem\agrsmsvc.exe[1992] USER32.dll!SetWinEventHook                                                                 767F24DC 5 Bytes  JMP 002401F8 
.text           C:\Program Files\LSI SoftModem\agrsmsvc.exe[1992] USER32.dll!SetWindowsHookExA                                                               76816D0C 5 Bytes  JMP 00240600 
.text           C:\windows\system32\taskhost.exe[2012] ntdll.dll!LdrUnloadDll                                                                                772AC86E 5 Bytes  JMP 000503FC 
.text           C:\windows\system32\taskhost.exe[2012] ntdll.dll!LdrLoadDll                                                                                  772B223E 5 Bytes  JMP 000501F8 
.text           C:\windows\system32\taskhost.exe[2012] kernel32.dll!GetBinaryTypeW + 70                                                                      771D69F4 1 Byte  [62]
.text           C:\windows\system32\taskhost.exe[2012] USER32.dll!UnhookWindowsHookEx                                                                        767EADF9 5 Bytes  JMP 000E0A08 
.text           C:\windows\system32\taskhost.exe[2012] USER32.dll!UnhookWinEvent                                                                             767EB750 5 Bytes  JMP 000E03FC 
.text           C:\windows\system32\taskhost.exe[2012] USER32.dll!SetWindowsHookExW                                                                          767EE30C 5 Bytes  JMP 000E0804 
.text           C:\windows\system32\taskhost.exe[2012] USER32.dll!SetWinEventHook                                                                            767F24DC 5 Bytes  JMP 000E01F8 
.text           C:\windows\system32\taskhost.exe[2012] USER32.dll!SetWindowsHookExA                                                                          76816D0C 5 Bytes  JMP 000E0600 
.text           C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2076] ntdll.dll!LdrUnloadDll                                                         772AC86E 5 Bytes  JMP 000603FC 
.text           C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2076] ntdll.dll!LdrLoadDll                                                           772B223E 5 Bytes  JMP 000601F8 
.text           C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2076] kernel32.dll!GetBinaryTypeW + 70                                               771D69F4 1 Byte  [62]
.text           C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2076] USER32.dll!UnhookWindowsHookEx                                                 767EADF9 5 Bytes  JMP 001F0A08 
.text           C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2076] USER32.dll!UnhookWinEvent                                                      767EB750 5 Bytes  JMP 001F03FC 
.text           C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2076] USER32.dll!SetWindowsHookExW                                                   767EE30C 5 Bytes  JMP 001F0804 
.text           C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2076] USER32.dll!SetWinEventHook                                                     767F24DC 5 Bytes  JMP 001F01F8 
.text           C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2076] USER32.dll!SetWindowsHookExA                                                   76816D0C 5 Bytes  JMP 001F0600 
.text           C:\windows\system32\svchost.exe[2120] ntdll.dll!LdrUnloadDll                                                                                 772AC86E 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\svchost.exe[2120] ntdll.dll!LdrLoadDll                                                                                   772B223E 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\svchost.exe[2120] kernel32.dll!GetBinaryTypeW + 70                                                                       771D69F4 1 Byte  [62]
.text           C:\windows\system32\svchost.exe[2120] USER32.dll!UnhookWindowsHookEx                                                                         767EADF9 5 Bytes  JMP 00260A08 
.text           C:\windows\system32\svchost.exe[2120] USER32.dll!UnhookWinEvent                                                                              767EB750 5 Bytes  JMP 002603FC 
.text           C:\windows\system32\svchost.exe[2120] USER32.dll!SetWindowsHookExW                                                                           767EE30C 5 Bytes  JMP 00260804 
.text           C:\windows\system32\svchost.exe[2120] USER32.dll!SetWinEventHook                                                                             767F24DC 5 Bytes  JMP 002601F8 
.text           C:\windows\system32\svchost.exe[2120] USER32.dll!SetWindowsHookExA                                                                           76816D0C 5 Bytes  JMP 00260600 
.text           C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2164] ntdll.dll!LdrUnloadDll                                                            772AC86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2164] ntdll.dll!LdrLoadDll                                                              772B223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2164] kernel32.dll!GetBinaryTypeW + 70                                                  771D69F4 1 Byte  [62]
.text           C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2164] USER32.dll!UnhookWindowsHookEx                                                    767EADF9 5 Bytes  JMP 00220A08 
.text           C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2164] USER32.dll!UnhookWinEvent                                                         767EB750 5 Bytes  JMP 002203FC 
.text           C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2164] USER32.dll!SetWindowsHookExW                                                      767EE30C 5 Bytes  JMP 00220804 
.text           C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2164] USER32.dll!SetWinEventHook                                                        767F24DC 5 Bytes  JMP 002201F8 
.text           C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2164] USER32.dll!SetWindowsHookExA                                                      76816D0C 5 Bytes  JMP 00220600 
.text           C:\windows\system32\SearchFilterHost.exe[2244] ntdll.dll!LdrUnloadDll                                                                        772AC86E 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\SearchFilterHost.exe[2244] ntdll.dll!LdrLoadDll                                                                          772B223E 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\SearchFilterHost.exe[2244] kernel32.dll!GetBinaryTypeW + 70                                                              771D69F4 1 Byte  [62]
.text           C:\windows\system32\SearchFilterHost.exe[2244] USER32.dll!UnhookWindowsHookEx                                                                767EADF9 5 Bytes  JMP 00100A08 
.text           C:\windows\system32\SearchFilterHost.exe[2244] USER32.dll!UnhookWinEvent                                                                     767EB750 5 Bytes  JMP 001003FC 
.text           C:\windows\system32\SearchFilterHost.exe[2244] USER32.dll!SetWindowsHookExW                                                                  767EE30C 5 Bytes  JMP 00100804 
.text           C:\windows\system32\SearchFilterHost.exe[2244] USER32.dll!SetWinEventHook                                                                    767F24DC 5 Bytes  JMP 001001F8 
.text           C:\windows\system32\SearchFilterHost.exe[2244] USER32.dll!SetWindowsHookExA                                                                  76816D0C 5 Bytes  JMP 00100600 
.text           C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2256] ntdll.dll!LdrUnloadDll                                                 772AC86E 5 Bytes  JMP 001503FC 
.text           C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2256] ntdll.dll!LdrLoadDll                                                   772B223E 5 Bytes  JMP 001501F8 
.text           C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2256] kernel32.dll!GetBinaryTypeW + 70                                       771D69F4 1 Byte  [62]
.text           C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2256] USER32.dll!UnhookWindowsHookEx                                         767EADF9 5 Bytes  JMP 001E0A08 
.text           C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2256] USER32.dll!UnhookWinEvent                                              767EB750 5 Bytes  JMP 001E03FC 
.text           C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2256] USER32.dll!SetWindowsHookExW                                           767EE30C 5 Bytes  JMP 001E0804 
.text           C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2256] USER32.dll!SetWinEventHook                                             767F24DC 5 Bytes  JMP 001E01F8 
.text           C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2256] USER32.dll!SetWindowsHookExA                                           76816D0C 5 Bytes  JMP 001E0600 
.text           C:\windows\System32\svchost.exe[2400] ntdll.dll!LdrUnloadDll                                                                                 772AC86E 5 Bytes  JMP 000603FC 
.text           C:\windows\System32\svchost.exe[2400] ntdll.dll!LdrLoadDll                                                                                   772B223E 5 Bytes  JMP 000601F8 
.text           C:\windows\System32\svchost.exe[2400] kernel32.dll!GetBinaryTypeW + 70                                                                       771D69F4 1 Byte  [62]
.text           C:\Program Files\PDF Complete\pdfsvc.exe[2476] ntdll.dll!LdrUnloadDll                                                                        772AC86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\PDF Complete\pdfsvc.exe[2476] ntdll.dll!LdrLoadDll                                                                          772B223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\PDF Complete\pdfsvc.exe[2476] kernel32.dll!GetBinaryTypeW + 70                                                              771D69F4 1 Byte  [62]
.text           C:\Program Files\PDF Complete\pdfsvc.exe[2476] user32.dll!UnhookWindowsHookEx                                                                767EADF9 5 Bytes  JMP 001F0A08 
.text           C:\Program Files\PDF Complete\pdfsvc.exe[2476] user32.dll!UnhookWinEvent                                                                     767EB750 5 Bytes  JMP 001F03FC 
.text           C:\Program Files\PDF Complete\pdfsvc.exe[2476] user32.dll!SetWindowsHookExW                                                                  767EE30C 5 Bytes  JMP 001F0804 
.text           C:\Program Files\PDF Complete\pdfsvc.exe[2476] user32.dll!SetWinEventHook                                                                    767F24DC 5 Bytes  JMP 001F01F8 
.text           C:\Program Files\PDF Complete\pdfsvc.exe[2476] user32.dll!SetWindowsHookExA                                                                  76816D0C 5 Bytes  JMP 001F0600 
.text           C:\windows\System32\svchost.exe[2544] ntdll.dll!LdrUnloadDll                                                                                 772AC86E 5 Bytes  JMP 000603FC 
.text           C:\windows\System32\svchost.exe[2544] ntdll.dll!LdrLoadDll                                                                                   772B223E 5 Bytes  JMP 000601F8 
.text           C:\windows\System32\svchost.exe[2544] kernel32.dll!GetBinaryTypeW + 70                                                                       771D69F4 1 Byte  [62]
.text           C:\windows\system32\svchost.exe[2588] ntdll.dll!LdrUnloadDll                                                                                 772AC86E 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\svchost.exe[2588] ntdll.dll!LdrLoadDll                                                                                   772B223E 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\svchost.exe[2588] kernel32.dll!GetBinaryTypeW + 70                                                                       771D69F4 1 Byte  [62]
.text           C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2828] ntdll.dll!LdrUnloadDll                                            772AC86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2828] ntdll.dll!LdrLoadDll                                              772B223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2828] kernel32.dll!GetBinaryTypeW + 70                                  771D69F4 1 Byte  [62]
.text           C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2828] USER32.dll!UnhookWindowsHookEx                                    767EADF9 5 Bytes  JMP 001F0A08 
.text           C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2828] USER32.dll!UnhookWinEvent                                         767EB750 5 Bytes  JMP 001F03FC 
.text           C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2828] USER32.dll!SetWindowsHookExW                                      767EE30C 5 Bytes  JMP 001F0804 
.text           C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2828] USER32.dll!SetWinEventHook                                        767F24DC 5 Bytes  JMP 001F01F8 
.text           C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2828] USER32.dll!SetWindowsHookExA                                      76816D0C 5 Bytes  JMP 001F0600 
.text           C:\windows\system32\wbem\wmiprvse.exe[2924] ntdll.dll!LdrUnloadDll                                                                           772AC86E 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\wbem\wmiprvse.exe[2924] ntdll.dll!LdrLoadDll                                                                             772B223E 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\wbem\wmiprvse.exe[2924] kernel32.dll!GetBinaryTypeW + 70                                                                 771D69F4 1 Byte  [62]
.text           C:\windows\system32\wbem\wmiprvse.exe[2924] USER32.dll!UnhookWindowsHookEx                                                                   767EADF9 5 Bytes  JMP 00090A08 
.text           C:\windows\system32\wbem\wmiprvse.exe[2924] USER32.dll!UnhookWinEvent                                                                        767EB750 5 Bytes  JMP 000903FC 
.text           C:\windows\system32\wbem\wmiprvse.exe[2924] USER32.dll!SetWindowsHookExW                                                                     767EE30C 5 Bytes  JMP 00090804 
.text           C:\windows\system32\wbem\wmiprvse.exe[2924] USER32.dll!SetWinEventHook                                                                       767F24DC 5 Bytes  JMP 000901F8 
.text           C:\windows\system32\wbem\wmiprvse.exe[2924] USER32.dll!SetWindowsHookExA                                                                     76816D0C 5 Bytes  JMP 00090600 
.text           C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[3184] ntdll.dll!LdrUnloadDll                                                             772AC86E 5 Bytes  JMP 000503FC 
.text           C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[3184] ntdll.dll!LdrLoadDll                                                               772B223E 5 Bytes  JMP 000501F8 
.text           C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[3184] kernel32.dll!GetBinaryTypeW + 70                                                   771D69F4 1 Byte  [62]
.text           C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[3184] USER32.dll!UnhookWindowsHookEx                                                     767EADF9 5 Bytes  JMP 00080A08 
.text           C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[3184] USER32.dll!UnhookWinEvent                                                          767EB750 5 Bytes  JMP 000803FC 
.text           C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[3184] USER32.dll!SetWindowsHookExW                                                       767EE30C 5 Bytes  JMP 00080804 
.text           C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[3184] USER32.dll!SetWinEventHook                                                         767F24DC 5 Bytes  JMP 000801F8 
.text           C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[3184] USER32.dll!SetWindowsHookExA                                                       76816D0C 5 Bytes  JMP 00080600 
.text           C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3252] ntdll.dll!LdrUnloadDll                                                         772AC86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3252] ntdll.dll!LdrLoadDll                                                           772B223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3252] kernel32.dll!GetBinaryTypeW + 70                                               771D69F4 1 Byte  [62]
.text           C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3252] USER32.dll!UnhookWindowsHookEx                                                 767EADF9 5 Bytes  JMP 001F0A08 
.text           C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3252] USER32.dll!UnhookWinEvent                                                      767EB750 5 Bytes  JMP 001F03FC 
.text           C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3252] USER32.dll!SetWindowsHookExW                                                   767EE30C 5 Bytes  JMP 001F0804 
.text           C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3252] USER32.dll!SetWinEventHook                                                     767F24DC 5 Bytes  JMP 001F01F8 
.text           C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3252] USER32.dll!SetWindowsHookExA                                                   76816D0C 5 Bytes  JMP 001F0600 
.text           C:\windows\system32\SearchProtocolHost.exe[3276] ntdll.dll!LdrUnloadDll                                                                      772AC86E 5 Bytes  JMP 000903FC 
.text           C:\windows\system32\SearchProtocolHost.exe[3276] ntdll.dll!LdrLoadDll                                                                        772B223E 5 Bytes  JMP 000901F8 
.text           C:\windows\system32\SearchProtocolHost.exe[3276] kernel32.dll!GetBinaryTypeW + 70                                                            771D69F4 1 Byte  [62]
.text           C:\windows\system32\SearchProtocolHost.exe[3276] USER32.dll!UnhookWindowsHookEx                                                              767EADF9 5 Bytes  JMP 00130A08 
.text           C:\windows\system32\SearchProtocolHost.exe[3276] USER32.dll!UnhookWinEvent                                                                   767EB750 5 Bytes  JMP 001303FC 
.text           C:\windows\system32\SearchProtocolHost.exe[3276] USER32.dll!SetWindowsHookExW                                                                767EE30C 5 Bytes  JMP 00130804 
.text           C:\windows\system32\SearchProtocolHost.exe[3276] USER32.dll!SetWinEventHook                                                                  767F24DC 5 Bytes  JMP 001301F8 
.text           C:\windows\system32\SearchProtocolHost.exe[3276] USER32.dll!SetWindowsHookExA                                                                76816D0C 5 Bytes  JMP 00130600 
.text           C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3348] KERNEL32.dll!GetBinaryTypeW + 70                                   771D69F4 1 Byte  [62]
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3388] ntdll.dll!LdrUnloadDll                                                                   772AC86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3388] ntdll.dll!LdrLoadDll                                                                     772B223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3388] kernel32.dll!GetBinaryTypeW + 70                                                         771D69F4 1 Byte  [62]
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3388] USER32.dll!UnhookWindowsHookEx                                                           767EADF9 5 Bytes  JMP 00180A08 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3388] USER32.dll!UnhookWinEvent                                                                767EB750 5 Bytes  JMP 001803FC 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3388] USER32.dll!SetWindowsHookExW                                                             767EE30C 5 Bytes  JMP 00180804 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3388] USER32.dll!SetWinEventHook                                                               767F24DC 5 Bytes  JMP 001801F8 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3388] USER32.dll!SetWindowsHookExA                                                             76816D0C 5 Bytes  JMP 00180600 
.text           C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3456] ntdll.dll!LdrUnloadDll                                                            772AC86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3456] ntdll.dll!LdrLoadDll                                                              772B223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3456] kernel32.dll!GetBinaryTypeW + 70                                                  771D69F4 1 Byte  [62]
.text           C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3456] USER32.dll!UnhookWindowsHookEx                                                    767EADF9 5 Bytes  JMP 00200A08 
.text           C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3456] USER32.dll!UnhookWinEvent                                                         767EB750 5 Bytes  JMP 002003FC 
.text           C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3456] USER32.dll!SetWindowsHookExW                                                      767EE30C 5 Bytes  JMP 00200804 
.text           C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3456] USER32.dll!SetWinEventHook                                                        767F24DC 5 Bytes  JMP 002001F8 
.text           C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3456] USER32.dll!SetWindowsHookExA                                                      76816D0C 5 Bytes  JMP 00200600 
.text           C:\Program Files\IDT\WDM\sttray.exe[3492] ntdll.dll!LdrUnloadDll                                                                             772AC86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\IDT\WDM\sttray.exe[3492] ntdll.dll!LdrLoadDll                                                                               772B223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\IDT\WDM\sttray.exe[3492] kernel32.dll!GetBinaryTypeW + 70                                                                   771D69F4 1 Byte  [62]
.text           C:\Program Files\IDT\WDM\sttray.exe[3492] USER32.dll!UnhookWindowsHookEx                                                                     767EADF9 5 Bytes  JMP 001F0A08 
.text           C:\Program Files\IDT\WDM\sttray.exe[3492] USER32.dll!UnhookWinEvent                                                                          767EB750 5 Bytes  JMP 001F03FC 
.text           C:\Program Files\IDT\WDM\sttray.exe[3492] USER32.dll!SetWindowsHookExW                                                                       767EE30C 5 Bytes  JMP 001F0804 
.text           C:\Program Files\IDT\WDM\sttray.exe[3492] USER32.dll!SetWinEventHook                                                                         767F24DC 5 Bytes  JMP 001F01F8 
.text           C:\Program Files\IDT\WDM\sttray.exe[3492] USER32.dll!SetWindowsHookExA                                                                       76816D0C 5 Bytes  JMP 001F0600 
.text           C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3512] ntdll.dll!LdrUnloadDll                                             772AC86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3512] ntdll.dll!LdrLoadDll                                               772B223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3512] kernel32.dll!GetBinaryTypeW + 70                                   771D69F4 1 Byte  [62]
.text           C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3512] USER32.dll!UnhookWindowsHookEx                                     767EADF9 5 Bytes  JMP 00200A08 
.text           C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3512] USER32.dll!UnhookWinEvent                                          767EB750 5 Bytes  JMP 002003FC 
.text           C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3512] USER32.dll!SetWindowsHookExW                                       767EE30C 5 Bytes  JMP 00200804 
.text           C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3512] USER32.dll!SetWinEventHook                                         767F24DC 5 Bytes  JMP 002001F8 
.text           C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3512] USER32.dll!SetWindowsHookExA                                       76816D0C 5 Bytes  JMP 00200600 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3556] ntdll.dll!LdrUnloadDll                                                                772AC86E 5 Bytes  JMP 000603FC 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3556] ntdll.dll!LdrLoadDll                                                                  772B223E 5 Bytes  JMP 000601F8 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3556] kernel32.dll!GetBinaryTypeW + 70                                                      771D69F4 1 Byte  [62]
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3556] USER32.dll!UnhookWindowsHookEx                                                        767EADF9 5 Bytes  JMP 00100A08 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3556] USER32.dll!UnhookWinEvent                                                             767EB750 5 Bytes  JMP 001003FC 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3556] USER32.dll!SetWindowsHookExW                                                          767EE30C 5 Bytes  JMP 00100804 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3556] USER32.dll!SetWinEventHook                                                            767F24DC 5 Bytes  JMP 001001F8 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3556] USER32.dll!SetWindowsHookExA                                                          76816D0C 5 Bytes  JMP 00100600 
.text           C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3564] ntdll.dll!LdrUnloadDll                                                            772AC86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3564] ntdll.dll!LdrLoadDll                                                              772B223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3564] kernel32.dll!GetBinaryTypeW + 70                                                  771D69F4 1 Byte  [62]
.text           C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3564] USER32.dll!UnhookWindowsHookEx                                                    767EADF9 5 Bytes  JMP 001F0A08 
.text           C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3564] USER32.dll!UnhookWinEvent                                                         767EB750 5 Bytes  JMP 001F03FC 
.text           C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3564] USER32.dll!SetWindowsHookExW                                                      767EE30C 5 Bytes  JMP 001F0804 
.text           C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3564] USER32.dll!SetWinEventHook                                                        767F24DC 5 Bytes  JMP 001F01F8 
.text           C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3564] USER32.dll!SetWindowsHookExA                                                      76816D0C 5 Bytes  JMP 001F0600 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] ntdll.dll!LdrUnloadDll                                                      772AC86E 5 Bytes  JMP 001703FC 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] ntdll.dll!LdrLoadDll                                                        772B223E 5 Bytes  JMP 001701F8 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] kernel32.dll!GetBinaryTypeW + 70                                            771D69F4 1 Byte  [62]
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!UnhookWindowsHookEx                                              767EADF9 5 Bytes  JMP 00210A08 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!UnhookWinEvent                                                   767EB750 5 Bytes  JMP 002103FC 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!SetWindowsHookExW                                                767EE30C 5 Bytes  JMP 00210804 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!SetWinEventHook                                                  767F24DC 5 Bytes  JMP 002101F8 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!SetWindowsHookExA                                                76816D0C 5 Bytes  JMP 00210600 
.text           C:\Program Files\AVAST Software\Avast\AvastUI.exe[3584] kernel32.dll!GetBinaryTypeW + 70                                                     771D69F4 1 Byte  [62]
.text           C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3592] ntdll.dll!LdrUnloadDll                                                              772AC86E 5 Bytes  JMP 000603FC 
.text           C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3592] ntdll.dll!LdrLoadDll                                                                772B223E 5 Bytes  JMP 000601F8 
.text           C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3592] kernel32.dll!GetBinaryTypeW + 70                                                    771D69F4 1 Byte  [62]
.text           C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3592] USER32.dll!UnhookWindowsHookEx                                                      767EADF9 5 Bytes  JMP 00100A08 
.text           C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3592] USER32.dll!UnhookWinEvent                                                           767EB750 5 Bytes  JMP 001003FC 
.text           C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3592] USER32.dll!SetWindowsHookExW                                                        767EE30C 5 Bytes  JMP 00100804 
.text           C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3592] USER32.dll!SetWinEventHook                                                          767F24DC 5 Bytes  JMP 001001F8 
.text           C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3592] USER32.dll!SetWindowsHookExA                                                        76816D0C 5 Bytes  JMP 00100600 
.text           C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3616] KERNEL32.dll!GetBinaryTypeW + 70                                             771D69F4 1 Byte  [62]
.text           C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3660] ntdll.dll!LdrUnloadDll                                           772AC86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3660] ntdll.dll!LdrLoadDll                                             772B223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3660] kernel32.dll!GetBinaryTypeW + 70                                 771D69F4 1 Byte  [62]
.text           C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3660] USER32.dll!UnhookWindowsHookEx                                   767EADF9 5 Bytes  JMP 001A0A08 
.text           C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3660] USER32.dll!UnhookWinEvent                                        767EB750 5 Bytes  JMP 001A03FC 
.text           C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3660] USER32.dll!SetWindowsHookExW                                     767EE30C 5 Bytes  JMP 001A0804 
.text           C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3660] USER32.dll!SetWinEventHook                                       767F24DC 5 Bytes  JMP 001A01F8 
.text           C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3660] USER32.dll!SetWindowsHookExA                                     76816D0C 5 Bytes  JMP 001A0600 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3684] KERNEL32.dll!GetBinaryTypeW + 70                                         771D69F4 1 Byte  [62]
.text           C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3696] ntdll.dll!LdrUnloadDll                                                         772AC86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3696] ntdll.dll!LdrLoadDll                                                           772B223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3696] kernel32.dll!GetBinaryTypeW + 70                                               771D69F4 1 Byte  [62]
.text           C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3696] USER32.dll!UnhookWindowsHookEx                                                 767EADF9 5 Bytes  JMP 001F0A08 
.text           C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3696] USER32.dll!UnhookWinEvent                                                      767EB750 5 Bytes  JMP 001F03FC 
.text           C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3696] USER32.dll!SetWindowsHookExW                                                   767EE30C 5 Bytes  JMP 001F0804 
.text           C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3696] USER32.dll!SetWinEventHook                                                     767F24DC 5 Bytes  JMP 001F01F8 
.text           C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3696] USER32.dll!SetWindowsHookExA                                                   76816D0C 5 Bytes  JMP 001F0600 
.text           C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[3720] ntdll.dll!LdrUnloadDll                                                               772AC86E 5 Bytes  JMP 000603FC 
.text           C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[3720] ntdll.dll!LdrLoadDll                                                                 772B223E 5 Bytes  JMP 000601F8 
.text           C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[3720] kernel32.dll!GetBinaryTypeW + 70                                                     771D69F4 1 Byte  [62]
.text           C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[3720] USER32.dll!UnhookWindowsHookEx                                                       767EADF9 5 Bytes  JMP 003A0A08 
.text           C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[3720] USER32.dll!UnhookWinEvent                                                            767EB750 5 Bytes  JMP 003A03FC 
.text           C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[3720] USER32.dll!SetWindowsHookExW                                                         767EE30C 5 Bytes  JMP 003A0804 
.text           C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[3720] USER32.dll!SetWinEventHook                                                           767F24DC 5 Bytes  JMP 003A01F8 
.text           C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[3720] USER32.dll!SetWindowsHookExA                                                         76816D0C 5 Bytes  JMP 003A0600 
.text           C:\Users\Phie\Desktop\Sicherheit\5e0nkd9m.exe[3728] ntdll.dll!LdrUnloadDll                                                                   772AC86E 5 Bytes  JMP 001603FC 
.text           C:\Users\Phie\Desktop\Sicherheit\5e0nkd9m.exe[3728] ntdll.dll!LdrLoadDll                                                                     772B223E 5 Bytes  JMP 001601F8 
.text           C:\Users\Phie\Desktop\Sicherheit\5e0nkd9m.exe[3728] kernel32.dll!GetBinaryTypeW + 70                                                         771D69F4 1 Byte  [62]
.text           C:\Users\Phie\Desktop\Sicherheit\5e0nkd9m.exe[3728] USER32.dll!UnhookWindowsHookEx                                                           767EADF9 5 Bytes  JMP 00220A08 
.text           C:\Users\Phie\Desktop\Sicherheit\5e0nkd9m.exe[3728] USER32.dll!UnhookWinEvent                                                                767EB750 5 Bytes  JMP 002203FC 
.text           C:\Users\Phie\Desktop\Sicherheit\5e0nkd9m.exe[3728] USER32.dll!SetWindowsHookExW                                                             767EE30C 5 Bytes  JMP 00220804 
.text           C:\Users\Phie\Desktop\Sicherheit\5e0nkd9m.exe[3728] USER32.dll!SetWinEventHook                                                               767F24DC 5 Bytes  JMP 002201F8 
.text           C:\Users\Phie\Desktop\Sicherheit\5e0nkd9m.exe[3728] USER32.dll!SetWindowsHookExA                                                             76816D0C 5 Bytes  JMP 00220600 
.text           C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[3776] ntdll.dll!LdrUnloadDll                                            772AC86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[3776] ntdll.dll!LdrLoadDll                                              772B223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[3776] kernel32.dll!GetBinaryTypeW + 70                                  771D69F4 1 Byte  [62]
.text           C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[3776] USER32.dll!UnhookWindowsHookEx                                    767EADF9 5 Bytes  JMP 00180A08 
.text           C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[3776] USER32.dll!UnhookWinEvent                                         767EB750 5 Bytes  JMP 001803FC 
.text           C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[3776] USER32.dll!SetWindowsHookExW                                      767EE30C 5 Bytes  JMP 00180804 
.text           C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[3776] USER32.dll!SetWinEventHook                                        767F24DC 5 Bytes  JMP 001801F8 
.text           C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[3776] USER32.dll!SetWindowsHookExA                                      76816D0C 5 Bytes  JMP 00180600 
.text           C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3840] ntdll.dll!LdrUnloadDll                                                          772AC86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3840] ntdll.dll!LdrLoadDll                                                            772B223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3840] kernel32.dll!GetBinaryTypeW + 70                                                771D69F4 1 Byte  [62]
.text           C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3840] USER32.dll!UnhookWindowsHookEx                                                  767EADF9 5 Bytes  JMP 00580A08 
.text           C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3840] USER32.dll!UnhookWinEvent                                                       767EB750 5 Bytes  JMP 005803FC 
.text           C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3840] USER32.dll!SetWindowsHookExW                                                    767EE30C 5 Bytes  JMP 00580804 
.text           C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3840] USER32.dll!SetWinEventHook                                                      767F24DC 5 Bytes  JMP 005801F8 
.text           C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3840] USER32.dll!SetWindowsHookExA                                                    76816D0C 5 Bytes  JMP 00580600 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3904] ntdll.dll!LdrUnloadDll                                                            772AC86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3904] ntdll.dll!LdrLoadDll                                                              772B223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3904] kernel32.dll!GetBinaryTypeW + 70                                                  771D69F4 1 Byte  [62]
.text           C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3904] USER32.dll!UnhookWindowsHookEx                                                    767EADF9 5 Bytes  JMP 00200A08 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3904] USER32.dll!UnhookWinEvent                                                         767EB750 5 Bytes  JMP 002003FC 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3904] USER32.dll!SetWindowsHookExW                                                      767EE30C 5 Bytes  JMP 00200804 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3904] USER32.dll!SetWinEventHook                                                        767F24DC 5 Bytes  JMP 002001F8 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3904] USER32.dll!SetWindowsHookExA                                                      76816D0C 5 Bytes  JMP 00200600 
.text           C:\windows\system32\conhost.exe[4000] ntdll.dll!LdrUnloadDll                                                                                 772AC86E 5 Bytes  JMP 000303FC 
.text           C:\windows\system32\conhost.exe[4000] ntdll.dll!LdrLoadDll                                                                                   772B223E 5 Bytes  JMP 000301F8 
.text           C:\windows\system32\conhost.exe[4000] kernel32.dll!GetBinaryTypeW + 70                                                                       771D69F4 1 Byte  [62]
.text           C:\windows\system32\conhost.exe[4000] USER32.dll!UnhookWindowsHookEx                                                                         767EADF9 5 Bytes  JMP 000C0A08 
.text           C:\windows\system32\conhost.exe[4000] USER32.dll!UnhookWinEvent                                                                              767EB750 5 Bytes  JMP 000C03FC 
.text           C:\windows\system32\conhost.exe[4000] USER32.dll!SetWindowsHookExW                                                                           767EE30C 5 Bytes  JMP 000C0804 
.text           C:\windows\system32\conhost.exe[4000] USER32.dll!SetWinEventHook                                                                             767F24DC 5 Bytes  JMP 000C01F8 
.text           C:\windows\system32\conhost.exe[4000] USER32.dll!SetWindowsHookExA                                                                           76816D0C 5 Bytes  JMP 000C0600 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4144] ntdll.dll!LdrUnloadDll                                                            772AC86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4144] ntdll.dll!LdrLoadDll                                                              772B223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4144] kernel32.dll!GetBinaryTypeW + 70                                                  771D69F4 1 Byte  [62]
.text           C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4144] USER32.dll!UnhookWindowsHookEx                                                    767EADF9 5 Bytes  JMP 001F0A08 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4144] USER32.dll!UnhookWinEvent                                                         767EB750 5 Bytes  JMP 001F03FC 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4144] USER32.dll!SetWindowsHookExW                                                      767EE30C 5 Bytes  JMP 001F0804 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4144] USER32.dll!SetWinEventHook                                                        767F24DC 5 Bytes  JMP 001F01F8 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4144] USER32.dll!SetWindowsHookExA                                                      76816D0C 5 Bytes  JMP 001F0600 
.text           C:\windows\system32\svchost.exe[4364] ntdll.dll!LdrUnloadDll                                                                                 772AC86E 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\svchost.exe[4364] ntdll.dll!LdrLoadDll                                                                                   772B223E 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\svchost.exe[4364] kernel32.dll!GetBinaryTypeW + 70                                                                       771D69F4 1 Byte  [62]
.text           C:\windows\system32\svchost.exe[4364] USER32.dll!UnhookWindowsHookEx                                                                         767EADF9 5 Bytes  JMP 002C0A08 
.text           C:\windows\system32\svchost.exe[4364] USER32.dll!UnhookWinEvent                                                                              767EB750 5 Bytes  JMP 002C03FC 
.text           C:\windows\system32\svchost.exe[4364] USER32.dll!SetWindowsHookExW                                                                           767EE30C 5 Bytes  JMP 002C0804 
.text           C:\windows\system32\svchost.exe[4364] USER32.dll!SetWinEventHook                                                                             767F24DC 5 Bytes  JMP 002C01F8 
.text           C:\windows\system32\svchost.exe[4364] USER32.dll!SetWindowsHookExA                                                                           76816D0C 5 Bytes  JMP 002C0600 
.text           C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe[4404] ntdll.dll!LdrUnloadDll                                                                772AC86E 5 Bytes  JMP 001603FC 
.text           C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe[4404] ntdll.dll!LdrLoadDll                                                                  772B223E 5 Bytes  JMP 001601F8 
.text           C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe[4404] kernel32.dll!GetBinaryTypeW + 70                                                      771D69F4 1 Byte  [62]
.text           C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe[4404] USER32.dll!UnhookWindowsHookEx                                                        767EADF9 5 Bytes  JMP 00180A08 
.text           C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe[4404] USER32.dll!UnhookWinEvent                                                             767EB750 5 Bytes  JMP 001803FC 
.text           C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe[4404] USER32.dll!SetWindowsHookExW                                                          767EE30C 5 Bytes  JMP 00180804 
.text           C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe[4404] USER32.dll!SetWinEventHook                                                            767F24DC 5 Bytes  JMP 001801F8 
.text           C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe[4404] USER32.dll!SetWindowsHookExA                                                          76816D0C 5 Bytes  JMP 00180600 
.text           C:\windows\system32\svchost.exe[4460] ntdll.dll!LdrUnloadDll                                                                                 772AC86E 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\svchost.exe[4460] ntdll.dll!LdrLoadDll                                                                                   772B223E 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\svchost.exe[4460] kernel32.dll!GetBinaryTypeW + 70                                                                       771D69F4 1 Byte  [62]
.text           C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4644] ntdll.dll!LdrUnloadDll                                                            772AC86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4644] ntdll.dll!LdrLoadDll                                                              772B223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4644] kernel32.dll!GetBinaryTypeW + 70                                                  771D69F4 1 Byte  [62]
.text           C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4644] USER32.dll!UnhookWindowsHookEx                                                    767EADF9 5 Bytes  JMP 002F0A08 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4644] USER32.dll!UnhookWinEvent                                                         767EB750 5 Bytes  JMP 002F03FC 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4644] USER32.dll!SetWindowsHookExW                                                      767EE30C 5 Bytes  JMP 002F0804 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4644] USER32.dll!SetWinEventHook                                                        767F24DC 5 Bytes  JMP 002F01F8 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4644] USER32.dll!SetWindowsHookExA                                                      76816D0C 5 Bytes  JMP 002F0600 
.text           C:\windows\system32\svchost.exe[4756] ntdll.dll!LdrUnloadDll                                                                                 772AC86E 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\svchost.exe[4756] ntdll.dll!LdrLoadDll                                                                                   772B223E 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\svchost.exe[4756] kernel32.dll!GetBinaryTypeW + 70                                                                       771D69F4 1 Byte  [62]
.text           C:\windows\system32\svchost.exe[4756] USER32.dll!UnhookWindowsHookEx                                                                         767EADF9 5 Bytes  JMP 002D0A08 
.text           C:\windows\system32\svchost.exe[4756] USER32.dll!UnhookWinEvent                                                                              767EB750 5 Bytes  JMP 002D03FC 
.text           C:\windows\system32\svchost.exe[4756] USER32.dll!SetWindowsHookExW                                                                           767EE30C 5 Bytes  JMP 002D0804 
.text           C:\windows\system32\svchost.exe[4756] USER32.dll!SetWinEventHook                                                                             767F24DC 5 Bytes  JMP 002D01F8 
.text           C:\windows\system32\svchost.exe[4756] USER32.dll!SetWindowsHookExA                                                                           76816D0C 5 Bytes  JMP 002D0600 
.text           C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[4792] ntdll.dll!LdrUnloadDll                                                          772AC86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[4792] ntdll.dll!LdrLoadDll                                                            772B223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[4792] kernel32.dll!GetBinaryTypeW + 70                                                771D69F4 1 Byte  [62]
.text           C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[4792] USER32.dll!UnhookWindowsHookEx                                                  767EADF9 5 Bytes  JMP 001F0A08 
.text           C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[4792] USER32.dll!UnhookWinEvent                                                       767EB750 5 Bytes  JMP 001F03FC 
.text           C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[4792] USER32.dll!SetWindowsHookExW                                                    767EE30C 5 Bytes  JMP 001F0804 
.text           C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[4792] USER32.dll!SetWinEventHook                                                      767F24DC 5 Bytes  JMP 001F01F8 
.text           C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[4792] USER32.dll!SetWindowsHookExA                                                    76816D0C 5 Bytes  JMP 001F0600 
.text           C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4936] ntdll.dll!LdrUnloadDll                                          772AC86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4936] ntdll.dll!LdrLoadDll                                            772B223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4936] kernel32.dll!GetBinaryTypeW + 70                                771D69F4 1 Byte  [62]
.text           C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4936] USER32.dll!UnhookWindowsHookEx                                  767EADF9 5 Bytes  JMP 00200A08 
.text           C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4936] USER32.dll!UnhookWinEvent                                       767EB750 5 Bytes  JMP 002003FC 
.text           C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4936] USER32.dll!SetWindowsHookExW                                    767EE30C 5 Bytes  JMP 00200804 
.text           C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4936] USER32.dll!SetWinEventHook                                      767F24DC 5 Bytes  JMP 002001F8 
.text           C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4936] USER32.dll!SetWindowsHookExA                                    76816D0C 5 Bytes  JMP 00200600 
.text           C:\windows\servicing\TrustedInstaller.exe[4988] ntdll.dll!LdrUnloadDll                                                                       772AC86E 5 Bytes  JMP 000903FC 
.text           C:\windows\servicing\TrustedInstaller.exe[4988] ntdll.dll!LdrLoadDll                                                                         772B223E 5 Bytes  JMP 000901F8 
.text           C:\windows\servicing\TrustedInstaller.exe[4988] kernel32.dll!GetBinaryTypeW + 70                                                             771D69F4 1 Byte  [62]
.text           C:\windows\servicing\TrustedInstaller.exe[4988] USER32.dll!UnhookWindowsHookEx                                                               767EADF9 5 Bytes  JMP 00130A08 
.text           C:\windows\servicing\TrustedInstaller.exe[4988] USER32.dll!UnhookWinEvent                                                                    767EB750 5 Bytes  JMP 001303FC 
.text           C:\windows\servicing\TrustedInstaller.exe[4988] USER32.dll!SetWindowsHookExW                                                                 767EE30C 5 Bytes  JMP 00130804 
.text           C:\windows\servicing\TrustedInstaller.exe[4988] USER32.dll!SetWinEventHook                                                                   767F24DC 5 Bytes  JMP 001301F8 
.text           C:\windows\servicing\TrustedInstaller.exe[4988] USER32.dll!SetWindowsHookExA                                                                 76816D0C 5 Bytes  JMP 00130600 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5072] KERNEL32.dll!GetBinaryTypeW + 70                                         771D69F4 1 Byte  [62]
.text           C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5156] ntdll.dll!LdrUnloadDll                                                   772AC86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5156] ntdll.dll!LdrLoadDll                                                     772B223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5156] kernel32.dll!GetBinaryTypeW + 70                                         771D69F4 1 Byte  [62]
.text           C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5156] USER32.dll!UnhookWindowsHookEx                                           767EADF9 5 Bytes  JMP 00340A08 
.text           C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5156] USER32.dll!UnhookWinEvent                                                767EB750 5 Bytes  JMP 003403FC 
.text           C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5156] USER32.dll!SetWindowsHookExW                                             767EE30C 5 Bytes  JMP 00340804 
.text           C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5156] USER32.dll!SetWinEventHook                                               767F24DC 5 Bytes  JMP 003401F8 
.text           C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5156] USER32.dll!SetWindowsHookExA                                             76816D0C 5 Bytes  JMP 00340600 
.text           c:\program files\common files\installshield\updateservice\isuspm.exe[5204] ntdll.dll!LdrUnloadDll                                            772AC86E 5 Bytes  JMP 001703FC 
.text           c:\program files\common files\installshield\updateservice\isuspm.exe[5204] ntdll.dll!LdrLoadDll                                              772B223E 5 Bytes  JMP 001701F8 
.text           c:\program files\common files\installshield\updateservice\isuspm.exe[5204] kernel32.dll!GetBinaryTypeW + 70                                  771D69F4 1 Byte  [62]
.text           c:\program files\common files\installshield\updateservice\isuspm.exe[5204] USER32.dll!UnhookWindowsHookEx                                    767EADF9 5 Bytes  JMP 00190A08 
.text           c:\program files\common files\installshield\updateservice\isuspm.exe[5204] USER32.dll!UnhookWinEvent                                         767EB750 5 Bytes  JMP 001903FC 
.text           c:\program files\common files\installshield\updateservice\isuspm.exe[5204] USER32.dll!SetWindowsHookExW                                      767EE30C 5 Bytes  JMP 00190804 
.text           c:\program files\common files\installshield\updateservice\isuspm.exe[5204] USER32.dll!SetWinEventHook                                        767F24DC 5 Bytes  JMP 001901F8 
.text           c:\program files\common files\installshield\updateservice\isuspm.exe[5204] USER32.dll!SetWindowsHookExA                                      76816D0C 5 Bytes  JMP 00190600 
.text           C:\windows\system32\svchost.exe[5232] ntdll.dll!LdrUnloadDll                                                                                 772AC86E 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\svchost.exe[5232] ntdll.dll!LdrLoadDll                                                                                   772B223E 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\svchost.exe[5232] kernel32.dll!GetBinaryTypeW + 70                                                                       771D69F4 1 Byte  [62]
.text           C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5344] ntdll.dll!LdrUnloadDll                                                      772AC86E 5 Bytes  JMP 000603FC 
.text           C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5344] ntdll.dll!LdrLoadDll                                                        772B223E 5 Bytes  JMP 000601F8 
.text           C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5344] kernel32.dll!GetBinaryTypeW + 70                                            771D69F4 1 Byte  [62]
.text           C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5344] USER32.dll!UnhookWindowsHookEx                                              767EADF9 5 Bytes  JMP 00210A08 
.text           C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5344] USER32.dll!UnhookWinEvent                                                   767EB750 5 Bytes  JMP 002103FC 
.text           C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5344] USER32.dll!SetWindowsHookExW                                                767EE30C 5 Bytes  JMP 00210804 
.text           C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5344] USER32.dll!SetWinEventHook                                                  767F24DC 5 Bytes  JMP 002101F8 
.text           C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5344] USER32.dll!SetWindowsHookExA                                                76816D0C 5 Bytes  JMP 00210600 
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[5432] ntdll.dll!LdrUnloadDll                                                              772AC86E 5 Bytes  JMP 000603FC 
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[5432] ntdll.dll!LdrLoadDll                                                                772B223E 5 Bytes  JMP 000601F8 
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[5432] kernel32.dll!GetBinaryTypeW + 70                                                    771D69F4 1 Byte  [62]
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[5432] USER32.dll!UnhookWindowsHookEx                                                      767EADF9 5 Bytes  JMP 00140A08 
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[5432] USER32.dll!UnhookWinEvent                                                           767EB750 5 Bytes  JMP 001403FC 
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[5432] USER32.dll!SetWindowsHookExW                                                        767EE30C 5 Bytes  JMP 00140804 
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[5432] USER32.dll!SetWinEventHook                                                          767F24DC 5 Bytes  JMP 001401F8 
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[5432] USER32.dll!SetWindowsHookExA                                                        76816D0C 5 Bytes  JMP 00140600 
.text           C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[5516] ntdll.dll!LdrUnloadDll                                              772AC86E 5 Bytes  JMP 000603FC 
.text           C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[5516] ntdll.dll!LdrLoadDll                                                772B223E 5 Bytes  JMP 000601F8 
.text           C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[5516] kernel32.dll!GetBinaryTypeW + 70                                    771D69F4 1 Byte  [62]
.text           C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[5516] USER32.dll!UnhookWindowsHookEx                                      767EADF9 5 Bytes  JMP 00100A08 
.text           C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[5516] USER32.dll!UnhookWinEvent                                           767EB750 5 Bytes  JMP 001003FC 
.text           C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[5516] USER32.dll!SetWindowsHookExW                                        767EE30C 5 Bytes  JMP 00100804 
.text           C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[5516] USER32.dll!SetWinEventHook                                          767F24DC 5 Bytes  JMP 001001F8 
.text           C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[5516] USER32.dll!SetWindowsHookExA                                        76816D0C 5 Bytes  JMP 00100600 
.text           C:\windows\System32\svchost.exe[5592] ntdll.dll!LdrUnloadDll                                                                                 772AC86E 5 Bytes  JMP 000603FC 
.text           C:\windows\System32\svchost.exe[5592] ntdll.dll!LdrLoadDll                                                                                   772B223E 5 Bytes  JMP 000601F8 
.text           C:\windows\System32\svchost.exe[5592] kernel32.dll!GetBinaryTypeW + 70                                                                       771D69F4 1 Byte  [62]
.text           C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[5612] KERNEL32.dll!GetBinaryTypeW + 70                                 771D69F4 1 Byte  [62]
.text           C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5620] ntdll.dll!LdrUnloadDll                                           772AC86E 5 Bytes  JMP 000603FC 
.text           C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5620] ntdll.dll!LdrLoadDll                                             772B223E 5 Bytes  JMP 000601F8 
.text           C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5620] kernel32.dll!GetBinaryTypeW + 70                                 771D69F4 1 Byte  [62]
.text           C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5620] USER32.dll!UnhookWindowsHookEx                                   767EADF9 5 Bytes  JMP 00100A08 
.text           C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5620] USER32.dll!UnhookWinEvent                                        767EB750 5 Bytes  JMP 001003FC 
.text           C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5620] USER32.dll!SetWindowsHookExW                                     767EE30C 5 Bytes  JMP 00100804 
.text           C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5620] USER32.dll!SetWinEventHook                                       767F24DC 5 Bytes  JMP 001001F8 
.text           C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5620] USER32.dll!SetWindowsHookExA                                     76816D0C 5 Bytes  JMP 00100600 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5944] ntdll.dll!LdrUnloadDll                                                            772AC86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5944] ntdll.dll!LdrLoadDll                                                              772B223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5944] kernel32.dll!GetBinaryTypeW + 70                                                  771D69F4 1 Byte  [62]
.text           C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5944] USER32.dll!UnhookWindowsHookEx                                                    767EADF9 5 Bytes  JMP 002F0A08 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5944] USER32.dll!UnhookWinEvent                                                         767EB750 5 Bytes  JMP 002F03FC 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5944] USER32.dll!SetWindowsHookExW                                                      767EE30C 5 Bytes  JMP 002F0804 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5944] USER32.dll!SetWinEventHook                                                        767F24DC 5 Bytes  JMP 002F01F8 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5944] USER32.dll!SetWindowsHookExA                                                      76816D0C 5 Bytes  JMP 002F0600 
.text           C:\windows\system32\SearchIndexer.exe[6040] ntdll.dll!LdrUnloadDll                                                                           772AC86E 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\SearchIndexer.exe[6040] ntdll.dll!LdrLoadDll                                                                             772B223E 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\SearchIndexer.exe[6040] kernel32.dll!GetBinaryTypeW + 70                                                                 771D69F4 1 Byte  [62]
.text           C:\windows\system32\SearchIndexer.exe[6040] USER32.dll!UnhookWindowsHookEx                                                                   767EADF9 5 Bytes  JMP 00100A08 
.text           C:\windows\system32\SearchIndexer.exe[6040] USER32.dll!UnhookWinEvent                                                                        767EB750 5 Bytes  JMP 001003FC 
.text           C:\windows\system32\SearchIndexer.exe[6040] USER32.dll!SetWindowsHookExW                                                                     767EE30C 5 Bytes  JMP 00100804 
.text           C:\windows\system32\SearchIndexer.exe[6040] USER32.dll!SetWinEventHook                                                                       767F24DC 5 Bytes  JMP 001001F8 
.text           C:\windows\system32\SearchIndexer.exe[6040] USER32.dll!SetWindowsHookExA                                                                     76816D0C 5 Bytes  JMP 00100600 
.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6048] ntdll.dll!LdrUnloadDll                                                                772AC86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6048] ntdll.dll!LdrLoadDll                                                                  772B223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6048] kernel32.dll!GetBinaryTypeW + 70                                                      771D69F4 1 Byte  [62]
.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6048] USER32.dll!UnhookWindowsHookEx                                                        767EADF9 5 Bytes  JMP 001F0A08 
.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6048] USER32.dll!UnhookWinEvent                                                             767EB750 5 Bytes  JMP 001F03FC 
.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6048] USER32.dll!SetWindowsHookExW                                                          767EE30C 5 Bytes  JMP 001F0804 
.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6048] USER32.dll!SetWinEventHook                                                            767F24DC 5 Bytes  JMP 001F01F8 
.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6048] USER32.dll!SetWindowsHookExA                                                          76816D0C 5 Bytes  JMP 001F0600 

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1612] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                      [715EF6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT             C:\windows\Explorer.EXE[1948] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                                              [73FF24CB] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\windows\Explorer.EXE[1948] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                                         [73FD562E] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\windows\Explorer.EXE[1948] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                                        [73FD56EC] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\windows\Explorer.EXE[1948] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipFree]                                                               [73FF2546] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\windows\Explorer.EXE[1948] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                                     [73FE85AA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\windows\Explorer.EXE[1948] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                                       [73FE4D5E] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\windows\Explorer.EXE[1948] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                                      [73FE5105] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\windows\Explorer.EXE[1948] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                                     [73FE51DA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\windows\Explorer.EXE[1948] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]                                            [73FE6707] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\windows\Explorer.EXE[1948] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                                      [73FE8301] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\windows\Explorer.EXE[1948] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                                                 [73FE8850] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\windows\Explorer.EXE[1948] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                                               [73FE90B1] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\windows\Explorer.EXE[1948] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                                     [73FEE254] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\windows\Explorer.EXE[1948] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                                         [73FE4C90] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3512] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]     [752DFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3512] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]      [752DFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3512] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]   [752DFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3512] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]    [752DFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\AVAST Software\Avast\AvastUI.exe[3584] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                       [715EF6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT             C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe[4404] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                        [752DFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe[4404] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                         [752DFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe[4404] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                      [752DFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe[4404] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                       [752DFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe[4404] @ C:\windows\system32\wininet.dll [KERNEL32.dll!GetProcAddress]                       [752DFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             c:\program files\common files\installshield\updateservice\isuspm.exe[5204] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [752DFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             c:\program files\common files\installshield\updateservice\isuspm.exe[5204] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]     [752DFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             c:\program files\common files\installshield\updateservice\isuspm.exe[5204] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [752DFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             c:\program files\common files\installshield\updateservice\isuspm.exe[5204] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]   [752DFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             c:\program files\common files\installshield\updateservice\isuspm.exe[5204] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]   [752DFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             c:\program files\common files\installshield\updateservice\isuspm.exe[5204] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress]   [752DFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             c:\program files\common files\installshield\updateservice\isuspm.exe[5204] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]   [752DFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                                       aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                      Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread          System [4:6000]                                                                                                                              85C52F2E

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0027137715a3                                                                  
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0027137715a3@1886ac875d8b                                                     0xFE 0x5D 0xF9 0xE6 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0027137715a3@143605774d6a                                                     0x64 0x63 0xB4 0xFA ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0027137715a3 (not active ControlSet)                                              
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0027137715a3@1886ac875d8b                                                         0xFE 0x5D 0xF9 0xE6 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0027137715a3@143605774d6a                                                         0x64 0x63 0xB4 0xFA ...

---- EOF - GMER 1.0.15 ----
         
--- --- ---
__________________


Alt 15.06.2012, 18:48   #18
ph.ie
 
Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist? - Standard

Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist?



Code:
ATTFilter
OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:07:45 on 15.06.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 13.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\windows\system32\FlashPlayerCPLApp.cpl
"ISUSPM.cpl" - "InstallShield Software Corporation" - C:\windows\system32\ISUSPM.cpl
"PhysX.cpl" - ? - C:\windows\system32\PhysX.cpl
"plotman.cpl" - "Autodesk, Inc." - C:\windows\system32\plotman.cpl
"styleman.cpl" - "Autodesk, Inc." - C:\windows\system32\styleman.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\windows\system32\drivers\aswFsBlk.sys
"aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\windows\system32\drivers\aswMonFlt.sys
"aswRdr" (aswRdr) - "AVAST Software" - C:\windows\System32\Drivers\aswrdr2.sys
"aswSnx" (aswSnx) - "AVAST Software" - C:\windows\system32\drivers\aswSnx.sys
"aswSP" (aswSP) - "AVAST Software" - C:\windows\system32\drivers\aswSP.sys
"atksgt" (atksgt) - ? - C:\windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\windows\system32\drivers\aswTdi.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\Phie\AppData\Local\Temp\catchme.sys  (File not found)
"Cinergy T USB XXS service" (mod7700) - "DiBcom" - C:\windows\System32\DRIVERS\dvb7700all.sys
"Huawei DataCard USB Modem and USB Serial" (hwdatacard) - ? - C:\windows\System32\DRIVERS\ewusbmdm.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\windows\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{8A0BC933-7552-42E2-A228-3BE055777227} "AcColumnHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{8A0BC933-7552-42E2-A228-3BE055777227} "AcColumnHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
{ADC46291-D8A1-4486-A24C-86FFB392AEFA} "AcDgnImageExtractor" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcDgnCOM17.dll
{5800AD5B-72C1-477B-9A08-CA112DF06D97} "AcInfoTipHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
{36A21736-36C2-4C11-8ACB-D4136F2B57BD} "AcSignIcon" - "Autodesk, Inc." - C:\windows\system32\AcSignIcon.dll
{AC1DB655-4F9A-4c39-8AD2-A65324A4C446} "ACTHUMBNAIL" - "Autodesk, Inc." - C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll
{653DCCC2-13DB-45B2-A389-427885776CFE} "Activities Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcplact.dll
{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\ashShell.dll
{124597D8-850A-41AE-849C-017A4FA99CA2} "Buttons Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{94586423-855F-4EB2-9F6A-D9DA5658DBE3} "Context menu" - ? - C:\PROGRA~1\FREEM4~1\m4a_menu.dll  (File found, but it contains no detailed information)
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{3BEABCC1-BF31-42df-88D9-A2955D6B8528} "IntelliPoint Sensitivity Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcplsens.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - ? -   (File not found | COM-object registry key not found)
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{C533AB49-9805-4972-8326-A084696B00F0} "Touch Mouse Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcpltouchmouse.dll
{1184D0ED-DBCE-4170-8DBB-4D0C3905DA85} "Touch Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcpltouch.dll
{7834E880-F0CC-4FA7-B4F3-FDB0F4E816A5} "Touch Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcpltouchstrip.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL
{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE} "Wheel Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{20082881-FC36-4E47-9A7A-644C95FF749F} "Wireless Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcplwir.dll

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
"ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
"Bluetooth.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( %SystemDrive%\_OTL\MovedFiles\06132012_173251\C_Users\Phie\AppData\Roaming\Gmpdfruvg )-----
"desktop.ini" - ? - C:\_OTL\MovedFiles\06132012_173251\C_Users\Phie\AppData\Roaming\Gmpdfruvg\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"HPADVISOR" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
"ISUSPM Startup" - "InstallShield Software Corporation" - c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"LightScribe Control Panel" - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"NokiaSuite.exe" - "Nokia" - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray
"SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"avast" - "AVAST Software" - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"HP Software Update" - "Hewlett-Packard" - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"IntelliPoint" - "Microsoft Corporation" - "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"ISUSScheduler" - "InstallShield Software Corporation" - "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"PDF Complete" - "PDF Complete Inc" - C:\Program Files\PDF Complete\pdfsty.exe
"QlbCtrl.exe" - " Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"WirelessAssistant" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFC" - "PDF Complete, Inc." - C:\windows\system32\pdfc_port.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Autodesk Licensing Service" (Autodesk Licensing Service) - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
"avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
"Com4QLBEx" (Com4QLBEx) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard Company" - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
"HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
"HP Quick Synchronization Service" (HPDrvMntSvc.exe) - "Hewlett-Packard Company" - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
"HP Software Framework Service" (hpqwmiex) - "Hewlett-Packard Company" - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\windows\system32\HPZinw12.dll
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"PDF Document Manager" (pdfcDispatcher) - "PDF Complete Inc" - C:\Program Files\PDF Complete\pdfsvc.exe
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\windows\system32\HPZipm12.dll
"RoxMediaDB10" (RoxMediaDB10) - "Sonic Solutions" - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
"stllssvr" (stllssvr) - "MicroVision Development, Inc." - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- --- If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-15 19:38:08
-----------------------------
19:38:08.129    OS Version: Windows 6.1.7601 Service Pack 1
19:38:08.129    Number of processors: 2 586 0x301
19:38:08.132    ComputerName: PHIE-HP  UserName: Phie
19:38:08.971    Initialize success
19:38:09.321    AVAST engine defs: 12061500
19:38:13.098    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:38:13.101    Disk 0 Vendor: WDC_WD3200BEKT-60V5T1 12.01A12 Size: 305245MB BusType: 11
19:38:13.120    Disk 0 MBR read successfully
19:38:13.124    Disk 0 MBR scan
19:38:13.128    Disk 0 Windows VISTA default MBR code
19:38:13.143    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          300 MB offset 2048
19:38:13.157    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       287535 MB offset 616448
19:38:13.200    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        15360 MB offset 589488128
19:38:13.284    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0     2043 MB offset 620945408
19:38:13.339    Disk 0 scanning sectors +625129472
19:38:13.475    Disk 0 scanning C:\windows\system32\drivers
19:38:24.797    Service scanning
19:38:44.045    Modules scanning
19:39:00.474    Disk 0 trace - called modules:
19:39:00.517    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys 
19:39:00.526    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86118ac8]
19:39:00.536    3 CLASSPNP.SYS[88a0459e] -> nt!IofCallDriver -> [0x85fd98c8]
19:39:00.546    5 ACPI.sys[88a3c3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x860e6030]
19:39:00.556    Scan finished successfully
19:39:21.739    Disk 0 MBR has been saved successfully to "C:\Users\Phie\Desktop\MBR.dat"
19:39:21.749    The log file has been saved successfully to "C:\Users\Phie\Desktop\aswMBR.txt"
         
__________________

Alt 17.06.2012, 21:12   #19
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist? - Standard

Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist?



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.06.2012, 10:10   #20
ph.ie
 
Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist? - Standard

Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist?



Okay, hier die beiden Logs:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.19.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Phie :: PHIE-HP [Administrator]

19.06.2012 09:01:14
mbam-log-2012-06-19 (09-01-14).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 473391
Laufzeit: 2 Stunde(n), 5 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/19/2012 at 00:35 AM

Application Version : 5.0.1150

Core Rules Database Version : 8756
Trace Rules Database Version: 6568

Scan type       : Complete Scan
Total Scan Time : 02:56:00

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 1063
Memory threats detected   : 0
Registry items scanned    : 37676
Registry threats detected : 0
File items scanned        : 302292
File threats detected     : 1

Trojan.Agent/Gen-ModBot
	C:\WINDOWS\HEWLETT-PACKARD\VIDEOMEM32.UDM
         


Alt 19.06.2012, 12:30   #21
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist? - Standard

Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist?



Code:
ATTFilter
Trojan.Agent/Gen-ModBot
	C:\WINDOWS\HEWLETT-PACKARD\VIDEOMEM32.UDM
         
Das sieht für mich nach einem Fehlalarm aus.
Rechner soweit wieder ok ?
__________________
--> Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist?

Alt 19.06.2012, 19:37   #22
ph.ie
 
Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist? - Standard

Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist?



Ja, funktioniert eigentlich alles einwandfrei! :O)

Recht herzlichen Dank für deine kompetente Hilfe!!

Alt 20.06.2012, 10:13   #23
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist? - Standard

Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist?



Ok. Wegen der Verschlüsselung:
Obige Hinweise beachten
Da sind mittlerweile 8 Tools, musst du ausprobieren

Man darf aber keine falschen Hoffnungen machen. Mittlerweile sieht es finster aus => Delphi-PRAXiS - Einzelnen Beitrag anzeigen - Verschlüsselungs-Trojaner, Hilfe benötigt

Für die Zukunft unbedingt mal das Backup-Konzept überdenken!
Denkanstoß hier => http://www.trojaner-board.de/115678-...r-backups.html



Abgesehen davon wären wir aber durch
Entfern bitte noch nichts aus der Quarantäne, die schädlichen Dateien, Ordner etc die wir gelöscht haben, liegen noch als Sicherheitskopie in diversen Ordner wie Qoobox oder _OTL/MovedFiles - die werden evtl. noch für eine Entschlüsselung benötigt


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.06.2012, 13:14   #24
ph.ie
 
Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist? - Standard

Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist?



Okay, ich habe jetzt alles soweit befolgt.
Das mit der Verschlüsselung ist kein Problem, weil ich meine Dateien schon mit Rechtsklick+Vorgängerversionen wiederherstellen retten konnte. :O)

Ich danke dir nochmal!

Antwort

Themen zu Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist?
appdata, autostart, bösartige, computer, dateien, dateisystem, download, erfolgreich, forum, funktioniert, gelöscht, gestern, heuristiks/extra, heuristiks/shuriken, heute, konnte, mehrfach, minute, nichts, programm, recycle.bin, registrierung, roaming, speicherkarte, trojan.agent, trojan.fakealert, verzeichnisse, wiederherstellen, wirklich



Ähnliche Themen: Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist?


  1. iPad mit IOS 8.4 und TaiG Jailbreak - "pay-pollice.com" will, dass ich Strafe zahle...
    Alles rund um Mac OSX & Linux - 05.08.2015 (8)
  2. BSI-Kongress zur IT-Sicherheit: "Keiner kann sagen, dass er nicht gewarnt ist"
    Nachrichten - 21.05.2015 (0)
  3. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  4. iPhone-"Entführung" per Fernzugriff: Apple betont, dass iCloud sicher ist
    Nachrichten - 28.05.2014 (0)
  5. Win7: Pop Up "wissen sie, dass sie haben eine kostenlose pc backup"
    Plagegeister aller Art und deren Bekämpfung - 26.03.2014 (9)
  6. Datei namens "Enhance views hack tool.vbs" verhindert, dass USB Stick zip- Dateien anzeigt.
    Plagegeister aller Art und deren Bekämpfung - 13.02.2014 (5)
  7. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  8. Dateien bleiben Verschlüsselt "Windows Update Verschlüsselungstrojaner"
    Plagegeister aller Art und deren Bekämpfung - 14.06.2012 (1)
  9. Verschlüsselungstrojaner "Windows Update" (Rechnung.zip) incl. Sperrung aller Dateien
    Log-Analyse und Auswertung - 31.05.2012 (3)
  10. Verschlüsselungstrojaner hat zugeschlagen - Dateien sind ohne "Lock" Bezeichnung
    Plagegeister aller Art und deren Bekämpfung - 30.05.2012 (1)
  11. Antwort zu "Exploit EXP/Pidief.X - Wer weiß Rat?"
    Plagegeister aller Art und deren Bekämpfung - 23.08.2011 (0)
  12. heur\html.malware woher weiß ich dass es entfernt ist?
    Plagegeister aller Art und deren Bekämpfung - 20.11.2010 (5)
  13. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  14. Woher weiß ich, ob ein "Trojaner Horse" komplett weg ist?
    Plagegeister aller Art und deren Bekämpfung - 30.01.2007 (4)
  15. Wer weiß etwas über den Trojaner "TR/Pakes.2" ?
    Plagegeister aller Art und deren Bekämpfung - 26.06.2005 (10)
  16. Problem mit "Home Search", wer weiß was ich löschen muss ???
    Plagegeister aller Art und deren Bekämpfung - 09.10.2004 (4)
  17. Der Beweis dass AOL doch an Rechner "rumfummelt" ??
    Netzwerk und Hardware - 26.10.2003 (1)

Zum Thema Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist? - Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur - Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist?...
Archiv
Du betrachtest: Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.